Windows Server 2003 x64 random BSOD on win32k!GreMovePointer

[sv63rus]

Hello everyone! Please help to understand what causes BSOD.

Windows Server Standard 2003 x64 R2 SP2 all fixes some specific fixes for termdd.sys, winsrv.dll to fix BSOD from Microsoft.
This server with Terminal Server installed Citrix XenApp 5.0 for Windows Server 2003.
Citrix application gives users 1C Enterprise 8.2

Citrix also updated last hotfixes.

1-2 BSOD per day. and only during working hours and at different users.


root@pve-n1:~# pveversion -v
pve-manager: 2.1-1 (pve-manager/2.1/f9b0f63a)
running kernel: 2.6.32-11-pve
proxmox-ve-2.6.32: 2.0-66
pve-kernel-2.6.32-11-pve: 2.6.32-66
lvm2: 2.02.95-1pve2
clvm: 2.02.95-1pve2
corosync-pve: 1.4.3-1
openais-pve: 1.1.4-2
libqb: 0.10.1-2
redhat-cluster-pve: 3.1.8-3
resource-agents-pve: 3.9.2-3
fence-agents-pve: 3.1.7-2
pve-cluster: 1.0-26
qemu-server: 2.0-39
pve-firmware: 1.0-15
libpve-common-perl: 1.0-27
libpve-access-control: 1.0-21
libpve-storage-perl: 2.0-18
vncterm: 1.0-2
vzctl: 3.0.30-2pve5
vzprocps: 2.0.11-2
vzquota: 3.0.12-3
pve-qemu-kvm: 1.0-9
ksm-control-daemon: 1.1-1



That's it !Analyse-v output :

Loading Dump File [C:\kdfe\MEMORY-2.DMP]
Kernel Complete Dump File: Full address space is available

************************************************************
WARNING: Dump file has been truncated. Data may be missing.
************************************************************
Symbol search path is: SRV*C:\Symbols*msdl.microsoft.com/download/symbols;SRV*C:\Ctxsymbols*http://ctxsym.citrix.com/symbols;SRV*C:\Ctxsymbols*ftp://ftp.citrix.com/
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 3790.srv03_sp2_qfe.130306-1435
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011d9280
Debug session time: Wed May 22 18:10:30.741 2013 (UTC + 4:00)
System Uptime: 0 days 1:15:33.385
Loading Kernel Symbols
...............................................................
...............................................
Loading User Symbols
..............
Loading unloaded module list
.......
SYMSRV: c:\ctxsymbols*ftp://ftp.citrix.com/ needs a downstream store

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {1f8000320018, c, 0, fffff8000107999a}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
Probably caused by : win32k.sys ( win32k!GreMovePointer+263 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00001f8000320018, memory referenced
Arg2: 000000000000000c, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000107999a, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00001f8000320018

CURRENT_IRQL: c

FAULTING_IP:
nt!IopCompleteRequest+8e0
fffff800`0107999a 4c8b4810 mov r9,qword ptr [rax+10h]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: csrss.exe

IRP_ADDRESS: ffffffffffffff88

TRAP_FRAME: fffffadf22325010 -- (.trap 0xfffffadf22325010)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00001f8000320008 rbx=0000000000000000 rcx=fffff800011b57f0
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000107999a rsp=fffffadf223251a0 rbp=fffffadf223252e0
r8=fffffadf3809cb90 r9=5be6faf40c000000 r10=fffff800011e0ec8
r11=00000000000007ff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
nt!IopCompleteRequest+0x8e0:
fffff800`0107999a 4c8b4810 mov r9,qword ptr [rax+10h] ds:00001f80`00320018=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000102e834 to fffff8000102eb10

STACK_TEXT:
fffffadf`22324e88 fffff800`0102e834 : 00000000`0000000a 00001f80`00320018 00000000`0000000c 00000000`00000000 : nt!KeBugCheckEx
fffffadf`22324e90 fffff800`0102d7c7 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffadf`3492a858 : nt!KiBugCheckDispatch+0x74
fffffadf`22325010 fffff800`0107999a : 00000000`00000001 00000000`00000000 fffffadf`3463fbf0 fffffadf`223252e0 : nt!KiPageFault+0x207
fffffadf`223251a0 fffff800`01028001 : 00000000`00000000 fffffadf`3492a7e0 00000000`00000004 fffffadf`3492a7e0 : nt!IopCompleteRequest+0x8e0
fffffadf`22325240 fffff800`01027c0d : 00000000`00000154 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x215
fffffadf`223252e0 fffff800`01027ad2 : fffff800`01037e59 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 : nt!KiApcInterrupt+0xdd
fffffadf`22325478 fffff800`01037e59 : 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 00000000`00000316 : nt!ExReleaseResourceLite+0x11e
fffffadf`22325480 fffff97f`ff0a0046 : 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 00000000`00000316 : nt!ExReleaseResourceAndLeaveCriticalRegion+0x9
fffffadf`223254b0 fffff97f`ff13a942 : fffffadf`3431fca0 fffffadf`382db460 fffffadf`3492a7e0 fffffadf`00000000 : win32k!GreMovePointer+0x263
fffffadf`22325520 fffff97f`ff13a292 : fffffadf`00009e01 fffff800`000078e4 00000000`00000000 00000000`00000000 : win32k!xxxMoveEventAbsolute+0x338
fffffadf`223255d0 fffff97f`ff13a0f9 : fffff97f`f38b4ae0 00000000`00000000 fffffadf`3463fc38 00000000`00000000 : win32k!ProcessMouseInput+0x2db
fffffadf`22325650 fffff800`0101f7f0 : fffffadf`341a2720 fffffadf`3463fbf0 fffffadf`3463fc38 00000000`00000000 : win32k!InputApc+0x81
fffffadf`22325680 fffff800`0103c177 : 00000000`00000001 00000000`00000000 fffff97f`ff13a0c0 00000000`00000000 : nt!KiDeliverApc+0x2d3
fffffadf`22325720 fffff800`01029f24 : 00000000`00000000 00000000`00000000 fffff800`011b5180 fffffadf`3463fbf0 : nt!KiSwapThread+0x3e9
fffffadf`22325780 fffff97f`ff0590f7 : 00000000`00000003 fffff97f`ff04e4cd fffff97f`00000001 00000000`0000000d : nt!KeWaitForMultipleObjects+0x66b
fffffadf`22325810 fffff97f`ff05942a : fffffadf`00000002 fffffadf`00000001 fffff97f`00000000 00000000`ffffffff : win32k!xxxMsgWaitForMultipleObjects+0x17e
fffffadf`223258a0 fffff97f`ff01597f : 00000000`00000000 00000000`00000000 fffffadf`22325cf0 00000000`00000004 : win32k!xxxDesktopThread+0x473
fffffadf`22325c10 fffff97f`ff0a11a0 : 00000000`00000004 fffffadf`3463fbf0 00000000`00000000 00000000`00000022 : win32k!xxxCreateSystemThreads+0xba
fffffadf`22325c40 fffff800`0102e5bd : 00000000`00000002 00000000`00000000 fffffadf`3463fbf0 00000000`00000020 : win32k!NtUserCallOneParam+0x3c
fffffadf`22325c70 000007ff`7c4c802a : 000007ff`7c4cc53c 000007ff`7c4cc520 00000000`00000000 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x3
00000000`00b2ffa8 000007ff`7c4cc53c : 000007ff`7c4cc520 00000000`00000000 00000000`00000001 00000000`00000005 : winsrv!NtUserCallOneParam+0xa
00000000`00b2ffb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : winsrv!StartCreateSystemThreads+0x1b


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!GreMovePointer+263
fffff97f`ff0a0046 4585ff test r15d,r15d

SYMBOL_STACK_INDEX: 8

SYMBOL_NAME: win32k!GreMovePointer+263

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5165020d

FAILURE_BUCKET_ID: X64_0xA_win32k!GreMovePointer+263

BUCKET_ID: X64_0xA_win32k!GreMovePointer+263

Followup: MachineOwner
---------


!process

0: kd> !process
PROCESS fffffadf37571810
SessionId: 11 Cid: 06f8 Peb: 7fffffd7000 ParentCid: 019c
DirBase: a6dd6000 ObjectTable: fffffa8005296230 HandleCount: 159.
Image: csrss.exe
VadRoot fffffadf34318730 Vads 87 Clone 0 Private 377. Modified 664. Locked 0.
DeviceMap fffffa8000003530
Token fffffa80052ec060
ElapsedTime 01:11:43.278
UserTime 00:00:00.781
KernelTime 00:00:06.093
QuotaPoolUsage[PagedPool] 109712
QuotaPoolUsage[NonPagedPool] 7200
Working Set Sizes (now,min,max) (1262, 50, 345) (5048KB, 200KB, 1380KB)
PeakWorkingSetSize 1272
VirtualSize 50 Mb
PeakVirtualSize 64 Mb
PageFaultCount 2862
MemoryPriority BACKGROUND
BasePriority 10
CommitCharge 541

THREAD fffffadf34076bf0 Cid 06f8.1b50 Teb: 000007fffffdc000 Win32Thread: fffff97ff381c010 WAIT: (Unknown) UserMode Non-Alertable
fffffadf34076f58 Semaphore Limit 0x1

THREAD fffffadf35f8a040 Cid 06f8.1c24 Teb: 000007fffffda000 Win32Thread: fffff97ff397d520 WAIT: (Unknown) UserMode Alertable
fffffadf340a0130 SynchronizationEvent
fffffadf3407e390 SynchronizationEvent
fffffadf34091040 SynchronizationEvent
fffffadf34350600 SynchronizationEvent

THREAD fffffadf34247bf0 Cid 06f8.1690 Teb: 000007fffffd8000 Win32Thread: fffff97ff381a010 WAIT: (Unknown) UserMode Non-Alertable
fffffadf34049fd0 Semaphore Limit 0x7fffffff

THREAD fffffadf342bc040 Cid 06f8.150c Teb: 000007fffffd5000 Win32Thread: 0000000000000000 WAIT: (Unknown) UserMode Non-Alertable
fffffadf340cad70 Semaphore Limit 0x7fffffff

THREAD fffffadf3426c040 Cid 06f8.2378 Teb: 000007fffffae000 Win32Thread: fffff97ff381a480 WAIT: (Unknown) UserMode Non-Alertable
fffffadf34049fd0 Semaphore Limit 0x7fffffff

THREAD fffffadf35f9bbf0 Cid 06f8.1b18 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Unknown) KernelMode Non-Alertable
fffffadf3413f5d0 SynchronizationEvent

THREAD fffffadf3426e040 Cid 06f8.1a44 Teb: 000007fffffac000 Win32Thread: fffff97ff39757d0 WAIT: (Unknown) UserMode Non-Alertable
fffffadf3436a308 NotificationEvent

THREAD fffffadf34ed1bf0 Cid 06f8.1584 Teb: 000007fffffaa000 Win32Thread: fffff97ff389e920 WAIT: (Unknown) UserMode Non-Alertable
fffffadf349c86d0 SynchronizationEvent

THREAD fffffadf34269bf0 Cid 06f8.0f70 Teb: 000007fffffa8000 Win32Thread: fffff97ff38cad80 WAIT: (Unknown) KernelMode Alertable
fffffadf34079560 SynchronizationEvent
fffffadf34891a00 SynchronizationEvent
fffffadf3724db20 NotificationTimer
fffffadf347e7140 SynchronizationEvent
fffffadf34080310 SynchronizationEvent
fffffadf3582f110 SynchronizationEvent
fffffadf37ac16a0 SynchronizationTimer

THREAD fffffadf3463fbf0 Cid 06f8.2348 Teb: 000007fffffa6000 Win32Thread: fffff97ff38caaf0 RUNNING on processor 0
THREAD fffffadf34293040 Cid 06f8.24f4 Teb: 000007fffffa4000 Win32Thread: fffff97ff385dd80 WAIT: (Unknown) UserMode Non-Alertable
fffffadf3404cd60 SynchronizationEvent

THREAD fffffadf34543040 Cid 06f8.2500 Teb: 000007fffffa2000 Win32Thread: fffff97ff394fd80 WAIT: (Unknown) UserMode Non-Alertable
fffffadf34049fd0 Semaphore Limit 0x7fffffff

0: kd> !thread
THREAD fffffadf3463fbf0 Cid 06f8.2348 Teb: 000007fffffa6000 Win32Thread: fffff97ff38caaf0 RUNNING on processor 0
IRP List:
fffffadf3492a7e0: (0006,0118) Flags: 00000000 Mdl: 00000000
Not impersonating
DeviceMap fffffa8000003530
Owning Process fffffadf37571810 Image: csrss.exe
Attached Process N/A Image: N/A
Wait Start TickCount 290136 Ticks: 0
Context Switch Count 70113 IdealProcessor: 3 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:03.953
Start Address winsrv!UserSoundSentry (0x000007ff7c4cc520)
Stack Init fffffadf22325e00 Current fffffadf22325560
Base fffffadf22326000 Limit fffffadf22320000 Call 0
Priority 12 BasePriority 10 PriorityDecrement 0
Child-SP RetAddr : Args to Child : Call Site
fffffadf`22324e88 fffff800`0102e834 : 00000000`0000000a 00001f80`00320018 00000000`0000000c 00000000`00000000 : nt!KeBugCheckEx
fffffadf`22324e90 fffff800`0102d7c7 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffadf`3492a858 : nt!KiBugCheckDispatch+0x74
fffffadf`22325010 fffff800`0107999a : 00000000`00000001 00000000`00000000 fffffadf`3463fbf0 fffffadf`223252e0 : nt!KiPageFault+0x207 (TrapFrame @ fffffadf`22325010)
fffffadf`223251a0 fffff800`01028001 : 00000000`00000000 fffffadf`3492a7e0 00000000`00000004 fffffadf`3492a7e0 : nt!IopCompleteRequest+0x8e0
fffffadf`22325240 fffff800`01027c0d : 00000000`00000154 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x215
fffffadf`223252e0 fffff800`01027ad2 : fffff800`01037e59 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 : nt!KiApcInterrupt+0xdd (TrapFrame @ fffffadf`223252e0)
fffffadf`22325478 fffff800`01037e59 : 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 00000000`00000316 : nt!ExReleaseResourceLite+0x11e
fffffadf`22325480 fffff97f`ff0a0046 : 00000000`00000000 fffff97f`f7b11dc0 fffff97f`f3829000 00000000`00000316 : nt!ExReleaseResourceAndLeaveCriticalRegion+0x9
fffffadf`223254b0 fffff97f`ff13a942 : fffffadf`3431fca0 fffffadf`382db460 fffffadf`3492a7e0 fffffadf`00000000 : win32k!GreMovePointer+0x263
fffffadf`22325520 fffff97f`ff13a292 : fffffadf`00009e01 fffff800`000078e4 00000000`00000000 00000000`00000000 : win32k!xxxMoveEventAbsolute+0x338
fffffadf`223255d0 fffff97f`ff13a0f9 : fffff97f`f38b4ae0 00000000`00000000 fffffadf`3463fc38 00000000`00000000 : win32k!ProcessMouseInput+0x2db
fffffadf`22325650 fffff800`0101f7f0 : fffffadf`341a2720 fffffadf`3463fbf0 fffffadf`3463fc38 00000000`00000000 : win32k!InputApc+0x81
fffffadf`22325680 fffff800`0103c177 : 00000000`00000001 00000000`00000000 fffff97f`ff13a0c0 00000000`00000000 : nt!KiDeliverApc+0x2d3
fffffadf`22325720 fffff800`01029f24 : 00000000`00000000 00000000`00000000 fffff800`011b5180 fffffadf`3463fbf0 : nt!KiSwapThread+0x3e9
fffffadf`22325780 fffff97f`ff0590f7 : 00000000`00000003 fffff97f`ff04e4cd fffff97f`00000001 00000000`0000000d : nt!KeWaitForMultipleObjects+0x66b
fffffadf`22325810 fffff97f`ff05942a : fffffadf`00000002 fffffadf`00000001 fffff97f`00000000 00000000`ffffffff : win32k!xxxMsgWaitForMultipleObjects+0x17e
fffffadf`223258a0 fffff97f`ff01597f : 00000000`00000000 00000000`00000000 fffffadf`22325cf0 00000000`00000004 : win32k!xxxDesktopThread+0x473
fffffadf`22325c10 fffff97f`ff0a11a0 : 00000000`00000004 fffffadf`3463fbf0 00000000`00000000 00000000`00000022 : win32k!xxxCreateSystemThreads+0xba
fffffadf`22325c40 fffff800`0102e5bd : 00000000`00000002 00000000`00000000 fffffadf`3463fbf0 00000000`00000020 : win32k!NtUserCallOneParam+0x3c
fffffadf`22325c70 000007ff`7c4c802a : 000007ff`7c4cc53c 000007ff`7c4cc520 00000000`00000000 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x3 (TrapFrame @ fffffadf`22325c70)
00000000`00b2ffa8 000007ff`7c4cc53c : 000007ff`7c4cc520 00000000`00000000 00000000`00000001 00000000`00000005 : winsrv!NtUserCallOneParam+0xa
00000000`00b2ffb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : winsrv!StartCreateSystemThreads+0x1b


0: kd> !irp fffffadf3492a7e0
Irp is active with 1 stacks 3 is current (= 00000000)
No Mdl: System buffer=fffffadf37d7a060: Thread fffff80001032fa0: Irp is completed.
cmd flg cl Device File Completion-Context
[ e, 0] 0 0 fffffadf3778eb60 00000000 00000000-00000000
*** ERROR: Symbol file could not be found. Defaulted to export symbols for termdd.sys -
\Driver\TermDD
Args: 00000000 00000000 00000000 00000000

I want to understand this error depends on the proxmox or a problem in the windows ??