I’m testing a very initial fs driver on a virtual machine , the fs driver is at its very beginning :
- it just call IoRegisterFileSystem to register the CDO
- responding the IRP_MN_MOUNT_VOLUME with STATUS_UNRECOGNIZED_VOLUME
- and other minimal setups
after this , the test system (Windows 10 LTSC) behave strangely : - it can boot if I do not connect to it with windbg
- if I connect with windbg , I always get 0x0000000A(000000000000004c,0000000000000002,0000000000000001,fffff8005f2a81d8) bugcheck, the calling stack is as follow. The bugcheck happened in
IopMountInitializeVpb
. First argument(rcx
) ofIopMountInitializeVpb
is a_DEVICE_OBJECT
, it seems thatrcx->Vpb->DeviceObject
is null , which is the cause of the bugcheck. How does this happen ? Many thanks!!!
# Child-SP RetAddr Call Site
00 fffff50f`bfd842f8 fffff800`5f4ac572 nt!DbgBreakPointWithStatus
01 fffff50f`bfd84300 fffff800`5f4abcf7 nt!KiBugCheckDebugBreak+0x12
02 fffff50f`bfd84360 fffff800`5f3cc147 nt!KeBugCheck2+0x957
03 fffff50f`bfd84a80 fffff800`5f3dd869 nt!KeBugCheckEx+0x107
04 fffff50f`bfd84ac0 fffff800`5f3d9c8e nt!KiBugCheckDispatch+0x69
05 fffff50f`bfd84c00 fffff800`5f2a81d8 nt!KiPageFault+0x44e
06 fffff50f`bfd84d90 fffff800`5f780b49 nt!IopMountInitializeVpb+0x68 <=
07 fffff50f`bfd84dc0 fffff800`5f27d013 nt!IopMountVolume+0x45d
08 fffff50f`bfd84ec0 fffff800`5f74ce84 nt!IopCheckVpbMounted+0x1b3
09 fffff50f`bfd84f20 fffff800`5f7c4029 nt!IopParseDevice+0x314
0a fffff50f`bfd85090 fffff800`5f7c262f nt!ObpLookupObjectName+0x719
0b fffff50f`bfd85260 fffff800`5f728874 nt!ObOpenObjectByNameEx+0x1df
0c fffff50f`bfd853a0 fffff800`5f7283c8 nt!IopCreateFile+0x404
0d fffff50f`bfd85440 fffff800`5f3dd285 nt!NtOpenFile+0x58
0e fffff50f`bfd854d0 fffff800`5f3cfd40 nt!KiSystemServiceCopyEnd+0x25
0f fffff50f`bfd856d8 fffff800`5f825e32 nt!KiServiceLinkage
10 fffff50f`bfd856e0 fffff800`5f333fbd nt!SiGetDiskPartitionInformation+0x7e
11 fffff50f`bfd85790 fffff800`5f825add nt!SiValidateSystemPartition+0x35
12 fffff50f`bfd858a0 fffff800`5f8258db nt!SiGetBootDeviceName+0x129
13 fffff50f`bfd85940 fffff800`5f82587d nt!SiGetFirmwareSystemPartition+0x4b
14 fffff50f`bfd85980 fffff800`5f832115 nt!SiGetSystemPartition+0x3d
15 fffff50f`bfd859c0 fffff800`5f832099 nt!SiGetSystemDeviceName+0x71
16 fffff50f`bfd85a50 fffff800`5f8310d5 nt!SyspartDirectGetSystemPartition+0x19
17 fffff50f`bfd85a80 fffff800`5f830fdb nt!IopRetrieveSystemDeviceName+0xbd
18 fffff50f`bfd85ae0 fffff800`5f7c9beb nt!IoQuerySystemDeviceName+0x27
19 fffff50f`bfd85b20 fffff800`5f7c8ceb nt!ExpQuerySystemInformation+0xddb
1a fffff50f`bfd85d30 fffff800`5f3dd285 nt!NtQuerySystemInformation+0x2b
1b fffff50f`bfd85d70 fffff800`5f3cfd40 nt!KiSystemServiceCopyEnd+0x25
1c fffff50f`bfd85f08 fffff809`4a4eb41b nt!KiServiceLinkage
1d fffff50f`bfd85f10 fffff809`4a4eb609 CI!CipGetSupplementalPolicyPathOnExpandedStack+0x3b
1e fffff50f`bfd85f50 fffff800`5f3cf80e CI!CipGetSupplementalPolicyPathOnExpandedStackCallout+0x19
1f fffff50f`bfd85f80 fffff800`5f3cf7cc nt!KxSwitchKernelStackCallout+0x2e
20 fffff50f`bfa05a30 fffff800`5f280405 nt!KiSwitchKernelStackContinue
21 fffff50f`bfa05a50 fffff800`5f28025c nt!KiExpandKernelStackAndCalloutOnStackSegment+0x145
22 fffff50f`bfa05ad0 fffff800`5f2800d3 nt!KiExpandKernelStackAndCalloutSwitchStack+0xdc
23 fffff50f`bfa05b40 fffff800`5f28008d nt!KeExpandKernelStackAndCalloutInternal+0x33
24 fffff50f`bfa05bb0 fffff809`4a4eb657 nt!KeExpandKernelStackAndCalloutEx+0x1d
25 fffff50f`bfa05bf0 fffff809`4a4ebb9a CI!CipGetSupplementalPolicyPath+0x3f
26 fffff50f`bfa05c50 fffff809`4a4ebae3 CI!CipIsUnlockTokenPresentAndValid+0x22
27 fffff50f`bfa05c90 fffff809`4a4d2f53 CI!CiGetUnlockInformation+0x8f
28 fffff50f`bfa05d30 fffff800`5f7c7c25 CI!CipQueryPolicyInformation+0x43
29 fffff50f`bfa05d60 fffff800`5f7c96d0 nt!SeCodeIntegrityQueryPolicyInformation+0x15
2a fffff50f`bfa05da0 fffff800`5f7c8ceb nt!ExpQuerySystemInformation+0x8c0
2b fffff50f`bfa05fb0 fffff800`5f3dd285 nt!NtQuerySystemInformation+0x2b
2c fffff50f`bfa05ff0 fffff800`5f3cfd40 nt!KiSystemServiceCopyEnd+0x25
2d fffff50f`bfa06188 fffff800`5f821004 nt!KiServiceLinkage
2e fffff50f`bfa06190 fffff800`5f8027ae nt!ExpCloudbookHardwareLockedProvider+0x94
2f fffff50f`bfa06230 fffff800`5f8023a8 nt!ExQueryLicenseValueInternal+0x3de
30 fffff50f`bfa06490 fffff800`5f3dd285 nt!NtQueryLicenseValue+0x2a8
31 fffff50f`bfa06530 fffff800`5f3cfd40 nt!KiSystemServiceCopyEnd+0x25
32 fffff50f`bfa06738 fffff800`60eb50b1 nt!KiServiceLinkage
33 fffff50f`bfa06740 fffff800`60eb54a2 dam!DampCheckDplSupportedSystem+0xa9
34 fffff50f`bfa06800 fffff800`60eb5750 dam!DriverEntry+0x20e
35 fffff50f`bfa06900 fffff800`5f84cbc5 dam!GsDriverEntry+0x20
36 fffff50f`bfa06930 fffff800`5fb69cc8 nt!IopLoadDriver+0x4bd
37 fffff50f`bfa06b10 fffff800`5fb6f0f6 nt!IopInitializeSystemDrivers+0x134
38 fffff50f`bfa06bb0 fffff800`5f8c7a82 nt!IoInitSystem+0x12
39 fffff50f`bfa06be0 fffff800`5f33c6c5 nt!Phase1Initialization+0x42
3a fffff50f`bfa06c10 fffff800`5f3d349c nt!PspSystemThreadStartup+0x55
3b fffff50f`bfa06c60 00000000`00000000 nt!KiStartSystemThread+0x1c