(H:\trunk\reactos_clean\ntoskrnl\io\iomgr\irp.c:1240) Dispatch function F8BA1E00 (major 0) changed IRQL (0 -> 0) or APC state (0x0 -> 0xffff) Assertion h:\trunk\reactos_clean\ntoskrnl\io\iomgr\irp.c(1242): Thread->CombinedApcDisable == CombinedApcDisable nt!IofCallDriver+0x169: 80463549 cd2c int 2Ch kd> .reload Connected to Windows Server 2003 3790 x86 compatible target at (Sat Jul 23 02:29:20.710 2016 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ....................................................... Loading User Symbols .......................................... *** WARNING: Unable to verify checksum for 7-zip.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for 7-zip.dll - kd> kp ChildEBP RetAddr f8005958 80456673 nt!IofCallDriver(struct _DEVICE_OBJECT * DeviceObject = 0xb123e018, struct _IRP * Irp = 0xb118aab0)+0x169 [h:\trunk\reactos_clean\ntoskrnl\io\iomgr\irp.c @ 1242] f8005a48 804c6bf6 nt!IopParseDevice(void * ParseObject = 0xb1322480, void * ObjectType = 0x00000000, struct _ACCESS_STATE * AccessState = 0xb10069b0, char AccessMode = 0n1 '', unsigned long Attributes = 0x40, struct _UNICODE_STRING * CompleteName = 0xf8005b0c "\Device\Harddisk0\Partition1\toto\vcredist\PreSetup.exe", struct _UNICODE_STRING * RemainingName = 0xf8005ac4 "\toto\vcredist\PreSetup.exe", void * Context = 0xf8005c1c, struct _SECURITY_QUALITY_OF_SERVICE * SecurityQos = 0x00000000, void ** Object = 0xf8005a88)+0xd13 [h:\trunk\reactos_clean\ntoskrnl\io\iomgr\file.c @ 900] f8005ad4 804c1c2b nt!ObpLookupObjectName(void * RootHandle = 0x00000000, struct _UNICODE_STRING * ObjectName = 0xf8005b0c "\Device\Harddisk0\Partition1\toto\vcredist\PreSetup.exe", unsigned long Attributes = 0x40, struct _OBJECT_TYPE * ObjectType = 0x00000000, char AccessMode = 0n1 '', void * ParseContext = 0xf8005c1c, struct _SECURITY_QUALITY_OF_SERVICE * SecurityQos = 0x00000000, void * InsertObject = 0x00000000, struct _ACCESS_STATE * AccessState = 0xb10069b0, struct _OBP_LOOKUP_CONTEXT * LookupContext = 0xb1006a54, void ** FoundObject = 0xf8005b08)+0x766 [h:\trunk\reactos_clean\ntoskrnl\ob\obname.c @ 818] f8005b2c 80457ead nt!ObOpenObjectByName(struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00fbf550, struct _OBJECT_TYPE * ObjectType = 0x00000000, char AccessMode = 0n1 '', struct _ACCESS_STATE * PassedAccessState = 0xb10069b0, unsigned long DesiredAccess = 0x80, void * ParseContext = 0xf8005c1c, void ** Handle = 0xf8005c98)+0x15b [h:\trunk\reactos_clean\ntoskrnl\ob\obhandle.c @ 2612] f8005cec 80459b06 nt!IopQueryAttributesFile(struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00fbf550, _FILE_INFORMATION_CLASS FileInformationClass = FileNetworkOpenInformation (0n34), unsigned long FileInformationSize = 0x38, void * FileInformation = 0x00fbf578)+0x19d [h:\trunk\reactos_clean\ntoskrnl\io\iomgr\file.c @ 2091] f8005d04 804f503b nt!NtQueryFullAttributesFile(struct _OBJECT_ATTRIBUTES * ObjectAttributes = 0x00fbf550, struct _FILE_NETWORK_OPEN_INFORMATION * FileInformation = 0x00fbf578)+0x16 [h:\trunk\reactos_clean\ntoskrnl\io\iomgr\file.c @ 3555] f8005d1c 804f46df nt!KiSystemCallTrampoline(void * Handler = 0x80459af0, void * Arguments = 0x00fbf548, unsigned long StackBytes = 8)+0x1b [h:\trunk\reactos_clean\ntoskrnl\include\internal\i386\ke.h @ 742] f8005d5c 80403e23 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf8005d64, void * Arguments = 0x00fbf548)+0x22f [h:\trunk\reactos_clean\ntoskrnl\ke\i386\traphdlr.c @ 1738] f8005d5c 7c92c80e nt!KiFastCallEntry+0x8c 00fbf53c 7c95161c ntdll!KiFastSystemCallRet 00fbf540 7c7e9d4c ntdll!ZwQueryFullAttributesFile+0xc 00fbf5b0 7c7e9edc kernel32!GetFileAttributesExW(wchar_t * lpFileName = 0x00fbf828 "C:\toto\vcredist\PreSetup.exe", _GET_FILEEX_INFO_LEVELS fInfoLevelId = GetFileExInfoStandard (0n0), void * lpFileInformation = 0x00fbf5c8)+0xcc [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\fileinfo.c @ 721] 00fbf5f0 7c3f081c kernel32!GetFileAttributesW(wchar_t * lpFileName = 0x00fbf828 "C:\toto\vcredist\PreSetup.exe")+0x3c [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\fileinfo.c @ 792] 00fbf600 7b2f56a7 shlwapi!PathIsDirectoryW(wchar_t * lpszPath = 0x00fbf828 "C:\toto\vcredist\PreSetup.exe")+0xcc [h:\trunk\reactos_clean\dll\win32\shlwapi\path.c @ 1691] 00fbfc48 7b2f5485 shell32!_ProcessNotification(struct SHChangeNotifyEntryInternal * item = 0x011c2998)+0x137 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 848] 00fbfc58 7c7e54d2 shell32!_NotificationCompletion(unsigned long dwErrorCode = 0, unsigned long dwNumberOfBytesTransfered = 0x48, struct _OVERLAPPED * lpOverlapped = 0x011c2bac)+0x145 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 759] 00fbfc78 7c92c6ee kernel32!BasepIoCompletionSimple(void * ApcContext = 0x7b2f5340, struct _IO_STATUS_BLOCK * IoStatusBlock = 0x011c2bac, unsigned long Reserved = 0)+0x52 [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\cnotify.c @ 97] 00fbffa8 7b2f57c1 ntdll!KiUserApcDispatcher+0x25 00fbffb8 7c7d9764 shell32!_RunAsyncThreadProc(void * arg = 0x00000000)+0x21 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 867] 00fbffec 00000000 kernel32!BaseThreadStartup( * lpStartAddress = 0x7b2f57a0, void * lpParameter = 0x00000000)+0x54 [h:\trunk\reactos_clean\dll\win32\kernel32\client\thread.c @ 69] kd> gh (H:\trunk\reactos_clean\win32ss\user\ntuser\hotkey.c:234) err: Hot key pressed for Debug Activation! ShiftF12 = 0 or F12 = 1 *** Fatal System Error: 0x00000001 (0x0000009C,0x00000000,0x0000FFFF,0x00000000) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows Server 2003 3790 x86 compatible target at (Sat Jul 23 02:30:40.246 2016 (UTC + 2:00)), ptr64 FALSE Loading Kernel Symbols ....................................................... Loading User Symbols .......................................... *** WARNING: Unable to verify checksum for 7-zip.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for 7-zip.dll - ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1, {9c, 0, ffff, 0} Probably caused by : ntoskrnl.exe ( nt!KiExitSystemCallDebugChecks+89 ) Followup: MachineOwner --------- nt!RtlpBreakWithStatusInstruction: 8050e868 cc int 3 kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* APC_INDEX_MISMATCH (1) This is a kernel internal error. The most common reason to see this bugcheck is when a filesystem or a driver has a mismatched number of calls to disable and re-enable APCs. The key data item is the Thread->KernelApcDisable field. A negative value indicates that a driver has disabled APC calls without re-enabling them. A positive value indicates that the reverse is true. This check is made on exit from a system call. Arguments: Arg1: 0000009c, address of system function (system call) Arg2: 00000000, Thread->ApcStateIndex << 8 | Previous ApcStateIndex Arg3: 0000ffff, Thread->KernelApcDisable Arg4: 00000000, Previous KernelApcDisable Debugging Details: ------------------ FAULTING_IP: +6433633865646363 0000009c ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x1 PROCESS_NAME: explorer.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 804774a8 to 8050e868 STACK_TEXT: f8005914 804774a8 00000003 f8005c34 ffdff408 nt!RtlpBreakWithStatusInstruction f8005944 80477db3 00000003 00fbfc8c 00000000 nt!KiBugCheckDebugBreak+0x38 [h:\trunk\reactos_clean\ntoskrnl\ke\bug.c @ 538] f8005ce0 80478410 00000001 0000009c 00000000 nt!KeBugCheckWithTf+0x553 [h:\trunk\reactos_clean\ntoskrnl\ke\bug.c @ 1102] f8005d00 804f4dd9 00000001 0000009c 00000000 nt!KeBugCheckEx+0x20 [h:\trunk\reactos_clean\ntoskrnl\ke\bug.c @ 1462] f8005d20 804f4705 0000009c f8005d64 ffdff6b8 nt!KiExitSystemCallDebugChecks+0x89 [h:\trunk\reactos_clean\ntoskrnl\include\internal\i386\trap_x.h @ 230] f8005d5c 80403e23 00fbf5b0 7c92c80e badb0d00 nt!KiSystemServiceHandler+0x255 [h:\trunk\reactos_clean\ntoskrnl\ke\i386\traphdlr.c @ 1744] f8005d5c 7c92c80e 00fbf5b0 7c92c80e badb0d00 nt!KiFastCallEntry+0x8c 00fbf53c 7c95161c 7c7e9d4c 00fbf550 00fbf578 ntdll!KiFastSystemCallRet 00fbf540 7c7e9d4c 00fbf550 00fbf578 00000018 ntdll!ZwQueryFullAttributesFile+0xc 00fbf5b0 7c7e9edc 00fbf828 00000000 00fbf5c8 kernel32!GetFileAttributesExW+0xcc [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\fileinfo.c @ 721] 00fbf5f0 7c3f081c 00fbf828 00fbff58 00fbfc48 kernel32!GetFileAttributesW+0x3c [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\fileinfo.c @ 792] 00fbf600 7b2f56a7 00fbf828 00000005 00fbf828 shlwapi!PathIsDirectoryW+0xcc [h:\trunk\reactos_clean\dll\win32\shlwapi\path.c @ 1691] 00fbfc48 7b2f5485 011c2998 011c2998 00fbfc78 shell32!_ProcessNotification+0x137 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 848] 00fbfc58 7c7e54d2 00000000 00000048 011c2bac shell32!_NotificationCompletion+0x145 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 759] 00fbfc78 7c92c6ee 7b2f5340 011c2bac 00000000 kernel32!BasepIoCompletionSimple+0x52 [h:\trunk\reactos_clean\dll\win32\kernel32\client\file\cnotify.c @ 97] 00fbffa8 7b2f57c1 ffffffff 00000001 00fbffec ntdll!KiUserApcDispatcher+0x25 00fbffb8 7c7d9764 00000000 00000000 00000000 shell32!_RunAsyncThreadProc+0x21 [h:\trunk\reactos_clean\dll\win32\shell32\wine\changenotify.c @ 867] 00fbffec 00000000 7b2f57a0 00000000 00000000 kernel32!BaseThreadStartup+0x54 [h:\trunk\reactos_clean\dll\win32\kernel32\client\thread.c @ 69] STACK_COMMAND: kb FOLLOWUP_IP: nt!KiExitSystemCallDebugChecks+89 [h:\trunk\reactos_clean\ntoskrnl\include\internal\i386\trap_x.h @ 230] 804f4dd9 8be5 mov esp,ebp FAULTING_SOURCE_CODE: 226: KeGetCurrentThread()->CombinedApcDisable, 227: 0); 228: } 229: } > 230: } 231: 232: // 233: // Generic Exit Routine 234: // 235: DECLSPEC_NORETURN VOID FASTCALL KiSystemCallReturn(IN PKTRAP_FRAME TrapFrame); SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: nt!KiExitSystemCallDebugChecks+89 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 57927421 FAILURE_BUCKET_ID: 0x1_nt!KiExitSystemCallDebugChecks+89 BUCKET_ID: 0x1_nt!KiExitSystemCallDebugChecks+89 Followup: MachineOwner ---------