Anyone ever see this?
This is a Windows 2003 Server and used as Terminal Server:
Ran WINDBG and this is what we got:
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, bf8a1a8e, 8f5aea90, 0}
Page 11a50c not present in the dump file. Type ".hh dbgerr004" for details
Page 11a62f not present in the dump file. Type ".hh dbgerr004" for details
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
Probably caused by : SYMEVENT.SYS ( SYMEVENT+14a39 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf8a1a8e, The address that the exception occurred at
Arg3: 8f5aea90, Trap Frame
Arg4: 00000000
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!xxxRedrawWindow+4c
bf8a1a8e f6461e40 test byte ptr [esi+1Eh],40h
TRAP_FRAME: 8f5aea90 -- (.trap 0xffffffff8f5aea90)
ErrCode = 00000000
eax=00000001 ebx=00000000 ecx=0000029d edx=00000001 esi=00000000 edi=bc3471d8
eip=bf8a1a8e esp=8f5aeb04 ebp=8f5aeb1c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
win32k!xxxRedrawWindow+0x4c:
bf8a1a8e f6461e40 test byte ptr [esi+1Eh],40h ds:0023:0000001e=??
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8082d868 to 80827cb3
STACK_TEXT:
8f5ae65c 8082d868 0000008e c0000005 bf8a1a8e nt!KeBugCheckEx+0x1b
8f5aea20 8088a31a 8f5aea3c 00000000 8f5aea90 nt!KiDispatchException+0x3a2
8f5aea88 8088a2ce 8f5aeb1c bf8a1a8e badb0d00 nt!CommonDispatchException+0x4a
8f5aea9c bf85cbb8 00000000 00000000 bc347198 nt!Kei386EoiHelper+0x186
8f5aeb1c bf849b65 00000000 bc3471d8 00000000 win32k!xxxEndDeferWindowPosEx+0x29d
8f5aeb78 bf83bf6f 00000000 8f5aebe0 bf8b758f win32k!xxxDestroyWindow+0x21e
8f5aeb84 bf8b758f be115b20 bc675da0 bc675d20 win32k!HMDestroyUnlockedObject+0x1c
8f5aeb98 bf8b798b 86ef5da8 00000000 00000000 win32k!DestroyThreadsObjects+0x72
8f5aebe0 bf8b61f0 00000001 8f5aec08 bf8b7042 win32k!xxxDestroyThreadInfo+0x23e
8f5aebec bf8b7042 86ef5da8 00000001 00000000 win32k!UserThreadCallout+0x4b
8f5aec08 8094bc44 86ef5da8 00000001 86ef5da8 win32k!W32pThreadCallout+0x3a
8f5aec94 8094bfd7 00000000 00000000 86ef5da8 nt!PspExitThread+0x3b2
8f5aecac 8094c329 86ef5da8 00000000 00000001 nt!PspTerminateThreadByPointer+0x4b
8f5aecd0 b9e74a39 fffffffe 00000000 8afdb598 nt!NtTerminateThread+0x71
WARNING: Stack unwind information not available. Following frames may be wrong.
8f5aed54 8088983c fffffffe 00000000 0120ffdc SYMEVENT+0x14a39
8f5aed54 0016d428 fffffffe 00000000 0120ffdc nt!KiFastCallEntry+0xfc
0000003b 00000000 00000000 00000000 00000000 0x16d428
STACK_COMMAND: kb
FOLLOWUP_IP:
SYMEVENT+14a39
b9e74a39 e98e030000 jmp SYMEVENT+0x14dcc (b9e74dcc)
SYMBOL_STACK_INDEX: e
SYMBOL_NAME: SYMEVENT+14a39
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: SYMEVENT
IMAGE_NAME: SYMEVENT.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4d8bcd70
FAILURE_BUCKET_ID: 0x8E_SYMEVENT+14a39
BUCKET_ID: 0x8E_SYMEVENT+14a39
Followup: MachineOwner
*******************Looks fine now*************************