btrfs icon indicating copy to clipboard operation
btrfs copied to clipboard
verified publisher icon maharmstone

BSOD with btrfs.sys

Open huntindeed opened this issue 1 year ago • 4 comments

btrfs.txt

031125-12093-01.dmp

huntindeed avatar Mar 11 '25 19:03 huntindeed

+1, but another bug check: KERNEL_MODE_HEAP_CORRUPTION

032425-14796-01.dmp

cxzlw avatar Mar 25 '25 12:03 cxzlw

+1 IRQL_NOT_LESS_OR_EQUAL

032725-12312-01.dmp

Image

RUANRUI1995 avatar Mar 27 '25 08:03 RUANRUI1995

+1 System_thread_exception_not_handled classpnp.sys

dedors avatar Mar 30 '25 15:03 dedors

I think this could be related to an issue in watch_registry in registry.c, as I could reproduce it on ReactOS while implementing NtNotifyChangeMultipleKeys. The WinBtrfs uses a stack allocated variable for IO_STATUS_BLOCK while calling ZwNotifyChangeKey in asynchronous mode, which then the variable is popped out of the stack memory when it returns from watch_registry function and when Windows tries to write the status in IO_STATUS_BLOCK it corrupts the kernel memory causing a BSOD.

xmine64 avatar May 13 '25 13:05 xmine64