Liryna
commented
5 years ago @winneryong Have you tried with latest version?
Otherwise, could you provide the memory dump create of the BSOD with the latest version?
Closed winneryong closed 5 years ago
Liryna
commented
5 years ago @winneryong Have you tried with latest version?
Otherwise, could you provide the memory dump create of the BSOD with the latest version?
winneryong
commented
5 years ago @Liryna i install last release version, always BSOD 120918-7924-01.dmp.zip
Liryna
commented
5 years ago QMUdisk64 seems to create the BSOD not Dokan. Which version of qemu are you using ?
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff88015fcdffe, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff88001040a50, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.18741.amd64fre.win7sp1_gdr.150202-1526
SYSTEM_MANUFACTURER: Parallels Software International Inc.
SYSTEM_PRODUCT_NAME: Parallels Virtual Platform
SYSTEM_SKU: Undefined
SYSTEM_VERSION: None
BIOS_VENDOR: Parallels Software International Inc.
BIOS_VERSION: 13.3.1 (43365)
BIOS_DATE: 05/21/2018
BASEBOARD_MANUFACTURER: Parallels Software International Inc.
BASEBOARD_PRODUCT: Parallels Virtual Platform
BASEBOARD_VERSION: None
DUMP_TYPE: 2
BUGCHECK_P1: fffff88015fcdffe
BUGCHECK_P2: 0
BUGCHECK_P3: fffff88001040a50
BUGCHECK_P4: 0
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001b0d100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff80001b0d2e0
GetUlongPtrFromAddress: unable to read from fffff80001b0d490
GetPointerFromAddress: unable to read from fffff80001b0d0b8
fffff88015fcdffe
FAULTING_IP:
fltmgr!FltpExpandShortNames+a0
fffff880`01040a50 6683385c cmp word ptr [rax],5Ch
MM_INTERNAL_CODE: 0
CPU_COUNT: 4
CPU_MHZ: d46
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 12'00000000 (cache) 12'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-QJ22MUT
ANALYSIS_SESSION_TIME: 12-08-2018 18:53:06.0207
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
TRAP_FRAME: fffff88015fd9130 -- (.trap 0xfffff88015fd9130)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88015fcdffe rbx=0000000000000000 rcx=0000000000000000
rdx=fffff88015fd93e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001040a50 rsp=fffff88015fd92c0 rbp=0000000000000000
r8=0000000000000000 r9=fffff88015fd93e0 r10=000000000000000b
r11=fffff88015fd93c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
fltmgr!FltpExpandShortNames+0xa0:
fffff880`01040a50 6683385c cmp word ptr [rax],5Ch ds:fffff880`15fcdffe=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80001952eb0 to fffff800018d3ec0
STACK_TEXT:
fffff880`15fd8fc8 fffff800`01952eb0 : 00000000`00000050 fffff880`15fcdffe 00000000`00000000 fffff880`15fd9130 : nt!KeBugCheckEx
fffff880`15fd8fd0 fffff800`018d1fee : 00000000`00000000 fffff880`15fcdffe fffffa80`00000000 00000000`ffffa60f : nt! ?? ::FNODOBFM::`string'+0x4518f
fffff880`15fd9130 fffff880`01040a50 : fffffa80`07ce9e00 fffffa80`080745c0 00000000`00220022 fffffa80`07b0fc24 : nt!KiPageFault+0x16e
fffff880`15fd92c0 fffff880`01059206 : 00000000`00000000 00000000`0000000b 00000000`00000000 fffffa80`0523dc20 : fltmgr!FltpExpandShortNames+0xa0
fffff880`15fd9320 fffff880`01059401 : fffffa80`08210000 fffffa80`08210430 00000000`00000101 fffffa80`0523dc20 : fltmgr!FltpGetNormalizedDestinationFileName+0x66
fffff880`15fd9350 fffff880`0198f21d : fffffa80`00000226 fffff880`15fd97e8 fffff880`15fd97e8 00000000`000007ff : fltmgr!FltGetDestinationFileNameInformation+0x1b1
fffff880`15fd9530 fffffa80`00000226 : fffff880`15fd97e8 fffff880`15fd97e8 00000000`000007ff fffff880`00000022 : QMUdisk64+0xe21d
fffff880`15fd9538 fffff880`15fd97e8 : fffff880`15fd97e8 00000000`000007ff fffff880`00000022 fffff880`00000101 : 0xfffffa80`00000226
fffff880`15fd9540 fffff880`15fd97e8 : 00000000`000007ff fffff880`00000022 fffff880`00000101 fffff880`15fd9590 : 0xfffff880`15fd97e8
fffff880`15fd9548 00000000`000007ff : fffff880`00000022 fffff880`00000101 fffff880`15fd9590 fffff800`01a65588 : 0xfffff880`15fd97e8
fffff880`15fd9550 fffff880`00000022 : fffff880`00000101 fffff880`15fd9590 fffff800`01a65588 fffff8a0`00004500 : 0x7ff
fffff880`15fd9558 fffff880`00000101 : fffff880`15fd9590 fffff800`01a65588 fffff8a0`00004500 00000000`00000801 : 0xfffff880`00000022
fffff880`15fd9560 fffff880`15fd9590 : fffff800`01a65588 fffff8a0`00004500 00000000`00000801 00000000`00000000 : 0xfffff880`00000101
fffff880`15fd9568 fffff800`01a65588 : fffff8a0`00004500 00000000`00000801 00000000`00000000 706c7472`03fd3360 : 0xfffff880`15fd9590
fffff880`15fd9570 fffff8a0`00004500 : 00000000`00000801 00000000`00000000 706c7472`03fd3360 00000000`00000000 : nt!NonPagedPoolDescriptor+0x8
fffff880`15fd9578 00000000`00000801 : 00000000`00000000 706c7472`03fd3360 00000000`00000000 00000000`00000000 : 0xfffff8a0`00004500
fffff880`15fd9580 00000000`00000000 : 706c7472`03fd3360 00000000`00000000 00000000`00000000 00000000`00000000 : 0x801
THREAD_SHA1_HASH_MOD_FUNC: dae5797abec67380765b465b6c035b3e5a1d53b6
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2703da4d9a1487632d4aaf9e9878507989f3ce5c
THREAD_SHA1_HASH_MOD: ec221d17c8daf41387749e9abdeb4c1f47399ea0
FOLLOWUP_IP:
QMUdisk64+e21d
fffff880`0198f21d ?? ???
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: QMUdisk64+e21d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: QMUdisk64
IMAGE_NAME: QMUdisk64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5bebf09a
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x50_QMUdisk64+e21d
BUCKET_ID: X64_0x50_QMUdisk64+e21d
PRIMARY_PROBLEM_CLASS: X64_0x50_QMUdisk64+e21d
TARGET_TIME: 2018-12-08T16:42:21.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2015-02-03 03:25:01
BUILDDATESTAMP_STR: 150202-1526
BUILDLAB_STR: win7sp1_gdr
BUILDOSVER_STR: 6.1.7601.18741.amd64fre.win7sp1_gdr.150202-1526
ANALYSIS_SESSION_ELAPSED_TIME: 41c
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x50_qmudisk64+e21d
FAILURE_ID_HASH: {68cf04f8-ade9-61d7-4d22-44c2c70298f9}
Followup: MachineOwner
---------I tested it in a virtual machine. may be "Parallels Desktop" using qemu. I will test it later with a non-virtual machine.
winneryong
commented
5 years ago 120918-18314-01.zip @Liryna I upload an non-virtual machine dump file.
Liryna
commented
5 years ago Now we have the same crash / callstack but from 360FsFlt. Probably a case where dokan return wrong informations that leads to this. Can you reproduce this on a clean fresh win7 and give me exactly the way to reproduce this ?
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: fffff880087cbd90, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80005e7b061, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 7601.23796.amd64fre.win7sp1_ldr.170427-1518
SYSTEM_MANUFACTURER: ASUS
SYSTEM_PRODUCT_NAME: All Series
SYSTEM_SKU: All
SYSTEM_VERSION: System Version
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1802
BIOS_DATE: 01/28/2014
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: Z87-PLUS
BASEBOARD_VERSION: Rev 1.xx
DUMP_TYPE: 2
BUGCHECK_P1: fffff880087cbd90
BUGCHECK_P2: 0
BUGCHECK_P3: fffff80005e7b061
BUGCHECK_P4: 0
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800060c1100
Unable to get MmSystemRangeStart
GetUlongPtrFromAddress: unable to read from fffff800060c12e8
GetUlongPtrFromAddress: unable to read from fffff800060c1498
GetPointerFromAddress: unable to read from fffff800060c10b8
fffff880087cbd90
FAULTING_IP:
nt!memmove+1d1
fffff800`05e7b061 668b040a mov ax,word ptr [rdx+rcx]
MM_INTERNAL_CODE: 0
CPU_COUNT: 4
CPU_MHZ: daa
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 12'00000000 (cache) 12'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-QJ22MUT
ANALYSIS_SESSION_TIME: 12-09-2018 08:02:48.0469
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
TRAP_FRAME: fffff880087c35b0 -- (.trap 0xfffff880087c35b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a007239000 rbx=0000000000000000 rcx=fffff8a0072410f0
rdx=ffffffe00158aca0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80005e7b061 rsp=fffff880087c3748 rbp=fffff880087c3b10
r8=00000000000080f2 r9=00000000000007ff r10=0000000000000801
r11=fffff8a007239000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!memmove+0x1d1:
fffff800`05e7b061 668b040a mov ax,word ptr [rdx+rcx] ds:fffff880`087cbd90=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80005f0240e to fffff80005e844c0
STACK_TEXT:
fffff880`087c3448 fffff800`05f0240e : 00000000`00000050 fffff880`087cbd90 00000000`00000000 fffff880`087c35b0 : nt!KeBugCheckEx
fffff880`087c3450 fffff800`05e825ee : 00000000`00000000 fffff880`087cbd90 fffffa80`0a702000 00000000`000080f2 : nt! ?? ::FNODOBFM::`string'+0x3bc5f
fffff880`087c35b0 fffff800`05e7b061 : fffff800`06187372 00000000`00000000 00000000`000080f2 00000000`00000006 : nt!KiPageFault+0x16e
fffff880`087c3748 fffff800`06187372 : 00000000`00000000 00000000`000080f2 00000000`00000006 fffffa80`0a68fc00 : nt!memmove+0x1d1
fffff880`087c3750 fffff800`06184edb : fffffa80`0a2550b0 fffffa80`0dcadfb8 00000000`00000016 fffffa80`0ca30c60 : nt!ObpCaptureObjectName+0x102
fffff880`087c37d0 fffff800`06186a4b : fffffa80`0a255010 fffffa80`06a1b220 00000000`087c0101 00000000`00000016 : nt!ObpCaptureObjectCreateInformation+0x279
fffff880`087c3850 fffff800`06188a8c : fffffa80`00000009 00000000`00000000 00000000`00000000 fffffa80`0dcadf10 : nt!ObOpenObjectByName+0xbb
fffff880`087c3920 fffff800`0612b54b : fffffa80`0dcadfe8 fffffa80`00100001 fffff880`087c3b10 fffff880`087c3ae0 : nt!IopCreateFile+0x2bc
fffff880`087c39c0 fffff880`00c24180 : fffffa80`0dcadf10 00000000`00000000 fffffa80`0d012648 00000000`00000000 : nt!IoCreateFileEx+0xfb
fffff880`087c3a60 fffff880`00c23be9 : fffffa80`0d012648 00000000`00000000 00000000`00000000 fffffa80`0c92a514 : FLTMGR!FltpNormalizeNameFromCache+0x190
fffff880`087c3b80 fffff880`00c3c206 : 00000000`00000000 00000000`0000000c 00000000`ffffc07a fffffa80`0ca6b190 : FLTMGR!FltpExpandShortNames+0x239
fffff880`087c3be0 fffff880`00c3c401 : fffffa80`0dca0000 fffffa80`0dcadf10 00000000`00000101 fffffa80`0ca6b190 : FLTMGR!FltpGetNormalizedDestinationFileName+0x66
fffff880`087c3c10 fffff880`0570879c : fffffa80`0ce9dbe0 00000000`00000000 00000000`00000101 fffff880`087c3e38 : FLTMGR!FltGetDestinationFileNameInformation+0x1b1
fffff880`087c3df0 fffffa80`0ce9dbe0 : 00000000`00000000 00000000`00000101 fffff880`087c3e38 fffff880`00000024 : 360FsFlt+0xf79c
fffff880`087c3df8 00000000`00000000 : 00000000`00000101 fffff880`087c3e38 fffff880`00000024 fffff880`00000101 : 0xfffffa80`0ce9dbe0
THREAD_SHA1_HASH_MOD_FUNC: dc142bfaaea10ba7ddb58eb19818baab4204d465
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a2182e165bed842074f66b64fcb6626f5555ef28
THREAD_SHA1_HASH_MOD: f9c3e8fe9aabc7a022fa6d886a74c1598ec230a8
FOLLOWUP_IP:
360FsFlt+f79c
fffff880`0570879c ?? ???
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: 360FsFlt+f79c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: 360FsFlt
IMAGE_NAME: 360FsFlt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5975ac30
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x50_360FsFlt+f79c
BUCKET_ID: X64_0x50_360FsFlt+f79c
PRIMARY_PROBLEM_CLASS: X64_0x50_360FsFlt+f79c
TARGET_TIME: 2018-12-09T06:38:40.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-04-28 02:13:49
BUILDDATESTAMP_STR: 170427-1518
BUILDLAB_STR: win7sp1_ldr
BUILDOSVER_STR: 6.1.7601.23796.amd64fre.win7sp1_ldr.170427-1518
ANALYSIS_SESSION_ELAPSED_TIME: 3eb
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x50_360fsflt+f79c
FAILURE_ID_HASH: {44c81255-59c5-9d28-6c45-8907373deb15}
Followup: MachineOwner
---------
360FsFlt is an anti-virus software firewall driver, some other anti-virus software same carsh. If uninstall the anti-virus software, there will be no carsh. I have installed a variety of china made anti-virus software, this problem will occur。 360 anti-virus software https://www.360totalsecurity.com I guess the conflict is caused by the two, but non-network drives won't have this problem.
Liryna
commented
5 years ago Would be interesting if there is something releated to https://github.com/dokan-dev/dokany/issues/499
winneryong
commented
5 years ago Thank you very much, the phenomenon looks a lot like, I will recompile it later, I will install the build environment first.
Liryna
commented
5 years ago Hi @winneryong ,
Have you been able to test the changes ?
winneryong
commented
5 years ago @Liryna ,I am very sorry, I have been working overtime recently. Now I am installing Visual Studio Community 2017, But the installation is very slow, the installation package is too large, and it is online installation.I have the first time to give you feedback.
Liryna
commented
5 years ago No problem @winneryong Otherwise what you can do is to fork dokan, apply the changes and make appveyor CI run and create an installer for you to make the test.
winneryong
commented
5 years ago Hi @Liryna, Can you help me build an signed installer from git@github.com:winneryong/dokany.git , I am modify sys/fileinfo.c from #499 and using appveyor CI build an installer file, but windows prompt driver not sign.
Liryna
commented
5 years ago @winneryong You will need to import the dokan certificate. There is in the wiki some explanation how to use the snapshot build
Liryna
commented
5 years ago winneryong
commented
5 years ago Hi @Liryna, I am very happy to tell you that this bug did not appear. Thank you for your help.
Liryna
commented
5 years ago Hi @winneryong ,
Thank you for the feedback. I succeed to reproduce the BSOD with 360. The patch correctly fix the rename issue BUT seems like there is still an issue when renaming a very long path. Have you faced this issue also ? (Am doing the test on win10)
winneryong
commented
5 years ago @Liryna I tested an long path using mirror.exe mount as net drive mode, mirror.exe crash when path length then 225, no BSOD occur .
0x4a616e
commented
5 years ago @Liryna i'm having the same issue on Windows 10 1809 and dokany 1.2.1.2000 when renaming a directory. I do not have any AV software (other than built in windows defender) installed. If you need any info (crash dump etc...) or if i can try out something for you let me know.
Liryna
commented
5 years ago
Environment
Check List
Description
Hi, Liryna. Recently I have encountered a problem when using dokany mount as network dirve, I use mirror.exe Reproduce this error, command below: mirror.exe /n /r C:\Users /l M: Create directory in M: drive, and rename directory name to long file name, such as "新建文件夹12345" windows crash (BSOD). If uninstall anti-virus software this error Not happening, anti-virus software such as https://www.pcmgr-global.com/ http://www.360securityapps.com/en-us I tested this problem with many anti-virus software.