Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Server 2008R2 Bsod Win32K.sys

Adrian
 Share

Recommended Posts

Adrian Newbie

Adrian

Posted
Posted

Hi All,

 

One of my customers is having issues with one of the VB6 software packages we develop.

 

They are running Server 2008 R2 with Remote Desktop Services (Terminal Server), with native 2008 load balancing.

I believe it is a virtual server running in VMWare on a Redhat box.

 

The System specs are as follows.

OS: Windows Server 2008 R2 Standard

Processor: Intel® Xeon® CPU X5460 @ 3.16GHz (2 processors)

RAM: 4.0GB

System Type: 64 Bit

 

 

The problem is the machine randomly BSOD reboots during the day.

 

I have used windbg to review the memory dumps and have the results below.

 

The faulting module seems to be win32k.sys but the process is my application SynergySoft.exe.

 

Before releasing this software we heavily tested it using Server 2008 R2 but never had this issue with BSOD.

 

From the stack in the debug it seems that it is failing on a ThreadUnlock after drawing a menu bar and window frame.

 

I am not sure how to use windbg to determine how our application is calling win32k.sys.

 

I am trying to find out what the users were doing when the system crashed which might help point to the cause.

 

Searching Google about win32k.sys seems to suggest it could be hardware related but nothing specific to the stack trace I am getting.

 

I am not sure how to resolve this issue.

 

Does anybody have any ideas I could try?

 


Loading Dump File [C:\temp\060410-23718-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`01857e50
Debug session time: Fri Jun  4 16:10:51.210 2010 (UTC + 8:00)
System Uptime: 0 days 4:50:53.093
Loading Kernel Symbols
...............................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff96000169f6b, fffff8800918c2a0, 0}

Probably caused by : win32k.sys ( win32k!ThreadUnlock1+b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff96000169f6b, Address of the instruction which caused the bugcheck
Arg3: fffff8800918c2a0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k!ThreadUnlock1+b
fffff960`00169f6b 488b8a50010000  mov     rcx,qword ptr [rdx+150h]

CONTEXT:  fffff8800918c2a0 -- (.cxr 0xfffff8800918c2a0)
rax=fffff900c0580a70 rbx=0000000000000013 rcx=fffff900c0c2a760
rdx=0000000000000000 rsi=0000000000000000 rdi=fffff900c0c2a760
rip=fffff96000169f6b rsp=fffff8800918cc70 rbp=0000000000000004
r8=0000000000000001  r9=0000000000000000 r10=0000000000000000
r11=fffff8800918cc10 r12=0000000000000017 r13=0000000000000500
r14=0000000000000004 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
win32k!ThreadUnlock1+0xb:
fffff960`00169f6b 488b8a50010000  mov     rcx,qword ptr [rdx+150h] ds:002b:00000000`00000150=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x3B

PROCESS_NAME:  SynergySoft.ex

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff960001d01aa to fffff96000169f6b

STACK_TEXT:  
fffff880`0918cc70 fffff960`001d01aa : 00000000`00000000 00000000`00000004 00000000`00000000 fffff800`00000000 : win32k!ThreadUnlock1+0xb
fffff880`0918cca0 fffff960`000d735e : fffff900`c0c291a0 00000000`00000001 00000000`00000000 00000000`00000001 : win32k!xxxMenuBarDraw+0x272
fffff880`0918cd50 fffff960`00149ab1 : 00000000`00000000 fffff900`c0c291a0 00000000`00000001 00000000`00000000 : win32k!xxxDrawWindowFrame+0x14e
fffff880`0918cdb0 fffff960`001507fc : 00000000`00000000 fffff900`c0c291a0 00000000`00000085 00000000`00000000 : win32k!xxxRealDefWindowProc+0x981
fffff880`0918cfc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!xxxWrapRealDefWindowProc+0x3c


FOLLOWUP_IP: 
win32k!ThreadUnlock1+b
fffff960`00169f6b 488b8a50010000  mov     rcx,qword ptr [rdx+150h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!ThreadUnlock1+b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc5e0

STACK_COMMAND:  .cxr 0xfffff8800918c2a0  kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k!ThreadUnlock1+b

BUCKET_ID:  X64_0x3B_win32k!ThreadUnlock1+b

Followup: MachineOwner
---------

0: kd> lmvm win32k
start             end                 module name
fffff960`000a0000 fffff960`003af000   win32k     (pdb symbols)          c:\symbols\win32k.pdb\A9F6403F14074E9D8A07D0AA6F0C1CFF2\win32k.pdb
Loaded symbol image file: win32k.sys
Mapped memory image file: c:\symbols\win32k.sys\4A5BC5E030f000\win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp:        Tue Jul 14 07:40:16 2009 (4A5BC5E0)
CheckSum:         002FE623
ImageSize:        0030F000
File version:     6.1.7600.16385
Product version:  6.1.7600.16385
File flags:       0 (Mask 3F)
File OS:          40004 NT Win32
File type:        3.7 Driver
File date:        00000000.00000000
Translations:     0409.04b0
CompanyName:      Microsoft Corporation
ProductName:      Microsoft® Windows® Operating System
InternalName:     win32k.sys
OriginalFilename: win32k.sys
ProductVersion:   6.1.7600.16385
FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
FileDescription:  Multi-User Win32 Driver
LegalCopyright:   © Microsoft Corporation. All rights reserved.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...