System crash (BSOD) from Dokan library dokan.sys

laxity

I have recently experienced two system crashes (BSODs) on two different systems which are running BoxCryptor 1.0.0.0 with the bundled Dokan library 0.6.0.

The first crash was a few weeks ago on my main desktop system running Windows 7 Ultimate 64bit SP1. Then a second crash on my Dell laptop which is also running Windows 7 Ultimate 64bit SP1. I was simply going up a directory level when browsing files in my BoxCryptor mapped drive. Running windbg against both crash dumps implicates the Dokan.sys as the probable cause. Details below :

BugCheck A, {0, 2, 1, fffff80002eb9a6e}

*** ERROR: Module load completed but symbols could not be loaded for dokan.sys
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 00000000`7efdf018Processing initial command '!analyze -v;r;kv;lmtn;.logclose'
). Type ".hh dbgerr001" for details

Probably caused by : dokan.sys ( dokan+3918 ) << !!

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002eb9a6e, address which referenced memory

WRITE_ADDRESS: 0000000000000000

CURRENT_IRQL: 2

FAULTING_IP:
nt!ExDeleteResourceLite+ce
fffff800`02eb9a6e 488908 mov qword ptr [rax],rcx

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: Dropbox.exe

TRAP_FRAME: fffff88002f0f770 -- (.trap 0xfffff88002f0f770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8006bf4060 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002eb9a6e rsp=fffff88002f0f900 rbp=0000000000000001
r8=0000000000000000 r9=0000000000000000 r10=fffff80002e5f000
r11=000000000000025d r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeleteResourceLite+0xce:
fffff800`02eb9a6e 488908 mov qword ptr [rax],rcx ds:a9f0:0000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002edb1e9 to fffff80002edbc40

STACK_TEXT:
fffff88002f0f628 fffff80002edb1e9 : 000000000000000a 0000000000000000 0000000000000002 0000000000000001 : nt!KeBugCheckEx
fffff88002f0f630 fffff80002ed9e60 : 00000000accb6867 fffff80002ede8a4 fffffa8000000001 fffffa8006a5f3c8 : nt!KiBugCheckDispatch+0x69
fffff88002f0f770 fffff80002eb9a6e : 0000000000000001 fffff880075192df fffffa800a646b00 fffff88007519272 : nt!KiPageFault+0x260
fffff88002f0f900 fffff8800750e918 : fffffa8009e9d570 0000000000000001 fffffa800988b342 fffffa800988b342 : nt!ExDeleteResourceLite+0xce
fffff88002f0f960 fffff8800750f581 : fffffa8006a5f230 fffffa80090965f0 00000000000000aa fffffa80098caa00 : dokan+0x3918
fffff88002f0f9a0 fffff800031d838e : fffffa80098d7880 fffffa80090965f0 fffffa800a99eb30 fffffa80098d7880 : dokan+0x4581
fffff88002f0fa50 fffff80002ee5af4 : fffffa8009e9d570 fffffa800a99eb30 fffffa8006718080 000000000922ee60 : nt!IopDeleteFile+0x11e
fffff88002f0fae0 fffff800031d2f44 : fffffa800a99eb30 0000000000000000 fffffa8006bf4060 0000000000000000 : nt!ObfDereferenceObject+0xd4
fffff88002f0fb40 fffff800031d34f4 : 00000000000005f0 fffffa800a99eb30 fffff8a0024cd600 00000000000005f0 : nt!ObpCloseHandleTableEntry+0xc4
fffff88002f0fbd0 fffff80002edaed3 : fffffa8006bf4060 fffff88002f0fca0 000000007ee70000 fffffa800a5a6060 : nt!ObpCloseHandle+0x94
fffff88002f0fc20 0000000077c7140a : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
000000000922e808 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x77c7140a

STACK_COMMAND: kb

FOLLOWUP_IP:
dokan+3918
fffff880`0750e918 488b4c2440 mov rcx,qword ptr [rsp+40h]

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: dokan+3918 << !!

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dokan

IMAGE_NAME: dokan.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4d2b0059

FAILURE_BUCKET_ID: X64_0xA_dokan+3918

BUCKET_ID: X64_0xA_dokan+3918

Followup: MachineOwner

As you can see in the windbg output dokan.sys was on the stack at the time of the crash so this is the most likely culprit unless it was passed bad data from Boxcryptor or Dropbox for example.

Can this be looked into please? as I doubt this will be the last time I run into this and if I am seeing it on two completely different systems then other people must be seeing this also I'm guessing.

Many thanks,
Richard.

Robert

Hi Richard,

thanks for this information! In order to investigate this issue, it would help if you could send me your dump files. You can contact me at contact at boxcryptor dot com.

--Robert

Johannes

Hello,

I have a BOS every day. It happens at any time while developing with Visual Studio. Sometimes the crash happens when saving a file, or sometimes when building a solution. The result is frustrating, since I already bought BoxCryptor Unlimited Personal.

I will send you some mindumps, too.

Regards,
Johannes

Here is my Bugcheck Analysis:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 000000000000109b, (reserved)
Arg3: 00000000040d0000, Memory contents of the pool block
Arg4: fffffa8009671010, Address of the block of pool being deallocated

Debugging Details:
------------------

POOL_ADDRESS: fffffa8009671010

FREED_POOL_TAG: DOKA

BUGCHECK_STR: 0xc2_7_DOKA

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: BoxCryptor.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800037abbe9 to fffff8000367dc40

STACK_TEXT:
fffff8800d0e6798 fffff800037abbe9 : 00000000000000c2 0000000000000007 000000000000109b 00000000040d0000 : nt!KeBugCheckEx
fffff8800d0e67a0 fffff880097618e5 : 0000000000000000 fffffa8004932720 fffff8800d0e6ca0 0000000000000258 : nt!ExDeferredFreePool+0x1201
fffff8800d0e6850 0000000000000000 : fffffa8004932720 fffff8800d0e6ca0 0000000000000258 fffffa8004d3ea60 : dokan+0x38e5

STACK_COMMAND: kb

FOLLOWUP_IP:
dokan+38e5
fffff880`097618e5 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: dokan+38e5

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: dokan

IMAGE_NAME: dokan.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4d2b0059

FAILURE_BUCKET_ID: X64_0xc2_7_DOKA_dokan+38e5

BUCKET_ID: X64_0xc2_7_DOKA_dokan+38e5

Followup: MachineOwner
---------

Robert

Thanks for this information and your crash dumps you sent by mail. I'm sorry that you're having such problems with BoxCryptor and we try our best to eliminate the cause for the BSODs some users experience.

I have answered you by mail and hope we can find a solution.

KlasO

Not sure whether it's the dokan that's haunting my laptop but I'm experiencing at least one BSoD a day. I'm getting the bad pool caller or the irql not less or equal. I've also seen driver power state failure.

The pattern I'm seeing from the last few times is when I'm trying to save a document to a Windows Library (i.e. a combination of folders to cut the confusion) consisting of a couple of folders on the Boxcryptor mapped drive.

EDIT: windbg says "probably caused by dokan.sys"

KlasO

Any news for this issue?

Robert

Hi Klas,

unfortunatly not. Our development resources are mainly occupied by BoxCryptor for iOS at the moment and fixing a bug in a system driver is not trivial (especially if it's a third-party one) - although it is definitely our top-priority for BoxCryptor for Windows.

--Robert

PS: Could you please send me your Minidumps at contact at boxcryptor . com?

KlasO

Minidumps sent, sorry for the tardiness - I missed checking for replies here under some strange assumption that I'd get an email when the thread was updated.

KlasO

I just experienced another BSoD and Windbg allocates the blame to dokan.

Please advise how to resolve these issues.

Robert

I'm sorry, but we don't have any solution for this problem right now. We're trying to fix Dokan ourselves and also evaluating other products to replace Dokan.

Johannes

This bug should have the highest priority. Why do you continue the work on your mobile apps if the main product is defect?

In the past I recommended BoyCryptor as a great tool. But a BOS is the worst case for computer work, every unsaved data gets lost. Until that bug is fixed I’m now warning everybody from using it!

Robert

Hi Johannes,
I completely agree with you that any BSOD is unacceptable and I understand your concerns about this problem. Our mobile apps are just as important to us as the desktop version. It's always hard to set the right priorities, but having multi-platform support was extremely important for us - from writing the first line of code until now.

We're doing everything we can to improve BoxCryptor so it's a tool which you love to recommend again.
--Robert

Robert

Hi everybody,

we have released a beta of BoxCryptor for Windows v1.3 with major stability improvements. BSODs should not occur anymore. You can find more information here:

http://forums.boxcryptor.com/topic/boxcryptor-for-windows-v13-beta

It would be great if you could try it and maybe report if your problems could be solved. Thanks!

--Robert

xenthressa

Great news, I have been waiting for that message for many months now :).

Will report my findings