Skip to content

Some executables cause BSOD in WinPE #160

New issue
New issue
Open
#163
Open
Some executables cause BSOD in WinPE#160
#163
@lesderid

Description

@lesderid
lesderid
opened on Jun 29, 2023

Running some MSYS2 executables (e.g. fish) under WinPE (Windows Server 2022, specifically 20348.1) causes a crash in ntfs.sys:

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck
Arg2: fffff80625609454, Address of the instruction which caused the BugCheck
Arg3: ffffbb0539194290, Address of the context record for the exception that caused the BugCheck
Arg4: 0000000000000000, zero.

[...]

PROCESS_NAME:  fish.exe

STACK_TEXT:  
ffffbb05`39194cb0 fffff806`2560573c     : ffffd485`cb2f0a68 ffffd485`cd83fb00 00000000`00ff00ff ffffbb05`39194f28 : Ntfs!NtfsFindStartingNode+0x5d4
ffffbb05`39194d80 fffff806`25602872     : ffffd485`cd83fb00 ffffbb05`39195130 ffffd485`cd83fb00 00000000`00000000 : Ntfs!NtfsCommonCreate+0x56c
ffffbb05`39195020 fffff806`21276425     : ffffd485`c956f030 ffffd485`cd83fb00 ffffbb05`39195300 ffffd485`cdd9b630 : Ntfs!NtfsFsdCreate+0x202
ffffbb05`391952a0 fffff806`20f4637a     : ffffd485`cd83fb00 ffffbb05`39195390 ffffbb05`39195399 fffff806`20f450b3 : nt!IofCallDriver+0x55
ffffbb05`391952e0 fffff806`20f7a264     : ffffbb05`39195390 ffffd485`cd83fc60 ffffd485`c9512cd0 fffff806`21688e9b : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x27a
ffffbb05`39195350 fffff806`21276425     : ffffd485`c9512c00 ffffd485`c95596b0 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x314
ffffbb05`39195400 fffff806`21687331     : ffffd485`cbc14a20 ffffd485`c95596b0 ffffbb05`39195701 00000000`00000040 : nt!IofCallDriver+0x55
ffffbb05`39195440 fffff806`21745e27     : 00000038`00000068 ffffd485`cbc14a20 d485cdd9`b790ffff ffffd485`cdd9b7c0 : nt!IopParseDevice+0x891
ffffbb05`39195600 fffff806`2168b9f5     : fffff806`21745d60 ffffbb05`39195770 ffffd485`c8cfb6c0 ffffd485`cdd9b7c0 : nt!IopParseFile+0xc7
ffffbb05`39195670 fffff806`2168ae91     : 00000000`00000000 ffffbb05`391958a0 00000000`00000040 ffffd485`c8cfb6c0 : nt!ObpLookupObjectName+0x625
ffffbb05`39195810 fffff806`216b5d9f     : 00000000`00000000 00000000`00000001 ffffd485`cbc14a20 00000007`ffffb0d0 : nt!ObOpenObjectByNameEx+0x1f1
ffffbb05`39195940 fffff806`216b58e8     : 00000007`ffffb090 00000000`00000000 00000007`ffffb0d0 00000007`ffffb0c0 : nt!IopCreateFile+0x40f
ffffbb05`391959e0 fffff806`21437735     : 00000000`00000000 00000007`ffffb0c0 00000008`00025508 00000008`00000068 : nt!NtOpenFile+0x58
ffffbb05`39195a70 00007ffc`d416efa4     : 00000001`80113101 00000007`ffffb270 00000008`000253d0 00000008`000254c8 : nt!KiSystemServiceCopyEnd+0x25
00000007`ffffafb8 00000001`80113101     : 00000007`ffffb270 00000008`000253d0 00000008`000254c8 00000000`00000080 : ntdll!NtOpenFile+0x14
00000007`ffffafc0 00000007`ffffb270     : 00000008`000253d0 00000008`000254c8 00000000`00000080 00000007`00000007 : msys_2_0!cuserid+0x29bc1
00000007`ffffafc8 00000008`000253d0     : 00000008`000254c8 00000000`00000080 00000007`00000007 00000000`00004020 : 0x00000007`ffffb270
00000007`ffffafd0 00000008`000254c8     : 00000000`00000080 00000007`00000007 00000000`00004020 00000000`00000060 : 0x00000008`000253d0
00000007`ffffafd8 00000000`00000080     : 00000007`00000007 00000000`00004020 00000000`00000060 00000000`00000005 : 0x00000008`000254c8
00000007`ffffafe0 00000007`00000007     : 00000000`00004020 00000000`00000060 00000000`00000005 00000007`ffffb160 : 0x80
00000007`ffffafe8 00000000`00004020     : 00000000`00000060 00000000`00000005 00000007`ffffb160 00000001`801766ac : 0x00000007`00000007
00000007`ffffaff0 00000000`00000060     : 00000000`00000005 00000007`ffffb160 00000001`801766ac 00000007`ffffb310 : 0x4020
00000007`ffffaff8 00000000`00000005     : 00000007`ffffb160 00000001`801766ac 00000007`ffffb310 00000000`00001e01 : 0x60
00000007`ffffb000 00000007`ffffb160     : 00000001`801766ac 00000007`ffffb310 00000000`00001e01 00000000`00000180 : 0x5
00000007`ffffb008 00000001`801766ac     : 00000007`ffffb310 00000000`00001e01 00000000`00000180 00000007`ffffb050 : 0x00000007`ffffb160
00000007`ffffb010 00000007`ffffb310     : 00000000`00001e01 00000000`00000180 00000007`ffffb050 00000001`8026f480 : msys_2_0!truncl+0xac
00000007`ffffb018 00000000`00001e01     : 00000000`00000180 00000007`ffffb050 00000001`8026f480 00000007`00000080 : 0x00000007`ffffb310
00000007`ffffb020 00000000`00000180     : 00000007`ffffb050 00000001`8026f480 00000007`00000080 00000007`ffffb080 : 0x1e01
00000007`ffffb028 00000007`ffffb050     : 00000001`8026f480 00000007`00000080 00000007`ffffb080 00000000`00000644 : 0x180
00000007`ffffb030 00000001`8026f480     : 00000007`00000080 00000007`ffffb080 00000000`00000644 00000000`00000000 : 0x00000007`ffffb050
00000007`ffffb038 00000007`00000080     : 00000007`ffffb080 00000000`00000644 00000000`00000000 00000000`00000028 : msys_2_0!sys_nerr+0x24140
00000007`ffffb040 00000007`ffffb080     : 00000000`00000644 00000000`00000000 00000000`00000028 01d9ab0f`2761782a : 0x00000007`00000080
00000007`ffffb048 00000000`00000644     : 00000000`00000000 00000000`00000028 01d9ab0f`2761782a 00000000`0000000a : 0x00000007`ffffb080
00000007`ffffb050 00000000`00000000     : 00000000`00000028 01d9ab0f`2761782a 00000000`0000000a 00000000`00000200 : 0x644

[...]

NtOpenFile was called with ObjectAttributes.ObjectName containing \??\X:\msys\dev\.

(I realise this is probably not a supported configuration. It also arguably isn't an MSYS2 bug, as it's a user mode program that causes a kernel mode crash. I'm creating this issue mostly so there's a record of it.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions