Hi Arian, Have you checked all the dependencies are the same as your test bed's versions ?
|-----Original Message----- |From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet- |boun...@ozdotnet.com] On Behalf Of Adrian Halid |Sent: Tuesday, 8 June 2010 5:35 PM |To: ozdotnet@ozdotnet.com |Subject: [OT] Server 2008R2 BSOD win32k.sys | |Hi All, | | | |One of my customers is having issues with one of the VB6 software packages |we develop. | | | |They are running Server 2008 R2 with Remote Desktop Services (Terminal |Server), with native 2008 load balancing. | |I believe it is a virtual server running in VMWare on a Redhat box. | | | |The System specs are as follows. | |OS: Windows Server 2008 R2 Standard | |Processor: Intel(R) Xeon(R) CPU X5460 @ 3.16GHz (2 processors) | |RAM: 4.0GB | |System Type: 64 Bit | | | | | |The problem is the machine randomly BSOD reboots during the day. | | | |I have used windbg to review the memory dumps and have the results below. | | | |The faulting module seems to be win32k.sys but the process is my application |SynergySoft.exe. | | | |Before releasing this software we heavily tested it using Server 2008 R2 but |never had this issue with BSOD. | | | |From the stack in the debug it seems that it is failing on a ThreadUnlock after |drawing a menu bar and window frame. | | | |I am not sure how to use windbg to determine how our application is calling |win32k.sys. | | | |I am trying to find out what the users were doing when the system crashed |which might help point to the cause. | | | |Searching Google about win32k.sys seems to suggest it could be hardware |related but nothing specific to the stack trace I am getting. | | | |I am not sure how to resolve this issue. | | | |Does anybody have any ideas I could try? | | | | | | | |--------------------------------------------------------------------------- ----------------------------- |------------------------------------------- | |Loading Dump File [C:\temp\060410-23718-01.dmp] | |Mini Kernel Dump File: Only registers and stack trace are available | | | |Symbol search path is: |SRV*c:\symbols*http://msdl.microsoft.com/download/symbols | |Executable search path is: | |Windows 7 Kernel Version 7600 MP (2 procs) Free x64 | |Product: Server, suite: TerminalServer | |Built by: 7600.16539.amd64fre.win7_gdr.100226-1909 | |Machine Name: | |Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`01857e50 | |Debug session time: Fri Jun 4 16:10:51.210 2010 (UTC + 8:00) | |System Uptime: 0 days 4:50:53.093 | |Loading Kernel Symbols | |............................................................... | |................................................................ | |............... | |Loading User Symbols | |Loading unloaded module list | |....... | |***************************************************************** |************** | |* * | |* Bugcheck Analysis * | |* * | |***************************************************************** |************** | | | |Use !analyze -v to get detailed debugging information. | | | |BugCheck 3B, {c0000005, fffff96000169f6b, fffff8800918c2a0, 0} | | | |Probably caused by : win32k.sys ( win32k!ThreadUnlock1+b ) | | | |Followup: MachineOwner | |--------- | | | |0: kd> !analyze -v | |***************************************************************** |************** | |* * | |* Bugcheck Analysis * | |* * | |***************************************************************** |************** | | | |SYSTEM_SERVICE_EXCEPTION (3b) | |An exception happened while executing a system service routine. | |Arguments: | |Arg1: 00000000c0000005, Exception code that caused the bugcheck | |Arg2: fffff96000169f6b, Address of the instruction which caused the bugcheck | |Arg3: fffff8800918c2a0, Address of the context record for the exception that |caused the bugcheck | |Arg4: 0000000000000000, zero. | | | |Debugging Details: | |------------------ | | | | | |EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx |referenced memory at 0x%08lx. The memory could not be %s. | | | |FAULTING_IP: | |win32k!ThreadUnlock1+b | |fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] | | | |CONTEXT: fffff8800918c2a0 -- (.cxr 0xfffff8800918c2a0) | |rax=fffff900c0580a70 rbx=0000000000000013 rcx=fffff900c0c2a760 | |rdx=0000000000000000 rsi=0000000000000000 rdi=fffff900c0c2a760 | |rip=fffff96000169f6b rsp=fffff8800918cc70 rbp=0000000000000004 | | r8=0000000000000001 r9=0000000000000000 r10=0000000000000000 | |r11=fffff8800918cc10 r12=0000000000000017 r13=0000000000000500 | |r14=0000000000000004 r15=0000000000000000 | |iopl=0 nv up ei ng nz na pe nc | |cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282 | |win32k!ThreadUnlock1+0xb: | |fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] |ds:002b:00000000`00000150=???????????????? | |Resetting default scope | | | |CUSTOMER_CRASH_COUNT: 1 | | | |DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP | | | |BUGCHECK_STR: 0x3B | | | |PROCESS_NAME: SynergySoft.ex | | | |CURRENT_IRQL: 0 | | | |LAST_CONTROL_TRANSFER: from fffff960001d01aa to fffff96000169f6b | | | |STACK_TEXT: | |fffff880`0918cc70 fffff960`001d01aa : 00000000`00000000 00000000`00000004 |00000000`00000000 fffff800`00000000 : win32k!ThreadUnlock1+0xb | |fffff880`0918cca0 fffff960`000d735e : fffff900`c0c291a0 00000000`00000001 |00000000`00000000 00000000`00000001 : win32k!xxxMenuBarDraw+0x272 | |fffff880`0918cd50 fffff960`00149ab1 : 00000000`00000000 fffff900`c0c291a0 |00000000`00000001 00000000`00000000 : |win32k!xxxDrawWindowFrame+0x14e | |fffff880`0918cdb0 fffff960`001507fc : 00000000`00000000 fffff900`c0c291a0 |00000000`00000085 00000000`00000000 : |win32k!xxxRealDefWindowProc+0x981 | |fffff880`0918cfc0 00000000`00000000 : 00000000`00000000 |00000000`00000000 00000000`00000000 00000000`00000000 : |win32k!xxxWrapRealDefWindowProc+0x3c | | | | | |FOLLOWUP_IP: | |win32k!ThreadUnlock1+b | |fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] | | | |SYMBOL_STACK_INDEX: 0 | | | |SYMBOL_NAME: win32k!ThreadUnlock1+b | | | |FOLLOWUP_NAME: MachineOwner | | | |MODULE_NAME: win32k | | | |IMAGE_NAME: win32k.sys | | | |DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc5e0 | | | |STACK_COMMAND: .cxr 0xfffff8800918c2a0 ; kb | | | |FAILURE_BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b | | | |BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b | | | |Followup: MachineOwner | |--------- | | | |0: kd> lmvm win32k | |start end module name | |fffff960`000a0000 fffff960`003af000 win32k (pdb symbols) |c:\symbols\win32k.pdb\A9F6403F14074E9D8A07D0AA6F0C1CFF2\win32k.pdb | | Loaded symbol image file: win32k.sys | | Mapped memory image file: |c:\symbols\win32k.sys\4A5BC5E030f000\win32k.sys | | Image path: \SystemRoot\System32\win32k.sys | | Image name: win32k.sys | | Timestamp: Tue Jul 14 07:40:16 2009 (4A5BC5E0) | | CheckSum: 002FE623 | | ImageSize: 0030F000 | | File version: 6.1.7600.16385 | | Product version: 6.1.7600.16385 | | File flags: 0 (Mask 3F) | | File OS: 40004 NT Win32 | | File type: 3.7 Driver | | File date: 00000000.00000000 | | Translations: 0409.04b0 | | CompanyName: Microsoft Corporation | | ProductName: MicrosoftR WindowsR Operating System | | InternalName: win32k.sys | | OriginalFilename: win32k.sys | | ProductVersion: 6.1.7600.16385 | | FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) | | FileDescription: Multi-User Win32 Driver | | LegalCopyright: C Microsoft Corporation. All rights reserved. | | | | | |Regards | | | |Adrian Halid |Senior Analyst/Programmer | | | |IT Vision Australia Pty Ltd (ABN: 34 309 336 904) |PO Box 881, Canning Bridge WA 6153 |Level 3, Kirin Centre, 15 Ogilvie Road, Applecross, WA, 6153 |P: (08) 9315 7000 F: (08) 9315 7088 |E: adrian.ha...@itvision.com.au <mailto:adrian.ha...@itvision.com.au> W: |http://www.itvision.com.au <http://www.itvision.com.au/> | | | |___________________________________________________________ | | | |NOTICE : This e-mail and any attachments are intended for the addressee(s) |only and may |contain confidential or privileged material. Any unauthorised review, use, |alteration, |disclosure or distribution of this e-mail (including any attachments) by an |unintended recipient |is prohibited. If you are not the intended recipient please contact the sender as |soon as |possible by return e-mail and then delete both messages. |___________________________________________________________ | | | |