Hello everyone,
Firstly, I’d like to apologise if I am doing anything wrong or breaking any rules by posting here; I am not a driver developer, or even a programmer, but just a power user/sysadmin experiencing a BSoD on a Windows Server 2003 box that I can not seem to resolve. I have been experiencing this crash for about 3 months now, so I’m posting here as something of a last resort (I wasn’t sure if I should post here, so tried many other resources first). Any help however would be greatly appreciated, as I am at a total loss. Just let me know if I shouldn’t be posting here, and I won’t bother you again.
As for the crash, the system in question is a Windows Server 2003, Enterprise x64 Edition, R2 box, with all of the latest updates from Microsoft installed. The system has very new drivers installed for all components, if not the latest.
A rundown of the core hardware in the machine:
***ASUS A8N32-SLI Deluxe Motherboard
***AMD Athlon 64 X2 Dual-Core 4200+
***Kingston DDR-400 2GB
***NVIDIA GeForce 7800GT Graphics Card
***SoundBlaster Audigy 4 Sound Card
The current system configuration relevant to the crash is as follows:
***The system is set for Complete Memory Dumps in the event of a BSoD.
***The system is running Driver Verifier with the Default Options; this amounts to all options enabled except for the following: Enhanced I/O verification, Low resources simulation, Disk integrity checking
***I have not noted any change in the actual BSoD messages since turning on Driver Verifier a few months ago
The circumstances in which the crash occurs is somewhat random:
***The crash almost certainly has something to do with media players, as I am a devout Winamp user, and it is usually running when I am at the machine, and the BSoD always listed winamp.exe as the responsible process. However, just a few minutes ago, the system died, and it was as I was closing Windows Media Player v.10. This leads me to the conclusion it is media player related.
***I often need to use WinImage for the creation and modification of floppy disk images, and have noted WinImage often seems to cause the crash, as the system seems to BSoD when I am closing the WinImage program (once again, random, I can run WinImage tens if not hundreds of time before it occurs), however, Winamp is still listed as the causing process. Does this point to WinImage being something of a catalyst?
Things I have tried to narrow down the cause of the crash:
***Disable Audigy 4 soundcard in device manager, hence, disabling drivers (no effect)
***With above, use onboard sound card (AC’97) and latest drivers (no effect)
***Disable nView (NVIDIA multi-display and virtual-display functionality) (no effect)
And others, which I can’t remember right now, regardless, they didn’t fix the problem
Also worth noting, is that the crash can be very random, a few days ago I managed to get the system to stay up for 7days despite continual use of Winamp and occassional use of WinImage without a crash. It eventually crashed as it was approaching 8days uptime. This was during the time I had the Audigy4 disabled and was using the AC’97 audio. Usually, the system will crash within 2-3days of reboot.
Below is the result output from loading the latest crash dump into WinDbg (this crash is somewhat unique in that Windows Media Player caused it, Winamp was not running at the time, but had been run in the same session previously). I have performed an !analyze -v and a few other simple commands to provide what I hope is a useful starting point. Please remember I am not a developer, and all of this is sadly well out of my realm of expertise, so I can’t really interpret this very well (many parts not at all), despite some reading up on it.
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [V:\My Stuff\Windows Memory Dumps\Complete Memory.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows 64-bit\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free x64
Product: LanManNt, suite: Enterprise TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_gdr.060315-1609
Kernel base = 0xfffff80001000000 PsLoadedModuleList = 0xfffff800011d60c0
Debug session time: Wed Jan 3 12:32:49.481 2007 (GMT+11)
System Uptime: 1 days 16:13:16.334
Loading Kernel Symbols
…
Loading User Symbols
…
Loading unloaded module list
…
Loading Wow64 Symbols
…
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa8006d73000, 0, fffff97fff177fd4, 0}
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1bb )
Followup: MachineOwner
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8006d73000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff97fff177fd4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
READ_ADDRESS: fffffa8006d73000 Paged pool
FAULTING_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff177fd4 8b4630 mov eax,dword ptr [rsi+30h]
MM_INTERNAL_CODE: 0
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 43446f9e
MODULE_NAME: win32k
FAULTING_MODULE: fffff97fff000000 win32k
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: wmplayer.exe
CURRENT_IRQL: 1
TRAP_FRAME: fffffadfbfdd1bb0 – (.trap fffffadfbfdd1bb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed.
rax=0000000000000000 rbx=0000000000008006 rcx=fffffa8006d72fd0
rdx=0000000000000016 rsi=0000000076647355 rdi=fffff97fff000000
rip=fffff97fff177fd4 rsp=fffffadfbfdd1d40 rbp=000000000365e8f0
r8=0000000000000000 r9=fffffa8006d72fd0 r10=000002cc00000000
r11=fffffa8006d72fd0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
win32k!NtUserfnINDEVICECHANGE+0x1bb:
fffff97f`ff177fd4 8b4630 mov eax,dword ptr [rsi+30h] ds:e30a:7385=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800010b25d8 to fffff8000104e890
STACK_TEXT:
fffffadfbfdd1ad8 fffff800010b25d8 : 0000000000000050 fffffa8006d73000 0000000000000000 fffffadfbfdd1bb0 : nt!KeBugCheckEx
fffffadfbfdd1ae0 fffff8000104d499 : 00000000002ba29d 0000000078b9b308 fadfcb4449580400 fffff8000102de7c : nt!MmAccessFault+0xa22
fffffadfbfdd1bb0 fffff97fff177fd4 : 0000000000000000 000000000365e8f0 0000000000000000 000000000000002c : nt!KiPageFault+0x119
fffffadfbfdd1d40 fffff97fff0a6701 : fffff97ff7c95a90 00000000000603ac 000000000000002c fffffa8006d72fd0 : win32k!NtUserfnINDEVICECHANGE+0x1bb
fffffadfbfdd1de0 fffff8000104e37d : fffffa8000be7dc8 0000000000000000 fffff6fb7dbed000 fffff6fd40005fa8 : win32k!NtUserMessageCall+0x142
fffffadfbfdd1e80 0000000078bc5dda : 0000000078bac512 0074006e006f0043 0053006c006f0072 0043005c00740065 : nt!KiSystemServiceCopyEnd+0x3
000000000365d6d8 0000000078bac512 : 0074006e006f0043 0053006c006f0072 0043005c00740065 0000000078b823a9 : wow64win!NtUserMessageCall+0xa
000000000365d6e0 0000000078bbfddf : 0000000000000000 0000000078ba0b08 0000000078b9f460 0000000000000219 : wow64win!whNT32NtUserMessageCallCB+0x32
000000000365d730 0000000078bac647 : 000000007efa6000 000000007efa4000 0000000000000000 000000007efa6000 : wow64win!Wow64DoMessageThunk+0xaf
000000000365d790 0000000078be6866 : 000000000361f710 000000000361f74c 000000007efa6000 000000007efa4000 : wow64win!whNtUserMessageCall+0x127
000000000365d820 0000000078b83c7d : 0000000000000000 0000000000000000 000000000365e8f0 000000007efa4800 : wow64!Wow64SystemServiceEx+0xd6
000000000365e0e0 0000000078be6a5a : 000000000365e6d0 000000000000001c 000000000365e8b0 0000000000000038 : wow64cpu!ServiceNoTurbo+0x28
000000000365e170 0000000078be97f4 : 575c3a435c3f3f5c 535c53574f444e49 5c3436574f577379 6c642e6970617370 : wow64!RunCpuSimulation+0xa
000000000365e1a0 0000000078ba61c5 : 0000000000000000 0000000000000000 0000000000000103 000000007efdf000 : wow64!Wow64KiUserCallbackDispatcher+0x114
000000000365e4e0 0000000078ef39ff : 0000000000020019 fffffadffa794bf0 000000000361ff20 fffffadfbfdd2c70 : wow64win!whcbfnINDEVICECHANGE+0x195
000000000365e6d0 0000000078bc5dca : 0000000078bac464 0000000000020019 0000000078bee47c 000000000365e808 : ntdll!KiUserCallbackDispatcherContinue
000000000365e7c8 0000000078bac464 : 0000000000020019 0000000078bee47c 000000000365e808 000000000361fc30 : wow64win!NtUserGetMessage+0xa
000000000365e7d0 0000000078be6866 : 000000000361f9ac 000000000361fb24 000000000361ff08 000000007efa4000 : wow64win!whNtUserGetMessage+0x34
000000000365e830 0000000078b83c7d : 0000000000189744 000000000000000c 0000000000000000 000000000361ff44 : wow64!Wow64SystemServiceEx+0xd6
000000000365f0f0 0000000000000000 : fffffa800576e010 fffff800010551fb fffffadfbfdd26e0 0000000000008006 : wow64cpu!ServiceNoTurbo+0x28
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!NtUserfnINDEVICECHANGE+1bb
fffff97f`ff177fd4 8b4630 mov eax,dword ptr [rsi+30h]
SYMBOL_STACK_INDEX: 3
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: win32k!NtUserfnINDEVICECHANGE+1bb
FAILURE_BUCKET_ID: X64_0x50_VRF_win32k!NtUserfnINDEVICECHANGE+1bb
BUCKET_ID: X64_0x50_VRF_win32k!NtUserfnINDEVICECHANGE+1bb
Followup: MachineOwner
1: kd> !pool fffffa8006d73000
Pool page fffffa8006d73000 region is Paged pool
fffffa8006d73000 is not a valid small pool allocation, checking large pool…
fffffa8006d73000 is not a valid large pool allocation, checking large session pool…
fffffa8006d73000 is freed (or corrupt) pool
Bad allocation size @fffffa8006d73000, too large
***
*** An error (or corruption) in the pool was detected;
*** Attempting to diagnose the problem.
***
*** Use !poolval fffffa8006d73000 for more details.
***
Pool page [fffffa8006d73000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
1: kd> !poolval fffffa8006d73000
Pool page fffffa8006d73000 region is Paged pool
Validating Pool headers for pool page: fffffa8006d73000
Pool page [fffffa8006d73000] is __inVALID.
Analyzing linked list…
Scanning for single bit errors…
None found
1: kd> !pte fffffa8006d73000
VA fffffa8006d73000
PXE @ FFFFF6FB7DBEDFA8 PPE at FFFFF6FB7DBF5000 PDE at FFFFF6FB7EA001B0 PTE at FFFFF6FD40036B98
contains 0000000002256863 contains 000000007EF85863 contains 000000002818A863 contains 0029F99C00000000
pfn 2256 —DA–KWEV pfn 7ef85 —DA–KWEV pfn 2818a —DA–KWEV not valid
PageFile: 0
Offset: 29f99c
Protect: 0
I will be watching this thread carefully, so please post any questions you have so that I may help out any way I can as soon as I can. I’ll retain the crash dump as a seperate copy to work on (prevent overwrite incase of another crash). Please let me know of any other commands you would like me to run on the crash dump from WinDbg, and I’ll post the feedback ASAP.
Once again, thank-you for any help at all, I’m at my wits end with this BSoD, it’s been three months and still no luck solving it. Apologies for the length of the post, I’m trying to be very comprehensive to give as much information as I can.
Thanks in advance,
-SDL
