Using WinFsp with rclone mount results in BSOD (SYSTEM_SERVICE_EXCEPTION)
Ender
Bill Zissimopoulos
Thank you for the reports.
Do you have the original dump files that the reports are from? They would be very useful for me to determine if it is indeed a WinFsp issue and how to fix it.
Based on the reports that you have linked to:
- One report (https://pastebin.com/DxK6xLL7) shows googledrivefs as the culprit. I do not believe that googledrivefs is based on WinFsp.
- One report (https://pastebin.com/A3Wqf5pe) shows winfsp as the culprit, but the symbols appear completely wrong. If you have the memory dump from this report it would be very useful to send to me so that I can perform a full analysis.
Thanks.
Bill
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
winfsp+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/winfsp/5d09c9d8-5ec0-47b1-a17d-89a3f3cf7b2e%40googlegroups.com.
Bill Zissimopoulos
BTW, in both reports the direct culprit for the BSOD is a filter called Systrace.
I am not finding a lot of information online about this driver, but this may be relevant:
Bill
From: win...@googlegroups.com <win...@googlegroups.com>
On Behalf Of Bill Zissimopoulos
Sent: Saturday, May 30, 2020 1:12 PM
To: Ender <thealmig...@gmail.com>; WinFsp <win...@googlegroups.com>
Subject: RE: [winfsp] Using WinFsp with rclone mount results in BSOD (SYSTEM_SERVICE_EXCEPTION)
Thank you for the reports.
Do you have the original dump files that the reports are from? They would be very useful for me to determine if it is indeed a WinFsp issue and how to fix it.
Based on the reports that you have linked to:
- One report (https://pastebin.com/DxK6xLL7) shows googledrivefs as the culprit. I do not believe that googledrivefs is based on WinFsp.
- One report (https://pastebin.com/A3Wqf5pe) shows winfsp as the culprit, but the symbols appear completely wrong. If you have the memory dump from this report it would be very useful to send to me so that I can perform a full analysis.
Thanks.
Bill
From:
win...@googlegroups.com <win...@googlegroups.com>
On Behalf Of Ender
Sent: Saturday, May 30, 2020 1:26 AM
To: WinFsp <win...@googlegroups.com>
Subject: [winfsp] Using WinFsp with rclone mount results in BSOD (SYSTEM_SERVICE_EXCEPTION)
Hello,
I was using Google Drive File Stream (DFS) to access my files as a virtual disk, until it started crashing almost everytime I opened a file or a folder, resulting in a BSOD (SYSTEM_SERVICE_EXCEPTION).
Then I made the switch to rclone, which uses WinFsp to mount Google drive as virtual disks, only to see it crashing with the same BSOD Error, SYSTEM_SERVICE_EXCEPTION.
I ran two memory dumps through WinDbg, one from the DFS and the other from the rclone crash.
RClone/WinFsp BSOD report: https://pastebin.com/A3Wqf5pe
DFS BSOD Report: https://pastebin.com/DxK6xLL7
The only thing I concluded was that it had something to do with security descriptors in both cases. Which seems reasonable, because I can instantly trigger another BSOD by visiting the Security tab in any file/folder's properties page .
Note: I came here after trying to get help on the rclone forums (https://forum.rclone.org/t/rclone-mount-results-in-bsod-system-service-exception/16710/8), only to realize it wasn't something I was going to get fixed there.
Note 2: I'm currently using RaiDrive to mount my Google Drive as a network disk, which works fine for now (I noticed the files and folders there have no Security tab...)
And before someone suggests, I can't figure out if another application I recently installed might be causing this, I've installed too much software recently. And system restore is also not an option unfortunately.
Thanks in advance!
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
winfsp+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/winfsp/5d09c9d8-5ec0-47b1-a17d-89a3f3cf7b2e%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
winfsp+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/winfsp/MWHPR0701MB38356993391CE93658674B4DBC8C0%40MWHPR0701MB3835.namprd07.prod.outlook.com.
Ender
To unsubscribe from this group and stop receiving emails from it, send an email to winfsp+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/winfsp/5d09c9d8-5ec0-47b1-a17d-89a3f3cf7b2e%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to winfsp+unsubscribe@googlegroups.com.
Bill Zissimopoulos
Just to let you know that in my research I have found that the Systrace.sys driver is associated with an entity named "Microsof" (i.e. without the "t").
Needless to say I would be very weary about running any of their software in my systems.
Thank you!
To unsubscribe from this group and stop receiving emails from it, send an email to winfsp+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/winfsp/5d09c9d8-5ec0-47b1-a17d-89a3f3cf7b2e%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to winfsp+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/winfsp/MWHPR0701MB38356993391CE93658674B4DBC8C0%40MWHPR0701MB3835.namprd07.prod.outlook.com.
--
You received this message because you are subscribed to the Google Groups "WinFsp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
winfsp+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/winfsp/4728f2e1-12e4-4bae-b64a-f3c15725fc01%40googlegroups.com.
Ender
The first thing I did when I found that driver was run it through Virustotal, which confirmed it was clean and signed by actual Microsoft, and that it was used and installed by MS System State Monitor (also originated from real Microsoft website)