Help With Crash Dump Analysis

C

Christopher Welber

Here is a crash dump file I analyzed in the debugger does anyone have any
idea of what the possible source might be:

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Work\Debugging\TK\Susan\Mini042805-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Wed Apr 27 15:49:15.139 2005 (GMT-4)
System Uptime: 0 days 0:11:02.518
Loading Kernel Symbols
................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

Probably caused by : ntoskrnl.exe ( nt!SwapContext+95 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 804dbd78 to 804dbf4d

STACK_TEXT:
f5a49d0c 804dbd78 f5a49d34 00000000 82a4e6c0 nt!SwapContext+0x95
f5a49d20 804e3f4e 00000042 82a50a18 00000000
nt!KiUnlockDispatcherDatabase+0x77
f5a49d34 804e8e8f f58d3f08 00000001 00000000 nt!KeSetEvent+0x74
f5a49d64 806173a0 00000000 82c6e220 00000000 nt!IopfCompleteRequest+0x189
f5a49d94 806179b3 82a50a18 00000000 82ce41e8 nt!IopRaiseHardError+0x191
f5a49dac 8057dfed 82c6e220 00000000 00000000 nt!IopApcHardError+0x36
f5a49ddc 804fa477 8061797d 82c6e220 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!SwapContext+95
804dbf4d 0f00d0 lldt eax

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!SwapContext+95

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

FAILURE_BUCKET_ID: 0x7f_d_nt!SwapContext+95

BUCKET_ID: 0x7f_d_nt!SwapContext+95

Followup: MachineOwner
---------
 
W

Will Denny

Hi

Please try the following link to Jim Eshelman's web
page - left hand column
(7F)

http://aumha.org/win5/kbestop.htm

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

Christopher Welber said:
Here is a crash dump file I analyzed in the debugger does anyone have any
idea of what the possible source might be:

Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Work\Debugging\TK\Susan\Mini042805-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is:
srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Wed Apr 27 15:49:15.139 2005 (GMT-4)
System Uptime: 0 days 0:11:02.518
Loading Kernel Symbols
...............................................................................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007F, {d, 0, 0, 0}

Probably caused by : ntoskrnl.exe ( nt!SwapContext+95 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


BUGCHECK_STR: 0x7f_d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 804dbd78 to 804dbf4d

STACK_TEXT:
f5a49d0c 804dbd78 f5a49d34 00000000 82a4e6c0 nt!SwapContext+0x95
f5a49d20 804e3f4e 00000042 82a50a18 00000000
nt!KiUnlockDispatcherDatabase+0x77
f5a49d34 804e8e8f f58d3f08 00000001 00000000 nt!KeSetEvent+0x74
f5a49d64 806173a0 00000000 82c6e220 00000000 nt!IopfCompleteRequest+0x189
f5a49d94 806179b3 82a50a18 00000000 82ce41e8 nt!IopRaiseHardError+0x191
f5a49dac 8057dfed 82c6e220 00000000 00000000 nt!IopApcHardError+0x36
f5a49ddc 804fa477 8061797d 82c6e220 00000000
nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!SwapContext+95
804dbf4d 0f00d0 lldt eax

FAULTING_SOURCE_CODE:


SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: nt!SwapContext+95

MODULE_NAME: nt

IMAGE_NAME: ntoskrnl.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 41108004

FAILURE_BUCKET_ID: 0x7f_d_nt!SwapContext+95

BUCKET_ID: 0x7f_d_nt!SwapContext+95

Followup: MachineOwner
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Crash dump 6
blue screen memory dump please help 3
Need help with Windbg log 2
XP crashes, dmp files added. 6
Multiple save dumps (with debug info) 4
SNP2SXP.SYS 5
Need minidump analyzed 4
How to use verifier? 4

Top