System becomes unstable after install a fs driver

I’m testing a very initial fs driver on a virtual machine , the fs driver is at its very beginning :

  1. it just call IoRegisterFileSystem to register the CDO
  2. responding the IRP_MN_MOUNT_VOLUME with STATUS_UNRECOGNIZED_VOLUME
  3. and other minimal setups
    after this , the test system (Windows 10 LTSC) behave strangely :
  4. it can boot if I do not connect to it with windbg
  5. if I connect with windbg , I always get 0x0000000A(000000000000004c,0000000000000002,0000000000000001,fffff8005f2a81d8) bugcheck, the calling stack is as follow. The bugcheck happened in IopMountInitializeVpb . First argument(rcx) of IopMountInitializeVpb is a _DEVICE_OBJECT , it seems that rcx->Vpb->DeviceObject is null , which is the cause of the bugcheck. How does this happen ? Many thanks!!!
 # Child-SP          RetAddr               Call Site
00 fffff50f`bfd842f8 fffff800`5f4ac572     nt!DbgBreakPointWithStatus
01 fffff50f`bfd84300 fffff800`5f4abcf7     nt!KiBugCheckDebugBreak+0x12
02 fffff50f`bfd84360 fffff800`5f3cc147     nt!KeBugCheck2+0x957
03 fffff50f`bfd84a80 fffff800`5f3dd869     nt!KeBugCheckEx+0x107
04 fffff50f`bfd84ac0 fffff800`5f3d9c8e     nt!KiBugCheckDispatch+0x69
05 fffff50f`bfd84c00 fffff800`5f2a81d8     nt!KiPageFault+0x44e
06 fffff50f`bfd84d90 fffff800`5f780b49     nt!IopMountInitializeVpb+0x68     <=
07 fffff50f`bfd84dc0 fffff800`5f27d013     nt!IopMountVolume+0x45d
08 fffff50f`bfd84ec0 fffff800`5f74ce84     nt!IopCheckVpbMounted+0x1b3
09 fffff50f`bfd84f20 fffff800`5f7c4029     nt!IopParseDevice+0x314
0a fffff50f`bfd85090 fffff800`5f7c262f     nt!ObpLookupObjectName+0x719
0b fffff50f`bfd85260 fffff800`5f728874     nt!ObOpenObjectByNameEx+0x1df
0c fffff50f`bfd853a0 fffff800`5f7283c8     nt!IopCreateFile+0x404
0d fffff50f`bfd85440 fffff800`5f3dd285     nt!NtOpenFile+0x58
0e fffff50f`bfd854d0 fffff800`5f3cfd40     nt!KiSystemServiceCopyEnd+0x25
0f fffff50f`bfd856d8 fffff800`5f825e32     nt!KiServiceLinkage
10 fffff50f`bfd856e0 fffff800`5f333fbd     nt!SiGetDiskPartitionInformation+0x7e
11 fffff50f`bfd85790 fffff800`5f825add     nt!SiValidateSystemPartition+0x35
12 fffff50f`bfd858a0 fffff800`5f8258db     nt!SiGetBootDeviceName+0x129
13 fffff50f`bfd85940 fffff800`5f82587d     nt!SiGetFirmwareSystemPartition+0x4b
14 fffff50f`bfd85980 fffff800`5f832115     nt!SiGetSystemPartition+0x3d
15 fffff50f`bfd859c0 fffff800`5f832099     nt!SiGetSystemDeviceName+0x71
16 fffff50f`bfd85a50 fffff800`5f8310d5     nt!SyspartDirectGetSystemPartition+0x19
17 fffff50f`bfd85a80 fffff800`5f830fdb     nt!IopRetrieveSystemDeviceName+0xbd
18 fffff50f`bfd85ae0 fffff800`5f7c9beb     nt!IoQuerySystemDeviceName+0x27
19 fffff50f`bfd85b20 fffff800`5f7c8ceb     nt!ExpQuerySystemInformation+0xddb
1a fffff50f`bfd85d30 fffff800`5f3dd285     nt!NtQuerySystemInformation+0x2b
1b fffff50f`bfd85d70 fffff800`5f3cfd40     nt!KiSystemServiceCopyEnd+0x25
1c fffff50f`bfd85f08 fffff809`4a4eb41b     nt!KiServiceLinkage
1d fffff50f`bfd85f10 fffff809`4a4eb609     CI!CipGetSupplementalPolicyPathOnExpandedStack+0x3b
1e fffff50f`bfd85f50 fffff800`5f3cf80e     CI!CipGetSupplementalPolicyPathOnExpandedStackCallout+0x19
1f fffff50f`bfd85f80 fffff800`5f3cf7cc     nt!KxSwitchKernelStackCallout+0x2e
20 fffff50f`bfa05a30 fffff800`5f280405     nt!KiSwitchKernelStackContinue
21 fffff50f`bfa05a50 fffff800`5f28025c     nt!KiExpandKernelStackAndCalloutOnStackSegment+0x145
22 fffff50f`bfa05ad0 fffff800`5f2800d3     nt!KiExpandKernelStackAndCalloutSwitchStack+0xdc
23 fffff50f`bfa05b40 fffff800`5f28008d     nt!KeExpandKernelStackAndCalloutInternal+0x33
24 fffff50f`bfa05bb0 fffff809`4a4eb657     nt!KeExpandKernelStackAndCalloutEx+0x1d
25 fffff50f`bfa05bf0 fffff809`4a4ebb9a     CI!CipGetSupplementalPolicyPath+0x3f
26 fffff50f`bfa05c50 fffff809`4a4ebae3     CI!CipIsUnlockTokenPresentAndValid+0x22
27 fffff50f`bfa05c90 fffff809`4a4d2f53     CI!CiGetUnlockInformation+0x8f
28 fffff50f`bfa05d30 fffff800`5f7c7c25     CI!CipQueryPolicyInformation+0x43
29 fffff50f`bfa05d60 fffff800`5f7c96d0     nt!SeCodeIntegrityQueryPolicyInformation+0x15
2a fffff50f`bfa05da0 fffff800`5f7c8ceb     nt!ExpQuerySystemInformation+0x8c0
2b fffff50f`bfa05fb0 fffff800`5f3dd285     nt!NtQuerySystemInformation+0x2b
2c fffff50f`bfa05ff0 fffff800`5f3cfd40     nt!KiSystemServiceCopyEnd+0x25
2d fffff50f`bfa06188 fffff800`5f821004     nt!KiServiceLinkage
2e fffff50f`bfa06190 fffff800`5f8027ae     nt!ExpCloudbookHardwareLockedProvider+0x94
2f fffff50f`bfa06230 fffff800`5f8023a8     nt!ExQueryLicenseValueInternal+0x3de
30 fffff50f`bfa06490 fffff800`5f3dd285     nt!NtQueryLicenseValue+0x2a8
31 fffff50f`bfa06530 fffff800`5f3cfd40     nt!KiSystemServiceCopyEnd+0x25
32 fffff50f`bfa06738 fffff800`60eb50b1     nt!KiServiceLinkage
33 fffff50f`bfa06740 fffff800`60eb54a2     dam!DampCheckDplSupportedSystem+0xa9
34 fffff50f`bfa06800 fffff800`60eb5750     dam!DriverEntry+0x20e
35 fffff50f`bfa06900 fffff800`5f84cbc5     dam!GsDriverEntry+0x20
36 fffff50f`bfa06930 fffff800`5fb69cc8     nt!IopLoadDriver+0x4bd
37 fffff50f`bfa06b10 fffff800`5fb6f0f6     nt!IopInitializeSystemDrivers+0x134
38 fffff50f`bfa06bb0 fffff800`5f8c7a82     nt!IoInitSystem+0x12
39 fffff50f`bfa06be0 fffff800`5f33c6c5     nt!Phase1Initialization+0x42
3a fffff50f`bfa06c10 fffff800`5f3d349c     nt!PspSystemThreadStartup+0x55
3b fffff50f`bfa06c60 00000000`00000000     nt!KiStartSystemThread+0x1c

Found the reason : I forgot to fill IRP.IoStatus.Status with STATUS_UNRECOGNIZED_VOLUME, just return STATUS_UNRECOGNIZED_VOLUME is not enough.
IRP.IoStatus.Status is default to STATUS_SUCCESS which will mislead Pnp manager that Parameters.MountVolume.Vpb->DeviceObject has been filled by fs driver.

1 Like