D
Danunlisted
My system has been plauged by BSODs on ntfs.sys since applying the 'Feature update to Windows 10, version 1809', even after ensuring I had all of the latest drivers from Lenovom
The BSODs always seem to happen when opening attachments in Outlook or saving various files in other office application.
I ended up setting up the Windbg tools to see if i could learn more -- and the crash dump points to cldflt.sys as culprit.
I do use Onedrive as my primary documents folder for office apps, which makes sense as to when the issue is triggered when i am saving documents, opening attachments in office, etc.
Since onedrive is now part of windows... i cannot even reinstall it as far as i can tell.
Any insight or suggestion on what i can do with this would be appreciated; system crashing is really killing my productivity.
A similar issue is reported here:
View: https://www.reddit.com/r/techsupport/comments/9uy6as/cldfltsys_causes_bsod_when_in_office_application/
Windows debugger output:
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50
Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)
System Uptime: 0 days 16:05:23.306
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50
Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)
System Uptime: 0 days 16:05:23.306
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80d55a737c3, Address of the instruction which caused the bugcheck
Arg3: ffff870cb415d310, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: LENOVO
SYSTEM_PRODUCT_NAME: 20LD0017US
SYSTEM_SKU: LENOVO_MT_20LD_BU_Think_FM_ThinkPad X1 Yoga 3rd
SYSTEM_VERSION: ThinkPad X1 Yoga 3rd
BIOS_VENDOR: LENOVO
BIOS_VERSION: N25ET41W (1.27 )
BIOS_DATE: 11/12/2018
BASEBOARD_MANUFACTURER: LENOVO
BASEBOARD_PRODUCT: 20LD0017US
BASEBOARD_VERSION: SDK0J40697 WIN
DUMP_TYPE: 1
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80d55a737c3
BUGCHECK_P3: ffff870cb415d310
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
Ntfs!NtfsQueryStatInfo+27
fffff****70cb415e1b0
rdx=ffffd60356707030 rsi=0000000000000000 rdi=ffff870cb415e0c0
rip=fffff80d55a737c3 rsp=ffff870cb415dd00 rbp=ffff870cb415de09
r8=0000000000000000 r9=0000000000000000 r10=fffff80d55904910
r11=ffff870cb415dd98 r12=ffff870cb415e100 r13=0000000000000000
r14=ffffd603657a0010 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
Ntfs!NtfsQueryStatInfo+0x27:
fffff80d`55a737c3 4d8bb9a8000000 mov r15,qword ptr [r9+0A8h] ds:002b:00000000`000000a8=????????????????
Resetting default scope
CPU_COUNT: 8
CPU_MHZ: 840
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 9A'00000000 (cache) 9A'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: OUTLOOK.EXE
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DZINALAPTOP
ANALYSIS_SESSION_TIME: 01-23-2019 07:44:22.0353
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
LAST_CONTROL_TRANSFER: from fffff80d55a3ce85 to fffff80d55a737c3
STACK_TEXT:
ffff870c`b415dd00 fffff80d`55a3ce85 : ffff870c`b415e1b0 ffffd603`56707030 ffffd603`41734050 fffff800`487c4792 : Ntfs!NtfsQueryStatInfo+0x27
ffff870c`b415dda0 fffff80d`559b1058 : 00000000`00000000 ffff870c`b415e1b0 ffff870c`b415e0c0 00000000`00000070 : Ntfs!NtfsQueryInformationForCreate+0x8f7f1
ffff870c`b415de70 fffff80d`559bd550 : ffff870c`b415e1b0 ffff870c`b415e0c0 ffffd603`657a0010 00000000`00000001 : Ntfs!NtfsCommonCreate+0x22d****e4f****7a0010 00000000`00000000 fffff80d`55a69720 : nt!FsFilterPerformCallbacks+0xd2
ffff870c`b415e4c0 fffff800`48e4fe00 : 00000000`00000000 00000000`00000080 ffffd603`403398f0 00000000`00000044 : nt!FsRtlQueryOpen+0x99
ffff870c`b415e770 fffff800`48d29167 : 00000000`00000007 ffff870c`b415ecb0 00000000`00000044 00000000`00000044 : nt!IopQueryInformation+0x1632c0
ffff****eba8 ffff870c`00000240 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719
ffff****70c`b415f000 ffffd603`510baaa0 ffffd603`46dd7a80 ffffd603`66066210 : nt!IoQueryInformationByName+0x246
ffff870c`b415ef00 fffff800`57bc55e4 : ffff870c`b415f0e8 00000000`00000000 ffff870c`b415f0e8 fffff800`487d3755 : FLTMGR!FltQueryInformationByName+0x14e
ffff870c`b415efb0 fffff800`57bb7794 : ffff870c`b415f0e8 ffffd603`510baaa0 00000000`00000001 ffffd603`5239b080 : cldflt!FltQueryInformationByNameCallout+0x44
ffff870c`b415f000 fffff800`57c0f543 : 00000000`00000000 ffff870c`b4160000 ffff870c`b4159000 00000000`00000000 : cldflt!HsmExpandKernelStackAndCallout+0x44
ffff870c`b415f040 fffff800`57c0fe29 : ffff870c`b415f360 ffffd603`660d2b28 ffffd603`510bad30 ffffd603`660d29a0 : cldflt!HsmiFltPreECPCREATE+0x24f
ffff870c`b415f1b0 fffff80d`55d8555d : ffff870c`b415f289 ffffd603`00000000 00000000`00000000 ffffd603`660d29a0 : cldflt!HsmFltPreCREATE+0x9
ffff870c`b415f1e0 fffff80d`55d850bc : ffff870c`b415f360 ffff870c`b415f300 ffff870c`b4150000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2fd
ffff870c`b415f2f0 fffff80d`55dbd545 : ffffd603`40319ce0 ffff870c`b415f6a8 00000000`000000c0 00000000`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
ffff870c`b415f320 fffff800`4876a819 : ffffd603`6508a900 ffffd603`5bcd7010 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x2e5
ffff870c`b415f3d0 fffff800`4876bbf4 : 00000000`00000000 00000000`00000005 ffffd603`404b9950 fffff****00 ffffd603`5688a5e0 ffff9c05`5007f301 : nt!IopParseDevice+0x632
ffff870c`b415f5d0 fffff800`48d4c6cf : ffffd603`5688a500 ffff870c`b415f838 ffff9c05`00000040 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719
ffff870c`b415f7a0 fffff800`48cbbab4 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`0000002**** : 00000000`1a2ffda0 00000000`00000000 00000000`00000000 00000000`1a2fe608 : nt!NtCreateFile+0x79
ffff870c`b415fa10 00007ffc`fcdd0104 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`1a2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`fcdd0104
THREAD_SHA1_HASH_MOD_FUNC: 281d71fa68a0769f493ff156fa095a4957d8648e
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 36dd88b5835341c4249f8fac23c92a428c6aabfe
THREAD_SHA1_HASH_MOD: 02ed243779529791d3964403d1443b03e6b6be7b
FOLLOWUP_IP:
cldflt!FltQueryInformationByNameCallout+44
fffff800`57bc55e4 0f1f440000 nop dword ptr [rax+rax]
FAULT_INSTR_CODE: 441f0f
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: cldflt!FltQueryInformationByNameCallout+44
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cldflt
IMAGE_NAME: cldflt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffff870cb415d310 ; kb
BUCKET_ID_FUNC_OFFSET: 44
FAILURE_BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout
BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout
PRIMARY_PROBLEM_CLASS: 0x3B_cldflt!FltQueryInformationByNameCallout
TARGET_TIME: 2019-01-23T12:35:02.000Z
OSBUILD: 17763
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 14a1
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_cldflt!fltqueryinformationbynamecallout
FAILURE_ID_HASH: {cb35decb-0f4c-8921-8c84-9dc4276d92de}
Followup: MachineOwner
---------
Here is a list of all file system drivers that are installed on my system in the event that is helpful:
Module Name Display Name Description Driver Type Start Mode State Status Accept Stop Accept Pause Paged Pool(bytes) Code(bytes) BSS(bytes) Link Date Path Init(bytes)
============ ====================== ====================== ============= ========== ========== ========== =========== ============ ================= =========== ========== ====================== ================================================ ===========
AppvStrm AppvStrm AppvStrm File System Manual Stopped OK FALSE FALSE 4,096 81,920 0 C:\WINDOWS\system32\drivers\AppvStrm.sys 4,096
AppvVemgr AppvVemgr AppvVemgr File System Manual Stopped OK FALSE FALSE 8,192 106,496 0 C:\WINDOWS\system32\drivers\AppvVemgr.sys 4,096
AppvVfs AppvVfs AppvVfs File System Manual Stopped OK FALSE FALSE 8,192 86,016 0 C:\WINDOWS\system32\drivers\AppvVfs.sys 4,096
bindflt Windows Bind Filter Dr Windows Bind Filter Dr File System Manual Stopped OK FALSE FALSE 53,248 20,480 0 C:\WINDOWS\system32\drivers\bindflt.sys 4,096
bowser Browser Browser File System Manual Running OK TRUE FALSE 73,728 20,480 0 C:\WINDOWS\system32\DRIVERS\bowser.sys 4,096
cdfs CD/DVD File System Rea CD/DVD File System Rea File System Disabled Stopped OK FALSE FALSE 69,632 12,288 0 C:\WINDOWS\system32\DRIVERS\cdfs.sys 4,096
CldFlt Windows Cloud Files Fi Windows Cloud Files Fi File System Auto Running OK TRUE FALSE 299,008 94,208 0 C:\WINDOWS\system32\drivers\cldflt.sys 4,096
Dfsc DFS Namespace Client D DFS Namespace Client D File System System Running OK TRUE FALSE 94,208 24,576 0 C:\WINDOWS\system32\Drivers\dfsc.sys 4,096
exfat exFAT File System Driv exFAT File System Driv File System Manual Stopped OK FALSE FALSE 225,280 86,016 0 C:\WINDOWS\system32\drivers\exfat.sys 4,096
fastfat FAT12/16/32 File Syste FAT12/16/32 File Syste File System Manual Running OK TRUE FALSE 258,048 61,440 0 C:\WINDOWS\system32\drivers\fastfat.sys 4,096
FileCrypt FileCrypt FileCrypt File System System Running OK TRUE FALSE 28,672 12,288 0 C:\WINDOWS\system32\drivers\filecrypt.sys 4,096
FileInfo File Information FS Mi File Information FS Mi File System Boot Running OK TRUE FALSE 45,056 12,288 0 C:\WINDOWS\system32\drivers\fileinfo.sys 4,096
Filetrace Filetrace Filetrace File System Manual Stopped OK FALSE FALSE 12,288 12,288 0 C:\WINDOWS\system32\drivers\filetrace.sys 4,096
FltMgr FltMgr FltMgr File System Boot Running OK TRUE FALSE 188,416 106,496 0 C:\WINDOWS\system32\drivers\fltmgr.sys 8,192
FsDepends File System Dependency File System Dependency File System Manual Running OK TRUE FALSE 40,960 8,192 0 C:\WINDOWS\system32\drivers\FsDepends.sys 4,096
luafv UAC File Virtualizatio UAC File Virtualizatio File System Auto Running OK TRUE FALSE 65,536 8,192 0 C:\WINDOWS\system32\drivers\luafv.sys 12,288
MRxDAV WebDav Client Redirect WebDav Client Redirect File System Manual Stopped OK FALSE FALSE 114,688 24,576 0 C:\WINDOWS\system32\drivers\mrxdav.sys 4,096
mrxsmb SMB MiniRedirector Wra SMB MiniRedirector Wra File System Manual Running OK TRUE FALSE 65,536 262,144 0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 4,096
mrxsmb10 SMB 1.x MiniRedirector SMB 1.x MiniRedirector File System Auto Running OK TRUE FALSE 172,032 86,016 0 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 4,096
mrxsmb20 SMB 2.0 MiniRedirector SMB 2.0 MiniRedirector File System Manual Running OK TRUE FALSE 20,480 184,320 0 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 4,096
Msfs Msfs Msfs File System System Running OK TRUE FALSE 28,672 4,096 0 C:\WINDOWS\system32\drivers\Msfs.sys 4,096
Mup Mup Mup File System Boot Running OK TRUE FALSE 61,440 16,384 0 C:\WINDOWS\system32\Drivers\mup.sys 4,096
NetBIOS NetBIOS Interface NetBIOS Interface File System System Running OK TRUE FALSE 20,480 24,576 0 C:\WINDOWS\system32\drivers\netbios.sys 4,096
Npfs Npfs Npfs File System System Running OK TRUE FALSE 57,344 8,192 0 C:\WINDOWS\system32\drivers\Npfs.sys 4,096
Ntfs Ntfs Ntfs File System Manual Running OK TRUE FALSE 1,753,088 401,408 0 C:\WINDOWS\system32\drivers\Ntfs.sys 16,384
rdbss Redirected Buffering S Redirected Buffering S File System System Running OK TRUE FALSE 212,992 139,264 0 C:\WINDOWS\system32\DRIVERS\rdbss.sys 8,192
ReFS ReFS ReFS File System Manual Stopped OK FALSE FALSE 552,960 1,048,576 0 C:\WINDOWS\system32\drivers\ReFS.sys 16,384
ReFSv1 ReFSv1 ReFSv1 File System Manual Stopped OK FALSE FALSE 352,256 409,600 0 C:\WINDOWS\system32\drivers\ReFSv1.sys 8,192
RsFx0501 RsFx0501 Driver RsFx0501 Driver File System Disabled Stopped OK FALSE FALSE 94,208 90,112 0 12/14/2017 12:41:45 PM C:\WINDOWS\system32\DRIVERS\RsFx0501.sys 8,192
smbdirect smbdirect smbdirect File System Manual Stopped OK FALSE FALSE 8,192 77,824 0 C:\WINDOWS\system32\DRIVERS\smbdirect.sys 4,096
srv2 Server SMB 2.xxx Drive Server SMB 2.xxx Drive File System Manual Running OK TRUE FALSE 241,664 200,704 0 C:\WINDOWS\system32\DRIVERS\srv2.sys 4,096
srvnet srvnet srvnet File System Manual Running OK TRUE FALSE 81,920 135,168 0 C:\WINDOWS\system32\DRIVERS\srvnet.sys 4,096
storqosflt Storage QoS Filter Dri Storage QoS Filter Dri File System Auto Running OK TRUE FALSE 20,480 40,960 0 C:\WINDOWS\system32\drivers\storqosflt.sys 4,096
udfs udfs udfs File System Disabled Stopped OK FALSE FALSE 180,224 114,688 0 C:\WINDOWS\system32\DRIVERS\udfs.sys 4,096
UevAgentDriv UevAgentDriver UevAgentDriver File System Disabled Stopped OK FALSE FALSE 8,192 4,096 0 C:\WINDOWS\system32\drivers\UevAgentDriver.sys 4,096
wcifs Windows Container Isol Windows Container Isol File System Auto Running OK TRUE FALSE 102,400 24,576 0 C:\WINDOWS\system32\drivers\wcifs.sys 4,096
wcnfs Windows Container Name Windows Container Name File System Manual Running OK TRUE FALSE 49,152 16,384 0 C:\WINDOWS\system32\drivers\wcnfs.sys 4,096
WdFilter Windows Defender Antiv Windows Defender Antiv File System Boot Running OK TRUE FALSE 212,992 40,960 0 C:\WINDOWS\system32\drivers\wd\WdFilter.sys 24,576
WIMMount WIMMount WIMMount File System Manual Stopped OK FALSE FALSE 12,288 8,192 0 C:\WINDOWS\system32\drivers\wimmount.sys 4,096
Wof Windows Overlay File S Windows Overlay File S File System Boot Running OK TRUE FALSE 106,496 61,440 0 C:\WINDOWS\system32\drivers\Wof.sys 8,192
Continue reading...
The BSODs always seem to happen when opening attachments in Outlook or saving various files in other office application.
I ended up setting up the Windbg tools to see if i could learn more -- and the crash dump points to cldflt.sys as culprit.
I do use Onedrive as my primary documents folder for office apps, which makes sense as to when the issue is triggered when i am saving documents, opening attachments in office, etc.
Since onedrive is now part of windows... i cannot even reinstall it as far as i can tell.
Any insight or suggestion on what i can do with this would be appreciated; system crashing is really killing my productivity.
A similar issue is reported here:
View: https://www.reddit.com/r/techsupport/comments/9uy6as/cldfltsys_causes_bsod_when_in_office_application/
Windows debugger output:
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50
Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)
System Uptime: 0 days 16:05:23.306
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff800`486ac000 PsLoadedModuleList = 0xfffff800`48ac6a50
Debug session time: Wed Jan 23 07:35:02.255 2019 (UTC - 5:00)
System Uptime: 0 days 16:05:23.306
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a30018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80d55a737c3, ffff870cb415d310, 0}
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
CompressedPageDataReader warning: failed to get _SM_PAGE_KEY symbol.
Probably caused by : cldflt.sys ( cldflt!FltQueryInformationByNameCallout+44 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80d55a737c3, Address of the instruction which caused the bugcheck
Arg3: ffff870cb415d310, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
SYSTEM_MANUFACTURER: LENOVO
SYSTEM_PRODUCT_NAME: 20LD0017US
SYSTEM_SKU: LENOVO_MT_20LD_BU_Think_FM_ThinkPad X1 Yoga 3rd
SYSTEM_VERSION: ThinkPad X1 Yoga 3rd
BIOS_VENDOR: LENOVO
BIOS_VERSION: N25ET41W (1.27 )
BIOS_DATE: 11/12/2018
BASEBOARD_MANUFACTURER: LENOVO
BASEBOARD_PRODUCT: 20LD0017US
BASEBOARD_VERSION: SDK0J40697 WIN
DUMP_TYPE: 1
BUGCHECK_P1: c0000005
BUGCHECK_P2: fffff80d55a737c3
BUGCHECK_P3: ffff870cb415d310
BUGCHECK_P4: 0
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
FAULTING_IP:
Ntfs!NtfsQueryStatInfo+27
fffff****70cb415e1b0
rdx=ffffd60356707030 rsi=0000000000000000 rdi=ffff870cb415e0c0
rip=fffff80d55a737c3 rsp=ffff870cb415dd00 rbp=ffff870cb415de09
r8=0000000000000000 r9=0000000000000000 r10=fffff80d55904910
r11=ffff870cb415dd98 r12=ffff870cb415e100 r13=0000000000000000
r14=ffffd603657a0010 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
Ntfs!NtfsQueryStatInfo+0x27:
fffff80d`55a737c3 4d8bb9a8000000 mov r15,qword ptr [r9+0A8h] ds:002b:00000000`000000a8=????????????????
Resetting default scope
CPU_COUNT: 8
CPU_MHZ: 840
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 8e
CPU_STEPPING: a
CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 9A'00000000 (cache) 9A'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: OUTLOOK.EXE
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DZINALAPTOP
ANALYSIS_SESSION_TIME: 01-23-2019 07:44:22.0353
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
LAST_CONTROL_TRANSFER: from fffff80d55a3ce85 to fffff80d55a737c3
STACK_TEXT:
ffff870c`b415dd00 fffff80d`55a3ce85 : ffff870c`b415e1b0 ffffd603`56707030 ffffd603`41734050 fffff800`487c4792 : Ntfs!NtfsQueryStatInfo+0x27
ffff870c`b415dda0 fffff80d`559b1058 : 00000000`00000000 ffff870c`b415e1b0 ffff870c`b415e0c0 00000000`00000070 : Ntfs!NtfsQueryInformationForCreate+0x8f7f1
ffff870c`b415de70 fffff80d`559bd550 : ffff870c`b415e1b0 ffff870c`b415e0c0 ffffd603`657a0010 00000000`00000001 : Ntfs!NtfsCommonCreate+0x22d****e4f****7a0010 00000000`00000000 fffff80d`55a69720 : nt!FsFilterPerformCallbacks+0xd2
ffff870c`b415e4c0 fffff800`48e4fe00 : 00000000`00000000 00000000`00000080 ffffd603`403398f0 00000000`00000044 : nt!FsRtlQueryOpen+0x99
ffff870c`b415e770 fffff800`48d29167 : 00000000`00000007 ffff870c`b415ecb0 00000000`00000044 00000000`00000044 : nt!IopQueryInformation+0x1632c0
ffff****eba8 ffff870c`00000240 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719
ffff****70c`b415f000 ffffd603`510baaa0 ffffd603`46dd7a80 ffffd603`66066210 : nt!IoQueryInformationByName+0x246
ffff870c`b415ef00 fffff800`57bc55e4 : ffff870c`b415f0e8 00000000`00000000 ffff870c`b415f0e8 fffff800`487d3755 : FLTMGR!FltQueryInformationByName+0x14e
ffff870c`b415efb0 fffff800`57bb7794 : ffff870c`b415f0e8 ffffd603`510baaa0 00000000`00000001 ffffd603`5239b080 : cldflt!FltQueryInformationByNameCallout+0x44
ffff870c`b415f000 fffff800`57c0f543 : 00000000`00000000 ffff870c`b4160000 ffff870c`b4159000 00000000`00000000 : cldflt!HsmExpandKernelStackAndCallout+0x44
ffff870c`b415f040 fffff800`57c0fe29 : ffff870c`b415f360 ffffd603`660d2b28 ffffd603`510bad30 ffffd603`660d29a0 : cldflt!HsmiFltPreECPCREATE+0x24f
ffff870c`b415f1b0 fffff80d`55d8555d : ffff870c`b415f289 ffffd603`00000000 00000000`00000000 ffffd603`660d29a0 : cldflt!HsmFltPreCREATE+0x9
ffff870c`b415f1e0 fffff80d`55d850bc : ffff870c`b415f360 ffff870c`b415f300 ffff870c`b4150000 00000000`00000000 : FLTMGR!FltpPerformPreCallbacks+0x2fd
ffff870c`b415f2f0 fffff80d`55dbd545 : ffffd603`40319ce0 ffff870c`b415f6a8 00000000`000000c0 00000000`00000000 : FLTMGR!FltpPassThroughInternal+0x8c
ffff870c`b415f320 fffff800`4876a819 : ffffd603`6508a900 ffffd603`5bcd7010 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x2e5
ffff870c`b415f3d0 fffff800`4876bbf4 : 00000000`00000000 00000000`00000005 ffffd603`404b9950 fffff****00 ffffd603`5688a5e0 ffff9c05`5007f301 : nt!IopParseDevice+0x632
ffff870c`b415f5d0 fffff800`48d4c6cf : ffffd603`5688a500 ffff870c`b415f838 ffff9c05`00000040 ffffd603`3c336ae0 : nt!ObpLookupObjectName+0x719
ffff870c`b415f7a0 fffff800`48cbbab4 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`0000002**** : 00000000`1a2ffda0 00000000`00000000 00000000`00000000 00000000`1a2fe608 : nt!NtCreateFile+0x79
ffff870c`b415fa10 00007ffc`fcdd0104 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`1a2fe5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`fcdd0104
THREAD_SHA1_HASH_MOD_FUNC: 281d71fa68a0769f493ff156fa095a4957d8648e
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 36dd88b5835341c4249f8fac23c92a428c6aabfe
THREAD_SHA1_HASH_MOD: 02ed243779529791d3964403d1443b03e6b6be7b
FOLLOWUP_IP:
cldflt!FltQueryInformationByNameCallout+44
fffff800`57bc55e4 0f1f440000 nop dword ptr [rax+rax]
FAULT_INSTR_CODE: 441f0f
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: cldflt!FltQueryInformationByNameCallout+44
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: cldflt
IMAGE_NAME: cldflt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xffff870cb415d310 ; kb
BUCKET_ID_FUNC_OFFSET: 44
FAILURE_BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout
BUCKET_ID: 0x3B_cldflt!FltQueryInformationByNameCallout
PRIMARY_PROBLEM_CLASS: 0x3B_cldflt!FltQueryInformationByNameCallout
TARGET_TIME: 2019-01-23T12:35:02.000Z
OSBUILD: 17763
OSSERVICEPACK: 0
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: unknown_date
BUILDDATESTAMP_STR: 180914-1434
BUILDLAB_STR: rs5_release
BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
ANALYSIS_SESSION_ELAPSED_TIME: 14a1
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x3b_cldflt!fltqueryinformationbynamecallout
FAILURE_ID_HASH: {cb35decb-0f4c-8921-8c84-9dc4276d92de}
Followup: MachineOwner
---------
Here is a list of all file system drivers that are installed on my system in the event that is helpful:
Module Name Display Name Description Driver Type Start Mode State Status Accept Stop Accept Pause Paged Pool(bytes) Code(bytes) BSS(bytes) Link Date Path Init(bytes)
============ ====================== ====================== ============= ========== ========== ========== =========== ============ ================= =========== ========== ====================== ================================================ ===========
AppvStrm AppvStrm AppvStrm File System Manual Stopped OK FALSE FALSE 4,096 81,920 0 C:\WINDOWS\system32\drivers\AppvStrm.sys 4,096
AppvVemgr AppvVemgr AppvVemgr File System Manual Stopped OK FALSE FALSE 8,192 106,496 0 C:\WINDOWS\system32\drivers\AppvVemgr.sys 4,096
AppvVfs AppvVfs AppvVfs File System Manual Stopped OK FALSE FALSE 8,192 86,016 0 C:\WINDOWS\system32\drivers\AppvVfs.sys 4,096
bindflt Windows Bind Filter Dr Windows Bind Filter Dr File System Manual Stopped OK FALSE FALSE 53,248 20,480 0 C:\WINDOWS\system32\drivers\bindflt.sys 4,096
bowser Browser Browser File System Manual Running OK TRUE FALSE 73,728 20,480 0 C:\WINDOWS\system32\DRIVERS\bowser.sys 4,096
cdfs CD/DVD File System Rea CD/DVD File System Rea File System Disabled Stopped OK FALSE FALSE 69,632 12,288 0 C:\WINDOWS\system32\DRIVERS\cdfs.sys 4,096
CldFlt Windows Cloud Files Fi Windows Cloud Files Fi File System Auto Running OK TRUE FALSE 299,008 94,208 0 C:\WINDOWS\system32\drivers\cldflt.sys 4,096
Dfsc DFS Namespace Client D DFS Namespace Client D File System System Running OK TRUE FALSE 94,208 24,576 0 C:\WINDOWS\system32\Drivers\dfsc.sys 4,096
exfat exFAT File System Driv exFAT File System Driv File System Manual Stopped OK FALSE FALSE 225,280 86,016 0 C:\WINDOWS\system32\drivers\exfat.sys 4,096
fastfat FAT12/16/32 File Syste FAT12/16/32 File Syste File System Manual Running OK TRUE FALSE 258,048 61,440 0 C:\WINDOWS\system32\drivers\fastfat.sys 4,096
FileCrypt FileCrypt FileCrypt File System System Running OK TRUE FALSE 28,672 12,288 0 C:\WINDOWS\system32\drivers\filecrypt.sys 4,096
FileInfo File Information FS Mi File Information FS Mi File System Boot Running OK TRUE FALSE 45,056 12,288 0 C:\WINDOWS\system32\drivers\fileinfo.sys 4,096
Filetrace Filetrace Filetrace File System Manual Stopped OK FALSE FALSE 12,288 12,288 0 C:\WINDOWS\system32\drivers\filetrace.sys 4,096
FltMgr FltMgr FltMgr File System Boot Running OK TRUE FALSE 188,416 106,496 0 C:\WINDOWS\system32\drivers\fltmgr.sys 8,192
FsDepends File System Dependency File System Dependency File System Manual Running OK TRUE FALSE 40,960 8,192 0 C:\WINDOWS\system32\drivers\FsDepends.sys 4,096
luafv UAC File Virtualizatio UAC File Virtualizatio File System Auto Running OK TRUE FALSE 65,536 8,192 0 C:\WINDOWS\system32\drivers\luafv.sys 12,288
MRxDAV WebDav Client Redirect WebDav Client Redirect File System Manual Stopped OK FALSE FALSE 114,688 24,576 0 C:\WINDOWS\system32\drivers\mrxdav.sys 4,096
mrxsmb SMB MiniRedirector Wra SMB MiniRedirector Wra File System Manual Running OK TRUE FALSE 65,536 262,144 0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 4,096
mrxsmb10 SMB 1.x MiniRedirector SMB 1.x MiniRedirector File System Auto Running OK TRUE FALSE 172,032 86,016 0 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 4,096
mrxsmb20 SMB 2.0 MiniRedirector SMB 2.0 MiniRedirector File System Manual Running OK TRUE FALSE 20,480 184,320 0 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 4,096
Msfs Msfs Msfs File System System Running OK TRUE FALSE 28,672 4,096 0 C:\WINDOWS\system32\drivers\Msfs.sys 4,096
Mup Mup Mup File System Boot Running OK TRUE FALSE 61,440 16,384 0 C:\WINDOWS\system32\Drivers\mup.sys 4,096
NetBIOS NetBIOS Interface NetBIOS Interface File System System Running OK TRUE FALSE 20,480 24,576 0 C:\WINDOWS\system32\drivers\netbios.sys 4,096
Npfs Npfs Npfs File System System Running OK TRUE FALSE 57,344 8,192 0 C:\WINDOWS\system32\drivers\Npfs.sys 4,096
Ntfs Ntfs Ntfs File System Manual Running OK TRUE FALSE 1,753,088 401,408 0 C:\WINDOWS\system32\drivers\Ntfs.sys 16,384
rdbss Redirected Buffering S Redirected Buffering S File System System Running OK TRUE FALSE 212,992 139,264 0 C:\WINDOWS\system32\DRIVERS\rdbss.sys 8,192
ReFS ReFS ReFS File System Manual Stopped OK FALSE FALSE 552,960 1,048,576 0 C:\WINDOWS\system32\drivers\ReFS.sys 16,384
ReFSv1 ReFSv1 ReFSv1 File System Manual Stopped OK FALSE FALSE 352,256 409,600 0 C:\WINDOWS\system32\drivers\ReFSv1.sys 8,192
RsFx0501 RsFx0501 Driver RsFx0501 Driver File System Disabled Stopped OK FALSE FALSE 94,208 90,112 0 12/14/2017 12:41:45 PM C:\WINDOWS\system32\DRIVERS\RsFx0501.sys 8,192
smbdirect smbdirect smbdirect File System Manual Stopped OK FALSE FALSE 8,192 77,824 0 C:\WINDOWS\system32\DRIVERS\smbdirect.sys 4,096
srv2 Server SMB 2.xxx Drive Server SMB 2.xxx Drive File System Manual Running OK TRUE FALSE 241,664 200,704 0 C:\WINDOWS\system32\DRIVERS\srv2.sys 4,096
srvnet srvnet srvnet File System Manual Running OK TRUE FALSE 81,920 135,168 0 C:\WINDOWS\system32\DRIVERS\srvnet.sys 4,096
storqosflt Storage QoS Filter Dri Storage QoS Filter Dri File System Auto Running OK TRUE FALSE 20,480 40,960 0 C:\WINDOWS\system32\drivers\storqosflt.sys 4,096
udfs udfs udfs File System Disabled Stopped OK FALSE FALSE 180,224 114,688 0 C:\WINDOWS\system32\DRIVERS\udfs.sys 4,096
UevAgentDriv UevAgentDriver UevAgentDriver File System Disabled Stopped OK FALSE FALSE 8,192 4,096 0 C:\WINDOWS\system32\drivers\UevAgentDriver.sys 4,096
wcifs Windows Container Isol Windows Container Isol File System Auto Running OK TRUE FALSE 102,400 24,576 0 C:\WINDOWS\system32\drivers\wcifs.sys 4,096
wcnfs Windows Container Name Windows Container Name File System Manual Running OK TRUE FALSE 49,152 16,384 0 C:\WINDOWS\system32\drivers\wcnfs.sys 4,096
WdFilter Windows Defender Antiv Windows Defender Antiv File System Boot Running OK TRUE FALSE 212,992 40,960 0 C:\WINDOWS\system32\drivers\wd\WdFilter.sys 24,576
WIMMount WIMMount WIMMount File System Manual Stopped OK FALSE FALSE 12,288 8,192 0 C:\WINDOWS\system32\drivers\wimmount.sys 4,096
Wof Windows Overlay File S Windows Overlay File S File System Boot Running OK TRUE FALSE 106,496 61,440 0 C:\WINDOWS\system32\drivers\Wof.sys 8,192
Continue reading...