Nie wiem jak sobie z takim oto problemem poradzić, więc proszę o pomoc.
Sytuacja przedstawia się następująco. Używam zwirtulizowanego ikspeka do ogólnego surfowania po sieci. Czasami pojawiają mi się BSOD’y.
Programowo wygląda to tak:
-
system macierzysty (host) kiedyś Windows Vista Professional x64 z SP, a teraz Windows 7 Professional x64,
-
system zwirtualizowany (guest) to Windows XP Professional x32 z zainstalowanym Service Pack 3,
-
a to wszystko z użyciem VMware Workstation 6.5.2 build-156735.
Problem dotyczy gościa, więc kilka słów o tymże. Zazwyczaj działające programy to przeglądarki Chrome (ta od Google) i Fire Fox oraz komunikator Pidgin. Wyjątkowo zdarza się odpalić jakieś okienko eksploratora. Generalnie tylko programy sieciowe. Dodatków żadnych nie ma; taka podstawowa instalacja WinXP. Nawet Acrobat Readera nie ma…
Dodam jeszcze, że wszystkie wersje Windows są oryginalne (MSDNAA) i zaktualizowane. Antywirusy (na host i guest) to Security Essentials od MS.
Poniżej siedem sesji z WinDBG i minidumpów.
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Wed Oct 14 21:39:12.420 2009 (GMT+1)
System Uptime: 0 days 18:51:20.185
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
...........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e272c024, 0, bf837446, 1}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e272c024, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e272c024
FAULTING_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: chrome.exe
LAST_CONTROL_TRANSFER: from bf85b749 to bf837446
STACK_TEXT:
b2ac2c08 bf85b749 b2ac2c30 00000001 b2ac2c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a
b2ac2c28 bf952265 00000078 00000000 b2ac2d1c win32k!RFONTOBJ::hgXlat+0x19
b2ac2cc4 bf949076 e110e550 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9
b2ac2d3c 8053d648 44010cc5 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85
b2ac2d3c 7c90e514 44010cc5 00000078 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00aff204 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090206-1234
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Wed Oct 14 21:42:05.225 2009 (GMT+1)
System Uptime: 0 days 0:02:45.362
Loading Kernel Symbols
...............................................................
........................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e272e360, 0, bf837265, 1}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+1b8 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e272e360, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf837265, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e272e360
FAULTING_IP:
win32k!RFONTOBJ::vXlatGlyphArray+1b8
bf837265 663b54c710 cmp dx,word ptr [edi+eax*8+10h]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 2
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from bf952c30 to bf837265
STACK_TEXT:
b21e06c8 bf952c30 e163c042 0000001d e1ff5d38 win32k!RFONTOBJ::vXlatGlyphArray+0x1b8
b21e06fc bf94a2c6 e20fc008 e163c03e e1042008 win32k!GreGetGlyphIndicesW+0xa6
b21e0798 bf94a342 030108cc 0012bffc 0000001f win32k!NtGdiGetGlyphIndicesWInternal+0xf2
b21e07b8 8053d648 030108cc 0012bffc 0000001f win32k!NtGdiGetGlyphIndicesW+0x1b
b21e07b8 7c90e514 030108cc 0012bffc 0000001f nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012bf40 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!RFONTOBJ::vXlatGlyphArray+1b8
bf837265 663b54c710 cmp dx,word ptr [edi+eax*8+10h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+1b8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+1b8
BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+1b8
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Sun Oct 18 16:08:21.988 2009 (GMT+1)
System Uptime: 1 days 4:56:47.919
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
.......................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e135601c, 0, bf837446, 1}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e135601c, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e135601c
FAULTING_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: chrome.exe
LAST_CONTROL_TRANSFER: from bf85b749 to bf837446
STACK_TEXT:
b1dd3c08 bf85b749 b1dd3c30 00000001 b1dd3c24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a
b1dd3c28 bf952265 00000078 00000000 b1dd3d1c win32k!RFONTOBJ::hgXlat+0x19
b1dd3cc4 bf949076 e185e008 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9
b1dd3d3c 8053d648 0e010705 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85
b1dd3d3c 7c90e514 0e010705 00000078 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00aff304 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Mon Oct 19 09:13:00.104 2009 (GMT+1)
System Uptime: 0 days 7:28:59.293
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf8124d9, b1f0333c, 0}
Probably caused by : win32k.sys ( win32k!ESTROBJ::vInit+43 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8124d9, The address that the exception occurred at
Arg3: b1f0333c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!ESTROBJ::vInit+43
bf8124d9 f6410410 test byte ptr [ecx+4],10h
TRAP_FRAME: b1f0333c -- (.trap 0xffffffffb1f0333c)
ErrCode = 00000000
eax=00000400 ebx=b1f03680 ecx=00000000 edx=e1f85008 esi=b1f0343c edi=00000000
eip=bf8124d9 esp=b1f033b0 ebp=b1f033c4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
win32k!ESTROBJ::vInit+0x43:
bf8124d9 f6410410 test byte ptr [ecx+4],10h ds:0023:00000004=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: firefox.exe
LAST_CONTROL_TRANSFER: from bf8118a2 to bf8124d9
STACK_TEXT:
b1f033c4 bf8118a2 7ffdf22c 00000008 b1f03908 win32k!ESTROBJ::vInit+0x43
b1f03668 bf812ff9 b1f03908 00000020 00000068 win32k!GreExtTextOutWLocked+0x666
b1f037d0 bf80c694 b1f03908 7ffdf1dc 000000a4 win32k!GreBatchTextOut+0x344
b1f03924 8053d61a 000000fc 0012c558 0012c570 win32k!NtGdiFlushUserBatch+0x11b
b1f039b4 b2d58b42 82ffd1e8 4000027f 05580000 nt!KiFastCallEntry+0xca
b1f039c4 606becff 00000000 0012f054 00000000 tcpip!InsertIntoTimerWheel+0xac
WARNING: Frame IP not in any known module. Following frames may be wrong.
b1f039cc 0012f054 00000000 00001fa3 0000ffff 0x606becff
00000000 00000000 00000000 00000000 00000000 0x12f054
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!ESTROBJ::vInit+43
bf8124d9 f6410410 test byte ptr [ecx+4],10h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!ESTROBJ::vInit+43
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43
BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Thu Oct 22 19:48:56.525 2009 (GMT+1)
System Uptime: 0 days 12:10:14.487
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 10000050, {e130201c, 0, bf837446, 1}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!RFONTOBJ::vXlatGlyphArray+5a )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e130201c, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: bf837446, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: e130201c
FAULTING_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: chrome.exe
LAST_CONTROL_TRANSFER: from bf85b749 to bf837446
STACK_TEXT:
b130fc08 bf85b749 b130fc30 00000001 b130fc24 win32k!RFONTOBJ::vXlatGlyphArray+0x5a
b130fc28 bf952265 00000078 00000000 b130fd1c win32k!RFONTOBJ::hgXlat+0x19
b130fcc4 bf949076 e1fddd08 00000078 00000000 win32k!GreGetGlyphOutlineInternal+0xa9
b130fd3c 8053d648 fd010ae7 00000078 00000000 win32k!NtGdiGetGlyphOutline+0x85
b130fd3c 7c90e514 fd010ae7 00000078 00000000 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00afefcc 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!RFONTOBJ::vXlatGlyphArray+5a
bf837446 8b470c mov eax,dword ptr [edi+0Ch]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!RFONTOBJ::vXlatGlyphArray+5a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
BUCKET_ID: 0x50_win32k!RFONTOBJ::vXlatGlyphArray+5a
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Tue Oct 27 18:01:18.958 2009 (GMT+1)
System Uptime: 2 days 16:13:07.716
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf952c39, b10e0c00, 0}
Probably caused by : win32k.sys ( win32k!GreGetGlyphIndicesW+af )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf952c39, The address that the exception occurred at
Arg3: b10e0c00, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!GreGetGlyphIndicesW+af
bf952c39 8b4004 mov eax,dword ptr [eax+4]
TRAP_FRAME: b10e0c00 -- (.trap 0xffffffffb10e0c00)
ErrCode = 00000000
eax=00000000 ebx=00000100 ecx=0000000c edx=e2986814 esi=e1654000 edi=e2986418
eip=bf952c39 esp=b10e0c74 ebp=b10e0c8c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!GreGetGlyphIndicesW+0xaf:
bf952c39 8b4004 mov eax,dword ptr [eax+4] ds:0023:00000004=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: chrome.exe
LAST_CONTROL_TRANSFER: from bf94a2c6 to bf952c39
STACK_TEXT:
b10e0c8c bf94a2c6 e2122008 e1654200 e174fd08 win32k!GreGetGlyphIndicesW+0xaf
b10e0d28 bf94a342 ba010807 00afe990 00000100 win32k!NtGdiGetGlyphIndicesWInternal+0xf2
b10e0d48 8053d648 ba010807 00afe990 00000100 win32k!NtGdiGetGlyphIndicesW+0x1b
b10e0d48 7c90e514 ba010807 00afe990 00000100 nt!KiFastCallEntry+0xf8
WARNING: Frame IP not in any known module. Following frames may be wrong.
00afe720 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!GreGetGlyphIndicesW+af
bf952c39 8b4004 mov eax,dword ptr [eax+4]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!GreGetGlyphIndicesW+af
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x8E_win32k!GreGetGlyphIndicesW+af
BUCKET_ID: 0x8E_win32k!GreGetGlyphIndicesW+af
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbole*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.090804-1435
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Fri Oct 30 10:45:15.512 2009 (GMT+1)
System Uptime: 0 days 7:31:41.730
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000008E, {c0000005, bf8124d9, b200e08c, 0}
Probably caused by : win32k.sys ( win32k!ESTROBJ::vInit+43 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8124d9, The address that the exception occurred at
Arg3: b200e08c, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!ESTROBJ::vInit+43
bf8124d9 f6410410 test byte ptr [ecx+4],10h
TRAP_FRAME: b200e08c -- (.trap 0xffffffffb200e08c)
ErrCode = 00000000
eax=00000000 ebx=b200e3d0 ecx=00000000 edx=e23ed7e8 esi=b200e18c edi=00000000
eip=bf8124d9 esp=b200e100 ebp=b200e114 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
win32k!ESTROBJ::vInit+0x43:
bf8124d9 f6410410 test byte ptr [ecx+4],10h ds:0023:00000004=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: pidgin.exe
LAST_CONTROL_TRANSFER: from bf8118a2 to bf8124d9
STACK_TEXT:
b200e114 bf8118a2 7ffdf22c 00000013 b200e658 win32k!ESTROBJ::vInit+0x43
b200e3b8 bf812ff9 b200e658 0000001a 00000008 win32k!GreExtTextOutWLocked+0x666
b200e520 bf80c694 b200e658 7ffdf1dc 0000007c win32k!GreBatchTextOut+0x344
b200e674 8053d61a 00000091 0022e68c 0022e6ac win32k!NtGdiFlushUserBatch+0x11b
b200e700 805ba7ce 82bacb00 831eb000 4020037f nt!KiFastCallEntry+0xca
b200e8b4 bf813f1c bc657b48 4020037f 035d0000 nt!ObQueryNameString+0xe0
bf813dcf 90909090 83e8658b 33fffc4d 3be0ebc0 win32k!xxxSendMessageToClient+0x176
WARNING: Frame IP not in any known module. Following frames may be wrong.
bf813def 812a578b 003fffe2 fa816600 820f02a1 0x90909090
bf813df3 003fffe2 fa816600 820f02a1 000000d4 0x812a578b
bf813df7 fa816600 820f02a1 000000d4 a9fa8166 0x3fffe2
bf813dfb 820f02a1 000000d4 a9fa8166 c9870f02 0xfa816600
bf813dff 00000000 a9fa8166 c9870f02 0f000000 0x820f02a1
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!ESTROBJ::vInit+43
bf8124d9 f6410410 test byte ptr [ecx+4],10h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!ESTROBJ::vInit+43
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49e87572
FAILURE_BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43
BUCKET_ID: 0x8E_win32k!ESTROBJ::vInit+43
Followup: MachineOwner
---------
Konfiguracja maszynki:
Wyczytałem w necie, że problemem tych BSOD’ów może być sprzęt z wieloma procesorami/rdzeniami. Moja VM’ka jest solistą, więc… jakieś pomysły? 