search

LTRData / ImDisk

ImDisk Virtual Disk Driver
GNU General Public License v2.0
405 stars 70 forks source link

Deadlock when using a proxy with an image file #17

Closed DavidXanatos closed 5 months ago

DavidXanatos commented 1 year ago

When using the ImDisk driver with a file image proxy tool like DiskUtilsDevio.exe from the ImDiskTK package writing a lot of files to a 10GB image I can reliably dead lock the entire system (windows 10 22H2 x64)

I attached a stack trace of the worker thread of the DiskUtilsDevio.exe utility.

Inspecting the stack trace of cmd.exe which I used to copy files to the virtual disk, its hanging at the same time in ntoskrnl.exe!CcCanIWrite Ntfs.sys!NtfsCopyWriteA

And shortly there after the entire system becomes unresponsive and needs to be hard reset.

|#|   |Symbol|                                                                                                                                                                                 |Stack address|      |Frame address|      |Control address|    |Return address|     |Stack parameters|                                   |File info|   

0     systeminformer.sys+0x148d5                                                                                                                                                               0x0000000000000000   0x0000000000000000   0xfffff803981c48d5   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
1     systeminformer.sys+0x15674                                                                                                                                                               0x0000000000000000   0x0000000000000000   0xfffff803981c5674   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
2     ksi.dll!KsiInsertQueueApc+0xbd                                                                                                                                                           0x0000000000000000   0x0000000000000000   0xfffff803981d11ed   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
3     ntoskrnl.exe!KiDeliverApc+0x1b0                                                                                                                                                          0x0000000000000000   0x0000000000000000   0xfffff80375280800   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
4     ntoskrnl.exe!KiSwapThread+0x827                                                                                                                                                          0x0000000000000000   0x0000000000000000   0xfffff8037527e697   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
5     ntoskrnl.exe!KiCommitThreadWait+0x14f                                                                                                                                                    0x0000000000000000   0x0000000000000000   0xfffff8037527d89f   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
6     ntoskrnl.exe!KeWaitForSingleObject+0x233                                                                                                                                                 0x0000000000000000   0x0000000000000000   0xfffff8037527d143   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
7     ntoskrnl.exe!CcCanIWrite+0x1b00e6                                                                                                                                                        0x0000000000000000   0x0000000000000000   0xfffff80375477286   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
8     Ntfs.sys!NtfsCopyWriteA+0x102                                                                                                                                                            0x0000000000000000   0x0000000000000000   0xfffff8037b6eb232   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
9     FLTMGR.SYS!FltpPerformFastIoCall+0x16c                                                                                                                                                   0x0000000000000000   0x0000000000000000   0xfffff8037a3277fc   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
10    FLTMGR.SYS!FltpPassThroughFastIo+0x10a                                                                                                                                                   0x0000000000000000   0x0000000000000000   0xfffff8037a32460a   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
11    FLTMGR.SYS!FltpFastIoWrite+0x165                                                                                                                                                         0x0000000000000000   0x0000000000000000   0xfffff8037a359595   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
12    ntoskrnl.exe!NtWriteFile+0x43d                                                                                                                                                           0x0000000000000000   0x0000000000000000   0xfffff8037567d6cd   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
13    ntoskrnl.exe!KiSystemServiceCopyEnd+0x25                                                                                                                                                 0x0000000000000000   0x0000000000000000   0xfffff8037540d8f5   0x0000000000000000   0x0 0x0 0x0 0x0                                                    
14    ntdll.dll!NtWriteFile+0x14                                                                                                                                                               0x000000001a2cea88   0x000000001a2cea80   0x00007ffbe95ed1c4   0x00007ffbe7125136   0x7ffbd4026cdf 0x1a2ce958 0x1a2ce988 0x0                           
15    KernelBase.dll!WriteFile+0x76                                                                                                                                                            0x000000001a2cea90   0x000000001a2ceaf0   0x00007ffbe7125136   0x00007ffbd130c9c8   0x100000 0x0 0x1a2cec18 0x1a2cec18                                 
16    mscorlib.ni.dll!DomainNeutralILStubClass.IL_STUB_PInvoke(SECURITY_ATTRIBUTES, Boolean, Boolean, System.String)$##6000000+0x2c8                                                           0x000000001a2ceb00   0x000000001a2cebd0   0x00007ffbd130c9c8   0x00007ffbd127d663   0x1804128 0x0 0x1804088 0x0                                        
17    mscorlib.ni.dll!System.IO.FileStream.WriteFileNative(Microsoft.Win32.SafeHandles.SafeFileHandle, Byte[], Int32, Int32, System.Threading.NativeOverlapped*, Int32 ByRef)$##6001884+0x83   0x000000001a2cebe0   0x000000001a2cec30   0x00007ffbd127d663   0x00007ffbd127d5bd   0x0 0x7ffbd127d42d 0x1a2cf210 0x1a371000                           
18    mscorlib.ni.dll!System.IO.FileStream.WriteCore(Byte[], Int32, Int32)$##6001876+0x5d                                                                                                      0x000000001a2cec40   0x000000001a2ceca0   0x00007ffbd127d5bd   0x00007ffb74b6f0fe   0x7ffbd40af42f 0x1a2ceb58 0x1a2ceba8 0x0                           
19    0x7ffb74b6f0fe                                                                                                                                                                           0x000000001a2cecb0   0x000000001a2cecf0   0x00007ffb74b6f0fe   0x00007ffb74b6f08b   0x1a371000 0x100000 0x0 0x100000                                   
20    0x7ffb74b6f08b                                                                                                                                                                           0x000000001a2ced00   0x000000001a2ced50   0x00007ffb74b6f08b   0x00007ffb74b6ebf5   0x100000 0x1a2cee90 0xfffffffffffffffe 0x100000                    
21    0x7ffb74b6ebf5                                                                                                                                                                           0x000000001a2ced60   0x000000001a2ceed0   0x00007ffb74b6ebf5   0x00007ffb74b6d3f9   0x1806410 0x1806410 0x4 0x7ffbd3f90000                             
22    0x7ffb74b6d3f9                                                                                                                                                                           0x000000001a2ceee0   0x000000001a2cef90   0x00007ffb74b6d3f9   0x00007ffb74b6c824   0x18057b0 0x18c65e8 0x1a2cf010 0x0                                 
23    0x7ffb74b6c824                                                                                                                                                                           0x000000001a2cefa0   0x000000001a2cefd0   0x00007ffb74b6c824   0x00007ffbd125df12   0x18057b0 0x18c65e8 0x1a2cf010 0x0                                 
24    mscorlib.ni.dll!System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)$##6003AF0+0x172               0x000000001a2cefe0   0x000000001a2cf0a0   0x00007ffbd125df12   0x00007ffbd125dd95   0x18c6730 0x18c66b0 0x18c6688 0x0                                  
25    mscorlib.ni.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)$##6003AEF+0x15                        0x000000001a2cf0b0   0x000000001a2cf0d0   0x00007ffbd125dd95   0x00007ffbd125dd65   0x18c6688 0x0 0xd0d74430 0x0                                       
26    mscorlib.ni.dll!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)$##6003AEE+0x55                                 0x000000001a2cf0e0   0x000000001a2cf120   0x00007ffbd125dd65   0x00007ffbd1303e85   0x1a2cf288 0x1a2cf288 0x1a2cf190 0x0                               
27    mscorlib.ni.dll!System.Threading.ThreadHelper.ThreadStart()$##6003C01+0x55                                                                                                               0x000000001a2cf130   0x000000001a2cf160   0x00007ffbd1303e85   0x00007ffbd4026993   0x18c66f0 0x7ffbd0d74430 0x7ffbd0ebc4b8 0x0                        
28    clr.dll!CallDescrWorkerInternal+0x83                                                                                                                                                     0x000000001a2cf170   0x000000001a2cf1a0   0x00007ffbd4026993   0x00007ffbd40268a0   0x1a2cf448 0x7ffbd4027438 0x0 0x7ffbd4027386                       
29    clr.dll!CallDescrWorkerWithHandler+0x4e                                                                                                                                                  0x000000001a2cf1b0   0x000000001a2cf1e0   0x00007ffbd40268a0   0x00007ffbd4027150   0x1 0x1a2cf550 0x1a2cf380 0x1a2cf448                               
30    clr.dll!MethodDescCallSite::CallTargetWorker+0xfa                                                                                                                                        0x000000001a2cf1f0   0x000000001a2cf2e0   0x00007ffbd4027150   0x00007ffbd41b3ebf   0x1a2cf7e0 0x1 0x7ffbd0d74430 0x1                                  
31    clr.dll!ThreadNative::KickOffThread_Worker+0xfffffffffffff02f                                                                                                                            0x000000001a2cf2f0   0x000000001a2cf540   0x00007ffbd41b3ebf   0x00007ffbd4027d38   0x18c66f0 0x7ffbd41b4e90 0x1a2cf720 0x7ffbd402d217                 
32    clr.dll!ManagedThreadBase_DispatchInner+0x40                                                                                                                                             0x000000001a2cf550   0x000000001a2cf580   0x00007ffbd4027d38   0x00007ffbd4027ca3   0x1a2cf720 0xde83f0 0x0 0x7ffbd40253f1                             
33    clr.dll!ManagedThreadBase_DispatchMiddle+0x6c                                                                                                                                            0x000000001a2cf590   0x000000001a2cf680   0x00007ffbd4027ca3   0x00007ffbd4027be2   0x1a2cf720 0x0 0x0 0x0                                             
34    clr.dll!ManagedThreadBase_DispatchOuter+0x4c                                                                                                                                             0x000000001a2cf690   0x000000001a2cf6f0   0x00007ffbd4027be2   0x00007ffbd4027dd3   0xffffffffffffffff 0xde83f0 0x1a2cf6e0 0xd41b90                    
35    clr.dll!ManagedThreadBase_FullTransitionWithAD+0x2f                                                                                                                                      0x000000001a2cf700   0x000000001a2cf750   0x00007ffbd4027dd3   0x00007ffbd41b3da9   0xde83f0 0x1 0x1 0x3                                               
36    clr.dll!ThreadNative::KickOffThread+0xe6                                                                                                                                                 0x000000001a2cf760   0x000000001a2cf830   0x00007ffbd41b3da9   0x00007ffbd402b8b5   0xdf06e0 0x1 0xde83f0 0x1a2cf7b8                                   
37    clr.dll!Thread::intermediateThreadProc+0x8b                                                                                                                                              0x000000001a2cf840   0x000000001a2cf970   0x00007ffbd402b8b5   0x00007ffbe9247614   0x0 0x0 0x0 0x0                                                    
38    kernel32.dll!BaseThreadInitThunk+0x14                                                                                                                                                    0x000000001a2cf980   0x000000001a2cf9a0   0x00007ffbe9247614   0x00007ffbe95a26a1   0x0 0x0 0x0 0x0                                                    
39    ntdll.dll!RtlUserThreadStart+0x21                                                                                                                                                        0x000000001a2cf9b0   0x000000001a2cfa20   0x00007ffbe95a26a1   0x0000000000000000   0x0 0x0 0x0 0x0
LTRData commented 1 year ago

Thanks for the report!

Since ImDisk is deprecated and very rarely changed nowadays, it has very low priority and it will take a few weeks before I can start looking at it.

Have you looked at alternatives such as Arsenal Image Mounter instead? The aim_cli.exe command line tool mounts images supported by DiscUtils libraries as full disks and is usually better and more compatible with modern Windows versions. https://github.com/ArsenalRecon/Arsenal-Image-Mounter/

andry81 commented 1 year ago

And shortly there after the entire system becomes unresponsive and needs to be hard reset.

This part of the stack is suspiciously equal: https://github.com/LTRData/ImDisk/issues/15

11, KernelBase.dll!WriteFile+0x7b
12, kernel32.dll!WriteFile+0x36
13, DomainNeutralILStubClass.IL_STUB_PInvoke(Microsoft.Win32.SafeHandles.SafeFileHandle, Byte*, Int32, Int32 ByRef, IntPtr) + 0xc8 <-- mscorlib.ni.dll+0x63c9e8
14, System.IO.FileStream.WriteFileNative(Microsoft.Win32.SafeHandles.SafeFileHandle, Byte[], Int32, Int32, System.Threading.NativeOverlapped*, Int32 ByRef) + 0x83 <-- mscorlib.ni.dll+0x5ad683
15, System.IO.FileStream.WriteCore(Byte[], Int32, Int32) + 0x5d <-- mscorlib.ni.dll+0x5ad5dd
LTRData commented 1 year ago

And shortly there after the entire system becomes unresponsive and needs to be hard reset.

This part of the stack is suspiciously equal: https://github.com/LTRData/ImDisk/issues/15

11, KernelBase.dll!WriteFile+0x7b
12, kernel32.dll!WriteFile+0x36
13, DomainNeutralILStubClass.IL_STUB_PInvoke(Microsoft.Win32.SafeHandles.SafeFileHandle, Byte*, Int32, Int32 ByRef, IntPtr) + 0xc8 <-- mscorlib.ni.dll+0x63c9e8
14, System.IO.FileStream.WriteFileNative(Microsoft.Win32.SafeHandles.SafeFileHandle, Byte[], Int32, Int32, System.Threading.NativeOverlapped*, Int32 ByRef) + 0x83 <-- mscorlib.ni.dll+0x5ad683
15, System.IO.FileStream.WriteCore(Byte[], Int32, Int32) + 0x5d <-- mscorlib.ni.dll+0x5ad5dd

Not really sure what you mean. That is the implementation of writing to a .NET FileStream by calling Win32 WriteFile API.

andry81 commented 1 year ago

Not really sure what you mean. That is the implementation of writing to a .NET FileStream by calling Win32 WriteFile API.

The dead lock was around the WriteFile in all cases. Looks like the dead lock inside the Win32 API.

LTRData commented 1 year ago

Not really sure what you mean. That is the implementation of writing to a .NET FileStream by calling Win32 WriteFile API.

The dead lock was around the WriteFile in all cases. Looks like the dead lock inside the Win32 API.

Yes, but the deadlock is probably in the file system due to some kind of lock needed to flush the write operation, but the same lock is already held elsewhere in the file system mounted on the virtual drive, waiting for the write operation to complete.

I can investigate this in a few weeks probably. But if possible, I strongly recommend trying some other image mounting tool than ImDisk when things like this happen.

DavidXanatos commented 1 year ago

Thanks for the report!

Since ImDisk is deprecated and very rarely changed nowadays, it has very low priority and it will take a few weeks before I can start looking at it.

Have you looked at alternatives such as Arsenal Image Mounter instead? The aim_cli.exe command line tool mounts images supported by DiscUtils libraries as full disks and is usually better and more compatible with modern Windows versions. https://github.com/ArsenalRecon/Arsenal-Image-Mounter/

Well the general advantages of Arsenal Image Mounter are in my actual use case more disadvantages, I don't want the mounted images to be visible in Disk Manager. The idea is to mount up to a couple dozen images to folders and use them transparently.

Sometimes less is better LOL, hence a fix would be greatly appreciated.

LTRData commented 1 year ago

I have updated DiscUtilsDevio to use latest DiscUtils with some fixes that could potentially solve this. The same changes in DiscUtils has solved similar issues in other projects at least.

https://ltr-data.se/opencode.html#ImDisk

There are now three versions of DiscUtilsDevio. For .NET Framework 4.6, .NET Framework 4.8 and .NET 6.0. If you have .NET 6.0 installed, try that version first. It makes use of several modern optimizations in .NET runtimes. Otherwise, try the 4.8 version.