WSL crash due Windows Defender, 9p related #13544
Description
Windows Version
Windows 10, Windows 11, happens all variations
WSL Version
Are you using WSL 1 or WSL 2?
- WSL 2
- WSL 1
Kernel Version
No response
Distro Version
Debian
Other Software
Repro Steps
Run WSL, use 9p to transfer files. Windows Defender Realtime checking must be enabled.
Expected Behavior
No Windows kernel crash.
Actual Behavior
Windows kernel "BLUE SCREEN" in Defender executable.
Kernel backtrace:
PROCESS_NAME: MsMpEng.exe
STACK_TEXT:
ffff998b`ba4e4478 fffff800`26245169 : 00000000`0000001a 00000000`00041791 ffffa600`05553930 ffffa2d1`40000000 : nt!KeBugCheckEx
ffff998b`ba4e4480 fffff800`265f7586 : ffff998b`ba4e46c0 00000000`00000103 ffff998b`00000002 00000000`00000000 : nt!MmUnlockPages+0xd89
ffff998b`ba4e4570 fffff800`265f62e3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmCopyVirtualMemory+0x7d6
ffff998b`ba4e49c0 fffff800`265f617b : ffffe68b`e0f59080 000000d1`7117d8f8 000002c6`8eb82230 000000d1`7117da80 : nt!MiReadWriteVirtualMemory+0x153
ffff998b`ba4e4a50 fffff800`26411505 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffab00`449d8180 : nt!NtReadVirtualMemory+0x1b
ffff998b`ba4e4a90 00007ffc`0c14dcd4 : 00007ffc`09cefed5 00007ffb`d3afb3d0 00000000`00161000 000002c6`8e4cb1e0 : nt!KiSystemServiceCopyEnd+0x25
000000d1`7117d8d8 00007ffc`09cefed5 : 00007ffb`d3afb3d0 00000000`00161000 000002c6`8e4cb1e0 00007ffb`d3afb0d2 : ntdll!NtReadVirtualMemory+0x14
000000d1`7117d8e0 00007ffb`d3de7b8c : 000002c6`8e4cb1e0 00000000`00000000 00000000`7ffee000 000002c6`e3540db0 : KERNELBASE!ReadProcessMemory+0x15
000000d1`7117d930 00007ffb`d3afa2ae : 000002c6`8e4cb1e0 000002c6`8e4cb2c8 000002c6`8e4cb2c8 00000000`00000001 : mpengine!ReadProcessMemoryInternal+0x11c
000000d1`7117d9c0 00007ffb`d3af8a34 : 00000000`0000000c 00000000`00000000 000002c6`8e4cb1e0 00000000`00000100 : mpengine!CSMSProcess::ScanRange+0x12e
000000d1`7117daa0 00007ffb`d44d0a50 : 000002c6`8e4cb1e0 000002c6`8e4cb1e0 00000000`00000001 00000000`00000002 : mpengine!CSMSProcess::Scan1Worker+0x308
000000d1`7117db60 00007ffb`d3d12b04 : 000002c6`8e4cb1e0 00000000`00000000 000000d1`00000000 00000000`00001368 : mpengine!CSMSProcess::Scan+0x458
000000d1`7117dc40 00007ffb`d42d8ae6 : 000002c6`8b5604f0 000002c6`8dcc1180 00007ffb`d483c870 00000000`000012e4 : mpengine!CEMSContext::EmsScan+0x350
000000d1`7117dd40 00007ffb`d42d91aa : 00000000`00000000 000002c6`8d408250 000002c6`8d407530 000002c6`e3540db0 : mpengine!RunEMS+0x422
000000d1`7117df00 00007ffb`d42d8be7 : 000002c6`8daf7301 00007ffb`d45f6981 00000000`00000000 000002c6`8daf7300 : mpengine!CResmgrems::ScanImpl+0x23e
000000d1`7117dfe0 00007ffb`d3b439de : 00000000`00000000 00000000`00000000 00000000`0000008e 00000000`00000000 : mpengine!CResmgrems::Scan+0x17
000000d1`7117e130 00007ffb`d41aae6d : 000002c6`838211a0 000000d1`7117e430 00000000`00000000 000002c6`8a232420 : mpengine!ResmgrProcessResource+0x9b6
000000d1`7117e2f0 00007ffb`d419f368 : 000002c6`f1451070 00000000`00000000 00000000`00000000 000002c6`f1451070 : mpengine!ResScan+0x915
000000d1`7117e740 00007ffb`d3b660ca : 000002c6`885896d0 000002c6`f1451a20 000002c6`f1451070 00007ffb`d4aefb40 : mpengine!ScanOpenWithContext+0x1b9c
000000d1`7117eb50 00007ffb`d3bc54c0 : 00000000`00000000 00000000`00000078 000002c6`885896d0 00000000`0000800c : mpengine!UberScanOpen+0xaea
000000d1`7117ec70 00007ffb`d3bc460d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : mpengine!ksignal+0xdd0
000000d1`7117ef10 00007ffb`d3c0222e : 00000000`00000000 000000d1`7117f890 00000000`00000000 000002c6`885896d0 : mpengine!DispatchSignalHelper+0x71
000000d1`7117ef70 00007ffb`fbfefb51 : 00000000`00000000 00000000`00004026 000002c6`886096b0 000000d1`7117f7e8 : mpengine!DispatchSignalOnHandle+0x186
000000d1`7117f770 00007ffb`fc2994d5 : 000002c6`886096b0 00007ffb`fc471d90 00000000`00000f38 00000000`00001318 : mpsvc!rsignal_wrapper+0x1f1
000000d1`7117f830 00007ffb`fc29224a : 000002c6`88524010 000002c6`88524010 000002c6`e288ace0 00007ffb`fc471388 : mpsvc!OnDemandScanWorker+0x545
000000d1`7117f8c0 00007ffb`fc2920dd : 00000000`00000000 000002c6`88524010 000002c6`e2fca3c0 00000000`00000090 : mpsvc!MpService::CMpSvcScanWorkItem::Run+0xca
000000d1`7117f930 00007ffb`fc0a853d : 000002c6`e2fad4b0 00007ffc`0c120f96 000002c6`88524010 00000000`00000000 : mpsvc!MpService::CMpSvcScansQueue::Dispatch+0x2d
000000d1`7117f980 00007ffb`fda7c8e8 : 000000d1`7117f9f8 000002c6`8851be90 000002c6`e2fd9ce0 0000cafd`841f4783 : mpsvc!MpService::CMpSvcScanWorkItem::OnAction+0x1d
000000d1`7117f9b0 00007ffb`fda7c7d3 : 000002c6`e288ace0 000002c6`e288acf0 000002c6`e288ace0 000002c6`e288acf0 : MpClient!CommonUtil::CMpSimpleThreadPool::Call+0x5c
000000d1`7117fa00 00007ffc`0c113720 : 000002c6`e2fad4b0 000002c6`e2fad578 000002c6`884d1350 000002c6`e2fd9ce0 : MpClient!CommonUtil::CMpSimpleThreadPool::AsyncDequeue+0xdf
000000d1`7117fa70 00007ffc`0c0fd79a : 00000000`00000000 00000000`00000000 000002c6`e2fd9ce0 000002c6`8851be90 : ntdll!TppWorkpExecuteCallback+0x130
000000d1`7117fac0 00007ffc`0a607374 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x68a
000000d1`7117fdc0 00007ffc`0c0fcc91 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000d1`7117fdf0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
Diagnostic Logs
WSL diag log were full of 0x00 bytes, no data here. No data are available for logging.