Onedrive's cldflt.sys causing ntfs.sys BSOD SYSTEM_SERVICE_EXCEPTION since updating to Windows 10 ver 1809

D

Danunlisted

My system has been plauged by BSODs on ntfs.sys since applying the 'Feature update to Windows 10, version 1809', even after ensuring I had all of the latest drivers from Lenovom


The BSODs always seem to happen when opening attachments in Outlook or saving various files in other office application.


I ended up setting up the Windbg tools to see if i could learn more -- and the crash dump points to cldflt.sys as culprit.


I do use Onedrive as my primary documents folder for office apps, which makes sense as to when the issue is triggered when i am saving documents, opening attachments in office, etc.


Since onedrive is now part of windows... i cannot even reinstall it as far as i can tell.



Any insight or suggestion on what i can do with this would be appreciated; system crashing is really killing my productivity.





A similar issue is reported here:



View: https://www.reddit.com/r/techsupport/comments/9uy6as/cldfltsys_causes_bsod_when_in_office_application/






Windows debugger output:





Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.





Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.



Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 17763 MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 17763.1.amd64fre.rs5_release.180914-1434

Machine Name:

Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50

Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)

System Uptime: 0 days 16:05:23.306

Loading Kernel Symbols

...............................................................

................................................................

................................................................

.........................................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details

Loading unloaded module list

..................................................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



Use !analyze -v to get detailed debugging information.



BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}



CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.

CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.

Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )



Followup: MachineOwner

---------







Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.





Loading Dump File [C:\Windows\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.



Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 17763 MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 17763.1.amd64fre.rs5_release.180914-1434

Machine Name:

Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50

Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)

System Uptime: 0 days 16:05:23.306

Loading Kernel Symbols

...............................................................

................................................................

................................................................

.........................................................

Loading User Symbols

PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details

Loading unloaded module list

..................................................

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



Use !analyze -v to get detailed debugging information.



BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}



CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.

CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.

Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )



Followup: MachineOwner

---------



6: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

Arguments:

Arg1: 00000000c0000005, Exception code that caused the bugcheck

Arg2: fffff80d55a737c3, Address of the instruction which caused the bugcheck

Arg3: ffff870cb415d310, Address of the context record for the exception that caused the bugcheck

Arg4: 0000000000000000, zero.



Debugging Details:

------------------





DUMP_CLASS: 1



DUMP_QUALIFIER: 401



BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434



SYSTEM_MANUFACTURER: LENOVO



SYSTEM_PRODUCT_NAME: 20LD0017US



SYSTEM_SKU: LENOVO_MT_20LD_BU_Think_FM_ThinkPad X1 Yoga 3rd



SYSTEM_VERSION: ThinkPad X1 Yoga 3rd



BIOS_VENDOR: LENOVO



BIOS_VERSION: N25ET41W (1.27 )



BIOS_DATE: 11/12/2018



BASEBOARD_MANUFACTURER: LENOVO



BASEBOARD_PRODUCT: 20LD0017US



BASEBOARD_VERSION: SDK0J40697 WIN



DUMP_TYPE: 1



BUGCHECK_P1: c0000005



BUGCHECK_P2: fffff80d55a737c3



BUGCHECK_P3: ffff870cb415d310



BUGCHECK_P4: 0



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.



FAULTING_IP:

Ntfs!NtfsQueryStatInfo+27

fffff****70cb415e1b0

rdx=ffffd60356707030 rsi=0000000000000000 rdi=ffff870cb415e0c0

rip=fffff80d55a737c3 rsp=ffff870cb415dd00 rbp=ffff870cb415de09

r8=0000000000000000 r9=0000000000000000 r10=fffff80d55904910

r11=ffff870cb415dd98 r12=ffff870cb415e100 r13=0000000000000000

r14=ffffd603657a0010 r15=0000000000000000

iopl=0 nv up ei pl zr na po nc

cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246

Ntfs!NtfsQueryStatInfo+0x27:

fffff80d`55a737c3 4d8bb9a8000000 mov r15,qword ptr [r9+0A8h] ds:002b:00000000`000000a8=????????????????

Resetting default scope



CPU_COUNT: 8



CPU_MHZ: 840



CPU_VENDOR: GenuineIntel



CPU_FAMILY: 6



CPU_MODEL: 8e



CPU_STEPPING: a



CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 9A'00000000 (cache) 9A'00000000 (init)



DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT



BUGCHECK_STR: 0x3B



PROCESS_NAME: OUTLOOK.EXE



CURRENT_IRQL: 0



ANALYSIS_SESSION_HOST: DZINALAPTOP



ANALYSIS_SESSION_TIME: 01-23-2019 07:44:22.0353



ANALYSIS_VERSION: 10.0.14321.1024 amd64fre



LAST_CONTROL_TRANSFER: from fffff80d55a3ce85 to fffff80d55a737c3



STACK_TEXT:

ffff870c`b415dd00 fffff80d`55a3ce85 : ffff870c`b415e1b0 ffffd603`56707030 ffffd603`41734050 fffff800`487c4792 : Ntfs!NtfsQueryStatInfo+0x27

ffff870c`b415dda0 fffff80d`559b1058 : 00000000`00000000 ffff870c`b415e1b0 ffff870c`b415e0c0 00000000`00000070 : Ntfs!NtfsQueryInformationForCreate+0x8f7f1

ffff870c`b415de70 fffff80d`559bd550 : ffff870c`b415e1b0 ffff870c`b415e0c0 ffffd603`657a0010 00000000`00000001 : Ntfs!NtfsCommonCreate+0x22d****e4f****7a0010 00000000`00000000 fffff80d`55a69720 : nt!FsFilterPerformCallbacks+0xd2

ffff870c`b415e4c0 fffff800`48e4fe00 : 00000000`00000000 00000000`00000080 ffffd603`403398f0 00000000`00000044 : nt!FsRtlQueryOpen+0x99

ffff870c`b415e770 fffff800`48d29167 : 00000000`00000007 ffff870c`b415ecb0 00000000`00000044 00000000`00000044 : nt!IopQueryInformation+0x1632c0

ffff****eba8 ffff870c`00000240 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719

ffff****70c`b415f000 ffffd603`510baaa0 ffffd603`46dd7a80 ffffd603`66066210 : nt!IoQueryInformationByName+0x246

ffff870c`b415ef00 fffff800`57bc55e4 : ffff870c`b415f0e8 00000000`00000000 ffff870c`b415f0e8 fffff800`487d3755 : FLTMGR!FltQueryInformationByName+0x14e

ffff870c`b415efb0 fffff800`57bb7794 : ffff870c`b415f0e8 ffffd603`510baaa0 00000000`00000001 ffffd603`5239b080 : cldflt!FltQueryInformationByNameCallout+0x44

ffff870c`b415f000 fffff800`57c0f543 : 00000000`00000000 ffff870c`b4160000 ffff870c`b4159000 00000000`00000000 : cldflt!HsmExpandKernelStackAndCallout+0x44

ffff870c`b415f040 fffff800`57c0fe29 : ffff870c`b415f360 ffffd603`660d2b28 ffffd603`510bad30 ffffd603`660d29a0 : cldflt!HsmiFltPreECPCREATE+0x24f

ffff870c`b415f1b0 fffff80d`55d8555d : ffff870c`b415f289 ffffd603`00000000 00000000`00000000 ffffd603`660d29a0 : cldflt!HsmFltPreCREATE+0x9

ffff870c`b415f1e0 fffff80d`55d850bc : ffff870c`b415f360 ffff870c`b415f300 ffff870c`b4150000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2fd

ffff870c`b415f2f0 fffff80d`55dbd545 : ffffd603`40319ce0 ffff870c`b415f6a8 00000000`000000c0 00000000`00000000 : FLTMGR!FltpPassThroughInternal+0x8c

ffff870c`b415f320 fffff800`4876a819 : ffffd603`6508a900 ffffd603`5bcd7010 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x2e5

ffff870c`b415f3d0 fffff800`4876bbf4 : 00000000`00000000 00000000`00000005 ffffd603`404b9950 fffff****00 ffffd603`5688a5e0 ffff9c05`5007f301 : nt!IopParseDevice+0x632

ffff870c`b415f5d0 fffff800`48d4c6cf : ffffd603`5688a500 ffff870c`b415f838 ffff9c05`00000040 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719

ffff870c`b415f7a0 fffff800`48cbbab4 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`0000002**** : 00000000`1a2ffda0 00000000`00000000 00000000`00000000 00000000`1a2fe608 : nt!NtCreateFile+0x79

ffff870c`b415fa10 00007ffc`fcdd0104 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25

00000000`1a2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`fcdd0104





THREAD_SHA1_HASH_MOD_FUNC: 281d71fa68a0769f493ff156fa095a4957d8648e



THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 36dd88b5835341c4249f8fac23c92a428c6aabfe



THREAD_SHA1_HASH_MOD: 02ed243779529791d3964403d1443b03e6b6be7b



FOLLOWUP_IP:

cldflt!FltQueryInformationByNameCallout+44

fffff800`57bc55e4 0f1f440000 nop dword ptr [rax+rax]



FAULT_INSTR_CODE: 441f0f



SYMBOL_STACK_INDEX: d



SYMBOL_NAME: cldflt!FltQueryInformationByNameCallout+44



FOLLOWUP_NAME: MachineOwner



MODULE_NAME: cldflt



IMAGE_NAME: cldflt.sys



DEBUG_FLR_IMAGE_TIMESTAMP: 0



STACK_COMMAND: .cxr 0xffff870cb415d310 ; kb



BUCKET_ID_FUNC_OFFSET: 44



FAILURE_BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout



BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout



PRIMARY_PROBLEM_CLASS: 0x3B_cldflt!FltQueryInformationByNameCallout



TARGET_TIME: 2019-01-23T12:35:02.000Z



OSBUILD: 17763



OSSERVICEPACK: 0



SERVICEPACK_NUMBER: 0



OS_REVISION: 0



SUITE_MASK: 272



PRODUCT_TYPE: 1



OSPLATFORM_TYPE: x64



OSNAME: Windows 10



OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS



OS_LOCALE:



USER_LCID: 0



OSBUILD_TIMESTAMP: unknown_date



BUILDDATESTAMP_STR: 180914-1434



BUILDLAB_STR: rs5_release



BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434



ANALYSIS_SESSION_ELAPSED_TIME: 14a1



ANALYSIS_SOURCE: KM



FAILURE_ID_HASH_STRING: km:0x3b_cldflt!fltqueryinformationbynamecallout



FAILURE_ID_HASH: {cb35decb-0f4c-8921-8c84-9dc4276d92de}



Followup: MachineOwner

---------




Here is a list of all file system drivers that are installed on my system in the event that is helpful:


Module Name Display Name Description Driver Type Start Mode State Status Accept Stop Accept Pause Paged Pool(bytes) Code(bytes) BSS(bytes) Link Date Path Init(bytes)

============ ====================== ====================== ============= ========== ========== ========== =========== ============ ================= =========== ========== ====================== ================================================ ===========

AppvStrm AppvStrm AppvStrm File System Manual Stopped OK FALSE FALSE 4,096 81,920 0 C:\WINDOWS\system32\drivers\AppvStrm.sys 4,096

AppvVemgr AppvVemgr AppvVemgr File System Manual Stopped OK FALSE FALSE 8,192 106,496 0 C:\WINDOWS\system32\drivers\AppvVemgr.sys 4,096

AppvVfs AppvVfs AppvVfs File System Manual Stopped OK FALSE FALSE 8,192 86,016 0 C:\WINDOWS\system32\drivers\AppvVfs.sys 4,096

bindflt Windows Bind Filter Dr Windows Bind Filter Dr File System Manual Stopped OK FALSE FALSE 53,248 20,480 0 C:\WINDOWS\system32\drivers\bindflt.sys 4,096

bowser Browser Browser File System Manual Running OK TRUE FALSE 73,728 20,480 0 C:\WINDOWS\system32\DRIVERS\bowser.sys 4,096

cdfs CD/DVD File System Rea CD/DVD File System Rea File System Disabled Stopped OK FALSE FALSE 69,632 12,288 0 C:\WINDOWS\system32\DRIVERS\cdfs.sys 4,096

CldFlt Windows Cloud Files Fi Windows Cloud Files Fi File System Auto Running OK TRUE FALSE 299,008 94,208 0 C:\WINDOWS\system32\drivers\cldflt.sys 4,096

Dfsc DFS Namespace Client D DFS Namespace Client D File System System Running OK TRUE FALSE 94,208 24,576 0 C:\WINDOWS\system32\Drivers\dfsc.sys 4,096

exfat exFAT File System Driv exFAT File System Driv File System Manual Stopped OK FALSE FALSE 225,280 86,016 0 C:\WINDOWS\system32\drivers\exfat.sys 4,096

fastfat FAT12/16/32 File Syste FAT12/16/32 File Syste File System Manual Running OK TRUE FALSE 258,048 61,440 0 C:\WINDOWS\system32\drivers\fastfat.sys 4,096

FileCrypt FileCrypt FileCrypt File System System Running OK TRUE FALSE 28,672 12,288 0 C:\WINDOWS\system32\drivers\filecrypt.sys 4,096

FileInfo File Information FS Mi File Information FS Mi File System Boot Running OK TRUE FALSE 45,056 12,288 0 C:\WINDOWS\system32\drivers\fileinfo.sys 4,096

Filetrace Filetrace Filetrace File System Manual Stopped OK FALSE FALSE 12,288 12,288 0 C:\WINDOWS\system32\drivers\filetrace.sys 4,096

FltMgr FltMgr FltMgr File System Boot Running OK TRUE FALSE 188,416 106,496 0 C:\WINDOWS\system32\drivers\fltmgr.sys 8,192

FsDepends File System Dependency File System Dependency File System Manual Running OK TRUE FALSE 40,960 8,192 0 C:\WINDOWS\system32\drivers\FsDepends.sys 4,096

luafv UAC File Virtualizatio UAC File Virtualizatio File System Auto Running OK TRUE FALSE 65,536 8,192 0 C:\WINDOWS\system32\drivers\luafv.sys 12,288

MRxDAV WebDav Client Redirect WebDav Client Redirect File System Manual Stopped OK FALSE FALSE 114,688 24,576 0 C:\WINDOWS\system32\drivers\mrxdav.sys 4,096

mrxsmb SMB MiniRedirector Wra SMB MiniRedirector Wra File System Manual Running OK TRUE FALSE 65,536 262,144 0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 4,096

mrxsmb10 SMB 1.x MiniRedirector SMB 1.x MiniRedirector File System Auto Running OK TRUE FALSE 172,032 86,016 0 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 4,096

mrxsmb20 SMB 2.0 MiniRedirector SMB 2.0 MiniRedirector File System Manual Running OK TRUE FALSE 20,480 184,320 0 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 4,096

Msfs Msfs Msfs File System System Running OK TRUE FALSE 28,672 4,096 0 C:\WINDOWS\system32\drivers\Msfs.sys 4,096

Mup Mup Mup File System Boot Running OK TRUE FALSE 61,440 16,384 0 C:\WINDOWS\system32\Drivers\mup.sys 4,096

NetBIOS NetBIOS Interface NetBIOS Interface File System System Running OK TRUE FALSE 20,480 24,576 0 C:\WINDOWS\system32\drivers\netbios.sys 4,096

Npfs Npfs Npfs File System System Running OK TRUE FALSE 57,344 8,192 0 C:\WINDOWS\system32\drivers\Npfs.sys 4,096

Ntfs Ntfs Ntfs File System Manual Running OK TRUE FALSE 1,753,088 401,408 0 C:\WINDOWS\system32\drivers\Ntfs.sys 16,384

rdbss Redirected Buffering S Redirected Buffering S File System System Running OK TRUE FALSE 212,992 139,264 0 C:\WINDOWS\system32\DRIVERS\rdbss.sys 8,192

ReFS ReFS ReFS File System Manual Stopped OK FALSE FALSE 552,960 1,048,576 0 C:\WINDOWS\system32\drivers\ReFS.sys 16,384

ReFSv1 ReFSv1 ReFSv1 File System Manual Stopped OK FALSE FALSE 352,256 409,600 0 C:\WINDOWS\system32\drivers\ReFSv1.sys 8,192

RsFx0501 RsFx0501 Driver RsFx0501 Driver File System Disabled Stopped OK FALSE FALSE 94,208 90,112 0 12/14/2017 12:41:45 PM C:\WINDOWS\system32\DRIVERS\RsFx0501.sys 8,192

smbdirect smbdirect smbdirect File System Manual Stopped OK FALSE FALSE 8,192 77,824 0 C:\WINDOWS\system32\DRIVERS\smbdirect.sys 4,096

srv2 Server SMB 2.xxx Drive Server SMB 2.xxx Drive File System Manual Running OK TRUE FALSE 241,664 200,704 0 C:\WINDOWS\system32\DRIVERS\srv2.sys 4,096

srvnet srvnet srvnet File System Manual Running OK TRUE FALSE 81,920 135,168 0 C:\WINDOWS\system32\DRIVERS\srvnet.sys 4,096

storqosflt Storage QoS Filter Dri Storage QoS Filter Dri File System Auto Running OK TRUE FALSE 20,480 40,960 0 C:\WINDOWS\system32\drivers\storqosflt.sys 4,096

udfs udfs udfs File System Disabled Stopped OK FALSE FALSE 180,224 114,688 0 C:\WINDOWS\system32\DRIVERS\udfs.sys 4,096

UevAgentDriv UevAgentDriver UevAgentDriver File System Disabled Stopped OK FALSE FALSE 8,192 4,096 0 C:\WINDOWS\system32\drivers\UevAgentDriver.sys 4,096

wcifs Windows Container Isol Windows Container Isol File System Auto Running OK TRUE FALSE 102,400 24,576 0 C:\WINDOWS\system32\drivers\wcifs.sys 4,096

wcnfs Windows Container Name Windows Container Name File System Manual Running OK TRUE FALSE 49,152 16,384 0 C:\WINDOWS\system32\drivers\wcnfs.sys 4,096

WdFilter Windows Defender Antiv Windows Defender Antiv File System Boot Running OK TRUE FALSE 212,992 40,960 0 C:\WINDOWS\system32\drivers\wd\WdFilter.sys 24,576

WIMMount WIMMount WIMMount File System Manual Stopped OK FALSE FALSE 12,288 8,192 0 C:\WINDOWS\system32\drivers\wimmount.sys 4,096

Wof Windows Overlay File S Windows Overlay File S File System Boot Running OK TRUE FALSE 106,496 61,440 0 C:\WINDOWS\system32\drivers\Wof.sys 8,192

Continue reading...
 
Back
Top Bottom