WinXP Pro x32 SP3 + VMware + BSOD


(Prawdzik) #1

Nie wiem jak sobie z takim oto problemem poradzić, więc proszę o pomoc.

Sytuacja przedstawia się następująco. Używam zwirtulizowanego ikspeka do ogólnego surfowania po sieci. Czasami pojawiają mi się BSOD'y.

Programowo wygląda to tak:

  • system macierzysty (host) kiedyś Windows Vista Professional x64 z SP, a teraz Windows 7 Professional x64,

  • system zwirtualizowany (guest) to Windows XP Professional x32 z zainstalowanym Service Pack 3,

  • a to wszystko z użyciem VMware Workstation 6.5.2 build-156735.

Problem dotyczy gościa, więc kilka słów o tymże. Zazwyczaj działające programy to przeglądarki Chrome (ta od Google) i Fire Fox oraz komunikator Pidgin. Wyjątkowo zdarza się odpalić jakieś okienko eksploratora. Generalnie tylko programy sieciowe. Dodatków żadnych nie ma; taka podstawowa instalacja WinXP. Nawet Acrobat Readera nie ma...

Dodam jeszcze, że wszystkie wersje Windows są oryginalne (MSDNAA) i zaktualizowane. Antywirusy (na host i guest) to Security Essentials od MS.

Poniżej siedem sesji z WinDBG i minidumpów.

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090206-1234

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Wed Oct 14 21:39:12.420 2009 (GMT+1)

System Uptime: 0 days 18:51:20.185

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

...........................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 10000050, {e272c024, 0, bf837446, 1}



Could not read faulting driver name

Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: e272c024, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory

	address.

Arg4: 00000001, (reserved)


Debugging Details:

------------------



Could not read faulting driver name


READ_ADDRESS: e272c024 


FAULTING_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


MM_INTERNAL_CODE: 1


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x50


PROCESS_NAME: chrome.exe


LAST_CONTROL_TRANSFER: from bf85b749 to bf837446


STACK_TEXT:  

b2ac2c08 bf85b749 b2ac2c30 00000001 b2ac2c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a

b2ac2c28 bf952265 00000078 00000000 b2ac2d1c win32k!RFONTOBJ::hgXlat+0x19

b2ac2cc4 bf949076 e110e550 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9

b2ac2d3c 8053d648 44010cc5 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85

b2ac2d3c 7c90e514 44010cc5 00000078 00000000 nt!KiFastCallEntry+0xf8

WARNING: Frame IP not in any known module. Following frames may be wrong.

00aff204 00000000 00000000 00000000 00000000 0x7c90e514



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090206-1234

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Wed Oct 14 21:42:05.225 2009 (GMT+1)

System Uptime: 0 days 0:02:45.362

Loading Kernel Symbols

...............................................................

........................................................

Loading User Symbols

Loading unloaded module list

.........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 10000050, {e272e360, 0, bf837265, 1}



Could not read faulting driver name

Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+1b8 )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: e272e360, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: bf837265, If non-zero, the instruction address which referenced the bad memory

	address.

Arg4: 00000001, (reserved)


Debugging Details:

------------------



Could not read faulting driver name


READ_ADDRESS: e272e360 


FAULTING_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+1b8

bf837265 663b54c710 cmp dx,word ptr [edi+eax*8+10h]


MM_INTERNAL_CODE: 1


CUSTOMER_CRASH_COUNT: 2


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x50


PROCESS_NAME: firefox.exe


LAST_CONTROL_TRANSFER: from bf952c30 to bf837265


STACK_TEXT:  

b21e06c8 bf952c30 e163c042 0000001d e1ff5d38 win32k!RFONTOBJ::vXlatGlyphArray+0x1b8

b21e06fc bf94a2c6 e20fc008 e163c03e e1042008 win32k!GreGetGlyphIndicesW+0xa6

b21e0798 bf94a342 030108cc 0012bffc 0000001f win32k!NtGdiGetGlyphIndicesWInternal+0xf2

b21e07b8 8053d648 030108cc 0012bffc 0000001f win32k!NtGdiGetGlyphIndicesW+0x1b

b21e07b8 7c90e514 030108cc 0012bffc 0000001f nt!KiFastCallEntry+0xf8

WARNING: Frame IP not in any known module. Following frames may be wrong.

0012bf40 00000000 00000000 00000000 00000000 0x7c90e514



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+1b8

bf837265 663b54c710 cmp dx,word ptr [edi+eax*8+10h]


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+1b8


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+1b8


BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+1b8


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090804-1435

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Sun Oct 18 16:08:21.988 2009 (GMT+1)

System Uptime: 1 days 4:56:47.919

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

.......................................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 10000050, {e135601c, 0, bf837446, 1}



Could not read faulting driver name

Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: e135601c, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory

	address.

Arg4: 00000001, (reserved)


Debugging Details:

------------------



Could not read faulting driver name


READ_ADDRESS: e135601c 


FAULTING_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


MM_INTERNAL_CODE: 1


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x50


PROCESS_NAME: chrome.exe


LAST_CONTROL_TRANSFER: from bf85b749 to bf837446


STACK_TEXT:  

b1dd3c08 bf85b749 b1dd3c30 00000001 b1dd3c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a

b1dd3c28 bf952265 00000078 00000000 b1dd3d1c win32k!RFONTOBJ::hgXlat+0x19

b1dd3cc4 bf949076 e185e008 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9

b1dd3d3c 8053d648 0e010705 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85

b1dd3d3c 7c90e514 0e010705 00000078 00000000 nt!KiFastCallEntry+0xf8

WARNING: Frame IP not in any known module. Following frames may be wrong.

00aff304 00000000 00000000 00000000 00000000 0x7c90e514



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090804-1435

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Mon Oct 19 09:13:00.104 2009 (GMT+1)

System Uptime: 0 days 7:28:59.293

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

..........

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000008E, {c0000005, bf8124d9, b1f0333c, 0}


Probably caused by : win32k.sys ( win32k!ESTROBJ::vInit+43 )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: bf8124d9, The address that the exception occurred at

Arg3: b1f0333c, Trap Frame

Arg4: 00000000


Debugging Details:

------------------



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".


FAULTING_IP: 

win32k!ESTROBJ::vInit+43

bf8124d9 f6410410 test byte ptr [ecx+4],10h


TRAP_FRAME: b1f0333c -- (.trap 0xffffffffb1f0333c)

ErrCode = 00000000

eax=00000400 ebx=b1f03680 ecx=00000000 edx=e1f85008 esi=b1f0343c edi=00000000

eip=bf8124d9 esp=b1f033b0 ebp=b1f033c4 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206

win32k!ESTROBJ::vInit+0x43:

bf8124d9 f6410410 test byte ptr [ecx+4],10h ds:0023:00000004=??

Resetting default scope


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x8E


PROCESS_NAME: firefox.exe


LAST_CONTROL_TRANSFER: from bf8118a2 to bf8124d9


STACK_TEXT:  

b1f033c4 bf8118a2 7ffdf22c 00000008 b1f03908 win32k!ESTROBJ::vInit+0x43

b1f03668 bf812ff9 b1f03908 00000020 00000068 win32k!GreExtTextOutWLocked+0x666

b1f037d0 bf80c694 b1f03908 7ffdf1dc 000000a4 win32k!GreBatchTextOut+0x344

b1f03924 8053d61a 000000fc 0012c558 0012c570 win32k!NtGdiFlushUserBatch+0x11b

b1f039b4 b2d58b42 82ffd1e8 4000027f 05580000 nt!KiFastCallEntry+0xca

b1f039c4 606becff 00000000 0012f054 00000000 tcpip!InsertIntoTimerWheel+0xac

WARNING: Frame IP not in any known module. Following frames may be wrong.

b1f039cc 0012f054 00000000 00001fa3 0000ffff 0x606becff

00000000 00000000 00000000 00000000 00000000 0x12f054



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!ESTROBJ::vInit+43

bf8124d9 f6410410 test byte ptr [ecx+4],10h


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!ESTROBJ::vInit+43


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43


BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090804-1435

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Thu Oct 22 19:48:56.525 2009 (GMT+1)

System Uptime: 0 days 12:10:14.487

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

.......................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 10000050, {e130201c, 0, bf837446, 1}



Could not read faulting driver name

Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or it

is pointing at freed memory.

Arguments:

Arg1: e130201c, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory

	address.

Arg4: 00000001, (reserved)


Debugging Details:

------------------



Could not read faulting driver name


READ_ADDRESS: e130201c 


FAULTING_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


MM_INTERNAL_CODE: 1


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x50


PROCESS_NAME: chrome.exe


LAST_CONTROL_TRANSFER: from bf85b749 to bf837446


STACK_TEXT:  

b130fc08 bf85b749 b130fc30 00000001 b130fc24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a

b130fc28 bf952265 00000078 00000000 b130fd1c win32k!RFONTOBJ::hgXlat+0x19

b130fcc4 bf949076 e1fddd08 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9

b130fd3c 8053d648 fd010ae7 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85

b130fd3c 7c90e514 fd010ae7 00000078 00000000 nt!KiFastCallEntry+0xf8

WARNING: Frame IP not in any known module. Following frames may be wrong.

00afefcc 00000000 00000000 00000000 00000000 0x7c90e514



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!RFONTOBJ::vXlatGlyphArray+5a

bf837446 8b470c mov eax,dword ptr [edi+0Ch]


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090804-1435

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Tue Oct 27 18:01:18.958 2009 (GMT+1)

System Uptime: 2 days 16:13:07.716

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

..................................................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000008E, {c0000005, bf952c39, b10e0c00, 0}


Probably caused by : win32k.sys ( win32k!GreGetGlyphIndicesW+af )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: bf952c39, The address that the exception occurred at

Arg3: b10e0c00, Trap Frame

Arg4: 00000000


Debugging Details:

------------------



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".


FAULTING_IP: 

win32k!GreGetGlyphIndicesW+af

bf952c39 8b4004 mov eax,dword ptr [eax+4]


TRAP_FRAME: b10e0c00 -- (.trap 0xffffffffb10e0c00)

ErrCode = 00000000

eax=00000000 ebx=00000100 ecx=0000000c edx=e2986814 esi=e1654000 edi=e2986418

eip=bf952c39 esp=b10e0c74 ebp=b10e0c8c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246

win32k!GreGetGlyphIndicesW+0xaf:

bf952c39 8b4004 mov eax,dword ptr [eax+4] ds:0023:00000004=????????

Resetting default scope


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x8E


PROCESS_NAME: chrome.exe


LAST_CONTROL_TRANSFER: from bf94a2c6 to bf952c39


STACK_TEXT:  

b10e0c8c bf94a2c6 e2122008 e1654200 e174fd08 win32k!GreGetGlyphIndicesW+0xaf

b10e0d28 bf94a342 ba010807 00afe990 00000100 win32k!NtGdiGetGlyphIndicesWInternal+0xf2

b10e0d48 8053d648 ba010807 00afe990 00000100 win32k!NtGdiGetGlyphIndicesW+0x1b

b10e0d48 7c90e514 ba010807 00afe990 00000100 nt!KiFastCallEntry+0xf8

WARNING: Frame IP not in any known module. Following frames may be wrong.

00afe720 00000000 00000000 00000000 00000000 0x7c90e514



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!GreGetGlyphIndicesW+af

bf952c39 8b4004 mov eax,dword ptr [eax+4]


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!GreGetGlyphIndicesW+af


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x8E_win32k!GreGetGlyphIndicesW+af


BUCKET_ID: 0x8E_win32k!GreGetGlyphIndicesW+af


Followup: MachineOwner

---------

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols

Executable search path is: 

Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.090804-1435

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040

Debug session time: Fri Oct 30 10:45:15.512 2009 (GMT+1)

System Uptime: 0 days 7:31:41.730

Loading Kernel Symbols

...............................................................

.........................................................

Loading User Symbols

Loading unloaded module list

........................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 1000008E, {c0000005, bf8124d9, b200e08c, 0}


Probably caused by : win32k.sys ( win32k!ESTROBJ::vInit+43 )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)

This is a very common bugcheck. Usually the exception address pinpoints

the driver/function that caused the problem. Always note this address

as well as the link date of the driver/image that contains this address.

Some common problems are exception code 0x80000003. This means a hard

coded breakpoint or assertion was hit, but this system was booted

/NODEBUG. This is not supposed to happen as developers should never have

hardcoded breakpoints in retail code, but ...

If this happens, make sure a debugger gets connected, and the

system is booted /DEBUG. This will let us see why this breakpoint is

happening.

Arguments:

Arg1: c0000005, The exception code that was not handled

Arg2: bf8124d9, The address that the exception occurred at

Arg3: b200e08c, Trap Frame

Arg4: 00000000


Debugging Details:

------------------



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".


FAULTING_IP: 

win32k!ESTROBJ::vInit+43

bf8124d9 f6410410 test byte ptr [ecx+4],10h


TRAP_FRAME: b200e08c -- (.trap 0xffffffffb200e08c)

ErrCode = 00000000

eax=00000000 ebx=b200e3d0 ecx=00000000 edx=e23ed7e8 esi=b200e18c edi=00000000

eip=bf8124d9 esp=b200e100 ebp=b200e114 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246

win32k!ESTROBJ::vInit+0x43:

bf8124d9 f6410410 test byte ptr [ecx+4],10h ds:0023:00000004=??

Resetting default scope


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT


BUGCHECK_STR: 0x8E


PROCESS_NAME: pidgin.exe


LAST_CONTROL_TRANSFER: from bf8118a2 to bf8124d9


STACK_TEXT:  

b200e114 bf8118a2 7ffdf22c 00000013 b200e658 win32k!ESTROBJ::vInit+0x43

b200e3b8 bf812ff9 b200e658 0000001a 00000008 win32k!GreExtTextOutWLocked+0x666

b200e520 bf80c694 b200e658 7ffdf1dc 0000007c win32k!GreBatchTextOut+0x344

b200e674 8053d61a 00000091 0022e68c 0022e6ac win32k!NtGdiFlushUserBatch+0x11b

b200e700 805ba7ce 82bacb00 831eb000 4020037f nt!KiFastCallEntry+0xca

b200e8b4 bf813f1c bc657b48 4020037f 035d0000 nt!ObQueryNameString+0xe0

bf813dcf 90909090 83e8658b 33fffc4d 3be0ebc0 win32k!xxxSendMessageToClient+0x176

WARNING: Frame IP not in any known module. Following frames may be wrong.

bf813def 812a578b 003fffe2 fa816600 820f02a1 0x90909090

bf813df3 003fffe2 fa816600 820f02a1 000000d4 0x812a578b

bf813df7 fa816600 820f02a1 000000d4 a9fa8166 0x3fffe2

bf813dfb 820f02a1 000000d4 a9fa8166 c9870f02 0xfa816600

bf813dff 00000000 a9fa8166 c9870f02 0f000000 0x820f02a1



STACK_COMMAND: kb


FOLLOWUP_IP: 

win32k!ESTROBJ::vInit+43

bf8124d9 f6410410 test byte ptr [ecx+4],10h


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: win32k!ESTROBJ::vInit+43


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572


FAILURE_BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43


BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43


Followup: MachineOwner

---------

Konfiguracja maszynki:

vmhard.png

vmopt.png

Wyczytałem w necie, że problemem tych BSOD'ów może być sprzęt z wieloma procesorami/rdzeniami. Moja VM'ka jest solistą, więc... jakieś pomysły? :slight_smile:


(bachus) #2

Śmierdzi problemem ze sterownikiem ekranu (maszyna wirtualna). Zacznij od instalacji narzędzi vmware. Jak nic nie da- podnieś wersję vmware.


(Prawdzik) #3

Uh, no tak, moja wina. Zapomniałem dodać, że VMware Tools są i to w najnowszej wersji.

Najbardziej mnie intryguje fakt, że minidumpy przepuszczone przez WinDBG wskazują na PROCESS_NAME chrome.exe, pidgin.exe albo firefox.exe. Wszystko związane z siecią.

Sterownik ekranu? A może sieci? Trudno mi to sprawdzić bo zwałki są dość rzadkie. Na razie zrobię tak, że usunę kartę sieciową i dodam jeszcze raz.

Rzeczywiście jest Workstation 7.0.0 :-). Dzięki.


(bachus) #4

Mi to bardziej wygląda jednak na sterownik ekranu (win32k.sys). Taką miewa vmware przywarę przy przenoszeniu instancji na nową wersję. Możesz też sprawdzić, czy po wyłączeniu fizycznie (w konfiguracji maszyny wirtualnej) to nie jest problem k.dźwiękowej/USB.

Z ciekawostek do testowania - ESXi działa na nim pięknie; uprzedzając - vSphere bardzo topornie działa w Windows7 (trzeba sporo szcztuczek zrobić...), ew. uruchamiać przez XP mode (lub inną instancję vmware --> Windows XP/Windows 2003).