Frequent BSODs on Optiplex 9020, c0000005 (BugCheck, 3B)

A

aka dutch

New member
Local time
4:22 AM
Messages
2
We recently received a ticket stating a user had a Dell Optiplex 9020 device that has been blue screening off and on for several months. The ticket notes indicate the device has been completely reimaged several times, the HDD, system board, and RAM have apparently all been previously replaced, yet the blue screen events continue to happen. This device is running Windows 7 Enterprise, 64 bit. As the device was recently reimaged again by service desk staff we only have 2 dump files available at the moment.

System Specs:
Dell Optiplex 9020
Processor: Intel(R) Core(TM) i5-4590S CPU @ 3.00GHz
Memory: DUAL IN-LINE MEMORY MODULE, 4G, 1600, 1RX8, 4G, DDR3L, U
500GB HDD: ST500LM0 24-1RS152 SCSI Disk Device

I am looking for two things in this post. Assistance determining the issue if possible and if you have the time, a brief explanation as to how you are coming to your conclusion (or at the very least a recommendation on where I can begin to research advanced crash dump analysis troubleshooting procedures - everything I've looked at is very basic with limited detail). The reason for the second bit is that I will most likely begin getting more and more of these crash dump tickets and I'd like to become self sufficient in troubleshooting the issue as soon as possible (my background is networking).

I've attached the dmp files we have on hand for review and below is a bug check analysis of the most recent dmp file for the device. Any help or recommendations for self learning will be greatly appreciated.

Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960001cdf95, fffff8800d6f4d10, 0}

Probably caused by : win32k.sys ( win32k!xxxUpdateWindow2+159 )

Followup:     MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960001cdf95, Address of the instruction which caused the bugcheck
Arg3: fffff8800d6f4d10, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  7601.24024.amd64fre.win7sp1_ldr.180112-0600

SYSTEM_MANUFACTURER:  Dell Inc.

SYSTEM_PRODUCT_NAME:  OptiPlex 9020

SYSTEM_SKU:  05A4

SYSTEM_VERSION:  00

BIOS_VENDOR:  Dell Inc.

BIOS_VERSION:  A15

BIOS_DATE:  11/08/2015

BASEBOARD_MANUFACTURER:  Dell Inc.

BASEBOARD_PRODUCT:  0KC9NP

BASEBOARD_VERSION:  A01

DUMP_TYPE:  1

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff960001cdf95

BUGCHECK_P3: fffff8800d6f4d10

BUGCHECK_P4: 0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

FAULTING_IP: 
win32k!xxxUpdateWindow2+159
fffff960`001cdf95 488b4210        mov     rax,qword ptr [rdx+10h]

CONTEXT:  fffff8800d6f4d10 -- (.cxr 0xfffff8800d6f4d10)
rax=0000000000000000 rbx=fffff900c064fbe0 rcx=fffffa8008e4b090
rdx=0000000000000035 rsi=0000000000000005 rdi=0000000000000001
rip=fffff960001cdf95 rsp=fffff8800d6f56e0 rbp=0000000074d82450
 r8=000000000000000b  r9=fffff900c064fbe0 r10=fffff900c3239c10
r11=fffff8800d6f5720 r12=0000000001040059 r13=0000000000000000
r14=0000000000000000 r15=0000000074d82450
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
win32k!xxxUpdateWindow2+0x159:
fffff960`001cdf95 488b4210        mov     rax,qword ptr [rdx+10h] ds:002b:00000000`00000045=????????????????
Resetting default scope

CPU_COUNT: 4

CPU_MHZ: bb1

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1C'00000000 (cache) 1C'00000000 (init)

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  OUTLOOK.EXE

CURRENT_IRQL:  0

ANALYSIS_SESSION_HOST:  Dutch

ANALYSIS_SESSION_TIME:  03-08-2018 18:48:20.0881

ANALYSIS_VERSION: 10.0.16299.91 amd64fre

LAST_CONTROL_TRANSFER:  from fffff960001ce066 to fffff960001cdf95

STACK_TEXT:  
fffff880`0d6f56e0 fffff960`001ce066 : fffff900`c064fbe0 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x159
fffff880`0d6f5750 fffff960`001ce066 : fffff900`c06a0340 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a
fffff880`0d6f57c0 fffff960`001ce066 : fffff900`c064b050 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a
fffff880`0d6f5830 fffff960`001ce066 : fffff900`c064af20 00000000`00000005 00000000`74d82450 00000000`00000005 : win32k!xxxUpdateWindow2+0x22a
fffff880`0d6f58a0 fffff960`001ce066 : fffff900`c0688df0 00000000`00000001 00000000`74d82450 00000000`00000001 : win32k!xxxUpdateWindow2+0x22a
fffff880`0d6f5910 fffff960`000e8083 : 00000000`00000001 00000000`00000000 00000000`01040059 00000000`00001100 : win32k!xxxUpdateWindow2+0x22a
fffff880`0d6f5980 fffff960`000f6a20 : 00000000`74d82450 fffff900`c06cc7f0 fffff880`0d6f5b60 00000000`00001100 : win32k!xxxInternalInvalidate+0x1c3
fffff880`0d6f5a00 fffff960`001814c1 : 00000000`00000000 00000000`00000000 fffff880`0d6f5b60 fffff800`02eba27a : win32k!xxxRedrawWindow+0x1a0
fffff880`0d6f5a60 fffff800`02f0e183 : fffffa80`041d57c0 00000000`00000000 00000000`00000100 fffffa80`0485c072 : win32k!NtUserRedrawWindow+0xe9
fffff880`0d6f5ae0 00000000`74d82e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0021e548 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74d82e09


THREAD_SHA1_HASH_MOD_FUNC:  f4dc43cb7127c9a01220f6425f3bdace4290c815

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  8a9d5666cc7e07afad08193a76a13774fa647b70

THREAD_SHA1_HASH_MOD:  766ae2b51d3357130c9dab0c50b66d9c95b145fc

FOLLOWUP_IP: 
win32k!xxxUpdateWindow2+159
fffff960`001cdf95 488b4210        mov     rax,qword ptr [rdx+10h]

FAULT_INSTR_CODE:  10428b48

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!xxxUpdateWindow2+159

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5a578c0b

IMAGE_VERSION:  6.1.7601.24023

STACK_COMMAND:  .cxr 0xfffff8800d6f4d10 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k!xxxUpdateWindow2+159

BUCKET_ID:  X64_0x3B_win32k!xxxUpdateWindow2+159

PRIMARY_PROBLEM_CLASS:  X64_0x3B_win32k!xxxUpdateWindow2+159

TARGET_TIME:  2018-03-08T13:20:27.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-01-12 11:03:32

BUILDDATESTAMP_STR:  180112-0600

BUILDLAB_STR:  win7sp1_ldr

BUILDOSVER_STR:  6.1.7601.24024.amd64fre.win7sp1_ldr.180112-0600

ANALYSIS_SESSION_ELAPSED_TIME:  36a

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x3b_win32k!xxxupdatewindow2+159

FAILURE_ID_HASH:  {93cd272a-e827-d466-3a2b-0403a6b1ef90}

Followup:     MachineOwner
---------
 

My Computer My Computer

At a glance

Windows 7 Enterprise 64 bit
Computer type
PC/Desktop
OS
Windows 7 Enterprise 64 bit
Find an identical computer that is in good working order, then start swapping parts, one at a time, till the problem moves from the original computer to the other computer.

Swap EVERYTHING, even the mouse, keyboard, power cord, Ethernet cable, monitor, etc., as well as each internal part.

If that doesn't fix it, move the computer to a different spot in the room; maybe there is some electronic interference coming to that spot from somewhere, and moving the computer from that exact spot to somewhere else in the room will eliminate the interference.
 

My Computer My Computer

At a glance

Linux Mint 18.2 xfce 64-bit (VMWare host) / W...Haswell4 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell
OS
Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
CPU
Haswell
Memory
4 GB
Monitor(s) Displays
Acer 23"
Screen Resolution
1920 x 1080
Hard Drives
Two hard drives, 1TB each: One for Linux, one for my data.
Keyboard
IBM Model M
Antivirus
Sophos (Linux), Trend Micro (Windows)
Browser
Firefox, Opera
Other Info
I use Samba to share my data drive with the other computers at my house and with my guest session in VMWare Workstation Player.
Hi aka dutch,

Unfortunately, both of the dumps lack data.

The 0x50 references its own memory address, there's no way to tell why and what since the dump lacks the register context
Code: 
TRAP_FRAME:  fffff8800c68a880 -- (.trap 0xfffff8800c68a880)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800c68aeb0 rbx=0000000000000000 rcx=fffffa8007193950
rdx=fffff8800c675370 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880018013c0 rsp=fffff8800c68aa18 rbp=0000000000000000
 r8=0000000000000080  r9=fffff8a00e52c010 r10=fffffa8007193950
r11=0000000000002024 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
fffff880`018013c0 ??              ??? <-- actions not saved

0x3B attempts something with usermode data, can't identify why or what since this is a mini kernel dump.
Code: 
CONTEXT:  fffff8800d6f4d10 -- (.cxr 0xfffff8800d6f4d10)
rax=0000000000000000 rbx=fffff900c064fbe0 rcx=fffffa8008e4b090
rdx=0000000000000035 rsi=0000000000000005 rdi=0000000000000001
rip=fffff960001cdf95 rsp=fffff8800d6f56e0 rbp=0000000074d82450
 r8=000000000000000b  r9=fffff900c064fbe0 r10=fffff900c3239c10
r11=fffff8800d6f5720 r12=0000000001040059 r13=0000000000000000
r14=0000000000000000 r15=0000000074d82450
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
win32k!xxxUpdateWindow2+0x159:
fffff960`001cdf95 488b4210        mov     rax,qword ptr [rdx+10h] ds:002b:00000000`00000045=????????????????


Check the CPU and PSU, then the replaced parts to make sure they aren't faulty.
 

My Computer My Computer

At a glance

Windows 10 Proi5-650016GB DDR4 2133 Crucial Ballistix Sport LTMSI GeForce GTX 1060 GAMING X 6G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 10 Pro
CPU
i5-6500
Motherboard
Gigabyte B150-HD3P-CF
Memory
16GB DDR4 2133 Crucial Ballistix Sport LT
Graphics Card(s)
MSI GeForce GTX 1060 GAMING X 6G
Sound Card
Intel Display Audio
Monitor(s) Displays
Liyama ProLite XB2483HSU-B2
Screen Resolution
1920 x 1080
Hard Drives
Crucial MX200 500GB & Toshiba DT01ACA300 3TB
PSU
Corsair RM550x
Case
Fractal Design Define S
Cooling
Cooler Master TX3 i
Keyboard
Func KB-460 (MX Red)
Mouse
Corsair Gaming M65 RGB
Antivirus
Bitdefender Total Security 2016 + MBAM Pro + MBAE Pro
Browser
Google Chrome
Other Info
Creative Sound Blaster Tactic3D Rage V2 headset
I do have a much larger memory.dmp file as well (613MB). Would it be helpful to provide a Dropbox link for that file?
 

My Computer My Computer

At a glance

Windows 7 Enterprise 64 bit
Computer type
PC/Desktop
OS
Windows 7 Enterprise 64 bit
More mini dumps would help, they mainly rely on finding patterns and are by far less time consuming.

You could also upload the kernel dump, but I can't promise that I'll be able to check it out anytime soon.
 

My Computer My Computer

At a glance

Windows 10 Proi5-650016GB DDR4 2133 Crucial Ballistix Sport LTMSI GeForce GTX 1060 GAMING X 6G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 10 Pro
CPU
i5-6500
Motherboard
Gigabyte B150-HD3P-CF
Memory
16GB DDR4 2133 Crucial Ballistix Sport LT
Graphics Card(s)
MSI GeForce GTX 1060 GAMING X 6G
Sound Card
Intel Display Audio
Monitor(s) Displays
Liyama ProLite XB2483HSU-B2
Screen Resolution
1920 x 1080
Hard Drives
Crucial MX200 500GB & Toshiba DT01ACA300 3TB
PSU
Corsair RM550x
Case
Fractal Design Define S
Cooling
Cooler Master TX3 i
Keyboard
Func KB-460 (MX Red)
Mouse
Corsair Gaming M65 RGB
Antivirus
Bitdefender Total Security 2016 + MBAM Pro + MBAE Pro
Browser
Google Chrome
Other Info
Creative Sound Blaster Tactic3D Rage V2 headset
You must log in or register to reply here.

Similar threads

win32k.sys and SYSTEM_SERVICE_EXCEPTION causing BSOD, tried everything
Replies
3
Views
1K
axe0
A
Random BSODs when waking from sleep and other
Replies
1
Views
1K
axe0
A
BSOD exception 0xc0000005 at win32k!NtUserEnumDisplayDevices+8b
Replies
2
Views
2K
fbell50
F
BSOD On Startup After Installing KB3070102
Replies
7
Views
5K
chiko
C
BSOD on Windows 7 64-bit only when logoff/shutdown - PROFILE SPECIFIC
Replies
7
Views
5K
bd3D
bd3D
Back
Top