"IRQL_NOT_LESS_OR_EQUAL (a)
[snip]
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Stack:
fffff8007524551a : nt!KiPageFault+0x247 fffff83809dd062c0 : nt!KeWaitForSingleObject+0x34a
ffff83809dd06370 : nt!ViKeWaitForSingleObjectCommon+0x92 ffff83809dd063c0 : nt!VerifierKeWaitForSingleObject+0x1e
ffff8380`9dd06400 : AHKFilterBus!FPFilterRemoveDevice+0x39d [c:\ahkfilter\bus\pnp.c @ 662]"
The filter is responding to an IRP_MN_REMOVE_DEVICE and stepping through the handler the irql is passive, untill the call to KeWait, then it goes to dispatch:
"
1: kd> !irql
Debugger saved IRQL for processor 0x1 – 0 (LOW_LEVEL)
1: kd> p <----- steps over KeWait
KDTARGET: Refreshing KD connection
*** Fatal System Error: 0x0000000a
(0x0000000000000000,0x0000000000000002,0x0000000000000000,0xFFFFF801B1EC051A)
WARNING: This break is not a step/trace completion.
The last command has been cleared to prevent
accidental continuation of this unrelated event.
Check the event, location and thread before resuming.
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
nt!DbgBreakPointWithStatus:
fffff801`b1fd4a60 cc int 3
1: kd> !irql
Debugger saved IRQL for processor 0x1 – 2 (DISPATCH_LEVEL)"
The event is a NotificationEvent, created signaled, KeResetEvent and KeSetEvent have not been called on it, so KeWait should complete immediately.
The call to the wait is: KeWaitForSingleObject(&evt, Executive, KernelMode, FALSE, NULL);
There are no locks held during the call to KeWait.
Does anyone at MSFT want the dump to look at?
