how to trobleshute BSoD INVALID_WORK_QUEUE_ITEM (96)?

Question

INVALID_WORK_QUEUE_ITEM (96)

This message occurs when KeRemoveQueue removes a queue entry whose flink

or blink field is null. This is almost always called by code misusing

worker thread work items, but any queue misuse can cause this. The rule

is that an entry on a queue may only be inserted on the list once. When an

item is removed from a queue, it's flink field is set to NULL. This BugCheck

occurs when remove queue attempts to remove an entry, but the flink or blink

field is NULL. In order to debug this problem, you need to know the queue being

referenced.

In an attempt to help identify the guilty driver, this BugCheck assumes the

queue is a worker queue (ExWorkerQueue) and prints the worker routine as

parameter 4 below.

Arguments:

Arg1: ffffc586c1df9548, The address of the queue entry whose flink/blink field is NULL

Arg2: ffffc586b7203b90, The address of the queue being references. Usually this is one

of the ExWorkerQueues. 

Arg3: ffffc586b7203150, The base address of the ExWorkerQueue array. This will help determine

if the queue in question is an ExWorkerQueue and if so, the offset from 

this parameter will isolate the queue. 

Arg4: fffff8074e9859d0, If this is an ExWorkerQueue (which it usually is), this is the address

of the worker routine that would have been called if the work item was 

valid. This can be used to isolate the driver that is misusing the work 

queue. 

Debugging Details:

---

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec 

Value: 7452 

Key  : Analysis.DebugAnalysisManager 

Value: Create 

Key  : Analysis.Elapsed.mSec 

Value: 13358 

Key  : Analysis.Init.CPU.mSec 

Value: 7515 

Key  : Analysis.Init.Elapsed.mSec 

Value: 54686 

Key  : Analysis.Memory.CommitPeak.Mb 

Value: 87 

FILE_IN_CAB: 120623-45671-01.dmp

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x8

Kernel Generated Triage Dump

BUGCHECK_CODE: 96

BUGCHECK_P1: ffffc586c1df9548

BUGCHECK_P2: ffffc586b7203b90

BUGCHECK_P3: ffffc586b7203150

BUGCHECK_P4: fffff8074e9859d0

WORKER_ROUTINE:

nt!IopProcessWorkItem+0

fffff807`4e9859d0 48895c2410 mov qword ptr [rsp+10h],rbx

WORK_ITEM: ffffc586c1df9548

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXPNP: 1 (!blackboxpnp)

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

STACK_TEXT:

ffff828dce5733d8 fffff8074eaee8ea : 0000000000000096 ffffc586c1df9548 ffffc586b7203b90 ffffc586b7203150 : nt!KeBugCheckEx

ffff828dce5733e0 fffff8074e94a754 : ffffc586cd533040 0000000000000000 ffffc586cd533180 ffff8b002cd40180 : nt!KiAttemptFastRemovePriQueue+0x12e1fa

ffff828dce573420 fffff8074e949d60 : ffffc586b7203b90 0000000000000004 ffff8b002cd40100 fffff80700000001 : nt!KeRemovePriQueue+0x564

ffff828dce5734b0 fffff8074e9e3185 : ffffc586cd533040 ffffbd83674a5540 ffffc586cd533040 0000000000000000 : nt!ExpWorkerThread+0xa0

ffff828dce573550 fffff8074ea7d19c : ffff8b002cd40180 ffffc586cd533040 fffff8074e9e3130 0000000000000246 : nt!PspSystemThreadStartup+0x55

ffff828dce5735a0 0000000000000000 : ffff828dce574000 ffff828dce56d000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x1c

SYMBOL_NAME: nt!IopProcessWorkItem+0

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.17763.5122

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 0

FAILURE_BUCKET_ID: 0x96_nt!IopProcessWorkItem

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {9b586d9a-c1f6-a6de-4692-9ceab4008b6f}

Answer 1

Hello

Thank you for posting in Microsoft Community forum.

From the dump analysis, we can see the kernel mode caused the system crash. But we cannot get more information from the analysis above. You may need to contact with Online Support Engineer to help you analyze the dump.

Best Regards,

Zack Lu