JEtkins
asked on
Stop 0x0000000a in tdi.sys
I have a user who's XP Pro machine has started bluescreening at startup. Running the minidump through windbg provides the following:
BugCheck A, {4, 2, 1, 804f6217}
[...]
Probably caused by : TDI.SYS ( TDI!CTEBlock+17 )
kd> !analyze -v
************************** ********** ********** ********** ********** ********** ***
* *
* Bugcheck Analysis *
* *
************************** ********** ********** ********** ********** ********** ***
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804f6217, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiActivateWaiterQueue+2 7
804f6217 897004 mov [eax+0x4],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 804f50c4 to 804f6217
TRAP_FRAME: f79b88a0 -- (.trap fffffffff79b88a0)
ErrCode = 00000002
eax=00000000 ebx=82c1ebec ecx=805464dc edx=aaaffe4c esi=805464ec edi=82fca438
eip=804f6217 esp=f79b8914 ebp=f79b8940 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!KiActivateWaiterQueue+0 x27:
804f6217 897004 mov [eax+0x4],esi ds:0023:00000004=????????
Resetting default scope
STACK_TEXT:
f79b8918 804f50c4 82c1ebe8 82c1ebe8 00000001 nt!KiActivateWaiterQueue+0 x27
f79b8940 f7a4d569 00000000 00000006 00000000 nt!KeWaitForSingleObject+0 x198
f79b895c aadbdd97 82c1ebe8 824a58f8 806ac028 TDI!CTEBlock+0x17
f79b8980 aaddfec6 00000103 00000000 00000000 tcpip!ARPSetMCastList+0x15 b
f79b89a0 aade03b5 00cdac68 82cdada0 82c9a930 tcpip!ARPDelMCast+0x81
f79b89bc aadde006 82cdac68 00000001 faffffef tcpip!ARPDeleteAddr+0x1a1
f79b8a0c aadcd476 00c9a930 faffffef 00000000 tcpip!LeaveIGMPAddr+0x21a
f79b8a5c aadbe01c 82c9a930 faffffef 00000001 tcpip!IGMPAddrChange+0xef
f79b8a80 aadd1904 faffffef 02000000 00000000 tcpip!IPSetMCastAddr+0x4a
f79b8ac4 aadb418f 00000000 81d1a69c 81d1a678 tcpip!DeleteAO+0x276
f79b8ae4 aadb3df6 f79b8afc 820640c0 82064050 tcpip!TdiCloseAddress+0x20 b
f79b8b14 aadb3c5b 82ca2900 82064050 820640c0 tcpip!TCPCleanup+0xaf
f79b8b50 804ea221 82ca2900 82064050 82064108 tcpip!TCPDispatch+0x91
f79b8b60 aad9622b 8222cc90 82ceed30 820640c0 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f79b8b7c aad95b13 8211b238 00000000 00000000 SYMTDI+0x2822b
f79b8ba4 aad9778a 82cc9d08 82064050 82cc9d08 SYMTDI+0x27b13
f79b8bb8 804ea221 82cc9d08 82064050 82064050 SYMTDI+0x2978a
f79b8bc8 80560d4d 8222cc78 82ff1040 00000001 nt!IopfCallDriver+0x31
f79b8bfc 80597c03 82fce838 82cc9d08 001200a0 nt!IopCloseFile+0x261
f79b8c2c 805975bb 82fce838 8222cc90 82ff1040 nt!ObpDecrementHandleCount +0x119
f79b8c54 80597651 e1001c88 8222cc90 00000484 nt!ObpCloseHandleTableEntr y+0x14b
f79b8c9c 80597777 00000484 00000000 00000000 nt!ObpCloseHandle+0x85
f79b8cac 8052d571 80000484 00000000 82ff6050 nt!NtClose+0x19
f79b8cac 804f8615 80000484 00000000 82ff6050 nt!KiSystemService+0xc4
f79b8d28 aa9d6b89 80000484 aa9d6268 824a8090 nt!ZwClose+0x11
f79b8d40 aa9d6cd5 824a8090 824a8138 aa9d4726 afd!AfdFreeEndpointResourc es+0xfb
f79b8d4c aa9d4726 824a8138 82b0aa88 82b1bd10 afd!AfdFreeEndpoint+0x1d
f79b8d64 8055477b 82b1bd10 00000000 805464dc afd!AfdDoWork+0x48
f79b8d74 805258ee 82b0aa88 00000000 82fca640 nt!IopProcessWorkItem+0xf
f79b8dac 805aa2b6 82b0aa88 00000000 00000000 nt!ExpWorkerThread+0xfe
f79b8ddc 805319c6 805257f0 00000001 00000000 nt!PspSystemThreadStartup+ 0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
TDI!CTEBlock+17
f7a4d569 85c0 test eax,eax
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: TDI!CTEBlock+17
MODULE_NAME: TDI
IMAGE_NAME: TDI.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 3b7d8535
STACK_COMMAND: .trap fffffffff79b88a0 ; kb
BUCKET_ID: 0xA_W_TDI!CTEBlock+17
Followup: MachineOwner
---------
This doesn't happen every time, but it's only started since he rebooted yesterday. I have had him roll back to an earlier restore point using System Restore, but the problem persists.
Any and all suggestions welcomed.
BugCheck A, {4, 2, 1, 804f6217}
[...]
Probably caused by : TDI.SYS ( TDI!CTEBlock+17 )
kd> !analyze -v
**************************
* *
* Bugcheck Analysis *
* *
**************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 804f6217, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiActivateWaiterQueue+2
804f6217 897004 mov [eax+0x4],esi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xA
LAST_CONTROL_TRANSFER: from 804f50c4 to 804f6217
TRAP_FRAME: f79b88a0 -- (.trap fffffffff79b88a0)
ErrCode = 00000002
eax=00000000 ebx=82c1ebec ecx=805464dc edx=aaaffe4c esi=805464ec edi=82fca438
eip=804f6217 esp=f79b8914 ebp=f79b8940 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
nt!KiActivateWaiterQueue+0
804f6217 897004 mov [eax+0x4],esi ds:0023:00000004=????????
Resetting default scope
STACK_TEXT:
f79b8918 804f50c4 82c1ebe8 82c1ebe8 00000001 nt!KiActivateWaiterQueue+0
f79b8940 f7a4d569 00000000 00000006 00000000 nt!KeWaitForSingleObject+0
f79b895c aadbdd97 82c1ebe8 824a58f8 806ac028 TDI!CTEBlock+0x17
f79b8980 aaddfec6 00000103 00000000 00000000 tcpip!ARPSetMCastList+0x15
f79b89a0 aade03b5 00cdac68 82cdada0 82c9a930 tcpip!ARPDelMCast+0x81
f79b89bc aadde006 82cdac68 00000001 faffffef tcpip!ARPDeleteAddr+0x1a1
f79b8a0c aadcd476 00c9a930 faffffef 00000000 tcpip!LeaveIGMPAddr+0x21a
f79b8a5c aadbe01c 82c9a930 faffffef 00000001 tcpip!IGMPAddrChange+0xef
f79b8a80 aadd1904 faffffef 02000000 00000000 tcpip!IPSetMCastAddr+0x4a
f79b8ac4 aadb418f 00000000 81d1a69c 81d1a678 tcpip!DeleteAO+0x276
f79b8ae4 aadb3df6 f79b8afc 820640c0 82064050 tcpip!TdiCloseAddress+0x20
f79b8b14 aadb3c5b 82ca2900 82064050 820640c0 tcpip!TCPCleanup+0xaf
f79b8b50 804ea221 82ca2900 82064050 82064108 tcpip!TCPDispatch+0x91
f79b8b60 aad9622b 8222cc90 82ceed30 820640c0 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f79b8b7c aad95b13 8211b238 00000000 00000000 SYMTDI+0x2822b
f79b8ba4 aad9778a 82cc9d08 82064050 82cc9d08 SYMTDI+0x27b13
f79b8bb8 804ea221 82cc9d08 82064050 82064050 SYMTDI+0x2978a
f79b8bc8 80560d4d 8222cc78 82ff1040 00000001 nt!IopfCallDriver+0x31
f79b8bfc 80597c03 82fce838 82cc9d08 001200a0 nt!IopCloseFile+0x261
f79b8c2c 805975bb 82fce838 8222cc90 82ff1040 nt!ObpDecrementHandleCount
f79b8c54 80597651 e1001c88 8222cc90 00000484 nt!ObpCloseHandleTableEntr
f79b8c9c 80597777 00000484 00000000 00000000 nt!ObpCloseHandle+0x85
f79b8cac 8052d571 80000484 00000000 82ff6050 nt!NtClose+0x19
f79b8cac 804f8615 80000484 00000000 82ff6050 nt!KiSystemService+0xc4
f79b8d28 aa9d6b89 80000484 aa9d6268 824a8090 nt!ZwClose+0x11
f79b8d40 aa9d6cd5 824a8090 824a8138 aa9d4726 afd!AfdFreeEndpointResourc
f79b8d4c aa9d4726 824a8138 82b0aa88 82b1bd10 afd!AfdFreeEndpoint+0x1d
f79b8d64 8055477b 82b1bd10 00000000 805464dc afd!AfdDoWork+0x48
f79b8d74 805258ee 82b0aa88 00000000 82fca640 nt!IopProcessWorkItem+0xf
f79b8dac 805aa2b6 82b0aa88 00000000 00000000 nt!ExpWorkerThread+0xfe
f79b8ddc 805319c6 805257f0 00000001 00000000 nt!PspSystemThreadStartup+
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
TDI!CTEBlock+17
f7a4d569 85c0 test eax,eax
SYMBOL_STACK_INDEX: 2
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: TDI!CTEBlock+17
MODULE_NAME: TDI
IMAGE_NAME: TDI.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:
STACK_COMMAND: .trap fffffffff79b88a0 ; kb
BUCKET_ID: 0xA_W_TDI!CTEBlock+17
Followup: MachineOwner
---------
This doesn't happen every time, but it's only started since he rebooted yesterday. I have had him roll back to an earlier restore point using System Restore, but the problem persists.
Any and all suggestions welcomed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.