Adrian Posted June 8, 2010 Posted June 8, 2010 Hi All, One of my customers is having issues with one of the VB6 software packages we develop. They are running Server 2008 R2 with Remote Desktop Services (Terminal Server), with native 2008 load balancing. I believe it is a virtual server running in VMWare on a Redhat box. The System specs are as follows. OS: Windows Server 2008 R2 Standard Processor: Intel® Xeon® CPU X5460 @ 3.16GHz (2 processors) RAM: 4.0GB System Type: 64 Bit The problem is the machine randomly BSOD reboots during the day. I have used windbg to review the memory dumps and have the results below. The faulting module seems to be win32k.sys but the process is my application SynergySoft.exe. Before releasing this software we heavily tested it using Server 2008 R2 but never had this issue with BSOD. From the stack in the debug it seems that it is failing on a ThreadUnlock after drawing a menu bar and window frame. I am not sure how to use windbg to determine how our application is calling win32k.sys. I am trying to find out what the users were doing when the system crashed which might help point to the cause. Searching Google about win32k.sys seems to suggest it could be hardware related but nothing specific to the stack trace I am getting. I am not sure how to resolve this issue. Does anybody have any ideas I could try? Loading Dump File [C:\temp\060410-23718-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7600 MP (2 procs) Free x64 Product: Server, suite: TerminalServer Built by: 7600.16539.amd64fre.win7_gdr.100226-1909 Machine Name: Kernel base = 0xfffff800`0161a000 PsLoadedModuleList = 0xfffff800`01857e50 Debug session time: Fri Jun 4 16:10:51.210 2010 (UTC + 8:00) System Uptime: 0 days 4:50:53.093 Loading Kernel Symbols ............................................................... ................................................................ ............... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff96000169f6b, fffff8800918c2a0, 0} Probably caused by : win32k.sys ( win32k!ThreadUnlock1+b ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff96000169f6b, Address of the instruction which caused the bugcheck Arg3: fffff8800918c2a0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: win32k!ThreadUnlock1+b fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] CONTEXT: fffff8800918c2a0 -- (.cxr 0xfffff8800918c2a0) rax=fffff900c0580a70 rbx=0000000000000013 rcx=fffff900c0c2a760 rdx=0000000000000000 rsi=0000000000000000 rdi=fffff900c0c2a760 rip=fffff96000169f6b rsp=fffff8800918cc70 rbp=0000000000000004 r8=0000000000000001 r9=0000000000000000 r10=0000000000000000 r11=fffff8800918cc10 r12=0000000000000017 r13=0000000000000500 r14=0000000000000004 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282 win32k!ThreadUnlock1+0xb: fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] ds:002b:00000000`00000150=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x3B PROCESS_NAME: SynergySoft.ex CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff960001d01aa to fffff96000169f6b STACK_TEXT: fffff880`0918cc70 fffff960`001d01aa : 00000000`00000000 00000000`00000004 00000000`00000000 fffff800`00000000 : win32k!ThreadUnlock1+0xb fffff880`0918cca0 fffff960`000d735e : fffff900`c0c291a0 00000000`00000001 00000000`00000000 00000000`00000001 : win32k!xxxMenuBarDraw+0x272 fffff880`0918cd50 fffff960`00149ab1 : 00000000`00000000 fffff900`c0c291a0 00000000`00000001 00000000`00000000 : win32k!xxxDrawWindowFrame+0x14e fffff880`0918cdb0 fffff960`001507fc : 00000000`00000000 fffff900`c0c291a0 00000000`00000085 00000000`00000000 : win32k!xxxRealDefWindowProc+0x981 fffff880`0918cfc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!xxxWrapRealDefWindowProc+0x3c FOLLOWUP_IP: win32k!ThreadUnlock1+b fffff960`00169f6b 488b8a50010000 mov rcx,qword ptr [rdx+150h] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!ThreadUnlock1+b FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc5e0 STACK_COMMAND: .cxr 0xfffff8800918c2a0 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b BUCKET_ID: X64_0x3B_win32k!ThreadUnlock1+b Followup: MachineOwner --------- 0: kd> lmvm win32k start end module name fffff960`000a0000 fffff960`003af000 win32k (pdb symbols) c:\symbols\win32k.pdb\A9F6403F14074E9D8A07D0AA6F0C1CFF2\win32k.pdb Loaded symbol image file: win32k.sys Mapped memory image file: c:\symbols\win32k.sys\4A5BC5E030f000\win32k.sys Image path: \SystemRoot\System32\win32k.sys Image name: win32k.sys Timestamp: Tue Jul 14 07:40:16 2009 (4A5BC5E0) CheckSum: 002FE623 ImageSize: 0030F000 File version: 6.1.7600.16385 Product version: 6.1.7600.16385 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: win32k.sys OriginalFilename: win32k.sys ProductVersion: 6.1.7600.16385 FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileDescription: Multi-User Win32 Driver LegalCopyright: © Microsoft Corporation. All rights reserved. Quote
Forum² Admin F2 Staff Posted June 8, 2010 Forum² Admin Posted June 8, 2010 Test the memory on the server. It looks like you have a bad stick that is randomly causing the problem. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.