I am working on a windows XP machine that randomly crashes. We have taken a few of the dumps but they sem to be unrelated. I will post them here to see if anyone has any ideas on what the cause could be. The user also tried to run memtest with different sticks in, and memtest never completed successfully through any combination of m\emory sticks.
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini0
42608-01.d
mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2
254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Sat Apr 26 00:03:22.656 2008 (GMT-5)
System Uptime: 0 days 1:26:04.351
Loading Kernel Symbols
..........................
..........
..........
..........
..........
..........
..........
..........
..........
..........
..........
....
Loading User Symbols
Loading unloaded module list
..........
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {2c, 2, 0, f6fe9b8f}
Unable to load image sptd.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for sptd.sys
*** ERROR: Module load completed but symbols could not be loaded for sptd.sys
Probably caused by : sptd.sys ( sptd+11a9e )
Followup: MachineOwner
---------
1: kd> !analyze -v
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
DRIVER_IRQL_NOT_LESS_OR_EQ
UAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000002c, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f6fe9b8f, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: 0000002c
CURRENT_IRQL: 2
FAULTING_IP:
USBPORT!USBPORT_CompleteTr
ansfer+1d
f6fe9b8f 8b4e2c mov ecx,dword ptr [esi+2Ch]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Idle
LAST_CONTROL_TRANSFER: from f6feab57 to f6fe9b8f
STACK_TEXT:
f7c8abfc f6feab57 859db2b0 00000000 8657c7d8 USBPORT!USBPORT_CompleteTr
ansfer+0x1
d
f7c8ac2c f6feb754 026e6f44 8657c0e0 8657c0e0 USBPORT!USBPORT_DoneTransf
er+0x137
f7c8ac64 f6fecf6a 8657c028 804e56fc 8657c230 USBPORT!USBPORT_FlushDoneT
ransferLis
t+0x16c
f7c8ac90 f6ffafb0 8657c028 804e56fc 8657c028 USBPORT!USBPORT_DpcWorker+
0x224
f7c8accc f6ffb128 8657c028 00000001 8647b52c USBPORT!USBPORT_IsrDpcWork
er+0x37e
f7c8ace8 f7756a9e 8657c64c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x1
66
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c8ad28 804dcd22 8657c64c 8657c028 00000000 sptd+0x11a9e
f7c8ad50 804dcc07 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
f7c8ad54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28
STACK_COMMAND: kb
FOLLOWUP_IP:
sptd+11a9e
f7756a9e ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: sptd+11a9e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: sptd
IMAGE_NAME: sptd.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
477bbd59
FAILURE_BUCKET_ID: 0xD1_sptd+11a9e
BUCKET_ID: 0xD1_sptd+11a9e
Followup: MachineOwner
---------
1: kd> lmvm sptd
start end module name
f7745000 f7842000 sptd T (no symbols)
Loaded symbol image file: sptd.sys
Image path: sptd.sys
Image name: sptd.sys
Timestamp: Wed Jan 02 10:35:37 2008 (477BBD59)
CheckSum: 000B04F0
ImageSize: 000FD000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini0
42508-04.d
mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2
254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Apr 25 22:36:40.406 2008 (GMT-5)
System Uptime: 0 days 6:47:42.969
Loading Kernel Symbols
..........................
..........
..........
..........
..........
..........
..........
..........
..........
..........
..........
.....
Loading User Symbols
Loading unloaded module list
...........
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {d, 0, 0, 0}
Probably caused by : win32k.sys ( win32k!HMAssignmentLock+16
)
Followup: MachineOwner
---------
1: kd> !analyze -v
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
UNEXPECTED_KERNEL_MODE_TRA
P_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_d
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
PROCESS_NAME: Ventrilo.exe
LAST_CONTROL_TRANSFER: from bf828a67 to bf80192a
STACK_TEXT:
a7cef018 bf828a67 00000001 bbe49428 bf800f0c win32k!HMAssignmentLock+0x
16
a7cef034 bf83e16f ffffffff 00000083 bbe49428 win32k!zzzSetCursor+0x27
a7cef070 bf80ad51 bbe49428 0005055c 00000001 win32k!xxxDWP_SetCursor+0x
250
a7cef0d4 bf80edb6 bbe49428 00000020 0005055c win32k!xxxRealDefWindowPro
c+0x1fe
a7cef0ec bf82842b bbe49428 00000020 0005055c win32k!xxxWrapRealDefWindo
wProc+0x16
a7cef108 bf80effd bbe49428 00000020 0005055c win32k!NtUserfnDWORD+0x27
a7cef140 804dd99f 000600be 00000020 0005055c win32k!NtUserMessageCall+0
xae
a7cef140 7c90eb94 000600be 00000020 0005055c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00127458 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HMAssignmentLock+16
bf80192a 8b06 mov eax,dword ptr [esi]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!HMAssignmentLock+16
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
47e0e106
FAILURE_BUCKET_ID: 0x7f_d_win32k!HMAssignment
Lock+16
BUCKET_ID: 0x7f_d_win32k!HMAssignment
Lock+16
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini0
42508-04.d
mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2
254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Fri Apr 25 22:36:40.406 2008 (GMT-5)
System Uptime: 0 days 6:47:42.969
Loading Kernel Symbols
..........................
..........
..........
..........
..........
..........
..........
..........
..........
..........
..........
.....
Loading User Symbols
Loading unloaded module list
...........
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {d, 0, 0, 0}
Probably caused by : win32k.sys ( win32k!HMAssignmentLock+16
)
Followup: MachineOwner
---------
1: kd> !analyze -v
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
UNEXPECTED_KERNEL_MODE_TRA
P_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_d
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
PROCESS_NAME: Ventrilo.exe
LAST_CONTROL_TRANSFER: from bf828a67 to bf80192a
STACK_TEXT:
a7cef018 bf828a67 00000001 bbe49428 bf800f0c win32k!HMAssignmentLock+0x
16
a7cef034 bf83e16f ffffffff 00000083 bbe49428 win32k!zzzSetCursor+0x27
a7cef070 bf80ad51 bbe49428 0005055c 00000001 win32k!xxxDWP_SetCursor+0x
250
a7cef0d4 bf80edb6 bbe49428 00000020 0005055c win32k!xxxRealDefWindowPro
c+0x1fe
a7cef0ec bf82842b bbe49428 00000020 0005055c win32k!xxxWrapRealDefWindo
wProc+0x16
a7cef108 bf80effd bbe49428 00000020 0005055c win32k!NtUserfnDWORD+0x27
a7cef140 804dd99f 000600be 00000020 0005055c win32k!NtUserMessageCall+0
xae
a7cef140 7c90eb94 000600be 00000020 0005055c nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
00127458 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!HMAssignmentLock+16
bf80192a 8b06 mov eax,dword ptr [esi]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!HMAssignmentLock+16
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
47e0e106
FAILURE_BUCKET_ID: 0x7f_d_win32k!HMAssignment
Lock+16
BUCKET_ID: 0x7f_d_win32k!HMAssignment
Lock+16
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini0
42408-01.d
mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2
254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Apr 24 01:18:17.968 2008 (GMT-5)
System Uptime: 0 days 3:38:17.662
Loading Kernel Symbols
..........................
..........
..........
..........
..........
..........
..........
..........
..........
..........
..........
...
Loading User Symbols
Loading unloaded module list
...........
Unable to load image WG311v3XP.sys, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for WG311v3XP.sys
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {4, 2, 1, f7003e32}
Probably caused by : WG311v3XP.sys ( WG311v3XP+e32 )
Followup: MachineOwner
---------
0: kd> !analyze -v
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
DRIVER_IRQL_NOT_LESS_OR_EQ
UAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: f7003e32, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
WG311v3XP+e32
f7003e32 894804 mov dword ptr [eax+4],ecx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Idle
LAST_CONTROL_TRANSFER: from f7005ca5 to f7003e32
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
80555ef4 f7005ca5 865eecd8 00000140 80555f24 WG311v3XP+0xe32
80555f2c f701bfe3 00000000 00000001 86466190 WG311v3XP+0x2ca5
80555f50 f70039aa 86320000 8592e038 00000103 WG311v3XP+0x18fe3
80555f68 f7590f86 86466190 80555f9c 00000001 WG311v3XP+0x9aa
80555f90 f6cf7528 863462a8 8592e058 8592e020 NDIS!ndisMSendX+0x1bd
80555fcc f758e985 86727008 8592e058 00000002 psched!MpSend+0x706
80555ff4 aa690d00 8645dc58 8592e058 865e2008 NDIS!ndisMSendX+0x1d6
8055601c aa6908ce 865e2008 8592e058 85b57648 tcpip!ARPSendData+0x198
80556048 aa69070a 865e2008 80556002 00000001 tcpip!ARPTransmit+0x193
80556078 aa6904a9 86343008 0100a8c0 8592e058 tcpip!SendIPPacket+0x18e
805561c4 aa695bb9 aa6ce798 85b076c4 85b07650 tcpip!IPTransmit+0x287f
80556230 aa695176 cc71c1cd 00000002 aa68d3dd tcpip!TCPSend+0x5d8
80556254 aa695371 00000002 00000002 00000000 tcpip!ProcessPerCpuTCBDela
yQ+0x95
805562d0 aa68d3ec aa6d5be0 00000000 805563fc tcpip!TCBTimeout+0xba7
805562e0 804e2b4e aa6d5bf0 aa6d5be0 fc996c4c tcpip!TCBTimeoutdpc+0xf
805563fc 804e207d 80560f00 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80556428 804dcd22 80561300 00000000 000cca6a nt!KiTimerExpiration+0xb1
80556440 80560ca0 ffdffc50 00000000 80560ca0 nt!KiRetireDpcList+0x61
80556450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0
80556454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28
STACK_COMMAND: kb
FOLLOWUP_IP:
WG311v3XP+e32
f7003e32 894804 mov dword ptr [eax+4],ecx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: WG311v3XP+e32
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: WG311v3XP
IMAGE_NAME: WG311v3XP.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
43b3b2db
FAILURE_BUCKET_ID: 0xD1_W_WG311v3XP+e32
BUCKET_ID: 0xD1_W_WG311v3XP+e32
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [c:\windows\minidump\mini0
42308-01.d
mp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*
http://msdl.microsoft.com/download/symbolsExecutable search path is: c:\windows\i386
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2
254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Wed Apr 23 21:39:22.593 2008 (GMT-5)
System Uptime: 1 days 8:58:04.162
Loading Kernel Symbols
..........................
..........
..........
..........
..........
..........
..........
..........
..........
..........
..........
....
Loading User Symbols
Loading unloaded module list
...................
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {a457c02a, 2, 1, 804edee9}
Probably caused by : TDI.SYS ( TDI!TdiCopyBufferToMdl+48 )
Followup: MachineOwner
---------
0: kd> !analyze -v
**************************
**********
**********
**********
**********
**********
***
* *
* Bugcheck Analysis *
* *
**************************
**********
**********
**********
**********
**********
***
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: a457c02a, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 804edee9, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: a457c02a
CURRENT_IRQL: 2
FAULTING_IP:
nt!MmMapLockedPagesSpecify
Cache+1fe
804edee9 8930 mov dword ptr [eax],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: WG311v3.exe
LAST_CONTROL_TRANSFER: from f7bcbe1e to 804edee9
STACK_TEXT:
a7f01890 f7bcbe1e 85997afc 1f000000 a457c02a nt!MmMapLockedPagesSpecify
Cache+0x1f
e
a7f018bc aa692f37 85f24000 00000000 00000038 TDI!TdiCopyBufferToMdl+0x4
8
a7f018e4 aa693a16 85997ae0 85f24000 00000038 tcpip!CopyFlatToNdis+0x23
a7f01b40 aa693826 a7f01b6c 00000009 c0000f68 tcpip!TdiQueryInformationE
x+0x116
a7f01bec aa692e4d 85af1090 85af1100 85af1100 tcpip!TCPQueryInformationE
x+0x1bf
a7f01c08 aa692e05 85af1090 85af1100 86361fb8 tcpip!TCPDispatchDeviceCon
trol+0x129
a7f01c40 804e13d9 8642fac8 85af1090 806ff410 tcpip!TCPDispatch+0x127
a7f01c50 8056f50b 85af1100 865fe168 85af1090 nt!IopfCallDriver+0x31
a7f01c64 80580fc1 8642fac8 85af1090 865fe168 nt!IopSynchronousServiceTa
il+0x60
a7f01d00 80586eee 00000034 0000041c 00000000 nt!IopXxxControlFile+0x5ef
a7f01d34 804dd99f 00000034 0000041c 00000000 nt!NtDeviceIoControlFile+0
x2a
a7f01d34 7c90eb94 00000034 0000041c 00000000 nt!KiFastCallEntry+0xfc
WARNING: Frame IP not in any known module. Following frames may be wrong.
01a3f814 00000000 00000000 00000000 00000000 0x7c90eb94
STACK_COMMAND: kb
FOLLOWUP_IP:
TDI!TdiCopyBufferToMdl+48
f7bcbe1e 3bc6 cmp eax,esi
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: TDI!TdiCopyBufferToMdl+48
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: TDI
IMAGE_NAME: TDI.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:
41107d33
FAILURE_BUCKET_ID: 0xA_W_TDI!TdiCopyBufferToM
dl+48
BUCKET_ID: 0xA_W_TDI!TdiCopyBufferToM
dl+48
Followup: MachineOwner
---------
