N
NathanJacobs2
BugCheck 1, {72b12e09, 0, fffe, fffff8801b24cb60}
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+2aa )
Followup: MachineOwner
---------
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Symbols*Symbol information
OK E:\Work\Develop\AITDrvWDF\x64\Win7Debug
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 0000000072b12e09, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000fffe, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff8801b24cb60, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------
FAULTING_IP:
+5279b2472ee9359
00000000`72b12e09 ?? ???
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: amcap.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
LAST_CONTROL_TRANSFER: from fffff80005cbe729 to fffff80005cae4a0
STACK_TEXT:
fffff880`1b24c928 fffff800`05cbe729 : 00000000`00000001 00000000`72b12e09 00000000`00000000 00000000`0000fffe : nt!KeBugCheckEx
fffff880`1b24c930 fffff800`05cbe635 : fffffa80`0ef46130 00000000`000ae178 fffff880`1b24ca88 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`1b24ca70 00000000`72b12e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x2aa
00000000`000aea88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72b12e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSystemServiceExit+2aa
fffff800`05cbe635 4883ec50 sub rsp,50h
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceExit+2aa
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5abedd8c
IMAGE_VERSION: 6.1.7601.24094
FAILURE_BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+2aa
BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+2aa
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1_syscallnum_4_nt!kisystemserviceexit+2aa
FAILURE_ID_HASH: {b31de09c-628b-efe2-bb42-b343f7030974}
Followup: MachineOwner
---------
I use KsInitializeDriver to regist the callback function.
I find CCaptureDevice::SurpriseRemoval is called too late sometimes.
If plug the usb before system calls SurpriseRemoval,the system will crash.
How to debug this error?
Continue reading...
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExit+2aa )
Followup: MachineOwner
---------
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Symbols*Symbol information
OK E:\Work\Develop\AITDrvWDF\x64\Win7Debug
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 0000000072b12e09, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000fffe, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff8801b24cb60, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------
FAULTING_IP:
+5279b2472ee9359
00000000`72b12e09 ?? ???
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: amcap.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
LAST_CONTROL_TRANSFER: from fffff80005cbe729 to fffff80005cae4a0
STACK_TEXT:
fffff880`1b24c928 fffff800`05cbe729 : 00000000`00000001 00000000`72b12e09 00000000`00000000 00000000`0000fffe : nt!KeBugCheckEx
fffff880`1b24c930 fffff800`05cbe635 : fffffa80`0ef46130 00000000`000ae178 fffff880`1b24ca88 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`1b24ca70 00000000`72b12e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x2aa
00000000`000aea88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72b12e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSystemServiceExit+2aa
fffff800`05cbe635 4883ec50 sub rsp,50h
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceExit+2aa
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5abedd8c
IMAGE_VERSION: 6.1.7601.24094
FAILURE_BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+2aa
BUCKET_ID: X64_0x1_SysCallNum_4_nt!KiSystemServiceExit+2aa
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x1_syscallnum_4_nt!kisystemserviceexit+2aa
FAILURE_ID_HASH: {b31de09c-628b-efe2-bb42-b343f7030974}
Followup: MachineOwner
---------
I use KsInitializeDriver to regist the callback function.
I find CCaptureDevice::SurpriseRemoval is called too late sometimes.
If plug the usb before system calls SurpriseRemoval,the system will crash.
How to debug this error?
Continue reading...