I have a crash dump file that is confusing to me. The !analyze -v command lists the faulty thread as the idle thread, the process name is tail.exe, and the image name is getntds.sys - three completely different things. Also, the stack text shows a normal completion sequence from the driver getntds.sys.
Further analysis, !running -it shows the stack trace from the running thread on processor 0 causing the bug check.
So which one was it? The stack trace from !analyze -v (getntds.sys), or the running thread on processor 0? Thanks in advance for any help.
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_SWITCH_FROM_DPC (b8)
A wait operation, attach process, or yield was attempted from a DPC routine.
This is an illegal operation and the stack track will lead to the offending
code and original DPC routine.
Arguments:
Arg1: 8297c380, Original thread which is the cause of the failure
Arg2: 864b2d20, New thread
Arg3: 8296fed0, Stack address of the original thread
Arg4: 00000000
Debugging Details:
FAULTING_THREAD: 8297c380
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0xB8
PROCESS_NAME: tail.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 828beb87 to 828bec26
STACK_TEXT:
8296fa90 828beb87 85c14d48 86059a08 85c14da8 nt!KiSwapContext+0x26
8296fac4 828fdc20 82972d20 00000000 00000001 nt!KiExitDispatcher+0x140
8296fb00 828c009f 86059a08 85c024b0 00000000 nt!KeInsertQueueApc+0xb9
8296fb48 9360d89a 00000000 82974600 004dd200 nt!IopfCompleteRequest+0x3f4
8296fb64 9362120e 86176bb0 00000000 86176bb0 getntds!os_io_cleanup+0x2ea [r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c @ 3544]
8296fb78 828bf675 89d25b24 8b541570 00000000 getntds!db_input_rundown+0x15e [r:\sw\50700\win7_7.02.02.3204\make\xp_win7\db_functions.c @ 3497]
8296fbd4 828bf4d8 82972d20 8297c380 00000000 nt!KiExecuteAllDpcs+0xf9
8296fc20 828bf2f8 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
8296fc24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: .thread 0xffffffff8297c380 ; kb
FOLLOWUP_IP:
getntds!os_io_cleanup+2ea [r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c @ 3544]
9360d89a 8b1500e06293 mov edx,dword ptr [getntds!debug_print (9362e000)]
FAULTING_SOURCE_LINE: r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c
FAULTING_SOURCE_FILE: r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c
FAULTING_SOURCE_LINE_NUMBER: 3544
FAULTING_SOURCE_CODE:
No source found for 'r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c'
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: getntds!os_io_cleanup+2ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: getntds
IMAGE_NAME: getntds.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5553a213
FAILURE_BUCKET_ID: 0xB8_getntds!os_io_cleanup+2ea
BUCKET_ID: 0xB8_getntds!os_io_cleanup+2ea
Followup: MachineOwner
0: kd> .thread 0xffffffff8297c380 ; kb
Implicit thread is now 8297c380
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
8296fa90 828beb87 85c14d48 86059a08 85c14da8 nt!KiSwapContext+0x26
8296fac4 828fdc20 82972d20 00000000 00000001 nt!KiExitDispatcher+0x140
8296fb00 828c009f 86059a08 85c024b0 00000000 nt!KeInsertQueueApc+0xb9
8296fb48 9360d89a 00000000 82974600 004dd200 nt!IopfCompleteRequest+0x3f4
8296fb64 9362120e 86176bb0 00000000 86176bb0 getntds!os_io_cleanup+0x2ea [r:\sw\50700\win7_7.02.02.3204\make\xp_win7\xp_win7_os_specific.c @ 3544]
8296fb78 828bf675 89d25b24 8b541570 00000000 getntds!db_input_rundown+0x15e [r:\sw\50700\win7_7.02.02.3204\make\xp_win7\db_functions.c @ 3497]
8296fbd4 828bf4d8 82972d20 8297c380 00000000 nt!KiExecuteAllDpcs+0xf9
8296fc20 828bf2f8 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
8296fc24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
0: kd> !running
System Processors: (0000000f)
Idle Processors: (00000008)
Prcbs Current (pri) Next (pri) Idle
0 82972d20 864b2d20 (10) 8297c380 ................
1 807d2120 85c14d48 (24) 807d7800 ................
2 8ef15120 8b201d48 (15) 8ef1a800 ................
1: kd> !running -it
System Processors: (0000000f)
Idle Processors: (00000008)
Prcbs Current (pri) Next (pri) Idle
0 82972d20 864b2d20 (10) 8297c380 ................
ChildEBP RetAddr
9d1499bc 828befbd nt!KeBugCheckEx+0x1e
9d1499d4 828bec26 nt!SwapContext_XRstorEnd+0x105
9d1499e8 828c5d3d nt!KiSwapContext+0x26
9d149a20 828c4b9b nt!KiSwapThread+0x266
9d149a48 828be58f nt!KiCommitThreadWait+0x1df
9d149ac0 828f61e5 nt!KeWaitForSingleObject+0x393
9d149ae8 82a84634 nt!AlpcpSignalAndWait+0x7b
9d149b0c 82aa5e63 nt!AlpcpReceiveSynchronousReply+0x27
9d149b9c 82a86abd nt!AlpcpProcessSynchronousRequest+0x276
9d149bf8 82a86b7e nt!LpcpRequestWaitReplyPort+0x6a
9d149c20 828858c6 nt!NtRequestWaitReplyPort+0x4c
9d149c20 779070f4 nt!KiSystemServicePostCall
WARNING: Frame IP not in any known module. Following frames may be wrong.
0240f3fc 00000000 0x779070f4
1 807d2120 85c14d48 (24) 807d7800 ................
ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
02c2f628 00000000 0x76fdc4a0
2 8ef15120 8b201d48 (15) 8ef1a800 ................
*** ERROR: Module load completed but symbols could not be loaded for astgrp.sys
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
96d7d974 8cfda040 astgrp+0x9948
96d7d994 92e200db astgrp+0xb040
96d7d9bc 92e1ff9b dxgkrnl!DXGADAPTER::DdiSubmitCommand+0x49
96d7d9c8 92ed70d5 dxgkrnl!DXGADAPTER_DdiSubmitCommand+0x10
96d7d9d8 92ee04ea dxgmms1!DXGADAPTER::DdiSubmitCommand+0x11
96d7da64 92f07661 dxgmms1!VidSchiSendToExecutionQueue+0x7d6
96d7dadc 92f07fd1 dxgmms1!VidSchiSendToExecutionQueueWithWait+0x115
96d7dc18 92f08279 dxgmms1!VidSchiSubmitRenderCommand+0x809
96d7dc28 92f08516 dxgmms1!VidSchiSubmitQueueCommand+0x61
96d7dc3c 92f085bd dxgmms1!VidSchiRun_PriorityTable+0x24
96d7dc50 82a51141 dxgmms1!VidSchiWorkerThread+0x7f
96d7dc90 828f8559 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19
3 8ef4b120 8ef50800 ( 0) 8ef50800 ................
ChildEBP RetAddr
8ef67c20 828bf38e nt!SwapContext_PatchFxe+0x3e
8ef67c24 00000000 nt!KiIdleLoop+0xce