Solved BSOD Using Firefox, Win32k.sys related

[Steve123D]

I have installed a brand new SSD as of Friday night (31/5/13) and all was working well until last night after the last windows updates and other 3rd party drivers where installed. Now I can't run Firefox for anything longer than a few minutes before it crashes to BSOD. I'm using IE 10 to get around the issue.

From what I've read on the forums the major culprit is Win32K.sys. However, as it was working properly before Saturday nights installs I tend to think it is something to do with Updates or other drivers.

The Firefox forum mentions this crash some years ago as being related to windows fonts. I'm not sure why this would be the problem but when you click on Fonts in Control Panel it certainly blue screens real quick.

Any ideas would be appreciated.

 

[VistaKing]

Steve123D welcome to SevenForums

Take a look at the link below to upload the .dmp file(s)

:ar: http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html

 

[Steve123D]

would love to except IE now doesn't load now... It's now part of the problem. I will run a virus scan to see if that has some answers.

 

[Steve123D]

Installed Google Chrome to get around the problem. IE doesn't load and Firefox crashes. No identified viruses. Hope this helps.

 

[VistaKing]

Do you have the updated SSD firmware ?

 

[centaur78]

Steve

It looks like a font issue based on the last dump files (060213-10124-01.dmp and 060213-10046-01.dmp)

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff900c077a000, 1, fffff96000032344, 0}


Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!sfac_GetLongGlyphIDs+84 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c077a000, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff96000032344, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003303100
GetUlongFromAddress: unable to read from fffff800033031c0
 fffff900c077a000 

FAULTING_IP: 
win32k!sfac_GetLongGlyphIDs+84
fffff960`00032344 44891e          mov     dword ptr [rsi],r11d

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  csrss.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800a666c80 -- (.trap 0xfffff8800a666c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000031f0301 rbx=0000000000000000 rcx=0000000000000092
rdx=0000000000000301 rsi=0000000000000000 rdi=0000000000000000
rip=fffff96000032344 rsp=fffff8800a666e10 rbp=00000000000000e9
 r8=0000000000000301  r9=00000000031f1b14 r10=00000000000000e9
r11=0000000000000301 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
win32k!sfac_GetLongGlyphIDs+0x84:
fffff960`00032344 44891e          mov     dword ptr [rsi],r11d ds:00000000`00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003149be0 to fffff800030cbc00

STACK_TEXT:  
fffff880`0a666b18 fffff800`03149be0 : 00000000`00000050 fffff900`c077a000 00000000`00000001 fffff880`0a666c80 : nt!KeBugCheckEx
fffff880`0a666b20 fffff800`030c9d2e : 00000000`00000001 fffff900`c077a000 00000000`00000000 00000000`0000344c : nt! ?? ::FNODOBFM::`string'+0x4518f
fffff880`0a666c80 fffff960`00032344 : 00000000`0000344c fffff900`c077a000 00000000`0000ffff fffff960`00031ca8 : nt!KiPageFault+0x16e
fffff880`0a666e10 fffff960`0003228b : fffff960`000326e4 00000000`00000096 00000000`0000047b 00000000`0000349f :[COLOR="Red"] win32k!sfac_GetLongGlyphIDs+0x84[/COLOR]
fffff880`0a666e60 fffff960`000321ba : 00000000`031f19e4 00000000`0000349f 00000000`000011f8 00000000`000011f8 : win32k!sfac_GetWinNTGlyphIDs+0xbb
fffff880`0a666ed0 fffff960`0003208a : 00000000`00000000 00000000`00000000 00000000`031f7bc6 00000000`00001218 : win32k!fs_WinNTGetGlyphIDs+0x6a
fffff880`0a666f20 fffff960`00031de8 : 00000000`031f7bc6 fffff880`0a667060 00000000`00003534 00000000`031f0096 : win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x252
fffff880`0a666fe0 fffff960`0002915b : fffff900`c24f1740 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0xf8
fffff880`0a667010 fffff960`000292fa : fffff900`c24f1740 fffff900`00000001 fffff900`c24f1740 fffff960`0019c344 : win32k!bReloadGlyphSet+0x24b
fffff880`0a6676d0 fffff960`00029252 : 00000000`00000000 fffff900`c24f1740 fffff900`00000001 fffff900`c1e80cc4 :[COLOR="red"] win32k!ttfdQueryFontTree+0x66[/COLOR]
fffff880`0a667720 fffff960`000760d7 : fffff960`000291f8 fffff900`c24f1aa0 00000000`00000001 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x5a
fffff880`0a667760 fffff960`00075f83 : fffff880`0a667870 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`0a6677e0 fffff960`0003003e : fffff900`c008a010 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!PFEOBJ::pfdg+0xa3
fffff880`0a667840 fffff960`0008a750 : fffff900`c1e80bb0 fffff880`0a667ad0 fffff880`0a6679d0 fffff880`0a667b20 : win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`0a667960 fffff960`0005b151 : 00000000`10010000 fffff900`00000000 0000067d`00000000 00000000`00000002 : win32k!RFONTOBJ::bInit+0x548
fffff880`0a667a80 fffff960`0005b0db : fffff900`c0081000 fffff880`0a667ca0 00000000`322f534f 00000000`00000000 : [COLOR="red"]win32k!ulGetFontData2+0x31[/COLOR]
fffff880`0a667af0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!ulGetFontData+0x7f


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!sfac_GetLongGlyphIDs+84
fffff960`00032344 44891e          mov     dword ptr [rsi],r11d

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k!sfac_GetLongGlyphIDs+84

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5164dccb

FAILURE_BUCKET_ID:  X64_0x50_win32k!sfac_GetLongGlyphIDs+84

BUCKET_ID:  X64_0x50_win32k!sfac_GetLongGlyphIDs+84

Followup: MachineOwner

Looking at the others as well ... here's what you can do...

1.) Have you installed any new fonts .. if so delete it .. you could do this is safe mode... by going into Windows/fonts folder and deleting any recent fonts that was installed...

2.) You can recreate the Fonts Cache .. this you could do by C:\Windows\System32\FNTCACHE.DAT and deleting this file and rebooting you system... Check to see if this resolves the issue.

This bugcheck can also be caused by antivirus or Graphic drivers as well... in any case i would also suggest you update the graphic drivers to the latest and remove Norton antivirus (also known to cause BSOD here to lot of people) and install Microsoft security Essential

Do these and let me know.

 

[Steve123D]

1. Firmware was updated to the latest prior to th eproblem.
2. Deleted fntcache.dat and Firefox, Control Panel/Fonts rubn without problem
3. IE still doesn't open... 2 out of 3 aint bad.

 

[centaur78]

Good to hear that Steve...

for IE .... Click on Start > Run ... type iexplore -extoff . This will start IE with the addons disabled......

If IE starts ... then you would need to look into the addons,and disable those that is not needed.

Let me know

PS: Since you have marked the post as Solved... Please also REP those helped.

 

[Steve123D]

"iexplore -extoff" didn't do the trick. Chrome and Firefox work fine now. Interesting thing is where a program calls to IE such as Catalyst Control Centre to go to the AMD home page then it works.

PS. What does REP mean?

 

[centaur78]

REP means Reputation.

Click on the "Balance" icon on the top right of a post

 

[muhahaa]

Interesting. A while ago I got a bug check with almost same stack trace (at win32k!sfac_GetLongGlyphIDs+0x84). Google also finds more of these. It looks like a buffer overflow vulnerability in win32k.sys, however, it may be caused by a third party driver.

Could you upload a big kernel dump (C:\WINDOWS\MEMORY.DMP) to a file sharing server?