Random BSOD's

[TW]

Hello,

I need help.


System:
Motherboard: Asus K8U-X (Uli 1689 chipset)
Processor: AMD Sempron 64
PS included with Case ( Rosewill R203A Black Steel ATX Mid Tower
Computer Case 350W Power Supply)
HD: Western Digital Caviar SE WD1600JS 160GB 7200 RPM SATA 3.0Gb/s
Hard Drive
Optical Drive: LG GSA-4167BK 16X Dual Layer DVD±RW Drive
OS: Win XP Pro sp2
AntiVirus - F-Secure (provided by ISP (Charter)
Video Card: MSI FX5200-TD128LF Geforce FX5200 64-bit DDR AGP 4X/8X
Low Profile Video Card
Audio and Ethernet on m/b
RAM: G.SKILL Value 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200)
Browser: Mozilla FireFox (ltest upgrade) Email Client: Mozilla
Thunderbird (latest upgrade)


First, let me assure you that I know there have been thousands of
posts about this topic (and I have read hundreds of them). But please
let me offer one more.

Soon after (one day) doing a clean install of Windows XP Pro sp2 on a
brand new SATA hd, in a brand new machine, I began getting random
BSOD's, I have not included any of the BSOD info or minidumps in this
post, because there seems to be no common error in them. The stop
errors and times between them seem completely random. The system might
go for days without a crash, and it might crash multiple times during
the day.

In the advice given in responses to posts like this one bad memory
seems to be the most likely culprit. Toward this end I have run 2
memory tests repeatedly. I have one 1gb stick of "value" memory
installed. When I run memtest 86+ from their boot disk I never get an
error. The longest I have let it run is 26 passes (about 18 hours on
my machine). However, using another memory tester (memtest) which runs
under Windows, I get 15 to 20 errors. I could be just whistling in the
dark here, but I think this might shift the blame from bad memory to
something loaded with Windows or some hardware used by Windows (i.e.,
Video Card itself or its driver, hard drive, audio driver etc.).

I will be glad to post text files of all the minidumps if someone
thinks they can help me.

TW

 

[Brian A.]

Hello,

I need help.


System:
Motherboard: Asus K8U-X (Uli 1689 chipset)
Processor: AMD Sempron 64
PS included with Case ( Rosewill R203A Black Steel ATX Mid Tower
Computer Case 350W Power Supply)
HD: Western Digital Caviar SE WD1600JS 160GB 7200 RPM SATA 3.0Gb/s
Hard Drive
Optical Drive: LG GSA-4167BK 16X Dual Layer DVD±RW Drive
OS: Win XP Pro sp2
AntiVirus - F-Secure (provided by ISP (Charter)
Video Card: MSI FX5200-TD128LF Geforce FX5200 64-bit DDR AGP 4X/8X
Low Profile Video Card
Audio and Ethernet on m/b
RAM: G.SKILL Value 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200)
Browser: Mozilla FireFox (ltest upgrade) Email Client: Mozilla
Thunderbird (latest upgrade)


First, let me assure you that I know there have been thousands of
posts about this topic (and I have read hundreds of them). But please
let me offer one more.

Soon after (one day) doing a clean install of Windows XP Pro sp2 on a
brand new SATA hd, in a brand new machine, I began getting random
BSOD's, I have not included any of the BSOD info or minidumps in this
post, because there seems to be no common error in them. The stop
errors and times between them seem completely random. The system might
go for days without a crash, and it might crash multiple times during
the day.

In the advice given in responses to posts like this one bad memory
seems to be the most likely culprit. Toward this end I have run 2
memory tests repeatedly. I have one 1gb stick of "value" memory
installed. When I run memtest 86+ from their boot disk I never get an
error. The longest I have let it run is 26 passes (about 18 hours on
my machine). However, using another memory tester (memtest) which runs
under Windows, I get 15 to 20 errors. I could be just whistling in the
dark here, but I think this might shift the blame from bad memory to
something loaded with Windows or some hardware used by Windows (i.e.,
Video Card itself or its driver, hard drive, audio driver etc.).

I will be glad to post text files of all the minidumps if someone
thinks they can help me.

TW

You don't mention looking through the Event Viewer for any error information, it
also can help in identifying what is involved with the failure and "perhaps" may have
a solution .
Click Start > Run, type: eventvwr.msc and press Enter.
Double click on any error listed in the right pane to open a description of it.

You could also perform Clean Boot Troubleshooting to track down the trouble maker:
How to perform a clean boot in Windows XP
http://support.microsoft.com/kb/310353/en-us

How to perform advanced clean-boot troubleshooting in Windows XP
http://support.microsoft.com/kb/316434/en-us

How to troubleshoot by using the System Configuration utility in Windows XP
http://support.microsoft.com/kb/310560/en-us

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[TW]

You don't mention looking through the Event Viewer for any error
information, it also can help in identifying what is involved with the
failure and "perhaps" may have a solution .
Click Start > Run, type: eventvwr.msc and press Enter.
Double click on any error listed in the right pane to open a description
of it.

I have made repeated forays into the event viewer, and have found no
errors in system or application events(other than the obvious "memory
dump", which offers no insight into WHY the memory was dumped) that
closely correspond to the time that the stop error occurred.

I will certainly try your suggestions below. Thank you for your response.

TW

 

[Ken Blake, MVP]

Hello,

I need help.


System:
Motherboard: Asus K8U-X (Uli 1689 chipset)
Processor: AMD Sempron 64
PS included with Case ( Rosewill R203A Black Steel ATX Mid Tower
Computer Case 350W Power Supply)
HD: Western Digital Caviar SE WD1600JS 160GB 7200 RPM SATA 3.0Gb/s
Hard Drive
Optical Drive: LG GSA-4167BK 16X Dual Layer DVD±RW Drive
OS: Win XP Pro sp2
AntiVirus - F-Secure (provided by ISP (Charter)
Video Card: MSI FX5200-TD128LF Geforce FX5200 64-bit DDR AGP 4X/8X
Low Profile Video Card
Audio and Ethernet on m/b
RAM: G.SKILL Value 1GB 184-Pin DDR SDRAM DDR 400 (PC 3200)
Browser: Mozilla FireFox (ltest upgrade) Email Client: Mozilla
Thunderbird (latest upgrade)


First, let me assure you that I know there have been thousands of
posts about this topic (and I have read hundreds of them). But please
let me offer one more.

Soon after (one day) doing a clean install of Windows XP Pro sp2 on a
brand new SATA hd, in a brand new machine, I began getting random
BSOD's, I have not included any of the BSOD info or minidumps in this
post, because there seems to be no common error in them. The stop
errors and times between them seem completely random. The system might
go for days without a crash, and it might crash multiple times during
the day.

In the advice given in responses to posts like this one bad memory
seems to be the most likely culprit.

I think a hardware problem is the most likely culprit, but not necessarily
RAM. If you've already tested the RAM, I would think that either overheating
or an insufficient or flaky power power supply would be the next most likely
things to consider.

 

[Gerry Cornell]

TW

Any complete Stop Error message would be helpful, random or otherwise.
Same with Event Viewer Reports. Other more trained observers will
picks up on details that you might not see as significant.

Are the BSODs occuring on booting or post boot?

Disable automatic restart on system failure. This should help by
allowing time to write down the STOP code properly. Keep pressing the
F8 key during StartUp and select option - Disable automatic restart on
system failure.

Please post copies of all Error and Warning Reports appearing in the
System and Application logs in Event Viewer for the last boot. No
Information Reports please.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

Are there any yellow question marks in Device Manager? Right click on
the My Computer icon on your Desktop and select Properties,
Hardware,Device Manager. If yes what is the Device Error code?

Try Start, Run, type "sigverif.exe" without quotes and hit OK. What
drivers are listed as unsigned? Disregard those which are not checked.



--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[TW]

TW

Any complete Stop Error message would be helpful, random or otherwise.
Same with Event Viewer Reports. Other more trained observers will picks
up on details that you might not see as significant.

Following, separated by lines of tildes are windbg.exe !analyze -v
results on minidump files from the last four crashes:

Loading Dump File [C:\WINDOWS\Minidump\Mini030407-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
C:\WINDOWS\Symbols;C:\WINDOWS\Symbols\sys;C:\WINDOWS\Symbols\exe;C:\WINDOWS\Symbols\com
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Sun Mar 4 11:00:02.315 2007 (GMT-5)
System Uptime: 0 days 2:28:11.141
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {9296b3db, 2, 0, 804f98b7}

Probably caused by : ntoskrnl.exe ( nt!CcGetVacbMiss+307 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 9296b3db, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804f98b7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 9296b3db

CURRENT_IRQL: 2

FAULTING_IP:
nt!CcGetVacbMiss+307
804f98b7 803b02 cmp byte ptr [ebx],2

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: firefox.exe

LAST_CONTROL_TRANSFER: from 805b4a5c to 804f98b7

STACK_TEXT:
b9504cec 805b4a5c 00000001 00000006 b9504d01 nt!CcGetVacbMiss+0x307
b9504d50 8053c808 000003a8 00000000 00000000
nt!SepRmCommandServerThreadInit+0x132
b9504d64 7c90eb94 badb0d00 01b8fe78 00000000 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9504d70 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!CcGetVacbMiss+307
804f98b7 803b02 cmp byte ptr [ebx],2

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!CcGetVacbMiss+307

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 42250a1d

FAILURE_BUCKET_ID: 0xA_nt!CcGetVacbMiss+307

BUCKET_ID: 0xA_nt!CcGetVacbMiss+307

Followup: MachineOwner
---------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Loading Dump File [C:\WINDOWS\Minidump\Mini030407-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
C:\WINDOWS\Symbols;C:\WINDOWS\Symbols\sys;C:\WINDOWS\Symbols\exe;C:\WINDOWS\Symbols\com
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Sun Mar 4 11:53:20.343 2007 (GMT-5)
System Uptime: 0 days 0:01:28.953
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
............
Unable to load image win32k.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for win32k.sys
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {874dab58, 0, bf820923, 0}


Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!xxxCalcValidRects+267 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by
try-except,
it must be protected by a Probe. Typically the address is just plain
bad or it
is pointing at freed memory.
Arguments:
Arg1: 874dab58, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf820923, If non-zero, the instruction address which referenced
the bad memory
address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: 874dab58

FAULTING_IP:
win32k!xxxCalcValidRects+267
bf820923 397718 cmp dword ptr [edi+18h],esi

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: explorer.exe

LAST_CONTROL_TRANSFER: from bf80f0b6 to bf820923

STACK_TEXT:
b9e12c40 bf80f0b6 00000001 b9e12c68 bf80f17a win32k!xxxCalcValidRects+0x267
b9e12c4c bf80f17a 864a0ae8 00000001 00000000 win32k!ProtectHandle+0x58
b9e12c68 805c6f99 864a0ae8 00000001 864a0ae8 win32k!FillRect+0x47
b9e12d14 805c73d0 00000000 00000000 864a0ae8 nt!IopBuildCmResourceList+0xd0
b9e12d34 805c7710 864a0ae8 00000000 b9e12d64
nt!IopWriteAllocatedResourcesToRegistry+0x8e
b9e12d54 8053c808 00000000 00000000 0142ff74 nt!RtlpAddToMergedRange+0x89
b9e12d64 7c90eb94 badb0d00 0142ff3c 00000000 nt!ObpPushStackInfo+0x75
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9e12d70 00000000 00000000 00000000 00000000 0x7c90eb94


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxCalcValidRects+267
bf820923 397718 cmp dword ptr [edi+18h],esi

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!xxxCalcValidRects+267

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43446a58

FAILURE_BUCKET_ID: 0x50_win32k!xxxCalcValidRects+267

BUCKET_ID: 0x50_win32k!xxxCalcValidRects+267

Followup: MachineOwner
---------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
C:\WINDOWS\Symbols;C:\WINDOWS\Symbols\sys;C:\WINDOWS\Symbols\exe;C:\WINDOWS\Symbols\com
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Sun Mar 4 16:08:51.671 2007 (GMT-5)
System Uptime: 0 days 0:27:31.270
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
............
Unable to load image smwdm.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for smwdm.sys
*** ERROR: Module load completed but symbols could not be loaded for
smwdm.sys
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 100000D1, {80, 2, 0, f6d29a22}

Probably caused by : smwdm.sys ( smwdm+36a22 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000080, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f6d29a22, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000080

CURRENT_IRQL: 2

FAULTING_IP:
smwdm+36a22
f6d29a22 0fbf3c0f movsx edi,word ptr [edi+ecx]

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 80548db0 to f6d29a22

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
80548d00 80548db0 863df8f4 861808d8 85fef000 smwdm+0x36a22
80548d0c 85fef000 79d61610 ffd505c0 00000200 nt!Ke386SetLdtProcess+0x82
80548d1c f6d2bd8f 8629e870 00000080 00000000 0x85fef000
80548d20 8629e870 00000080 00000000 863df8f4 smwdm+0x38d8f
80548d24 00000000 00000000 863df8f4 85fef000 0x8629e870


STACK_COMMAND: kb

FOLLOWUP_IP:
smwdm+36a22
f6d29a22 0fbf3c0f movsx edi,word ptr [edi+ecx]

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: smwdm

IMAGE_NAME: smwdm.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 40842bbb

SYMBOL_NAME: smwdm+36a22

FAILURE_BUCKET_ID: 0xD1_smwdm+36a22

BUCKET_ID: 0xD1_smwdm+36a22

Followup: MachineOwner
---------


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 00000104, The address that the exception occurred at
Arg3: f46d2a38, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction
An attempt was made to execute an illegal instruction.

FAULTING_IP:
+104
00000104 ?? ???

TRAP_FRAME: f46d2a38 -- (.trap fffffffff46d2a38)
ErrCode = 00000000
eax=000000df ebx=804fd7ee ecx=804fd77c edx=0000e000 esi=bbe511f8
edi=bf827826
eip=00000104 esp=f46d2aac ebp=f46d2ad4 iopl=0 nv up ei ng nz na
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010283
00000104 ?? ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: csrss.exe

LAST_CONTROL_TRANSFER: from 00000000 to 00000104

FAILED_INSTRUCTION_ADDRESS:
+104
00000104 ?? ???

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: 17002000010004

STACK_COMMAND: dds F46D2ADC-0x20 ; kb

STACK_TEXT:
f46d2abc 00000000
f46d2ac0 00000000
f46d2ac4 00000000
f46d2ac8 fffffff8
f46d2acc 00000003
f46d2ad0 00000000
f46d2ad4 f46d2d30
f46d2ad8 bf888d45 win32k!NtGdiResetDC+0x66
f46d2adc 00000022
f46d2ae0 006dfff4
f46d2ae4 bf8010a7 win32k!ThreadUnlock1+0x12
f46d2ae8 00180016
f46d2aec bf98f264 win32k!MessageTable+0x984
f46d2af0 00000000
f46d2af4 86707e90
f46d2af8 8677f06c
f46d2afc f46d2b24
f46d2b00 00000000
f46d2b04 000000aa
f46d2b08 0000000f
f46d2b0c 00000000
f46d2b10 f46d2b44
f46d2b14 8666a020
f46d2b18 866a5000
f46d2b1c f46e24a8
f46d2b20 00000001
f46d2b24 00000001
f46d2b28 00000000
f46d2b2c 867c8028
f46d2b30 865cc6e0
f46d2b34 ffffffff
f46d2b38 000000aa


FOLLOWUP_IP:
win32k!NtGdiResetDC+66
bf888d45 ?? ???

SYMBOL_NAME: win32k!NtGdiResetDC+66

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43446a58

FAILURE_BUCKET_ID: 0x8E_BAD_IP_win32k!NtGdiResetDC+66

BUCKET_ID: 0x8E_BAD_IP_win32k!NtGdiResetDC+66

Followup: MachineOwner

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Are the BSODs occuring on booting or post boot?

Post boot, in use or unattended (random intervals).

Disable automatic restart on system failure. This should help by
allowing time to write down the STOP code properly. Keep pressing the
F8 key during StartUp and select option - Disable automatic restart on
system failure.

Did this as soon as the problem started

Please post copies of all Error and Warning Reports appearing in the
System and Application logs in Event Viewer for the last boot. No
Information Reports please.

There are none

 

[TW]

I didn't get all of the last windbg dump analysis in the last post.. It
follows:

Loading Dump File [C:\WINDOWS\Minidump\Mini030407-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
C:\WINDOWS\Symbols;C:\WINDOWS\Symbols\sys;C:\WINDOWS\Symbols\exe;C:\WINDOWS\Symbols\com
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Sun Mar 4 23:31:44.265 2007 (GMT-5)
System Uptime: 0 days 7:21:39.886
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c000001d, 104, f46d2a38, 0}

Unable to load image win32k.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : win32k.sys ( win32k!NtGdiResetDC+66 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c000001d, The exception code that was not handled
Arg2: 00000104, The address that the exception occurred at
Arg3: f46d2a38, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc000001d - {EXCEPTION} Illegal Instruction
An attempt was made to execute an illegal instruction.

FAULTING_IP:
+104
00000104 ?? ???

TRAP_FRAME: f46d2a38 -- (.trap fffffffff46d2a38)
ErrCode = 00000000
eax=000000df ebx=804fd7ee ecx=804fd77c edx=0000e000 esi=bbe511f8
edi=bf827826
eip=00000104 esp=f46d2aac ebp=f46d2ad4 iopl=0 nv up ei ng nz na
po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010283
00000104 ?? ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: csrss.exe

LAST_CONTROL_TRANSFER: from 00000000 to 00000104

FAILED_INSTRUCTION_ADDRESS:
+104
00000104 ?? ???

SYMBOL_ON_RAW_STACK: 1

STACK_ADDR_RAW_STACK_SYMBOL: 17002000010004

STACK_COMMAND: dds F46D2ADC-0x20 ; kb

STACK_TEXT:
f46d2abc 00000000
f46d2ac0 00000000
f46d2ac4 00000000
f46d2ac8 fffffff8
f46d2acc 00000003
f46d2ad0 00000000
f46d2ad4 f46d2d30
f46d2ad8 bf888d45 win32k!NtGdiResetDC+0x66
f46d2adc 00000022
f46d2ae0 006dfff4
f46d2ae4 bf8010a7 win32k!ThreadUnlock1+0x12
f46d2ae8 00180016
f46d2aec bf98f264 win32k!MessageTable+0x984
f46d2af0 00000000
f46d2af4 86707e90
f46d2af8 8677f06c
f46d2afc f46d2b24
f46d2b00 00000000
f46d2b04 000000aa
f46d2b08 0000000f
f46d2b0c 00000000
f46d2b10 f46d2b44
f46d2b14 8666a020
f46d2b18 866a5000
f46d2b1c f46e24a8
f46d2b20 00000001
f46d2b24 00000001
f46d2b28 00000000
f46d2b2c 867c8028
f46d2b30 865cc6e0
f46d2b34 ffffffff
f46d2b38 000000aa


FOLLOWUP_IP:
win32k!NtGdiResetDC+66
bf888d45 ?? ???

SYMBOL_NAME: win32k!NtGdiResetDC+66

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 43446a58

FAILURE_BUCKET_ID: 0x8E_BAD_IP_win32k!NtGdiResetDC+66

BUCKET_ID: 0x8E_BAD_IP_win32k!NtGdiResetDC+66

Followup: MachineOwner

 

[Brian A.]

If you can boot to Safe Mode, disable any/all Sound/Audio devices listed in Device
Manager in Sound, Video and Game Controllers.
Reboot.
If that resolves the BSOD's:
Download the latest updated drivers for the device from the manufacturers support
site.
Boot to Safe Mode and uninstall any/all Sound/Audio devices listed in Device Manager
in Sound, Video and Game Controllers.
Reboot and reinstall the drivers per the manufacturers instructions.

If you can't get into Safe Mode, disable the integrated Audio in the BIOS, save, exit
and reboot.

Post back with the results.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375



<snipped for bandwidth purposes>

 

[TW]

If you can boot to Safe Mode, disable any/all Sound/Audio devices
listed in Device Manager in Sound, Video and Game Controllers.
Reboot.
If that resolves the BSOD's:
Download the latest updated drivers for the device from the
manufacturers support site.
Boot to Safe Mode and uninstall any/all Sound/Audio devices listed in
Device Manager in Sound, Video and Game Controllers.
Reboot and reinstall the drivers per the manufacturers instructions.

If you can't get into Safe Mode, disable the integrated Audio in the
BIOS, save, exit and reboot.

Post back with the results.

Hello again,

I am writing this in hopes that it might be helpful to others. My Asus
K8U-X motherboard came with a set of drivers on CD. After Installing
Windows XP sp2 generic drivers were loaded from Windows. Once Windows
was up and running, I installed the Asus drivers from the CD. These
drivers were not digitally signed, but I installed them anyway. I then
went to Asus's web site and downloaded and installed their "latest"
drivers. These "latest" drivers were not digitally signed either
(actually the audio driver was, in fact, digitally signed, as it was a
third-party driver from Analog Devices, Inc.). Looking back, I believe
my BSOD's began shortly after I updated my drivers from the Asus site.

Yesterday I downloaded drivers from the chipset manufacturers site-- Uli
(recently acquired by nVidia). These drivers have a later date than the
Asus drivers, and ARE digitally signed. I installed these drivers.
Everything looked fine except that the Uli (nVidia) drivers included an
AC97 Audio driver which Asus's integrated audio apparently did not use.
I uninstalled the Uli audio driver, and re-downloaded the audio driver
from Asus's site, uninstalled the existing Asus (AD, Inc) driver, and
installed the "new" audio driver. It turned out that the "new" driver
was actually identical to the "old" driver.

I can't say for sure yet, but I believe my installation of these newer
signed drivers from Uli (with the exception of the "Sound Max" audio
driver which is not different and is dated 2004) will cure my plague of
BSOD's. Time will tell, I suppose (fingers crossed).

TW

 

[TW]

Hello again,

I am writing this in hopes that it might be helpful to others. My Asus
K8U-X motherboard came with a set of drivers on CD. After Installing
Windows XP sp2 generic drivers were loaded from Windows. Once Windows
was up and running, I installed the Asus drivers from the CD. These
drivers were not digitally signed, but I installed them anyway. I then
went to Asus's web site and downloaded and installed their "latest"
drivers. These "latest" drivers were not digitally signed either
(actually the audio driver was, in fact, digitally signed, as it was a
third-party driver from Analog Devices, Inc.). Looking back, I believe
my BSOD's began shortly after I updated my drivers from the Asus site.

Yesterday I downloaded drivers from the chipset manufacturers site-- Uli
(recently acquired by nVidia). These drivers have a later date than the
Asus drivers, and ARE digitally signed. I installed these drivers.
Everything looked fine except that the Uli (nVidia) drivers included an
AC97 Audio driver which Asus's integrated audio apparently did not use.
I uninstalled the Uli audio driver, and re-downloaded the audio driver
from Asus's site, uninstalled the existing Asus (AD, Inc) driver, and
installed the "new" audio driver. It turned out that the "new" driver
was actually identical to the "old" driver.

I can't say for sure yet, but I believe my installation of these newer
signed drivers from Uli (with the exception of the "Sound Max" audio
driver which is not different and is dated 2004) will cure my plague of
BSOD's. Time will tell, I suppose (fingers crossed).

TW

Hello Again,

ALAS, ALAS. Sorry to say I had another BSOD just after posting my last
message. This time it was PAGE_FAULT_IN_NONPAGED_AREA. I'm beginning
to think I need to yank my new fast SATA drive and go with IDE. I hate
to do it for many reasons, not the least of which is the expense.

I have read much stuff about how the Win XP Upgrade is a bad way to
go, but I have a (home built) machine that was loaded to the gills
with applications and data and running Win 98. I bought the retail XP
sp2 ugrade package, did the upgrade, and that machine has been rock
solid for about a year. Absolutely Zero hangs, Zero boot problems,
Zero shutdown problems, and Zero BSOD's. Go figure!!! Given that
experience, I assumed that a nice clean install of XP on a brand new
Hard Drive would perform as flawlessly as my upgraded machine does.
Boy was I wrong!

I would welcome any thoughts about going with an IDE hard drive as a
potential cure for my stop error miseries. I really need to figure out
how to get this machine performing properly because it is the
prototype for a couple of machines my employer wants me to build for
the business.

TW

 

[Brian A.]

Hello again,

I am writing this in hopes that it might be helpful to others. My Asus K8U-X
motherboard came with a set of drivers on CD. After Installing Windows XP sp2
generic drivers were loaded from Windows. Once Windows was up and running, I
installed the Asus drivers from the CD. These drivers were not digitally signed,
but I installed them anyway. I then went to Asus's web site and downloaded and
installed their "latest" drivers. These "latest" drivers were not digitally signed
either (actually the audio driver was, in fact, digitally signed, as it was a
third-party driver from Analog Devices, Inc.). Looking back, I believe my BSOD's
began shortly after I updated my drivers from the Asus site.

Yesterday I downloaded drivers from the chipset manufacturers site-- Uli (recently
acquired by nVidia). These drivers have a later date than the Asus drivers, and ARE
digitally signed. I installed these drivers. Everything looked fine except that the
Uli (nVidia) drivers included an AC97 Audio driver which Asus's integrated audio
apparently did not use. I uninstalled the Uli audio driver, and re-downloaded the
audio driver from Asus's site, uninstalled the existing Asus (AD, Inc) driver, and
installed the "new" audio driver. It turned out that the "new" driver was actually
identical to the "old" driver.

I can't say for sure yet, but I believe my installation of these newer signed
drivers from Uli (with the exception of the "Sound Max" audio driver which is not
different and is dated 2004) will cure my plague of BSOD's. Time will tell, I
suppose (fingers crossed).

TW

AFAIK every motherboard purchased mentions in the manual/instructions to update the
drivers since "the drivers provided on the included disk may be outdated."

Good to hear your issue may be resolved. Have fun and good luck.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[TW]

Hello Again'

Many thanks to those of you who offered suggestions. I tried them all
-- to no avail. Yesterday, however, I realized that the one really
consistently observable abnormality in my system involved my mouse.
My mouse cursor had a tendency to jump about the screen at times for
no apparent reason (the "smart pointer" feature is disabled). I have a
Logitech ps2 optical wheel mouse. The mouse is new, and came with no
software, so I downloaded and installed the latest Logitech Mouseware
driver / utility soon after installing Win XP -- mostly so I could
use the wheel as a third button (set for "double-click"). Long story
short -- I uninstalled the mouseware, rebooted and let windows load
its generic ps2 mouse driver. The mouse cursor stopped jumping about,
and I am beginning to think this may have solved my BSOD problems as
well. I uninstalled the Logitech software at 4:00 PM (EST) yesterday,
used the computer until 2:00 AM today with no problems. I left the
machine running overnight with my email client and Web browser open
(the machine had crashed -- unattended --more than once with each of
these being the process mentioned in the stop error) and it looked
fine this AM when I left for work. The machine is still running at
home with email & Web browser open. I intend to leave it running for
at least a week, and if it makes it a week without crashing again, I
will consider this problem solved. I will keep you all posted.

Thanks again for your help!

TW