search

openzfsonwindows / openzfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
402 stars 15 forks source link

BSOD 0x23 from consent.exe #346

Closed lundman closed 5 months ago

lundman commented 5 months ago
stack

``` CACHE_MANAGER (34) See the comment for FAT_FILE_SYSTEM (0x23) Arguments: Arg1: 0000000000000299 Arg2: ffffffffc0000420 Arg3: 0000000000000000 Arg4: 0000000000000000 BUGCHECK_CODE: 34 BUGCHECK_P1: 299 BUGCHECK_P2: ffffffffc0000420 BUGCHECK_P3: 0 BUGCHECK_P4: 0 EXCEPTION_RECORD: ffffffffc0000420 -- (.exr 0xffffffffc0000420) Cannot read Exception record @ ffffffffc0000420 PROCESS_NAME: consent.exe STACK_TEXT: ffff978c`72b9b8d8 fffff804`303668e2 : ffff978c`72b9ba40 fffff804`3011ae80 fffff804`2abd2180 00000000`00000201 : nt!DbgBreakPointWithStatus ffff978c`72b9b8e0 fffff804`30365fa3 : fffff804`00000003 ffff978c`72b9ba40 fffff804`302301f0 00000000`00000034 : nt!KiBugCheckDebugBreak+0x12 ffff978c`72b9b940 fffff804`30216c77 : ffff878f`3cbf8aa0 fffff804`2e749273 00000000`00000093 ffff978c`72b9c2a0 : nt!KeBugCheck2+0xba3 ffff978c`72b9c0b0 fffff804`3028cd89 : 00000000`00000034 00000000`00000299 ffffffff`c0000420 00000000`00000000 : nt!KeBugCheckEx+0x107 ffff978c`72b9c0f0 fffff804`305ea0e3 : ffff878f`00000000 ffff878f`3b006a20 00000032`00000093 00000001`00000001 : nt!CcCopyReadEx+0x1fcdb9 ffff978c`72b9c1d0 fffff804`2ea48621 : 00000000`00000120 ffff878f`3cbf8aa0 ffff878f`3ff02c60 ffff878f`39371db0 : nt!CcCopyRead+0x23 ffff978c`72b9c220 fffff804`2ea48d9f : ffff878f`3cbf8aa0 ffff978c`72b9c891 ffff878f`39371db0 ffff878f`3cbf8aa0 : OpenZFS!fs_read_impl+0x971 [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 4695] ffff978c`72b9c380 fffff804`2ea50e1a : ffff878f`3cbf8aa0 fffff804`2e749273 00000000`00000000 ffff978c`72b9c891 : OpenZFS!fs_read+0x46f [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 4851] ffff978c`72b9c480 fffff804`2ea4d312 : 00000000`00000019 00000000`00000000 ffff878f`3cbf8ca8 ffff878f`3c046570 : OpenZFS!fsDispatcher+0x179a [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 7241] ffff978c`72b9c5f0 fffff804`300ebef5 : ffff978c`72b9c7b0 fffff804`31918029 ffff978c`72b9d000 ffff978c`72b97000 : OpenZFS!dispatcher+0x292 [C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c @ 7360] ffff978c`72b9c6e0 fffff804`3191a1db : ffff878f`00000000 ffff878f`3cbf8aa0 00000000`00000028 7fffffff`ffffffff : nt!IofCallDriver+0x55 ffff978c`72b9c720 fffff804`31917e23 : ffff978c`72b9c7b0 00000000`00000000 00000000`00000000 fffff804`300653c3 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x15b ffff978c`72b9c790 fffff804`300ebef5 : ffff878f`3bea3cf0 ffff878f`3ef7a120 ffff878f`39371db0 00000000`00000001 : FLTMGR!FltpDispatch+0xa3 ffff978c`72b9c7f0 fffff804`30540060 : ffff878f`3bea3cf0 ffff978c`72b9c891 ffff978c`72b9c891 000001fb`1acd0000 : nt!IofCallDriver+0x55 ffff978c`72b9c830 fffff804`30527db4 : 00000000`00000000 ffff878f`3c046570 00000000`00000000 ffff878f`3c046570 : nt!IopSynchronousServiceTail+0x1d0 ffff978c`72b9c8e0 fffff804`305278a3 : ffff878f`3c046570 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopReadFile+0x4d4 ffff978c`72b9c9e0 fffff804`3022bbe5 : ffff878f`3a684080 ffff978c`72b9cb60 00000027`98a7e888 000001fb`18fd8810 : nt!NtReadFile+0xd3 ffff978c`72b9ca70 00007ff8`b396f434 : 00007ff8`b200c2b6 000001fb`190134d0 00000027`98a7e909 000001fb`18fd8848 : nt!KiSystemServiceCopyEnd+0x25 00000027`98a7e868 00007ff8`b200c2b6 : 000001fb`190134d0 00000027`98a7e909 000001fb`18fd8848 00000000`00000000 : ntdll!NtReadFile+0x14 00000027`98a7e870 00007ff8`b200c519 : 00000027`98a7ee80 ffffffff`ffffffff 00000000`00000000 000001fb`190169fe : KERNEL32!BaseDllOpenIniFileOnDisk+0x366 00000027`98a7e970 00007ff8`b200b8b9 : 000001fb`18fd8810 000001fb`18fd8810 000001fb`1900c601 00000000`00000100 : KERNEL32!BaseDllReadWriteIniFileOnDisk+0x31 00000027`98a7e9b0 00007ff8`b200d89a : 0000ca7e`00000000 00007ff8`a611dc00 00000027`98a7f3c0 000001fb`19016c30 : KERNEL32!BaseDllReadWriteIniFile+0x179 00000027`98a7ee00 00007ff8`b200df25 : 00000000`ffffffff 00000027`98a7ef60 000001fb`1900c6b8 000001fb`18f7f024 : KERNEL32!GetPrivateProfileStringW+0x6a 00000027`98a7ee60 00007ff8`a6071b68 : 000001fb`1900c6b8 00000000`00000000 00000000`00000000 000001fb`1900c6b8 : KERNEL32!GetPrivateProfileIntW+0x45 00000027`98a7f0f0 00007ff6`05a95107 : 00000000`00000001 00000000`00000000 00000000`00000000 000001fb`1900c6c8 : urlmon!CZoneIdentifier::Load+0x73f38 00000027`98a7f170 00007ff6`05a93223 : 00000000`00000000 00000000`00000000 000001fb`18f7ef90 00000000`00000000 : consent!CuiGetContextInformation+0x357 00000027`98a7f2c0 00007ff6`05a972ef : 000001fb`18f7770a 000001fb`18f7770c 00000000`00000000 00000000`00000000 : consent!WinMain+0xf73 00000027`98a7f680 00007ff8`b201257d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : consent!__mainCRTStartup+0x1b7 00000027`98a7f740 00007ff8`b392aa58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d 00000027`98a7f770 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28 FAULTING_SOURCE_LINE: C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c FAULTING_SOURCE_FILE: C:\src\openzfs\module\os\windows\zfs\zfs_vnops_windows.c FAULTING_SOURCE_LINE_NUMBER: 4695 FAULTING_SOURCE_CODE: 4691: dprintf("sizes = %I64x, %I64x, %I64x\n", 4692: vp->FileHeader.AllocationSize.QuadPart, 4693: vp->FileHeader.FileSize.QuadPart, 4694: vp->FileHeader.ValidDataLength.QuadPart); > 4695: if (!CcCopyRead(FileObject, 4696: &IrpSp->Parameters.Read.ByteOffset, 4697: length, wait, data, &Irp->IoStatus)) { 4698: dprintf("CcCopyRead could not wait\n"); 4699: 4700: IoMarkIrpPending(Irp); SYMBOL_NAME: OpenZFS!fs_read_impl+971 MODULE_NAME: OpenZFS IMAGE_NAME: OpenZFS.sys STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 971 FAILURE_BUCKET_ID: 0x34_OpenZFS!fs_read_impl OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {5f5597ca-a19d-8b7b-138e-63469926b9f3} Followup: MachineOwner --------- ```

Filenames handled immediately before crash seem to be handled poorly:

cbuf

``` FFFF878F3A684080: dprintf: zfs_vnops_windows.c:784:zfs_vnop_lookup_impl(): zfs_v nop_lookup_impl: enter FFFF878F3A684080: dprintf: zfs_vnops_windows.c:924:zfs_vnop_lookup_impl(): zfs_v nop_lookup_impl: converted name is '\SteamSetup.exe:Zone.Identifier' input len b ytes 62 (err 0) CaseInsensitive FFFF878F3A684080: dprintf: zfs_vnops_windows.c:1027:zfs_vnop_lookup_impl(): zfs_ vnop_lookup_impl: Parsed out streamname 'Zone.Identifier:$DATA' FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 34 FFFF878F3A684080: dprintf: dbuf.c:3296:dbuf_create(): ds=BOOM obj=34 lvl=0 blkid =0 db=FFFF878F486E2940 FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7 FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134 FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 137 FFFF878F3A684080: vnode_couplefileobject: vp FFFF878F48E21B10 fo FFFF878F3C04657 0 FFFF878F3A684080: vnode_fileobject_add: added FO FFFF878F3C046570 to vp FFFF878F 48E21B10 FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7 FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_bu ild_path: zap_value_search 22 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:1919:zfs_vnop_lookup(): zfs_vnop_ lookup: OK with FILE_OPENED FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: en ter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatch er: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject FFFF878F3A684080: dprintf: zfs_vnops_windows.c:2575:query_information(): FileNor malizedNameInformation FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4898:file_name_information(): * file_name_information: (normalize 1) FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4933:file_name_information(): file_name_information: name not set path taken FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134 FFFF878F3A684080: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7 FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_bu ild_path: zap_value_search 22 FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4937:file_name_information(): file_name_information: failed to build fullpath FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4973:file_name_information(): file_name_information: remaining space 252 str.len 80 struct size 8 FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:5009:file_name_information(): * file_name_information: name of 'FFFF878F3A684080^S??.^D????^]0^D???^S??.^D?? ?^Q' struct size 0x8 and FileNameLength 0x50 Usedspace 0x50 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4366:file_basic_information(): file_basic_information FFFF878F3A684080: dprintf: zfs_vnops_windows.c:7338:dispatcher(): dispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION: type 0x6: fo FFFF878F3C046570 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:6845:fsDispatcher(): fsDispatcher: enter: major 5: minor 0: IRP_MJ_QUERY_INFORMATION fsDeviceObject FFFF878F3A684080: dprintf: zfs_vnops_windows_lib.c:4499:file_standard_information(): file_standard_information FFFF878F3A684080: dprintf: zfs_vnops_windows.c:312:zfs_init_cache(): zfs_init_cache: CcInitializeCacheMap FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4933:file_name_information(): file_name_information: name not set path taken FFFF878F3A684080: dprintf: zfs_vnops_windows.c:4690:fs_read_impl(): CcCopyRead(FFFF878F3C046570, 0, 93, 1, FFFFB301B24A8000, FFFF878F3BEA3D20) FFFF878F3AED8040: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 134 FFFF878F3A684080: dprintf: zfs_vnops_windows.c:4694:fs_read_impl(): sizes = 200, 93, 93 FFFF878F3AED8040: dprintf: zfs_znode.c:1075:zfs_zget_ext(): +zget 7 FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:2176:zfs_build_path(): zfs_build_path: zap_value_search 22 FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4937:file_name_information(): file_name_information: failed to build fullpath FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:4973:file_name_information(): file_name_information: remaining space 252 str.len 80 struct size 8 FFFF878F3AED8040: dprintf: zfs_vnops_windows_lib.c:5009:file_name_information(): * file_name_information: name of 'FFFF878F3AED8040^S??.^D????^]0^D???^S??.^D???^Q' struct size 0x8 and FileNameLength 0x50 Usedspace 0x50 -EB- ```

Thread FFFF878F3A684080 crashed.

lundman commented 5 months ago

OK turns out that we correctly handle SteamSetup.exe:Zone.Identifier in the open, create the stream. The stream was opened with DELETE_ON_CLOSE.

We did not handle deleting the file in IRP_MJ_CLOSE, we call CcSetFileSizes() to zero, then attempt to remove SteamSetup.exe:Zone.Identifier. This would fail. A future re-open would succeed and read call would call CcCopyRead() which is thinking the ValidFileSize is 0, but is still 0x93 - and BSOD.

Now we correctly parse out the stream name, and actually delete the stream/xattr. 674ab11