BSOD 0x0000003b after reboot when I updated windows update on windows 2008 SP2 RRS feed

  • Question

  • BSOD
    stop:0x0000003b (0x00000000C0000005,0xFFFFF800022BECAF,0xFFFFFA6004ADAEF0,0x0000000000000000)

    I restored the server already a couple of times from backup since it never finishes booting after updating the update tool ( nothing else > I narrowed the problem down to this )
    I ran "verifier /standard /all" for a whole day ( before the update that is ) without any result

    memtest ( both the build in and a 3rd party reveals nothing > another day )
    I've put the system disk into another identical computer and it also crashes
    ( 6 identical worktations / rendernodes > all of them i7 920 12GB ram and 2 x gtx295 ) 5 of them normally run *nix ( debian ) just to rule out any malfunctioning hardware so I'm absolutely confident it's not a RAM / whatever hardware issue.

    bios is updated > switching from AHCI to compatibility mode > same result > BSOD
    OS = 2008 64bit

    I ran Windbg ( on a VM machine )
    1st run
    Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    Loading Dump File [Z:\memorydump\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available
    Symbol search path is: SRV*c:\websymbols*
    Executable search path is: 
    Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Built by: 6002.18082.amd64fre.vistasp2_gdr.090803-2339
    Machine Name:
    Kernel base = 0xfffff800`02206000 PsLoadedModuleList = 0xfffff800`023cadd0
    Debug session time: Tue Jan 12 01:20:04.274 2010 (GMT+1)
    System Uptime: 0 days 0:01:13.850
    Loading Kernel Symbols
    Loading User Symbols
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    Loading unloaded module list
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    Use !analyze -v to get detailed debugging information.
    BugCheck 3B, {c0000005, fffff80002264caf, fffffa600d5d0ef0, 0}
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 8a434 not present in the dump file. Type ".hh dbgerr004" for details
    Page 8a434 not present in the dump file. Type ".hh dbgerr004" for details
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    Probably caused by : win32k.sys ( win32k!xxxClientGetTextExtentPointW+46 )
    Followup: MachineOwner
    This shows w32k.sys  is most likely the culprit

    !analyze -v  shows

    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    An exception happened while executing a system service routine.
    Arg1: 00000000c0000005, Exception code that caused the bugcheck
    Arg2: fffff80002264caf, Address of the exception record for the exception that caused the bugcheck
    Arg3: fffffa600d5d0ef0, Address of the context record for the exception that caused the bugcheck
    Arg4: 0000000000000000, zero.
    Debugging Details:
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 89f29 not present in the dump file. Type ".hh dbgerr004" for details
    Page 8a434 not present in the dump file. Type ".hh dbgerr004" for details
    Page 8a434 not present in the dump file. Type ".hh dbgerr004" for details
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    PEB is paged out (Peb.Ldr = 000007ff`fffda018).  Type ".hh dbgerr001" for details
    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
    fffff800`02264caf 66f2af          repne scas word ptr [rdi]
    CONTEXT:  fffffa600d5d0ef0 -- (.cxr 0xfffffa600d5d0ef0)
    rax=0000000000000000 rbx=0000000000000000 rcx=ffffffffffffffff
    rdx=0000000d00000143 rsi=fffffa600d5d1b10 rdi=0000000d00000143
    rip=fffff80002264caf rsp=fffffa600d5d1758 rbp=fffff900c29d6d50
     r8=fffffa600d5d17e8  r9=fffffa600d5d1dc0 r10=0000000000000000
    r11=0000000000000000 r12=0000000d00000143 r13=0000000003010047
    r14=0000000002000000 r15=fffffa600d5d1dc0
    iopl=0         nv up ei pl zr na po nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
    fffff800`02264caf 66f2af          repne scas word ptr [rdi]
    Resetting default scope
    PROCESS_NAME:  wininit.exe
    LAST_CONTROL_TRANSFER:  from fffff960000403d6 to fffff80002264caf
    fffffa60`0d5d1758 fffff960`000403d6 : 00000000`00000000 fffff900`c1418dd0 00000000`00000230 00000000`00000000 : nt!RtlInitUnicodeString+0x23
    fffffa60`0d5d1760 fffff960`0004031b : fffffa60`0d5d1dc0 00000000`00000000 00000000`00000000 fffff800`00000000 : win32k!xxxClientGetTextExtentPointW+0x46
    fffffa60`0d5d1ac0 fffff960`0004020c : 0000000b`0000000d 00000000`018a003e 00000000`00000000 fffff960`0004014c : win32k!xxxPSMGetTextExtent+0xef
    fffffa60`0d5d1d60 fffff960`00027dc7 : 00000000`0000004b 0000000d`00000006 00000000`018a003e fffff900`c139cff0 : win32k!xxxMB_FindLongestString+0xc0
    fffffa60`0d5d1db0 fffff960`00029b36 : fffff800`024b2fcc ffffffff`800003cc 00000000`00000000 00000000`ffffffff : win32k!xxxSetNCFonts+0x573
    fffffa60`0d5d1e60 fffff960`0003bed5 : 00000000`00000000 00000000`02000000 00000000`00000000 00000000`00000000 : win32k!xxxSetWindowNCMetrics+0x3e
    fffffa60`0d5d20e0 fffff960`0005693f : 00000000`00000000 ffffffff`800003cc fffffa80`0c945040 00000000`00000000 : win32k!xxxInitWindowStation+0xa1
    fffffa60`0d5d2140 fffff960`00057e2f : 00000000`00000000 fffffa60`0d5d2ca0 00000000`00000000 000007ff`ffff0000 : win32k!xxxCreateWindowStation+0x1cf
    fffffa60`0d5d2500 fffff800`0225fef3 : 00000000`02000000 fffff800`024d6d76 00000000`00000004 00000000`00000000 : win32k!NtUserCreateWindowStation+0x4b3
    fffffa60`0d5d2bb0 00000000`76dd1a6a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0016f748 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76dd1a6a
    fffff960`000403d6 ba01000000      mov     edx,1
    SYMBOL_NAME:  win32k!xxxClientGetTextExtentPointW+46
    FOLLOWUP_NAME:  MachineOwner
    MODULE_NAME: win32k
    IMAGE_NAME:  win32k.sys
    STACK_COMMAND:  .cxr 0xfffffa600d5d0ef0 ; kb
    FAILURE_BUCKET_ID:  X64_0x3B_VRF_win32k!xxxClientGetTextExtentPointW+46
    BUCKET_ID:  X64_0x3B_VRF_win32k!xxxClientGetTextExtentPointW+46
    Followup: MachineOwner

    So what now ?

    Tuesday, January 12, 2010 3:47 AM


All replies

  • Hi,


    Please understand that to troubleshoot blue screen issues, we usually need to perform debugging. However, in this forum, we do not provide debugging support. If you would like to perform debugging, please contact Microsoft Customer Support Service (CSS).


    To obtain the phone numbers for specific technology request, please refer to the website listed below:;EN-US;PHONENUMBERS


    If you are outside the US, please refer to for regional support phone numbers.


    Tim Quan - MSFT


    • Marked as answer by Tim QuanModerator Tuesday, January 12, 2010 7:12 AM
    • Unmarked as answer by djamu Tuesday, January 12, 2010 8:45 AM
    Tuesday, January 12, 2010 7:12 AM
  • wow

    Well I didn't ask for debugging, that I can do myself as you could see,
    I asked what to do with that crappy "win32k.sys" driver that prevents me from using update.

    How about > 
    A link to a hotfix as answer ?
    A manual bugtracking link where I can post my dump ? ( that automated tracking only works for minor issues, where one is still able to boot the darn thing )

    Your advise is to couch up some more money to fix an issue I'm not responsible for in the first place, shouldn't M$ be paying me for the service of debugging that mess ? 
    Or as a matter of fact how about some phone nrs ( free ) for a refund and an invoice address for wasted time ?  

    diskless / update / online / server    4 words combined, can't ever be called windows

    Digruntled linux dev who just realised he flushed +500eur on VistaRoid 2008

    Tuesday, January 12, 2010 9:12 AM
  • hi ,

    stop:0x0000003b (0x00000000C0000005,0xFFFFF800022BECAF,0xFFFFFA6004ADAEF0,0x0000000000000000) :

    User mode driver / application is trying to access the priviliged code and it got bugchecked.


    I am sensing an imcompatible driver loaded , but its premature to comment ,

    Please understand that this forum doesnt support debugging , you can post your query under windbg newsgroup

    Tuesday, January 26, 2010 8:52 AM
  • Hi ,

    did you had a chance to go thorugh my previous post ?

    Please let us know if you have further concerns.
    Thursday, January 28, 2010 6:12 AM
  •  I found out what caused this after reverse engineering that faulty driver,  ( ...I've dumped the OS anyway, I was just curious how it behaved in an HPC environment.. )

    short story ...
    ... that win32k.sys driver got corrupted without the OS noticing it (before the update) ... for some reason this didn't matter as long as you didn't update ( I had to go back a couple of weeks to find a genuine one ) ....

    Now I wonder > how difficult is it to md5 hash your drivers so the OS can detect any change immediately ( and store it as hash tables on for example an external db ? quite basic in any *nix OS ) >  It would also prevent all the nastiness associated with m$ products .... but I guess that's to easy and transparent ... 

    Even the build-in backup app is buggy as ____ and lacks the most basic features ...
    ... backing up 32 / 64 bit dualboot Windoz ... nope...
    ....backing up / restoring 5th partition .... nope ...
    ... restoring onto same sized partitition smaller disk ....nope ... 
    ....remote restore without available DHCP server ... nope  ( did nobody think of adding a network configuration interface for use in fixed IP networks -without DHCP- ? ( SAN networks for example )
    .... backup with iSCSI ... nope ...  ( why would you, it's not a server OS .... o sorry yes it is sold as server OS  > M$ inside joke I assume )

    I still got a couple more ... if someone is interested

    Some software is priceless, everybody else can use M$

    Monday, February 8, 2010 4:01 PM