New
#1
Frequent BSODs on Optiplex 9020, c0000005 (BugCheck, 3B)
We recently received a ticket stating a user had a Dell Optiplex 9020 device that has been blue screening off and on for several months. The ticket notes indicate the device has been completely reimaged several times, the HDD, system board, and RAM have apparently all been previously replaced, yet the blue screen events continue to happen. This device is running Windows 7 Enterprise, 64 bit. As the device was recently reimaged again by service desk staff we only have 2 dump files available at the moment.
System Specs:
Dell Optiplex 9020
Processor: Intel(R) Core(TM) i5-4590S CPU @ 3.00GHz
Memory: DUAL IN-LINE MEMORY MODULE, 4G, 1600, 1RX8, 4G, DDR3L, U
500GB HDD: ST500LM0 24-1RS152 SCSI Disk Device
I am looking for two things in this post. Assistance determining the issue if possible and if you have the time, a brief explanation as to how you are coming to your conclusion (or at the very least a recommendation on where I can begin to research advanced crash dump analysis troubleshooting procedures - everything I've looked at is very basic with limited detail). The reason for the second bit is that I will most likely begin getting more and more of these crash dump tickets and I'd like to become self sufficient in troubleshooting the issue as soon as possible (my background is networking).
I've attached the dmp files we have on hand for review and below is a bug check analysis of the most recent dmp file for the device. Any help or recommendations for self learning will be greatly appreciated.
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff960001cdf95, fffff8800d6f4d10, 0} Probably caused by : win32k.sys ( win32k!xxxUpdateWindow2+159 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff960001cdf95, Address of the instruction which caused the bugcheck Arg3: fffff8800d6f4d10, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 7601.24024.amd64fre.win7sp1_ldr.180112-0600 SYSTEM_MANUFACTURER: Dell Inc. SYSTEM_PRODUCT_NAME: OptiPlex 9020 SYSTEM_SKU: 05A4 SYSTEM_VERSION: 00 BIOS_VENDOR: Dell Inc. BIOS_VERSION: A15 BIOS_DATE: 11/08/2015 BASEBOARD_MANUFACTURER: Dell Inc. BASEBOARD_PRODUCT: 0KC9NP BASEBOARD_VERSION: A01 DUMP_TYPE: 1 BUGCHECK_P1: c0000005 BUGCHECK_P2: fffff960001cdf95 BUGCHECK_P3: fffff8800d6f4d10 BUGCHECK_P4: 0 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. FAULTING_IP: win32k!xxxUpdateWindow2+159 fffff960`001cdf95 488b4210 mov rax,qword ptr [rdx+10h] CONTEXT: fffff8800d6f4d10 -- (.cxr 0xfffff8800d6f4d10) rax=0000000000000000 rbx=fffff900c064fbe0 rcx=fffffa8008e4b090 rdx=0000000000000035 rsi=0000000000000005 rdi=0000000000000001 rip=fffff960001cdf95 rsp=fffff8800d6f56e0 rbp=0000000074d82450 r8=000000000000000b r9=fffff900c064fbe0 r10=fffff900c3239c10 r11=fffff8800d6f5720 r12=0000000001040059 r13=0000000000000000 r14=0000000000000000 r15=0000000074d82450 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00210206 win32k!xxxUpdateWindow2+0x159: fffff960`001cdf95 488b4210 mov rax,qword ptr [rdx+10h] ds:002b:00000000`00000045=???????????????? Resetting default scope CPU_COUNT: 4 CPU_MHZ: bb1 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1C'00000000 (cache) 1C'00000000 (init) DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: OUTLOOK.EXE CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: Dutch ANALYSIS_SESSION_TIME: 03-08-2018 18:48:20.0881 ANALYSIS_VERSION: 10.0.16299.91 amd64fre LAST_CONTROL_TRANSFER: from fffff960001ce066 to fffff960001cdf95 STACK_TEXT: fffff880`0d6f56e0 fffff960`001ce066 : fffff900`c064fbe0 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x159 fffff880`0d6f5750 fffff960`001ce066 : fffff900`c06a0340 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a fffff880`0d6f57c0 fffff960`001ce066 : fffff900`c064b050 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a fffff880`0d6f5830 fffff960`001ce066 : fffff900`c064af20 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a fffff880`0d6f58a0 fffff960`001ce066 : fffff900`c0688df0 00000000`00000001 00000000`74d82450 00000000`00000001 : win32k!xxxUpdateWindow2+0x22a fffff880`0d6f5910 fffff960`000e8083 : 00000000`00000001 00000000`00000000 00000000`01040059 00000000`00001100 : win32k!xxxUpdateWindow2+0x22a fffff880`0d6f5980 fffff960`000f6a20 : 00000000`74d82450 fffff900`c06cc7f0 fffff880`0d6f5b60 00000000`00001100 : win32k!xxxInternalInvalidate+0x1c3 fffff880`0d6f5a00 fffff960`001814c1 : 00000000`00000000 00000000`00000000 fffff880`0d6f5b60 fffff800`02eba27a : win32k!xxxRedrawWindow+0x1a0 fffff880`0d6f5a60 fffff800`02f0e183 : fffffa80`041d57c0 00000000`00000000 00000000`00000100 fffffa80`0485c072 : win32k!NtUserRedrawWindow+0xe9 fffff880`0d6f5ae0 00000000`74d82e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0021e548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74d82e09 THREAD_SHA1_HASH_MOD_FUNC: f4dc43cb7127c9a01220f6425f3bdace4290c815 THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 8a9d5666cc7e07afad08193a76a13774fa647b70 THREAD_SHA1_HASH_MOD: 766ae2b51d3357130c9dab0c50b66d9c95b145fc FOLLOWUP_IP: win32k!xxxUpdateWindow2+159 fffff960`001cdf95 488b4210 mov rax,qword ptr [rdx+10h] FAULT_INSTR_CODE: 10428b48 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: win32k!xxxUpdateWindow2+159 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5a578c0b IMAGE_VERSION: 6.1.7601.24023 STACK_COMMAND: .cxr 0xfffff8800d6f4d10 ; kb FAILURE_BUCKET_ID: X64_0x3B_win32k!xxxUpdateWindow2+159 BUCKET_ID: X64_0x3B_win32k!xxxUpdateWindow2+159 PRIMARY_PROBLEM_CLASS: X64_0x3B_win32k!xxxUpdateWindow2+159 TARGET_TIME: 2018-03-08T13:20:27.000Z OSBUILD: 7601 OSSERVICEPACK: 1000 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 7 OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2018-01-12 11:03:32 BUILDDATESTAMP_STR: 180112-0600 BUILDLAB_STR: win7sp1_ldr BUILDOSVER_STR: 6.1.7601.24024.amd64fre.win7sp1_ldr.180112-0600 ANALYSIS_SESSION_ELAPSED_TIME: 36a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:x64_0x3b_win32k!xxxupdatewindow2+159 FAILURE_ID_HASH: {93cd272a-e827-d466-3a2b-0403a6b1ef90} Followup: MachineOwner ---------