BSOD in DokanDeleteFcb

[zhenbohuang]

Environment

• Windows version: Windows 10 Pro 22H2(OS Build 19045.3324)
• Processor architecture: x64
• Dokany version: 2.0.3.1000
• Library type (Dokany/FUSE): Dokany

Description

Got a dump file from a BSOD from a machine from a person who currently tests an application that I am working on that uses Dokany. The issue is not reproduce 100%, but he's encountered it several times, but I can't reproduce it on locally

Logs

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8014c464828, The address that the exception occurred at
Arg3: ffff9d09380c6e58, Exception Record Address
Arg4: ffff9d09380c6690, Context Record Address

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 4780

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 30227

    Key  : Analysis.Init.CPU.mSec
    Value: 3875

    Key  : Analysis.Init.Elapsed.mSec
    Value: 147740

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 103

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

BUGCHECK_CODE:  7e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8014c464828

BUGCHECK_P3: ffff9d09380c6e58

BUGCHECK_P4: ffff9d09380c6690

EXCEPTION_RECORD:  ffff9d09380c6e58 -- (.exr 0xffff9d09380c6e58)
ExceptionAddress: fffff8014c464828 (nt!IopGetFileObjectExtension+0x0000000000000018)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  ffff9d09380c6690 -- (.cxr 0xffff9d09380c6690)
rax=0000000000000006 rbx=ffffbf0e93ad11e0 rcx=002d004100390037
rdx=0000000000000006 rsi=ffffd18e24fd1d30 rdi=ffffbf0eaa3356e0
rip=fffff8014c464828 rsp=ffff9d09380c7098 rbp=ffff9d09380c71e0
 r8=0000000000000000  r9=ffffbf0e93ad11e0 r10=ffffbf0e93ad1218
r11=00000000000002a0 r12=0000000000000001 r13=0000000000000018
r14=0000000000000000 r15=0000000000000007
iopl=0         nv up ei pl nz na po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050207
nt!IopGetFileObjectExtension+0x18:
fffff801`4c464828 488b44c108      mov     rax,qword ptr [rcx+rax*8+8] ds:002b:002d0041`0039006f=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

READ_ADDRESS: fffff8014cefb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

EXCEPTION_STR:  0xc0000005

STACK_TEXT:  
ffff9d09`380c7098 fffff801`4c4647f1     : ffffd18d`f214a690 fffff801`4c4c76df ffffd18d`f214a040 ffffd18e`2a9705e0 : nt!IopGetFileObjectExtension+0x18
ffff9d09`380c70a0 fffff801`4c464788     : ffffd18e`24fd1e10 fffff801`4c548919 ffffbf0e`aa3356e0 ffffd18e`24fd1d30 : nt!IoGetOplockFullFoExt+0x15
ffff9d09`380c70d0 fffff801`4c53b2bd     : ffffd18e`24fd1c80 ffffd18e`00000000 00000000`00000000 00000000`00000002 : nt!FsRtlpOplockDequeueRH+0x10
ffff9d09`380c7100 fffff801`c2ba7382     : ffffbf0e`aa3356e0 ffffd18e`24fd1c80 ffffd18e`24fd1d30 ffffd18e`24fd1c80 : nt!FsRtlUninitializeOplock+0x23d
ffff9d09`380c7170 fffff801`c2ba76a1     : ffffd18d`f214a040 ffffd18e`1a34c600 ffffd18e`13984960 ffffd18e`24fd1c80 : dokan2!DokanDeleteFcb+0x10e [D:\code\dokany\sys\util\fcb.c @ 231] 
ffff9d09`380c71f0 fffff801`c2b91d65     : ffffd18e`13984960 fffff801`4c5cf4e9 ffff9d09`380c73c0 fffff780`00000014 : dokan2!DokanFreeFCB+0x1c5 [D:\code\dokany\sys\util\fcb.c @ 203] 
ffff9d09`380c7280 fffff801`c2b9650b     : ffffd18e`1e6ce401 ffffd18e`1e6ce401 fffff780`00000014 fffff801`4873a92f : dokan2!DokanDispatchClose+0x18d [D:\code\dokany\sys\close.c @ 75] 
ffff9d09`380c7350 fffff801`c2b95c31     : ffffd18e`17a0dd20 fffff801`48705f7a ffffd18e`1e6ce401 00000000`00000002 : dokan2!DokanDispatchRequest+0x407 [D:\code\dokany\sys\dispatch.c @ 180] 
ffff9d09`380c74f0 fffff801`4c410665     : ffffd18e`24fd1b30 ffffd18e`19d32de0 ffffd18e`1e6ce430 ffffd18e`19d32de0 : dokan2!DokanBuildRequest+0x51 [D:\code\dokany\sys\dispatch.c @ 38] 
ffff9d09`380c7530 fffff801`4870710f     : ffffffff`ffffffff ffff9d09`380c75e0 00000000`00000000 fffff801`4c49626b : nt!IofCallDriver+0x55
ffff9d09`380c7570 fffff801`48704a43     : ffff9d09`380c7600 00000000`00000000 00000000`00000000 00000000`00000080 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
ffff9d09`380c75e0 fffff801`4c410665     : ffffd18e`2f643860 fffff801`4c40b998 ffffd18e`2e8238a0 ffffd18d`00000000 : FLTMGR!FltpDispatch+0xa3
ffff9d09`380c7640 fffff801`4c7ec62f     : ffffd18e`2f643860 ffffd18e`2e8238a0 00000000`00000000 00000000`00000000 : nt!IofCallDriver+0x55
ffff9d09`380c7680 fffff801`4c8014b0     : ffffd18d`ea2c0900 ffffd18d`fdf930d0 ffffd18e`2f643830 fffff801`4cbb80b9 : nt!IopDeleteFile+0x14f
ffff9d09`380c7700 fffff801`4c4205b7     : 00000000`00000000 00000000`00000000 ffffbf0e`9fae9710 ffffd18e`2f643860 : nt!ObpRemoveObjectRoutine+0x80
ffff9d09`380c7760 fffff801`4c4204de     : 00000000`00000000 ffffd18d`fdf93090 ffffd18d`fdf93090 ffffd18d`fdf93090 : nt!ObfDereferenceObjectWithTag+0xc7
ffff9d09`380c77a0 fffff801`4c8238bd     : 00000000`00080081 ffffd18d`fdf93090 fffff801`4ce50d40 00000000`00080081 : nt!HalPutDmaAdapter+0xe
ffff9d09`380c77d0 fffff801`4c5878c5     : 00000000`00000001 00000000`00000000 ffff9d09`380c78a0 ffffd18d`fdf93098 : nt!MiSegmentDelete+0x155
ffff9d09`380c7820 fffff801`4c5bd0e9     : 00000000`00000000 fffff801`00000001 00000000`00000000 00000000`00000000 : nt!MiProcessDereferenceList+0xc1
ffff9d09`380c78e0 fffff801`4c50e6f5     : ffffd18d`f214a040 ffffd18d`f214a040 00000000`00000080 fffff801`4c5bcfc0 : nt!MiDereferenceSegmentThread+0x129
ffff9d09`380c7b10 fffff801`4c605878     : ffff8a81`97440180 ffffd18d`f214a040 fffff801`4c50e6a0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffff9d09`380c7b60 00000000`00000000     : ffff9d09`380c8000 ffff9d09`380c1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28

FAULTING_SOURCE_LINE:  D:\code\dokany\sys\util\fcb.c

FAULTING_SOURCE_FILE:  D:\code\dokany\sys\util\fcb.c

FAULTING_SOURCE_LINE_NUMBER:  231

FAULTING_SOURCE_CODE:  
   227:   Fcb->FileName.MaximumLength = 0;
   228: 
   229:   FsRtlUninitializeOplock(DokanGetFcbOplock(Fcb));
   230: 
>  231:   FsRtlTeardownPerStreamContexts(&Fcb->AdvancedFCBHeader);
   232: 
   233:   Fcb->Identifier.Type = FREED_FCB;
   234:   DokanFCBUnlock(Fcb);
   235:   ExDeleteResourceLite(Fcb->AdvancedFCBHeader.Resource);
   236:   ExFreeToLookasideListEx(&g_DokanEResourceLookasideList,

SYMBOL_NAME:  dokan2!DokanDeleteFcb+10e

MODULE_NAME: dokan2

IMAGE_NAME:  dokan2.sys

IMAGE_VERSION:  2.0.3.1000

STACK_COMMAND:  .cxr 0xffff9d09380c6690 ; kb

BUCKET_ID_FUNC_OFFSET:  10e

FAILURE_BUCKET_ID:  AV_dokan2!DokanDeleteFcb

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64
`

[Liryna]

Hi @zhenbohuang , Thank you for the report. Could you try with the newest verison ? There is a fix that I believe could fix this.

[zhenbohuang]

@Liryna OK, Thanks. I will update to the newest verison