Bugcheck FLTMGR_FILE_SYSTEM / 68

Hi.

I was faced with very strange bugcheck. Docs from msdn (
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560383(v=vs.85).aspx
) are totally wrong and only one mention at ntfsd (
http://www.osronline.com/showThread.cfm?link=105814) without solution.
Below you can see output of analyze -v. Basically bugcheck in
FltReleaseFileNameInformation after this test

lea eax, [ecx-2Ch]
…
test dword ptr [eax+28h], 1E000h

there ecx - PFLT_FILE_NAME_INFORMATION. On bugcheck time i`m have 0x18000
in this field, and 0 references on FLT_FILE_NAME_INFORMATION (this is
correct). And callback are IRP_MJ_SET_INFORMATION (preop).
I check FO and Cbd - nothing strange (listings are below).

Can somebody give me direction?

kd> !fileobj 0x86252dc8

\Windows\Prefetch\ReadyBoot\ReadyBoot.etl

Device Object: 0x850e9828 \Driver\volmgr
Vpb: 0x850bcac8
Access: Delete SharedRead SharedWrite SharedDelete

Flags: 0x40040
Cache Supported
Handle Created

FsContext: 0x992360f8 FsContext2: 0x9919d448
CurrentByteOffset: 0
Cache Data:
Section Object Pointers: 86452468
Shared Cache Map: 00000000

kd> !cbd 0x85f165e0

IRP_CTRL: 85f16580 SET_INFORMATION (6) [00000009] Irp SystemBuffer
Flags : [10000004] DontCopyParms FixedAlloc
Irp : 86194d18
DeviceObject : 85123dc8 “\Device\HarddiskVolume2”
FileObject : 86252dc8
CompletionNodeStack : 85f16638 Size=5 Next=0
SyncEvent : (85f16590)
InitiatingInstance : 00000000
Icc : 8a6d1c4c
PendingCallbackNode : 85f46f44
PendingCallbackContext : 00000000
PendingStatus : 0x00000000
CallbackData : (85f165e0)
Flags : [00000009] Irp SystemBuffer
Thread : 85218830
Iopb : 85f1660c
RequestorMode : [01] UserMode
IoStatus.Status : 0x00000000
IoStatus.Information : 00000000
TagData : 00000000
FilterContext[0] : 00000000
FilterContext[1] : 00000000
FilterContext[2] : 00000000
FilterContext[3] : 00000000

Cmd IrpFl OpFl CmpFl Instance FileObjt Completion-Context Node
Adr

[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16758
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16710
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f166c8
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16680
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16638
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
Working IOPB:

[6,0] 00020834 00 85f46e18 86252dc8
85f1660c
(“cheker”,“cheker Instance”)
Args: 00000001 0000000d 00000000 00000584 84393778 0000000000000000

FLTMGR_FILE_SYSTEM (f5)
An unrecoverable failure occured inside the filter manager.
Arguments:
Arg1: 00000068, The reason for the failure
Arg2: 991a39a0
Arg3: 991a39cc
Arg4: 00000000

Debugging Details:

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0xF5

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 828d7589 to 8285dd00

STACK_TEXT:
8a6d1664 828d7589 00000003 af7f4c2a 00000065
nt!RtlpBreakWithStatusInstruction
8a6d16b4 828d8085 00000003 85f165e0 85f46e18 nt!KiBugCheckDebugBreak+0x1c
8a6d1a78 828d7428 000000f5 00000068 991a39a0 nt!KeBugCheck2+0x68b
8a6d1a9c 877d2ed1 000000f5 00000068 991a39a0 nt!KeBugCheckEx+0x1e
8a6d1ab8 94ef7b8e 991a39cc 8a6d1ae4 8a6d1ad4
fltmgr!FltReleaseFileNameInformation+0x43
8a6d1ac8 94ef77b1 8a6d1ae4 8a6d1b7c 94ef673d dcopy!Path::free+0x1e
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 177]
8a6d1ad4 94ef673d 00060004 94ef8fe0 00000001 dcopy!Path::~Path+0x11
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 29]
8a6d1b7c 94ef67b2 85f165e0 8a6d1bac 8a6d1bf8 dcopy!OnDelete+0x17d
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 140]
8a6d1b8c 877b7aeb 85f165e0 8a6d1bac 8a6d1bd8 dcopy!PreSetInfo+0x12
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 166]
8a6d1bf8 877ba9f0 8a6d1c4c 86194d18 00000000
fltmgr!FltpPerformPreCallbacks+0x34d
8a6d1c10 877baf01 8a6d1c4c 00000000 85123dc8
fltmgr!FltpPassThroughInternal+0x40
8a6d1c34 877bb3ba 066d1c01 85123dc8 0000000d fltmgr!FltpPassThrough+0x203
8a6d1c64 82834047 85123dc8 86194d18 86194ecc fltmgr!FltpDispatch+0xb4
8a6d1c7c 82a3e321 af7f4786 00000584 0158f8d0 nt!IofCallDriver+0x63
8a6d1d18 8283a87a 00000584 0158f914 0158f937 nt!NtSetInformationFile+0xa3f
8a6d1d18 77b770b4 00000584 0158f914 0158f937 nt!KiFastCallEntry+0x12a
0158f8b0 77b76644 75d10aaf 00000584 0158f914 ntdll!KiFastSystemCallRet
0158f8b4 75d10aaf 00000584 0158f914 0158f937 ntdll!NtSetInformationFile+0xc
0158f92c 71398a65 01411920 71418b98 71411b58 KERNELBASE!DeleteFileW+0x277
0158fb58 71394061 714118d0 01601878 025d4e58 sysmain!EcbTraceSaveTrace+0xa7
0158fe00 713946c8 025d4e58 0149f090 00000000
sysmain!EcbBootFilesProcess+0x2e9
0158fe74 76143c45 025d4e58 0158fec0 77b937f5
sysmain!RdBtBootPlannerWorker+0x66
0158fe80 77b937f5 025d4e58 7698e4ed 00000000
kernel32!BaseThreadInitThunk+0xe
0158fec0 77b937c8 71394662 025d4e58 00000000 ntdll!__RtlUserThreadStart+0x70
0158fed8 00000000 71394662 025d4e58 00000000 ntdll!_RtlUserThreadStart+0x1b

STACK_COMMAND: kb

FOLLOWUP_IP:
dcopy!Path::free+1e
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 177]
94ef7b8e eb30 jmp dcopy!Path::free+0x50 (94ef7bc0)

FAULTING_SOURCE_CODE:
173: if(m_path)
174: {
175: FltReleaseFileNameInformation(m_path);
176: }

177: else
178: {
179: String::free(m_volumeName);
180: String::free(m_parentDir);
181: String::free(m_targetFile);
182: String::free(m_fullPath);

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: dcopy!Path::free+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dcopy

IMAGE_NAME: dcopy.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 50204a4c

FAILURE_BUCKET_ID: 0xF5_dcopy!Path::free+1e

BUCKET_ID: 0xF5_dcopy!Path::free+1e

Followup: MachineOwner

forgot to say. Value of 0x1800 has been set to eax+28h by FltGetFileNameInformation :

NTSTATUS status = FltGetFileNameInformation(cbd, FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_ALWAYS_ALLOW_CACHE_LOOKUP, &fileName);

after i only parse file name copy part of name and release it.

This appears to mean that the reference count is zero on the name
information but the structure flags indicate that it’s still in use. Not
sure why the docs are so off here, but I have filed a bug report against
them.

Any chance you’re calling FltReleaseFileNameInformation twice? Are there any
other filters active in the system? If so, you might want to disable them
and see if the problem goes away or at least changes into a predictable
failure.

Also, if you don’t already have Driver Verifier enabled you should do that.
The checked version of Filter Manager may also be helpful.

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Евгений Гостюхин” wrote in message
news:xxxxx@ntfsd…
Hi.

I was faced with very strange bugcheck. Docs from msdn
(http://msdn.microsoft.com/en-us/library/windows/hardware/ff560383(v=vs.85).aspx)
are totally wrong and only one mention at ntfsd
(http://www.osronline.com/showThread.cfm?link=105814) without solution.
Below you can see output of analyze -v. Basically bugcheck in
FltReleaseFileNameInformation after this test

lea eax, [ecx-2Ch]
…
test dword ptr [eax+28h], 1E000h

there ecx - PFLT_FILE_NAME_INFORMATION. On bugcheck time i`m have 0x18000 in
this field, and 0 references on FLT_FILE_NAME_INFORMATION (this is correct).
And callback are IRP_MJ_SET_INFORMATION (preop).
I check FO and Cbd - nothing strange (listings are below).

Can somebody give me direction?

-----------------------------------------------------------------------------------------------------------------------------------------

kd> !fileobj 0x86252dc8

\Windows\Prefetch\ReadyBoot\ReadyBoot.etl

Device Object: 0x850e9828 \Driver\volmgr
Vpb: 0x850bcac8
Access: Delete SharedRead SharedWrite SharedDelete

Flags: 0x40040
Cache Supported
Handle Created

FsContext: 0x992360f8 FsContext2: 0x9919d448
CurrentByteOffset: 0
Cache Data:
Section Object Pointers: 86452468
Shared Cache Map: 00000000

-----------------------------------------------------------------------------------------------------------------------------------------

kd> !cbd 0x85f165e0

IRP_CTRL: 85f16580 SET_INFORMATION (6) [00000009] Irp SystemBuffer
Flags : [10000004] DontCopyParms FixedAlloc
Irp : 86194d18
DeviceObject : 85123dc8 “\Device\HarddiskVolume2”
FileObject : 86252dc8
CompletionNodeStack : 85f16638 Size=5 Next=0
SyncEvent : (85f16590)
InitiatingInstance : 00000000
Icc : 8a6d1c4c
PendingCallbackNode : 85f46f44
PendingCallbackContext : 00000000
PendingStatus : 0x00000000
CallbackData : (85f165e0)
Flags : [00000009] Irp SystemBuffer
Thread : 85218830
Iopb : 85f1660c
RequestorMode : [01] UserMode
IoStatus.Status : 0x00000000
IoStatus.Information : 00000000
TagData : 00000000
FilterContext[0] : 00000000
FilterContext[1] : 00000000
FilterContext[2] : 00000000
FilterContext[3] : 00000000

Cmd IrpFl OpFl CmpFl Instance FileObjt Completion-Context Node
Adr
--------- -------- ----- ----- -------- -------- ------------------ --------
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16758
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16710
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f166c8
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16680
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16638
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
Working IOPB:
>[6,0] 00020834 00 85f46e18 86252dc8
>85f1660c
(“cheker”,“cheker Instance”)
Args: 00000001 0000000d 00000000 00000584 84393778 0000000000000000

-----------------------------------------------------------------------------------------------------------------------------------------

FLTMGR_FILE_SYSTEM (f5)
An unrecoverable failure occured inside the filter manager.
Arguments:
Arg1: 00000068, The reason for the failure
Arg2: 991a39a0
Arg3: 991a39cc
Arg4: 00000000

Debugging Details:
------------------

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0xF5

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 828d7589 to 8285dd00

STACK_TEXT:
8a6d1664 828d7589 00000003 af7f4c2a 00000065
nt!RtlpBreakWithStatusInstruction
8a6d16b4 828d8085 00000003 85f165e0 85f46e18 nt!KiBugCheckDebugBreak+0x1c
8a6d1a78 828d7428 000000f5 00000068 991a39a0 nt!KeBugCheck2+0x68b
8a6d1a9c 877d2ed1 000000f5 00000068 991a39a0 nt!KeBugCheckEx+0x1e
8a6d1ab8 94ef7b8e 991a39cc 8a6d1ae4 8a6d1ad4
fltmgr!FltReleaseFileNameInformation+0x43
8a6d1ac8 94ef77b1 8a6d1ae4 8a6d1b7c 94ef673d dcopy!Path::free+0x1e
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 177]
8a6d1ad4 94ef673d 00060004 94ef8fe0 00000001 dcopy!Path::~Path+0x11
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 29]
8a6d1b7c 94ef67b2 85f165e0 8a6d1bac 8a6d1bf8 dcopy!OnDelete+0x17d
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 140]
8a6d1b8c 877b7aeb 85f165e0 8a6d1bac 8a6d1bd8 dcopy!PreSetInfo+0x12
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 166]
8a6d1bf8 877ba9f0 8a6d1c4c 86194d18 00000000
fltmgr!FltpPerformPreCallbacks+0x34d
8a6d1c10 877baf01 8a6d1c4c 00000000 85123dc8
fltmgr!FltpPassThroughInternal+0x40
8a6d1c34 877bb3ba 066d1c01 85123dc8 0000000d fltmgr!FltpPassThrough+0x203
8a6d1c64 82834047 85123dc8 86194d18 86194ecc fltmgr!FltpDispatch+0xb4
8a6d1c7c 82a3e321 af7f4786 00000584 0158f8d0 nt!IofCallDriver+0x63
8a6d1d18 8283a87a 00000584 0158f914 0158f937 nt!NtSetInformationFile+0xa3f
8a6d1d18 77b770b4 00000584 0158f914 0158f937 nt!KiFastCallEntry+0x12a
0158f8b0 77b76644 75d10aaf 00000584 0158f914 ntdll!KiFastSystemCallRet
0158f8b4 75d10aaf 00000584 0158f914 0158f937 ntdll!NtSetInformationFile+0xc
0158f92c 71398a65 01411920 71418b98 71411b58 KERNELBASE!DeleteFileW+0x277
0158fb58 71394061 714118d0 01601878 025d4e58 sysmain!EcbTraceSaveTrace+0xa7
0158fe00 713946c8 025d4e58 0149f090 00000000
sysmain!EcbBootFilesProcess+0x2e9
0158fe74 76143c45 025d4e58 0158fec0 77b937f5
sysmain!RdBtBootPlannerWorker+0x66
0158fe80 77b937f5 025d4e58 7698e4ed 00000000
kernel32!BaseThreadInitThunk+0xe
0158fec0 77b937c8 71394662 025d4e58 00000000 ntdll!__RtlUserThreadStart+0x70
0158fed8 00000000 71394662 025d4e58 00000000 ntdll!RtlUserThreadStart+0x1b

STACK_COMMAND: kb

FOLLOWUP_IP:
dcopy!Path::free+1e [c:\users\izl3sa_work\project\etudes\copy\src\path.cpp
@ 177]
94ef7b8e eb30 jmp dcopy!Path::free+0x50 (94ef7bc0)

FAULTING_SOURCE_CODE:
173: if(m_path)
174: {
175: FltReleaseFileNameInformation(m_path);
176: }
> 177: else
178: {
179: String::free(m_volumeName);
180: String::free(m_parentDir);
181: String::free(m_targetFile);
182: String::free(m_fullPath);

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: dcopy!Path::free+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dcopy

IMAGE_NAME: dcopy.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 50204a4c

FAILURE_BUCKET_ID: 0xF5_dcopy!Path::free+1e

BUCKET_ID: 0xF5_dcopy!Path::free+1e

Followup: MachineOwner
---------

>>This appears to mean that the reference count is zero on the name
information but the structure flags indicate that it’s still in use. Not
sure why the docs are so off here, but I have filed a bug report against
them
This is very strange, because if i write release immidiately after
FltGetFileNameInformation i will have this bugcheck, as i see, in
normal circumstances
i will have 0 in this field after get information.

> Any chance you’re calling FltReleaseFileNameInformation twice?
No, this part of code has been tested already previously.

> Are there any other filters active in the system?
No, i test on clean win7 image.

And no any issues with Driver Verifier at all. Thanks for mention about
checked version of fltmgr ).

Just to close one part of the mystery on this one…

I submitted a bug against the bogus description of this particular bugcheck
on MSDN. Currently, the MSDN docs for bugcheck 0xF5 (FLTMGR_FILE_SYSTEM)
say:

Parm1 - 104 (0x68) : Unexpected failure referencing an object.

Parm 2 - Handle for the object.
Parm 3 - 0
Parm 4 - NTSTATUS code returned by ObReferenceObjectByHandle

However, it has been confirmed that the docs are entirely incorrect. The
updated description for this bugcheck is:

Parm1 - 104 (0x68) : A FileNameInformation structure was over-dereferenced.

Parm 2 - Reserved
Parm 3 - The address of the FLT_FILE_NAME_INFORMATION structure
Parm 4 - Reserved

The updated docs should show up eventually, but for now at least the NTFSD
archives will have the updated information.

(Thanks to Steve on the docs team for providing the updated information!)

-scott

–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Евгений Гостюхин” wrote in message
news:xxxxx@ntfsd…
Hi.

I was faced with very strange bugcheck. Docs from msdn
(http://msdn.microsoft.com/en-us/library/windows/hardware/ff560383(v=vs.85).aspx)
are totally wrong and only one mention at ntfsd
(http://www.osronline.com/showThread.cfm?link=105814) without solution.
Below you can see output of analyze -v. Basically bugcheck in
FltReleaseFileNameInformation after this test

lea eax, [ecx-2Ch]
…
test dword ptr [eax+28h], 1E000h

there ecx - PFLT_FILE_NAME_INFORMATION. On bugcheck time i`m have 0x18000 in
this field, and 0 references on FLT_FILE_NAME_INFORMATION (this is correct).
And callback are IRP_MJ_SET_INFORMATION (preop).
I check FO and Cbd - nothing strange (listings are below).

Can somebody give me direction?

-----------------------------------------------------------------------------------------------------------------------------------------

kd> !fileobj 0x86252dc8

\Windows\Prefetch\ReadyBoot\ReadyBoot.etl

Device Object: 0x850e9828 \Driver\volmgr
Vpb: 0x850bcac8
Access: Delete SharedRead SharedWrite SharedDelete

Flags: 0x40040
Cache Supported
Handle Created

FsContext: 0x992360f8 FsContext2: 0x9919d448
CurrentByteOffset: 0
Cache Data:
Section Object Pointers: 86452468
Shared Cache Map: 00000000

-----------------------------------------------------------------------------------------------------------------------------------------

kd> !cbd 0x85f165e0

IRP_CTRL: 85f16580 SET_INFORMATION (6) [00000009] Irp SystemBuffer
Flags : [10000004] DontCopyParms FixedAlloc
Irp : 86194d18
DeviceObject : 85123dc8 “\Device\HarddiskVolume2”
FileObject : 86252dc8
CompletionNodeStack : 85f16638 Size=5 Next=0
SyncEvent : (85f16590)
InitiatingInstance : 00000000
Icc : 8a6d1c4c
PendingCallbackNode : 85f46f44
PendingCallbackContext : 00000000
PendingStatus : 0x00000000
CallbackData : (85f165e0)
Flags : [00000009] Irp SystemBuffer
Thread : 85218830
Iopb : 85f1660c
RequestorMode : [01] UserMode
IoStatus.Status : 0x00000000
IoStatus.Information : 00000000
TagData : 00000000
FilterContext[0] : 00000000
FilterContext[1] : 00000000
FilterContext[2] : 00000000
FilterContext[3] : 00000000

Cmd IrpFl OpFl CmpFl Instance FileObjt Completion-Context Node
Adr
--------- -------- ----- ----- -------- -------- ------------------ --------
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16758
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16710
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f166c8
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16680
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
[0,0] 00000000 00 0000 00000000 00000000 00000000-00000000
85f16638
Args: 00000000 00000000 00000000 00000000 00000000 0000000000000000
Working IOPB:
>[6,0] 00020834 00 85f46e18 86252dc8
>85f1660c
(“cheker”,“cheker Instance”)
Args: 00000001 0000000d 00000000 00000584 84393778 0000000000000000

-----------------------------------------------------------------------------------------------------------------------------------------

FLTMGR_FILE_SYSTEM (f5)
An unrecoverable failure occured inside the filter manager.
Arguments:
Arg1: 00000068, The reason for the failure
Arg2: 991a39a0
Arg3: 991a39cc
Arg4: 00000000

Debugging Details:
------------------

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0xF5

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 828d7589 to 8285dd00

STACK_TEXT:
8a6d1664 828d7589 00000003 af7f4c2a 00000065
nt!RtlpBreakWithStatusInstruction
8a6d16b4 828d8085 00000003 85f165e0 85f46e18 nt!KiBugCheckDebugBreak+0x1c
8a6d1a78 828d7428 000000f5 00000068 991a39a0 nt!KeBugCheck2+0x68b
8a6d1a9c 877d2ed1 000000f5 00000068 991a39a0 nt!KeBugCheckEx+0x1e
8a6d1ab8 94ef7b8e 991a39cc 8a6d1ae4 8a6d1ad4
fltmgr!FltReleaseFileNameInformation+0x43
8a6d1ac8 94ef77b1 8a6d1ae4 8a6d1b7c 94ef673d dcopy!Path::free+0x1e
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 177]
8a6d1ad4 94ef673d 00060004 94ef8fe0 00000001 dcopy!Path::~Path+0x11
[c:\users\izl3sa_work_\project\etudes\copy\src\path.cpp @ 29]
8a6d1b7c 94ef67b2 85f165e0 8a6d1bac 8a6d1bf8 dcopy!OnDelete+0x17d
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 140]
8a6d1b8c 877b7aeb 85f165e0 8a6d1bac 8a6d1bd8 dcopy!PreSetInfo+0x12
[c:\users\izl3sa_work_\project\etudes\copy\src\main.cpp @ 166]
8a6d1bf8 877ba9f0 8a6d1c4c 86194d18 00000000
fltmgr!FltpPerformPreCallbacks+0x34d
8a6d1c10 877baf01 8a6d1c4c 00000000 85123dc8
fltmgr!FltpPassThroughInternal+0x40
8a6d1c34 877bb3ba 066d1c01 85123dc8 0000000d fltmgr!FltpPassThrough+0x203
8a6d1c64 82834047 85123dc8 86194d18 86194ecc fltmgr!FltpDispatch+0xb4
8a6d1c7c 82a3e321 af7f4786 00000584 0158f8d0 nt!IofCallDriver+0x63
8a6d1d18 8283a87a 00000584 0158f914 0158f937 nt!NtSetInformationFile+0xa3f
8a6d1d18 77b770b4 00000584 0158f914 0158f937 nt!KiFastCallEntry+0x12a
0158f8b0 77b76644 75d10aaf 00000584 0158f914 ntdll!KiFastSystemCallRet
0158f8b4 75d10aaf 00000584 0158f914 0158f937 ntdll!NtSetInformationFile+0xc
0158f92c 71398a65 01411920 71418b98 71411b58 KERNELBASE!DeleteFileW+0x277
0158fb58 71394061 714118d0 01601878 025d4e58 sysmain!EcbTraceSaveTrace+0xa7
0158fe00 713946c8 025d4e58 0149f090 00000000
sysmain!EcbBootFilesProcess+0x2e9
0158fe74 76143c45 025d4e58 0158fec0 77b937f5
sysmain!RdBtBootPlannerWorker+0x66
0158fe80 77b937f5 025d4e58 7698e4ed 00000000
kernel32!BaseThreadInitThunk+0xe
0158fec0 77b937c8 71394662 025d4e58 00000000 ntdll!__RtlUserThreadStart+0x70
0158fed8 00000000 71394662 025d4e58 00000000 ntdll!RtlUserThreadStart+0x1b

STACK_COMMAND: kb

FOLLOWUP_IP:
dcopy!Path::free+1e [c:\users\izl3sa_work\project\etudes\copy\src\path.cpp
@ 177]
94ef7b8e eb30 jmp dcopy!Path::free+0x50 (94ef7bc0)

FAULTING_SOURCE_CODE:
173: if(m_path)
174: {
175: FltReleaseFileNameInformation(m_path);
176: }
> 177: else
178: {
179: String::free(m_volumeName);
180: String::free(m_parentDir);
181: String::free(m_targetFile);
182: String::free(m_fullPath);

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: dcopy!Path::free+1e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dcopy

IMAGE_NAME: dcopy.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 50204a4c

FAILURE_BUCKET_ID: 0xF5_dcopy!Path::free+1e

BUCKET_ID: 0xF5_dcopy!Path::free+1e

Followup: MachineOwner
---------