1
I was just running robocopy but both robocopy.exe and "system" together have 100% CPU usage, as shown in the snapshots in process explorer (Robocopy.exe's threads and system's threads). The problematic things are "ntoskrnl.exe!ExfAcquirePushLockExclusive+0xb54" and "ntdll.dll!RtlFreeAnsiString+0xb4". I was just running something like
ROBOCOPY.EXE "S:\some folder" R:\ /E /DCOPY:DAT /TIMFIX /XJ /XJD /XJF /XF "some files" /XD "some folders" /R:5 /W:5 /X /V /TS /FP /BYTES /TEE /UNILOG+:S:\somefolder\Robocopy.log /MT:128
I was using the same commands before without any problem. I don't know why it started to have problems recently. And if I kill the robocopy.exe it goes to BSOD (KMODE_EXCEPTION_NOT_HANDLED). BlueScreenView shows that "Caused by Driver: werkernel.sys", "Caused by Address: werkernel.sys+75b000", "Crash address: ntoskrnl.exe+14f1a0"
I don't know what are causing the problem. Although robocopy's log file didn't show any error but it is just disturbing, and I have to run it overnight to copy only ~30GB data.
Update: problem found. I was using robocopy to copy from an R-Drive Image's disk image file mounted as a virtual drive letter. R-Drive Image's virtual disk driver "R-ImageDisk64.sys" appears in the "Caused by Driver" column in BlueScreenView sometimes (but not always). Problem disappears if I first restore the R-drive Image's disk image file to a VHDx, and then use robocopy to copy from that VHDx mounted as a virtual drive letter. So it looks like R-Drive Image's disk image file is not designed for heavy duty copy task, instead, it is designed mainly for viewing and restoring using R-Drive Image's own copy mechanism (sector-by-sector restore or so, at least not involving robocopy).
Update 2: I have recorded the high CPU usage using WPR.exe as suggested by magicandre1981, and I have some snapshots when viewing the trace log file using WPA.exe. But I'm not allowed to post more than 2 links, so I have to provide them in the comments. Although I'm not sure about some of the meanings there, it looks like R-ImageDisk64.sys created too many self-referencing loops when using robocopy to copy from an R-Drive Image's disk image file mounted as a virtual drive letter.
noname
Posted 2017-01-03T00:26:11.160
Reputation: 11
What is the BSOD? – DavidPostill – 2017-01-03T00:33:26.523
It was "KMODE_EXCEPTION_NOT_HANDLED" – noname – 2017-01-03T01:59:12.920
What's the rest of it? BlueScreenView should provide this information. Please [edit] your question to include this.
– DavidPostill – 2017-01-03T02:14:46.230BlueScreenView shows that "Caused by Driver: werkernel.sys", "Caused by Address: werkernel.sys+75b000", "Crash address: ntoskrnl.exe+14f1a0" – noname – 2017-01-03T04:06:41.643
Install the WPT (part of the Win10 SDK: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk), open a cmd.exe as admin, run the following command: wpr.exe -start CPU && timeout -1 && wpr.exe -stop C:\HighCPUUsage.etl. When you see the high CPU usage, wait 30s and press a key to stop logging. Zip the large ETL file into zip/RAR file, upload the zip (OneDrive, dropbox, google drive) and post the share link here.for the BSODs, copy the folder C:\windows\minidump to the desktop and also zip and share this files.
– magicandre1981 – 2017-01-03T16:28:29.973have you captured the trace? – magicandre1981 – 2017-01-04T16:07:20.790
Sorry I didn't have a time to do that these days, but I'll do it this weekend. By the way, is it possible to install WPT only instead of the entire SDK? I don't have that space on my hard drive. – noname – 2017-01-05T01:47:58.890
in the SDK installer only select the WPT, nothing else – magicandre1981 – 2017-01-05T15:33:06.123
do you had some time at weekend to capture the trace? – magicandre1981 – 2017-01-08T09:34:36.693
I tried the WPR, but the trace log file contains too much personal privacy info and it was too big. However, I successfully found the problem. I was using robocopy to copy folders from an R-Drive Image disk image file mounted as a virtual drive letter, and its virtual disk driver "R-ImageDisk64.sys" did appear (not always, but sometimes) in the "Caused by driver" column in BlueScreenView. Since I had previously restored that R-Drive Image disk image to a VHDx file, and if I use robocopy to copy from that mounted VHDx, there will be no problem at all. So the problem is R-Drive Image's driver. – noname – 2017-01-08T21:24:29.010
@magicandre1981 By the way, I have some screenshots of WPA.exe viewing the ETL file, but I'm not allowed to post more than 2 links in the original post. So I have to post them here: Robocopy.exe, R-ImageDisk64.sys inside robocopy.exe, "system" process, COFF Group, Module, Function.
– noname – 2017-01-09T06:10:19.123ok, so you found the cause for both. it is "R-ImageDisk64.sys" which causes high cpu usage and your BSODs – magicandre1981 – 2017-01-09T06:20:48.943
@magicandre1981 Could you take a look at the screenshots? It looks quite strange. I'm not sure if R-ImageDisk64.sys or others were creating many self-referencing loops or so. But anyway, I will have to restore the R-Drive Image's disk image file to a VHDx as an intermediate step in order to use robocopy. – noname – 2017-01-09T06:24:55.577
I looked at the picture and it clearly shows that this driver causes the CPU usgae – magicandre1981 – 2017-01-09T06:33:21.963