[RESOLVED] Win2008R2 RTM: STOP 0x1 in nt!KeUserModeCallback+e6

  • Article

Status: Resolved

Update 120112: Closing the loop on this one. Finally, after some delays, the hotfix is released and available from https://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2619041&kbln=en-us.

Update 110930: The customer running the private confirmed there are no further STOP 0x1 errors observed. The hotfix for this will be released under HTP11-12, as KB2619041.

Update 110829: This morning I further debugged the problem and this resulted in filing a hotfix request with Engineering. Fingers crossed this gets through! :)

Update 110822: Finally, some progress on this, thanks to my colleague Neil, who has a customer with the identical problem. :) After receiving a second dump today, I was able to confirm that the crashing thread is holding three locks when calling back to user mode. This is exactly the same in Neil's dump, with the same three locks involved. The problem is illustrated by this dumpout of the crashing thread's KernelApc disable count:

7: kd> dt _KTHREAD fffffa803ea91b10 KernelApcDisable
nt!_KTHREAD
   +0x1c4 KernelApcDisable : 0n-3

I'll follow up with new findings on this shortly!

///

Today I had a look at a STOP 0x1, APC_INDEX_MISMATCH, with the following stack:

00 fffff880`0f6ed4a8 fffff800`018712ed nt!KeBugCheckEx
01 fffff880`0f6ed4b0 fffff800`01b6be96 nt!KiCallUserMode+0x26d
02 fffff880`0f6ed5f0 fffff960`00149c32 nt!KeUserModeCallback+0xe6
03 fffff880`0f6ed670 fffff960`0010f5be win32k!xxxClientCallWinEventProc+0x76
04 fffff880`0f6ed6e0 fffff960`0010f6a0 win32k!xxxProcessNotifyWinEvent+0x172
05 fffff880`0f6ed760 fffff960`00096d2a win32k!xxxFlushDeferredWindowEvents+0x30
06 fffff880`0f6ed790 fffff960`00095e53 win32k!zzzSetFMouseMoved+0x3e2
07 fffff880`0f6ed900 fffff960`0012b12b win32k!zzzLockDisplayAreaAndInvalidateDCCache+0x53
08 fffff880`0f6ed950 fffff960`000dbe54 win32k!xxxScrollWindowEx+0x787
09 fffff880`0f6edae0 fffff800`01878993 win32k!NtUserScrollWindowEx+0x140
0a fffff880`0f6edbb0 00000000`749b07aa nt!KiSystemServiceCopyEnd+0x13

STOP 0x1s are notoriously hard to troubleshoot, and we are researching this to see how to further approach this. Let me know if your machine hits this too!