Hey all,

Hoping you can help me. I support a windows 8.1 machine that has been crashing lately on shutdown. The minidump seems to point to the win32k.sys file being the culprit. I have included a portion of the dump analyze -v for folks to look at. I can upload the dump file if that would help.

Just let me know if you need more info!

ADDITIONAL_DEBUG_TEXT: 
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

MODULE_NAME: win32k

FAULTING_MODULE: fffff80075283000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  552c478a

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
win32k+599a5
fffff960`0021d9a5 80481101        or      byte ptr [rax+11h],1

CONTEXT:  ffffd0015ccbbae0 -- (.cxr 0xffffd0015ccbbae0;r)
rax=fffff9014049a500 rbx=fffff90140086010 rcx=fffff90143c3a810
rdx=000000000009a500 rsi=fffff90140086010 rdi=fffff90143c3a810
rip=fffff9600021d9a5 rsp=ffffd0015ccbc518 rbp=0000000000000002
 r8=00000000000000b0  r9=fffff90140086010 r10=fffff800755386c0
r11=0000000000000000 r12=0000000000000030 r13=0000000000000001
r14=fffff90140086010 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
win32k+0x599a5:
fffff960`0021d9a5 80481101        or      byte ptr [rax+11h],1 ds:002b:fffff901`4049a511=??
Last set context:
rax=fffff9014049a500 rbx=fffff90140086010 rcx=fffff90143c3a810
rdx=000000000009a500 rsi=fffff90140086010 rdi=fffff90143c3a810
rip=fffff9600021d9a5 rsp=ffffd0015ccbc518 rbp=0000000000000002
 r8=00000000000000b0  r9=fffff90140086010 r10=fffff800755386c0
r11=0000000000000000 r12=0000000000000030 r13=0000000000000001
r14=fffff90140086010 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
win32k+0x599a5:
fffff960`0021d9a5 80481101        or      byte ptr [rax+11h],1 ds:002b:fffff901`4049a511=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  0x3B

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff9600022c936 to fffff9600021d9a5

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k+599a5

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  win32k.sys

STACK_COMMAND:  .cxr 0xffffd0015ccbbae0 ; kb

BUCKET_ID:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  WRONG_SYMBOLS

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:wrong_symbols

FAILURE_ID_HASH:  {70b057e8-2462-896f-28e7-ac72d4d365f8}

uploaded here (sorry had to remove hyperlink, my account hasn't been verified yet :P)https://onedrive.live.com/redir?resid=e949b1677253cbb7!104&authkey=!AG3ieFW0mLs1X4c&ithint=folder%2c

• Edited by JoshuaHolt Wednesday, June 03, 2015 3:15 PM

These crashes were related to memory corruption (probably caused by a driver). 

Please run these two tests to verify your memory and find which driver is causing the problem.  Please run verifier first.  You do not need to run memtest yet unless verifier does not find the cause, or you want to.


If you are over-clocking anything reset to default before running these tests. In other words STOP!!!  If you do not know what this means you probably are not

1-Driver verifier (for complete directions see our wiki here)
2-Memtest. (You can read more about running memtest here)

Hi

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

I would start by completely removing the current driver and installing the newest driver available.

If the issue still persists, using Driver Verifier to track down mis-behaving driver.

https://msdn.microsoft.com/en-us/library/windows/hardware/ff545448%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

http://answers.microsoft.com/en-us/windows/wiki/windows_other-system/driver-verifier-tracking-down-a-mis-behaving/f5cb4faf-556b-4b6d-95b3-c48669e4c983

Regards,

D. Wu