Did you want the machine rebooting automatically after a BSOD ? (as you can turn that off)
Can you add another VM which is identical to your current one minus your application? (should be easy to Clone( ) your VM). You could then see if that machine BSOD's at the same time, to rule out your application. Perhaps you could leave the cloned VM running to see if BSOD's at all. Just a thought. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Adrian Halid Sent: Tuesday, 8 June 2010 5:35 PM To: ozdotnet@ozdotnet.com Subject: [OT] Server 2008R2 BSOD win32k.sys Hi All, One of my customers is having issues with one of the VB6 software packages we develop. They are running Server 2008 R2 with Remote Desktop Services (Terminal Server), with native 2008 load balancing. I believe it is a virtual server running in VMWare on a Redhat box. The System specs are as follows. OS: Windows Server 2008 R2 Standard Processor: Intel(R) Xeon(R) CPU X5460 @ 3.16GHz (2 processors) RAM: 4.0GB System Type: 64 Bit The problem is the machine randomly BSOD reboots during the day. I have used windbg to review the memory dumps and have the results below. The faulting module seems to be win32k.sys but the process is my application SynergySoft.exe. Before releasing this software we heavily tested it using Server 2008 R2 but never had this issue with BSOD. >From the stack in the debug it seems that it is failing on a ThreadUnlock after drawing a menu bar and window frame. I am not sure how to use windbg to determine how our application is calling win32k.sys. I am trying to find out what the users were doing when the system crashed which might help point to the cause. Searching Google about win32k.sys seems to suggest it could be hardware related but nothing specific to the stack trace I am getting. I am not sure how to resolve this issue. Does anybody have any ideas I could try? ---------------------------------------------------------------------------- ----------------------------------------------------------------------- Loading Dump File [C:\temp\060410-23718-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (2 procs) Free x64 Product: Server, suite: TerminalServer Built by: 7600.16539.amd64fre.win7_gdr.100226-1909 Machine Name: Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`01857e50 Debug session time: Fri Jun 4 16:10:51.210 2010 (UTC + 8:00) System Uptime: 0 days 4:50:53.093 Loading Kernel Symbols ............................................................... ................................................................ ............... Loading User Symbols Loading unloaded module list ....... **************************************************************************** *** * * * Bugcheck Analysis * * * **************************************************************************** *** Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff96000169f6b, fffff8800918c2a0, 0} Probably caused by : win32k.sys ( win32k!ThreadUnlock1+b ) Followup: MachineOwner --------- 0: kd> !analyze -v **************************************************************************** *** * * * Bugcheck Analysis * * * **************************************************************************** *** SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff96000169f6b, Address of the instruction which caused the bugcheck Arg3: fffff8800918c2a0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: win32k!ThreadUnlock1+b fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] CONTEXT: fffff8800918c2a0 -- (.cxr 0xfffff8800918c2a0) rax=fffff900c0580a70 rbx=0000000000000013 rcx=fffff900c0c2a760 rdx=0000000000000000 rsi=0000000000000000 rdi=fffff900c0c2a760 rip=fffff96000169f6b rsp=fffff8800918cc70 rbp=0000000000000004 r8=0000000000000001 r9=0000000000000000 r10=0000000000000000 r11=fffff8800918cc10 r12=0000000000000017 r13=0000000000000500 r14=0000000000000004 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282 win32k!ThreadUnlock1+0xb: fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] ds:002b:00000000`00000150=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x3B PROCESS_NAME: SynergySoft.ex CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff960001d01aa to fffff96000169f6b STACK_TEXT: fffff880`0918cc70 fffff960`001d01aa : 00000000`00000000 00000000`00000004 00000000`00000000 fffff800`00000000 : win32k!ThreadUnlock1+0xb fffff880`0918cca0 fffff960`000d735e : fffff900`c0c291a0 00000000`00000001 00000000`00000000 00000000`00000001 : win32k!xxxMenuBarDraw+0x272 fffff880`0918cd50 fffff960`00149ab1 : 00000000`00000000 fffff900`c0c291a0 00000000`00000001 00000000`00000000 : win32k!xxxDrawWindowFrame+0x14e fffff880`0918cdb0 fffff960`001507fc : 00000000`00000000 fffff900`c0c291a0 00000000`00000085 00000000`00000000 : win32k!xxxRealDefWindowProc+0x981 fffff880`0918cfc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!xxxWrapRealDefWindowProc+0x3c FOLLOWUP_IP: win32k!ThreadUnlock1+b fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!ThreadUnlock1+b FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc5e0 STACK_COMMAND: .cxr 0xfffff8800918c2a0 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b Followup: MachineOwner --------- 0: kd> lmvm win32k start end module name fffff960`000a0000 fffff960`003af000 win32k (pdb symbols) c:\symbols\win32k.pdb\A9F6403F14074E9D8A07D0AA6F0C1CFF2\win32k.pdb Loaded symbol image file: win32k.sys Mapped memory image file: c:\symbols\win32k.sys\4A5BC5E030f000\win32k.sys Image path: \SystemRoot\System32\win32k.sys Image name: win32k.sys Timestamp: Tue Jul 14 07:40:16 2009 (4A5BC5E0) CheckSum: 002FE623 ImageSize: 0030F000 File version: 6.1.7600.16385 Product version: 6.1.7600.16385 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: MicrosoftR WindowsR Operating System InternalName: win32k.sys OriginalFilename: win32k.sys ProductVersion: 6.1.7600.16385 FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileDescription: Multi-User Win32 Driver LegalCopyright: C Microsoft Corporation. All rights reserved. Regards Adrian Halid Senior Analyst/Programmer IT Vision Australia Pty Ltd (ABN: 34 309 336 904) PO Box 881, Canning Bridge WA 6153 Level 3, Kirin Centre, 15 Ogilvie Road, Applecross, WA, 6153 P: (08) 9315 7000 F: (08) 9315 7088 E: <mailto:adrian.ha...@itvision.com.au> adrian.ha...@itvision.com.au W: <http://www.itvision.com.au/> http://www.itvision.com.au ___________________________________________________________ NOTICE : This e-mail and any attachments are intended for the addressee(s) only and may contain confidential or privileged material. Any unauthorised review, use, alteration, disclosure or distribution of this e-mail (including any attachments) by an unintended recipient is prohibited. If you are not the intended recipient please contact the sender as soon as possible by return e-mail and then delete both messages. ___________________________________________________________
