BSOD 0x23 from consent.exe
Closed this issue · 1 comments
lundman commented
stack
CACHE_MANAGER (34)
See the comment for FAT_FILE_SYSTEM (0x23)
Arguments:
Arg1: 0000000000000299
Arg2: ffffffffc0000420
Arg3: 0000000000000000
Arg4: 0000000000000000
BUGCHECK_CODE: 34
BUGCHECK_P1: 299
BUGCHECK_P2: ffffffffc0000420
BUGCHECK_P3: 0
BUGCHECK_P4: 0
EXCEPTION_RECORD: ffffffffc0000420 -- (.exr 0xffffffffc0000420)
Cannot read Exception record @ ffffffffc0000420
PROCESS_NAME: consent.exe
STACK_TEXT:
ffff978c`72b9b8d8 fffff804`303668e2 : ffff978c`72b9ba40 fffff804`3011ae80 fffff804`2abd2180 00000000`00000201 : nt!DbgBreakPointWithStatus
ffff978c`72b9b8e0 fffff804`30365fa3 : fffff804`00000003 ffff978c`72b9ba40 fffff804`302301f0 00000000`00000034 : nt!KiBugCheckDebugBreak+0x12
ffff978c`72b9b940 fffff804`30216c77 : ffff878f`3cbf8aa0 fffff804`2e749273 00000000`00000093 ffff978c`72b9c2a0 : nt!KeBugCheck2+0xba3
ffff978c`72b9c0b0 fffff804`3028cd89 : 00000000`00000034 00000000`00000299 ffffffff`c0000420 00000000`00000000 : nt!KeBugCheckEx+0x107
ffff978c`72b9c0f0 fffff804`305ea0e3 : ffff878f`00000000 ffff878f`3b006a20 00000032`00000093 00000001`00000001 : nt!CcCopyReadEx+0x1fcdb9
ffff978c`72b9c1d0 fffff804`2ea48621 : 00000000`00000120 ffff878f`3cbf8aa0 ffff878f`3ff02c60 ffff878f`39371db0 : nt!CcCopyRead+0x23
ffff978c`72b9c220 fffff804`2ea48d9f : ffff878f`3cbf8aa0 ffff978c`72b9c891 ffff878f`39371db0 ffff878f`3cbf8aa0 : OpenZFS!fs_read_impl+0x971 [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 4695]
ffff978c`72b9c380 fffff804`2ea50e1a : ffff878f`3cbf8aa0 fffff804`2e749273 00000000`00000000 ffff978c`72b9c891 : OpenZFS!fs_read+0x46f [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 4851]
ffff978c`72b9c480 fffff804`2ea4d312 : 00000000`00000019 00000000`00000000 ffff878f`3cbf8ca8 ffff878f`3c046570 : OpenZFS!fsDispatcher+0x179a [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 7241]
ffff978c`72b9c5f0 fffff804`300ebef5 : ffff978c`72b9c7b0 fffff804`31918029 ffff978c`72b9d000 ffff978c`72b97000 : OpenZFS!dispatcher+0x292 [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 7360]
ffff978c`72b9c6e0 fffff804`3191a1db : ffff878f`00000000 ffff878f`3cbf8aa0 00000000`00000028 7fffffff`ffffffff : nt!IofCallDriver+0x55
ffff978c`72b9c720 fffff804`31917e23 : ffff978c`72b9c7b0 00000000`00000000 00000000`00000000 fffff804`300653c3 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15b
ffff978c`72b9c790 fffff804`300ebef5 : ffff878f`3bea3cf0 ffff878f`3ef7a120 ffff878f`39371db0 00000000`00000001 : FLTMGR!FltpDispatch+0xa3
ffff978c`72b9c7f0 fffff804`30540060 : ffff878f`3bea3cf0 ffff978c`72b9c891 ffff978c`72b9c891 000001fb`1acd0000 : nt!IofCallDriver+0x55
ffff978c`72b9c830 fffff804`30527db4 : 00000000`00000000 ffff878f`3c046570 00000000`00000000 ffff878f`3c046570 : nt!IopSynchronousServiceTail+0x1d0
ffff978c`72b9c8e0 fffff804`305278a3 : ffff878f`3c046570 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopReadFile+0x4d4
ffff978c`72b9c9e0 fffff804`3022bbe5 : ffff878f`3a684080 ffff978c`72b9cb60 00000027`98a7e888 000001fb`18fd8810 : nt!NtReadFile+0xd3
ffff978c`72b9ca70 00007ff8`b396f434 : 00007ff8`b200c2b6 000001fb`190134d0 00000027`98a7e909 000001fb`18fd8848 : nt!KiSystemServiceCopyEnd+0x25
00000027`98a7e868 00007ff8`b200c2b6 : 000001fb`190134d0 00000027`98a7e909 000001fb`18fd8848 00000000`00000000 : ntdll!NtReadFile+0x14
00000027`98a7e870 00007ff8`b200c519 : 00000027`98a7ee80 ffffffff`ffffffff 00000000`00000000 000001fb`190169fe : KERNEL32!BaseDllOpenIniFileOnDisk+0x366
00000027`98a7e970 00007ff8`b200b8b9 : 000001fb`18fd8810 000001fb`18fd8810 000001fb`1900c601 00000000`00000100 : KERNEL32!BaseDllReadWriteIniFileOnDisk+0x31
00000027`98a7e9b0 00007ff8`b200d89a : 0000ca7e`00000000 00007ff8`a611dc00 00000027`98a7f3c0 000001fb`19016c30 : KERNEL32!BaseDllReadWriteIniFile+0x179
00000027`98a7ee00 00007ff8`b200df25 : 00000000`ffffffff 00000027`98a7ef60 000001fb`1900c6b8 000001fb`18f7f024 : KERNEL32!GetPrivateProfileStringW+0x6a
00000027`98a7ee60 00007ff8`a6071b68 : 000001fb`1900c6b8 00000000`00000000 00000000`00000000 000001fb`1900c6b8 : KERNEL32!GetPrivateProfileIntW+0x45
00000027`98a7f0f0 00007ff6`05a95107 : 00000000`00000001 00000000`00000000 00000000`00000000 000001fb`1900c6c8 : urlmon!CZoneIdentifier::Load+0x73f38
00000027`98a7f170 00007ff6`05a93223 : 00000000`00000000 00000000`00000000 000001fb`18f7ef90 00000000`00000000 : consent!CuiGetContextInformation+0x357
00000027`98a7f2c0 00007ff6`05a972ef : 000001fb`18f7770a 000001fb`18f7770c 00000000`00000000 00000000`00000000 : consent!WinMain+0xf73
00000027`98a7f680 00007ff8`b201257d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : consent!__mainCRTStartup+0x1b7
00000027`98a7f740 00007ff8`b392aa58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d
00000027`98a7f770 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28
FAULTING_SOURCE_LINE: C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c
FAULTING_SOURCE_FILE: C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c
FAULTING_SOURCE_LINE_NUMBER: 4695
FAULTING_SOURCE_CODE:
4691: dprintf("sizes = %I64x, %I64x, %I64x\n",
4692: vp->FileHeader.AllocationSize.QuadPart,
4693: vp->FileHeader.FileSize.QuadPart,
4694: vp->FileHeader.ValidDataLength.QuadPart);
> 4695: if (!CcCopyRead(FileObject,
4696: &IrpSp->Parameters.Read.ByteOffset,
4697: length, wait, data, &Irp->IoStatus)) {
4698: dprintf("CcCopyRead could not wait\n");
4699:
4700: IoMarkIrpPending(Irp);
SYMBOL_NAME: OpenZFS!fs_read_impl+971
MODULE_NAME: OpenZFS
IMAGE_NAME: OpenZFS.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 971
FAILURE_BUCKET_ID: 0x34_OpenZFS!fs_read_impl
OS_VERSION: 10.0.22621.1
BUILDLAB_STR: ni_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {5f5597ca-a19d-8b7b-138e-63469926b9f3}
Followup: MachineOwner
---------
Filenames handled immediately before crash seem to be handled poorly:
cbuf
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:784:zfs_vnop_lookup_impl(): zfs_v
nop_lookup_impl: enter
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:924:zfs_vnop_lookup_impl(): zfs_v
nop_lookup_impl: converted name is '\SteamSetup.exe:Zone.Identifier' input len b
ytes 62 (err 0) CaseInsensitive
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:1027:zfs_vnop_lookup_impl(): zfs_
vnop_lookup_impl: Parsed out streamname 'Zone.Identifier:$DATA'
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 34
FFFF878F3A684080: dprintf: dbuf.c:3296:dbuf_create(): ds=BOOM obj=34 lvl=0 blkid
=0 db=FFFF878F486E2940
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 137
FFFF878F3A684080: vnode_couplefileobject: vp FFFF878F48E21B10 fo FFFF878F3C04657
0
FFFF878F3A684080: vnode_fileobject_add: added FO FFFF878F3C046570 to vp FFFF878F
48E21B10
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_bu
ild_path: zap_value_search 22
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:1919:zfs_vnop_lookup(): zfs_vnop_
lookup: OK with FILE_OPENED
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: en
ter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatch
er: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:2575:query_information(): FileNor
malizedNameInformation
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4898:file_name_information():
* file_name_information: (normalize 1)
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4933:file_name_information():
file_name_information: name not set path taken
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134
FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_bu
ild_path: zap_value_search 22
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4937:file_name_information():
file_name_information: failed to build fullpath
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4973:file_name_information():
file_name_information: remaining space 252 str.len 80 struct size 8
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:5009:file_name_information():
* file_name_information: name of 'FFFF878F3A684080^S??.^D????^]0^D???^S??.^D??
?^Q' struct size 0x8 and FileNameLength 0x50 Usedspace 0x50
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4366:file_basic_information(): file_basic_information
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject
FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4499:file_standard_information(): file_standard_information
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:312:zfs_init_cache(): zfs_init_cache: CcInitializeCacheMap
FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4933:file_name_information(): file_name_information: name not set path taken
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:4690:fs_read_impl(): CcCopyRead(FFFF878F3C046570, 0, 93, 1, FFFFB301B24A8000, FFFF878F3BEA3D20)
FFFF878F3AED8040: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134
FFFF878F3A684080: dprintf: zfs_vnops_windows.c:4694:fs_read_impl(): sizes = 200, 93, 93
FFFF878F3AED8040: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7
FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_build_path: zap_value_search 22
FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4937:file_name_information(): file_name_information: failed to build fullpath
FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4973:file_name_information(): file_name_information: remaining space 252 str.len 80 struct size 8
FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:5009:file_name_information(): * file_name_information: name of 'FFFF878F3AED8040^S??.^D????^]0^D???^S??.^D???^Q' struct size 0x8 and FileNameLength 0x50 Usedspace 0x50
-EB-
Thread FFFF878F3A684080 crashed.
lundman commented
OK turns out that we correctly handle SteamSetup.exe:Zone.Identifier in the open, create the stream. The stream was opened with DELETE_ON_CLOSE.
We did not handle deleting the file in IRP_MJ_CLOSE, we call CcSetFileSizes() to zero, then attempt to remove SteamSetup.exe:Zone.Identifier. This would fail. A future re-open would succeed and read call would call CcCopyRead() which is thinking the ValidFileSize is 0, but is still 0x93 - and BSOD.
Now we correctly parse out the stream name, and actually delete the stream/xattr.
674ab11