[BUG] claude.exe triggers Windows BSOD via Wof.sys during directory listing (NtQueryDirectoryFileEx)
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
claude.exe (Claude Code CLI) triggers a Windows kernel BSOD (Blue Screen of Death) by performing heavy NtQueryDirectoryFileEx syscalls (standard directory listing). The crash occurs in Wof.sys (Windows Overlay Filter) at WofPreDirectoryControlCallback+0x695 — a CFG (Control Flow Guard) indirect-call guard violation.
This is not an external Windows kernel bug in Wof.sys, but a Claude Code bug, due to Claude Code's intensive directory scanning, no delay in the same instant makes it a reliable trigger. Filing here so Anthropic is aware that Claude Code can crash Windows systems with this specific Wof.sys version, as well as wsl hypervisor.
Crash Statistics (all triggered by claude.exe)
| Date | BSODs | Bugcheck codes |
|------|-------|----------------|
| 2026-03-06 | 7 | 0x139, 0x3B, 0x50, 0x10E, 0x1E, 0x14F |
| 2026-03-09 | 1 | 0x139 |
| 2026-03-10 | 5 | 0x139 (x2), 0x3B (x2), 0x1E (x1) |
| 2026-03-11 | 1 | 0x50 |
| Total | 14 | 4 distinct types at same Wof.sys +0x695 offset |
All March 9-11 crashes have identical call stack:
NtQueryDirectoryFileEx → FLTMGR → Wof!WofPreDirectoryControlCallback+0x695 → CFG guard violation
4 manifestations of the same bug — the corrupted indirect call target lands in different memory regions:
- 0x139 — CFG guard catches invalid target before execution
- 0x3B (
c0000005) — pointer escapes CFG, hits unmapped memory → access violation - 0x1E (
c0000005) — same access violation via different exception path - 0x3B (
c000001d) — pointer lands on non-code bytes → illegal instruction - 0x50 — pointer references invalid page in nonpaged pool
Affected Configuration
- Wof.sys: 10.0.26100.5074 (ships with Windows 11 25H2 build 26200)
- Compact OS: Enabled increases crash frequency, but crashes also occur with CompactOS disabled
- WOF minifilter: Attached at altitude 40700, intercepts every NTFS directory IRP
Microsoft Bug Report
Filed on Microsoft Q&A: https://learn.microsoft.com/en-us/answers/questions/5814272/wof-sys-bsod-0x139-kernel-security-check-failure-i
Potential Mitigation
Could Claude Code reduce the frequency/intensity of NtQueryDirectoryFileEx calls, or batch directory listings differently? This wouldn't fix the kernel bug, but might reduce the trigger rate on affected systems.
What Should Happen?
Claude Code should be able to perform directory listings without triggering a Windows BSOD. On systems with Wof.sys 10.0.26100.5074, the high volume of NtQueryDirectoryFileEx calls from claude.exe reliably crashes the kernel.
Ideally:
- Claude Code could throttle or batch directory enumeration on Windows to reduce the frequency of
NtQueryDirectoryFileExcalls - Or detect the vulnerable Wof.sys version and warn the user to disable Compact OS (
compact /CompactOS:never)
Error Messages/Logs
WinDbg !analyze -v output (abbreviated):
KERNEL_SECURITY_CHECK_FAILURE (139)
Arg1: 000000000000000a — indirect call guard check detected invalid control transfer
FAILURE_BUCKET_ID: 0x139_a_GUARD_ICALL_CHECK_FAILURE_Wof!WofPreDirectoryControlCallback+0x695
FAILURE_ID_HASH: {78ac0991-5393-0281-b23b-ce115373dc6d}
STACK_TEXT:
nt!KeBugCheckEx
nt!guard_icall_handler+0x1e
nt!KscpCfgDispatchUserCallTargetEsSmep+0x11
Ntfs!FindNextIndexEntry2+0x675
Ntfs!NtfsContinueIndexEnumeration+0x10e
Ntfs!NtfsQueryDirectory+0xd32
FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x3fe
FLTMGR!FltPerformSynchronousIo+0x443
Wof!WofPreDirectoryControlCallback+0x695 <-- CRASH
FLTMGR!FltpPerformPreCallbacksWorker+0x58f
nt!NtQueryDirectoryFileEx+0xd8
PROCESS_NAME: claude.exe
MODULE_NAME: Wof
IMAGE_VERSION: 10.0.26100.5074
Second manifestation (0x3B at the same offset):
SYSTEM_SERVICE_EXCEPTION (3b)
ExceptionCode: c0000005 (ACCESS_VIOLATION)
FAILURE_BUCKET_ID: AV_Wof!WofPreDirectoryControlCallback+0x695
FAILURE_ID_HASH: {3ae300a6-24ac-569b-3ce2-789a00065d56}
Steps to Reproduce
- Run Windows 11 25H2 (build 26200) with Wof.sys 10.0.26100.5074
- Optionally enable Compact OS:
compact /CompactOS:always(increases frequency but not required) - Run
claudein a large directory (e.g., a monorepo with many files/subdirectories) - Claude Code performs intensive directory listings via
NtQueryDirectoryFileEx - System BSODs with bugcheck 0x139 (KERNEL_SECURITY_CHECK_FAILURE) or 0x3B (SYSTEM_SERVICE_EXCEPTION)
Workaround: compact /CompactOS:never reduces frequency but does not eliminate the bug.
Environment:
- Windows 11 25H2 Build 26200.7922
- 192GB RAM, 32 cores, NVIDIA RTX 5000 Ada
- 3.8 TB disk
- Monorepo with ~100K files across nested directories
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.72 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
Minidumps & Diagnostics
Two ZIP archives with all kernel minidumps and diagnostic outputs:
- Original ZIP (Mar 9 dump) — 1x
.dmpfrom 03-09 - New ZIP (Mar 10-11 dumps) — 5x
.dmpfiles from 03-10 and 03-11
Contents: 6x .dmp files total, WinDbg analysis, system info, event logs, driver list, triage output.
Hardware Tests Performed (all clean)
- Windows Memory Diagnostic: PASSED
- Disk scan: No corruption
- SFC /scannow: No integrity violations
- DISM /RestoreHealth: Clean
- In-place upgrade, repair install from ISO: Completed (replaced all files except Wof.sys)
Why This Is a Wof.sys Bug, Not Hardware
14 crashes at the exact same instruction (WofPreDirectoryControlCallback+0x695) across 6 days, producing 4 different exception types (0x139, 0x3B, 0x1E, 0x50) at the same offset. Random memory corruption wouldn't hit the same instruction deterministically. The 4 different bugcheck codes are expected — the corrupted indirect call target lands in different memory regions each time, producing different CPU exceptions.
24 Comments
Related: #30137 reports the same BSODs (0x139, 0x1E, 0x50) on Windows 11 build 26200 — 5 BSODs in 2 days. Another user in that thread reports 15 BSODs in one day. Same root cause: Wof.sys CFG guard bug triggered by claude.exe directory enumeration.
Related Issues (for context)
Claude Code has a pattern of causing OS-level crashes across platforms. The Wof.sys BSOD is a separate kernel driver bug, but these show the broader stability picture:
Same Wof.sys BSOD (kernel-mode, fix owner: Microsoft):
Separate Bun/memory issues (user-mode, fix owner: Anthropic/Oven):
switch on corrupt valuepanics on Windows (Bun 1.3.10)Important distinction: #30137 attributes BSODs to "Bun memory corruption propagating to kernel" — this is incorrect. User-mode memory corruption cannot cause a CFG guard failure (
GUARD_ICALL_CHECK_FAILURE) inWof.sys. CFG checks are compile-time integrity validations in the driver binary. The Wof.sys bug and the Bun memory bugs are two independent problems that Claude Code happens to trigger simultaneously through heavy directory enumeration and Node.js/Bun runtime usage respectively.Update: 14 BSODs, 4th bugcheck type (0x50)
New crash — 2026-03-11 04:18 UTC:
| Bugcheck | Params | Dump |
|----------|--------|------|
|
0x00000050PAGE_FAULT_IN_NONPAGED_AREA |0xffffbb0e0760f040, 0x2, 0xfffff8040d352e58, 0x2|031126-30703-01.dmp|Running total: 7 (Mar 6) + 1 (Mar 9) + 5 (Mar 10) + 1 (Mar 11) = 14 BSODs in 6 days.
4th bugcheck type: 0x50 joins 0x139, 0x3B, 0x1E. All are different manifestations of the same Wof.sys +0x695 indirect call corruption — the invalid pointer lands in different memory regions producing different exceptions:
Wof.sys: Still
10.0.26100.1— no Microsoft patch. CompactOS remains disabled. WOF minifilter still attached (cannot safely detach).Trigger:
claude.exedirectory enumeration →NtQueryDirectoryFileEx→ FLTMGR →Wof!WofPreDirectoryControlCallback+0x695.Updated dump ZIP shared on MS Q&A #5814272.
Update: 16 BSODs — corruption spreading to other kernel modules
3 new BSODs today (2026-03-11), with a significant change: two of the three crashes are NO LONGER in Wof.sys.
| Time | Bugcheck | Faulting Module | WinDbg Bucket |
|------|----------|----------------|---------------|
| 04:18 |
0x50PAGE_FAULT | Wof.sys+0x695(same known bug) |AV_Wof!WofPreDirectoryControlCallback|| 12:31 |
0x1EKMODE_EXCEPT | Ntfs.sysNtfsContinueIndexEnumeration+0x14|AV_Ntfs!NtfsContinueIndexEnumeration|| 12:52 |
0x3BSYS_SVC_EXCEPT | nllNetHub.sys (Norton)+0x876d|AV_nllNetHub!unknown_function|Running total: 7 (Mar 6) + 1 (Mar 9) + 5 (Mar 10) + 3 (Mar 11) = 16 BSODs in 6 days.
Escalation: Kernel memory corruption spreading
Previously all 13 crashes blamed
Wof.sys +0x695. Today, only 1 of 3 is Wof.sys — the other two are:NtfsContinueIndexEnumeration+0x14is apush r15instruction that caused a General Protection Fault. A #GP onpush r15means the stack pointer (RSP) was corrupted. This is still in the directory enumeration path (downstream from WOF's minifilter callback).afwServ.exe(Norton Application Firewall). Unrelated to filesystem — suggests kernel pool corruption spreading beyond the directory enumeration path.Theory: Wof.sys corruption at
+0x695is poisoning kernel pool/stack memory. When the corrupted pointer lands in WOF's own code, WinDbg blames Wof.sys. When it lands in NTFS or Norton memory, those modules crash instead. The Ntfs.sys crash (stack corruption in directory enumeration) strongly supports this — WOF's minifilter runs before NTFS in the filter chain, and could corrupt NTFS's stack frame.System state
10.0.26100.1(unchanged, no Microsoft patch)32.0.15.9571(unchanged)This is no longer just a WOF code defect — the corruption is destabilizing other kernel components. The system is becoming less stable over time, not more.
Related: #30137, MS Q&A #5814272
Control test: TreeSize Free scanned entire 3.8TB SSD — zero BSODs
To isolate whether the crash trigger is any directory enumeration or specifically Claude Code's parallel pattern, I ran TreeSize Free 4.8.1 as a control test:
NtQueryDirectoryFileExthrough the sameFLTMGR → Wof.sysminifilter chain)This proves:
The bug is a concurrency defect in
Wof!WofPreDirectoryControlCallback— the callback's indirect call dispatch at+0x695is not thread-safe under high-concurrency minifilter re-entrancy. Single-threaded callers (TreeSize,dir /s) never hit the race condition.This also explains why "millions of Windows users" don't see this — most tools don't generate this level of concurrent directory enumeration through the minifilter stack.
Progress sync — all vendors now engaged
Actions taken today (2026-03-11)
Diagnostics:
Bug reports filed/updated across 4 platforms:
| Platform | ID | Owner | Status |
|----------|-----|-------|--------|
| GitHub (Anthropic) | #32870 | Software vendor | Open — no response yet |
| GitHub (Anthropic) | #30137 | Software vendor (3 users) | Open — no response yet |
| MS Q&A (Microsoft) | #5814272 | OS vendor | David-M (community) engaged, rebutted with evidence |
| MSI (HW vendor) | #1320187 | Hardware vendor | Filed today + msinfo32 attached |
Key evidence posted today:
push r15) = WOF corrupting downstream modulesWaiting on:
Feedback Hub report filed
Microsoft's community advisor (David-M) confirmed this is a core driver defect and recommended filing via Feedback Hub for direct escalation to Microsoft engineers.
Feedback Hub link: https://aka.ms/AA106t77**
Please upvote if you're experiencing Wof.sys BSODs during Claude Code sessions. Higher engagement = higher priority for Microsoft's kernel team.
Current status: 17 BSODs in 7 days (2026-03-06 through 2026-03-12). Wof.sys 10.0.26100.1 still unpatched. CompactOS OFF, still crashing. 3 faulting kernel modules (Wof.sys, Ntfs.sys, Norton nllNetHub.sys).
BSOD #20 — 2026-03-14 00:19
Another crash overnight. Same identical bug:
Bugcheck:
0x139KERNEL_SECURITY_CHECK_FAILUREBucket:
0x139_a_GUARD_ICALL_CHECK_FAILURE_Wof!WofPreDirectoryControlCallbackHash:
{78ac0991-5393-0281-b23b-ce115373dc6d}Process:
claude.exeStack:
System state:
031426-31890-01.dmp(17MB)Running total: 20 BSODs in 9 days (03-06 through 03-14). Same offset (+0x695), same process (claude.exe), same trigger (NtQueryDirectoryFileEx from concurrent ripgrep).
Still waiting for any acknowledgment or workaround suggestion from Anthropic. Even a simple "limit concurrent ripgrep processes" flag would help.
Workaround: Run Claude Code in WSL to avoid Wof.sys BSOD
Full writeup: https://gist.github.com/VRDate/862268b57dd197b8775f893a7be1e548
---
Claude Code BSOD Workaround — Wof.sys Crash on Windows 11 Build 26200+
Problem
Claude Code triggers BSOD (Blue Screen of Death) on Windows 11 Build 26200+ during normal operation. The crash occurs in
Wof.sys(Windows Overlay Filter) when Claude's filesystem operations callNtQueryDirectoryFileEx, which passes through the WOF minifilter and hits a CFG (Control Flow Guard) violation.Bugcheck codes: 0x139 (KERNEL_SECURITY_CHECK_FAILURE), 0x3B, 0x1E, 0x50
Faulting module:
Wof.sys 10.0.26100.5074atWofPreDirectoryControlCallback+0x695Trigger: Any filesystem-heavy operation — directory listing, file search, glob patterns — the kind of thing Claude Code does constantly.
Bug reports:
Root Cause
This is a Windows kernel bug, not a Claude Code bug.
Wof.sys(Windows Overlay Filter) handles WIM-backed files and CompactOS compression. When Claude Code (or any process) makes rapidNtQueryDirectoryFileExcalls on NTFS volumes, the WOF minifilter crashes in its directory control callback. CompactOS ON/OFF makes no difference — the bug is in the minifilter code path itself.WOF is a critical Windows component — it cannot be disabled, detached, or unloaded without breaking Windows.
Workaround: Run Claude Code in WSL
Since the crash only happens on NTFS (Windows filesystem), running Claude Code inside WSL2 (which uses ext4) completely bypasses the Wof.sys code path.
Setup (5 minutes)
Prerequisites: WSL2 with Ubuntu (from Microsoft Store).
Create the wrapper
Create
claude.cmdin the same directory asclaude.exe(typically%USERPROFILE%\.local\bin\):On Windows,
.cmdtakes priority over.exein the same directory. Everyclaudeinvocation from cmd.exe, PowerShell, or Windows Terminal now goes through WSL automatically.How it works
Your project files stay on
C:\— Claude in WSL accesses them via/mnt/c/. Your IDE (VS Code, IntelliJ, etc.) runs on Windows watching the same files. No file duplication needed.Reverting
When Microsoft patches Wof.sys, simply delete the wrapper:
Claude will fall back to
claude.exe(Windows native).What doesn't work
| Attempted fix | Result |
|---------------|--------|
| Disable CompactOS (
compact /compactos:never) | Still crashes || Windows Update (KB5079473) | Did not update Wof.sys |
| Norton AV exclusions | Unrelated (separate nllNetHub.sys crash) |
| Disabling WOF service | DO NOT — breaks Windows |
Affected versions
Timeline
| Date | Event |
|------|-------|
| 2026-03-06 | First BSODs after Windows upgrade to Build 26200 |
| 2026-03-06 | 7 crashes in one day |
| 2026-03-12 | Feedback Hub report filed, GitHub issues opened |
| 2026-03-14 | WSL workaround deployed, 21 total crashes logged |
| TBD | Microsoft Wof.sys patch |
Update: Root cause proven + workaround tested (23 BSODs total)
What causes the crash
Claude Code fires multiple filesystem operations (reading files, searching directories) at the same time — especially when using sub-agents. On Windows 11 Build 26200+, the kernel driver
Wof.syscannot handle this many simultaneous directory queries and crashes with a Blue Screen.It's not about how many files you have — it's about how many are read at the same time. One agent reading files one after another is fine. Two or more agents reading files simultaneously triggers the crash.
Proof from session logs
Extracted the exact tool calls from the JSONL transcript before each crash:
Workaround: a "traffic light" for file operations
The fix is a tiny server that acts like a traffic light — it makes Claude's file operations wait in line instead of all running at once. Only one operation goes through at a time.
How it works:
Setup (2 minutes):
Install JBang (one-line install, runs on any Java), then:
That's it. Claude Code will now wait in line for file operations instead of firing them all at once. If the server isn't running, Claude works normally (no impact on single-agent usage).
Speed: The default delay is 2 seconds between operations (safest). For faster interactive work, start with
jbang Mutex.jbang.kt --interval 100(100ms between operations — 10x faster, still safe in testing).Test results
| Scenario | Tool calls | Result |
|----------|-----------|--------|
| 5 agents, no traffic light | ~36 concurrent reads | BSOD in minutes |
| 5 agents, with traffic light | 381 serialized calls | Stable, no crash |
| Normal tools (TreeSize, robocopy) | Sequential | Stable, no crash |
Files (all in the gist)
https://gist.github.com/VRDate/862268b57dd197b8775f893a7be1e548
| File | What it does |
|------|-------------|
|
Mutex.jbang.kt| The traffic light server (~120 lines of Kotlin) ||
mutex-acquire.sh| The hook script that asks "can I go?" (6 lines of bash) ||
TestMutex.jbang.kt| Tests to verify the traffic light works correctly ||
gen-repro-data.sh| Script to reproduce the crash: generates test data + agent prompts ||
claude-bsod-workaround.md| Full documentation with setup instructions |Minidump update — 23 BSODs, new ZIP with proof + mutex
New ZIP (4 dumps from 03-14 + root cause proof + mutex workaround):
https://drive.google.com/file/d/1bnn5LPNy_ygehdc2zy2QayZ0dyt-pKqc/view?usp=sharing
Contains: 4 minidumps,
bsod-22-23-concurrent-proof.md(JSONL-extracted timeline proving concurrent agent I/O = crash),Mutex.jbang.kt(traffic light server),mutex-acquire.sh(hook),TestMutex.jbang.kt(tests),gen-repro-data.sh(1GB repro kit + 5 agent prompts).Updated gist: https://gist.github.com/VRDate/862268b57dd197b8775f893a7be1e548
Update: 25 BSODs — root cause reframed
After 12 days and 25 BSODs, the root cause is clear: this is not a Wof.sys bug — it's Claude Code firing parallel filesystem tool calls with zero backpressure.
Proof: mutex daemon = stable, no mutex = crash
I built a rate-limiting daemon (the "traffic light" from my earlier post) that serializes filesystem tool calls with a configurable delay. Results:
| Period | Mutex daemon | BSODs |
|--------|-------------|-------|
| 03-14 to 03-16 (~3 days) | Running (v1, 100ms-2s interval) | 0 |
| 03-17 night | Offline (developing mutex v2 on sandbox port) | 2 within hours |
The moment the daemon was taken offline for development, BSODs returned. The production daemon wasn't running because I was testing a new version on a different port.
What happened on 03-17
Session was developing mutex daemon v2 (MCP protocol, team tracking, SSE events). All 118 tests passed. Then the model spawned an Explore sub-agent to search for Thymeleaf templates — 6 parallel filesystem operations in ~1 second:
**/*.html,**/*.thymeleaf,**/gui/**)smartadminin java + gradle files)findcommandAll against a 200K-file monorepo. No throttle, no delay. BSOD within seconds:
0x3B SYSTEM_SERVICE_EXCEPTIONinWof!WofPreDirectoryControlCallback.The real issue
No kernel minifilter is designed for the kind of burst concurrency Claude Code generates. The model decides to parallelize, the CLI executes immediately. A 15-100ms delay between filesystem tool calls would eliminate the problem entirely at negligible latency cost.
This should be built into Claude Code itself — not left as a user-created workaround. My mutex daemon proves the architecture works. The CLI needs the same thing natively.
Additional structural gap
Sub-agents spawned via the
Agenttool run in their own process and do not inherit the parent's PreToolUse hooks. Even with the user-side mutex daemon running, sub-agent filesystem calls are completely unprotected. This is how BSOD #25 happened — the parent session had hooks, the sub-agent didn't.Also relevant to @kolkov's deadlock report above
The same zero-backpressure parallel tool call pattern likely causes the system deadlock on Windows 10 (no BSOD, just freeze). Different symptom, same root cause: overwhelming the filesystem with concurrent operations.
Running total: 25 BSODs in 12 days. 18 confirmed Wof.sys. All from unthrottled concurrent
NtQueryDirectoryFileExcalls.Updated gist: https://gist.github.com/VRDate/862268b57dd197b8775f893a7be1e548
@bcherny @ant-kurt @fvolcic @ashwin-ant @bogini @chrislloyd @ThariqS @catherinewu @whyuan-cc @dhollman @rboyce-ant @dicksontsai @OctavianGuzu @hackyon-anthropic @wolffiex @igorkofman @sid374 @ddworken
Requesting attention — 25 BSODs in 12 days, zero Anthropic response on this issue or #30137. Multiple affected users including @kolkov (system deadlock on Win10).
This is not a Windows kernel bug. It is Claude Code firing parallel filesystem tool calls (Glob, Grep, Read, find) with zero backpressure. 6 concurrent operations in 1 second against a large codebase crashes any Windows machine. A 15-100ms delay between calls fixes it completely — I built a mutex daemon that proves this (3 days stable, 0 BSODs; removed it → 2 BSODs within hours).
The fix is simple: add a configurable rate limit to filesystem tool calls in the CLI. I've provided the full architecture, code, tests, and repro kit. This needs to be built into Claude Code natively.
Sub-agents spawned via the Agent tool also bypass PreToolUse hooks entirely — even the user-side workaround can't protect against that.
This issue has
has repro,bug, andplatform:windowslabels but no assignee, no milestone, and theexternallabel dismisses it as an OS problem. It isn't.Fix submitted: PR #35710
A tool-mutex plugin has been developed and submitted as PR #35710 to fix this issue.
Root cause confirmed: Claude Code executes Glob/Grep/Read/Bash tools in parallel with no concurrency limit. Each triggers
NtQueryDirectoryFileExsyscalls that overwhelm the Wof.sys kernel driver, causing BSOD.Fix: File-based counting semaphore plugin that serializes filesystem tool calls:
Verified: 256 concurrent workers — without mutex: 7/256 completed (16GB RSS, 249 timeouts). With mutex: 256/256 completed (290MB RSS, zero crashes).
27 BSODs logged on a 192GB/32-core workstation over 12 days before this fix was developed. 9 distinct bugcheck types (0x139, 0x3B, 0x1E, 0x50, 0x14F, 0x10E, 0x20001, 0xC2).
Cross-references:
@anthropics/claude-code-maintainers @anthropics/claude-code-reviewers @claude
@bcherny @ant-kurt @fvolcic @ashwin-ant @bogini @chrislloyd @ThariqS @catherinewu @whyuan-cc @dhollman @rboyce-ant @dicksontsai @OctavianGuzu @hackyon-anthropic @wolffiex @igorkofman @sid374 @ddworken
@OctavianGuzu @chrislloyd @ant-kurt — requesting a direct review from one of you. Still, no one is assigned to review https://github.com/anthropics/claude-code/pull/35710.
@VRDate Your PR and root cause analysis are excellent. For context — the parallel fs calls without backpressure you found is one of several architectural issues we've documented through reverse-engineering cli.js across 16 npm versions:
insertMessageChain()writes tool_use and tool_result one at a time in a for-loop, unchanged across 8 versions checkedCLAUDE_ENABLE_STREAM_WATCHDOGhidden since v2.1.50, recently tuned to 45s/90s in v2.1.79 but still behind feature flagTeam response across all these: zero on streaming/crash issues for 8+ months. @catherinewu said "actively investigating" on Feb 23 — 30 days of silence since.
Your experience with the PR not being reviewed is unfortunately consistent.
Our issues: #33949 (root cause analysis) | #36132 (Bun memory crashes) | #35171 (auto-updater leak)
Related: #6836 (orphaned tool calls, 150+ reports) | #3648 (scroll bug, 👍694) | #26224 (streaming hangs, deadlock analysis by @rstuart)
@kolkov, My PR is a plugin I have been using for several days, and it is in the sweet spot between slowing down just 75ms and still letting the system work without crashing. I recommend installing it and reading the code at https://github.com/VRDate/claude-code/tree/claude/add-tool-mutex-Qytsn/plugins/tool-mutex. It uses a mutex to avoid excessive pressure on the OS, and it is just best practice for any CLI filesystem-intensive loads. Arguing that this bug is external is just not taking responsibility.
My Load Test Results (Linux, 4-core / 16 GB)
https://github.com/VRDate/claude-code/tree/claude/add-tool-mutex-Qytsn/plugins/tool-mutex/tests
Previous 256-worker stress test (with vs without mutex)
| Metric | No Mutex (256 workers) | With Mutex (256 workers) |
|---|---|---|
| Completed | 7/256 (2.7%) | 256/256 (100%) |
| Peak RSS | 16,272 MB | 290 MB |
| Min free memory | 35 MB (near OOM) | 15,857 MB |
| Crashes | YES (249 timeouts) | None |
At 1024 workers without mutex, Node.js is OOM-killed (exit code 137).
Node.js load test (16 workers)
Python load test (16 workers, 160 total ops)
Show that Node.js is not the best way to create a CLI tool anyway.
@anthropics/claude-code-maintainers @anthropics/claude-code-reviewers @claude
@bcherny @ant-kurt @fvolcic @ashwin-ant @bogini @chrislloyd @ThariqS @catherinewu @whyuan-cc @dhollman @rboyce-ant @dicksontsai @OctavianGuzu @hackyon-anthropic @wolffiex @igorkofman @sid374 @ddworken
@OctavianGuzu @chrislloyd @ant-kurt — requesting a direct review from one of you. Still, no one is assigned to review https://github.com/anthropics/claude-code/pull/35710.
Token bucket rate limiter — improved workaround for multi-session use
Building on @VRDate's excellent root cause analysis and PR #35710, we've published an improved workaround that fixes a failure mode we hit with the counting semaphore approach.
Repo: https://github.com/the0riginalgandalf/claude-wof-mitigation**
Why the semaphore approach can fail
We started with VRDate's semaphore (cpu_count // 2 concurrency + 75ms cooldown) and it worked on our laptop's low-power "office" mode — but BSODed on balanced mode with identical settings. The crash variable isn't concurrency count, it's syscall throughput rate. Faster CPUs (higher power plans, turbo boost) push more NtQueryDirectoryFileEx/sec through the Wof.sys callback at the same concurrency cap. Collision probability scales with the square of the rate.
Token bucket approach
A token bucket is the correct abstraction for rate limiting:
Secondary concurrency cap of 8 as belt-and-suspenders.
Multi-session optimization
We run 5-6 concurrent Claude Code sessions with subagents (
/critique-plan,/deep-reviewworkflows). Initial testing showed the originalO_CREAT|O_EXCLfile lock collapsed under contention — 3 sessions achieved only 1.4 ops/sec combined (86% wasted on lock contention). Three fixes:msvcrt.lockingon Windows — OS kernel byte-range locks instead of create/delete file lock. EliminatesPermissionErrorconvoy effect._try_consume_tokenreturns the exact wait time until next refill. No blind 75ms polling.Result: 6 sessions achieve 10.2 ops/sec combined (near-optimal ceiling saturation).
Stress test results
Tested on an Eluktronics laptop across all power modes with no BSODs:
| Test | Power Mode | Result |
|------|-----------|--------|
| 10 parallel tool calls | Office | Pass |
| 10 parallel tool calls | Balanced | Pass |
| 20 parallel tool calls | Balanced | Pass |
| 30 parallel tool calls | Beast (max performance) | Pass |
| 30s sustained (single session) | Balanced | 10.1 ops/sec |
| 20s sustained (6 concurrent sessions) | Balanced | 10.2 ops/sec combined |
Install
Copy
hooks/andmutex/from the repo, add hooks to~/.claude/settings.json. Full instructions in the README. Pure Python, no dependencies beyond stdlib (msvcrton Windows,fcntlalternative on POSIX).The repo also includes the full technical research document on the Wof.sys race condition.
Update: Rate limiting alone doesn't work — Dev Drive (ReFS) is the real fix
Follow-up to my earlier comment. After 4 BSODs testing increasingly aggressive rate limiting, the conclusion is clear: userspace throttling cannot reliably prevent this crash under real multi-session workloads at high CPU performance levels. Dev Drive (ReFS) is the only reliable fix.
What we tried (and what failed)
| Attempt | Approach | Result |
|---------|----------|--------|
| 1 | Counting semaphore (VRDate's approach) | BSODed on balanced power mode |
| 2 | Token bucket at 10/sec | BSODed — ripgrep's 32-thread rayon pool amplified each Grep to ~320 Wof.sys syscalls/sec |
| 3 | Token bucket + tool weights + RAYON_NUM_THREADS=2 | BSODed within 11 min — 0x124 MCE (corruption cascading into hardware-level CPU exceptions) |
| 4 | Dev Drive (ReFS) | Stable — no BSODs under sustained heavy use |
| 4.5 | Dev Drive without rate limiting | BSODed —
find.exestill hit NTFS system drive || 5 | Dev Drive + hooks for residual NTFS + fltmc detach | Stable under heavy multi-session beast mode |
The fix
This is a Microsoft kernel bug, not a Claude Code bug. Wof.sys has 8 prior CVEs including CVE-2023-21766 (same class — race condition UAF). The fix is to bypass Wof.sys entirely:
mklink /Jso existing paths work transparently.claudeconfig too — conversations, hooks, settings all do filesystem I/Ofltmc detach Wof D:for any non-system NTFS volumesFull setup instructions and the drive-aware hooks: https://github.com/the0riginalgandalf/claude-wof-mitigation
Why rate limiting fails at scale
The fundamental problem is amplification. Claude Code's Grep tool spawns
rg.exe, which uses a rayon thread pool (default = CPU count). On a 32-core machine, one Grep call generates ~32 concurrentNtQueryDirectoryFileExsyscalls through Wof.sys. With multiple sessions running subagents doing Grep-heavy work, the effective syscall rate easily exceeds the crash threshold regardless of how aggressively you throttle tool starts.Even with
RAYON_NUM_THREADS=1+ 4 tokens/sec + tool weights, we still BSODed because other tools (find.exe, system PATH resolution) hit NTFS volumes outside the project directory.For Anthropic
The right long-term fix is for Microsoft to patch Wof.sys. In the meantime, consider documenting Dev Drive as a recommended setup for Windows Claude Code users — especially those running multiple concurrent sessions. It's ironic that Microsoft's own Dev Drive product is the workaround for Microsoft's own kernel bug.
@the0riginalgandalf @thompa2 Your approach of bypassing Wof.sys by relocating to a separate partition or external drive with different filesystem settings is genuinely clever. To make it practical for more users though, the solution should be proportional to available resources — CPU, storage, and partition layout — and fully automatic. Using robocopy to mirror Claude's working directory (including all subfolders and the project root) with a scheduled sync-back would eliminate the manual overhead entirely.
Worth clarifying the scope too: while this looks like a Windows-only edge case on the surface, it's actually OS-agnostic. The WSL BSODs under Ubuntu confirm the same underlying contention pattern — the watchdog that should be throttling concurrent filesystem syscalls simply isn't doing its job, regardless of the layer.
Since we can't wait on a fix from upstream while maintainers are buried in other issues, a plugin that replaces the missing watchdog behavior is the right path forward. I'll fork your extended solution and iterate on it.
Solid contribution — this is real progress from a fresh attack vector. Thanks for the time and effort.
@VRDate FYI I opened a vulnerability report with Microsoft about this issue. Case is listed as under review. Will update if I hear anything useful back.
@VRDate @the0riginalgandalf Thankyou both for your work on this. Based on the Dev drive recommendation I did a fresh windows install after repartitioning and set up a Dev drive and set up the hooks from https://github.com/the0riginalgandalf/claude-wof-mitigation & So far, so good. No instability! Down from several BSODs a day.
@TheSmallKiwi glad that worked for you! Hopefully you don't run into the next problem I did. Had another BSOD today, but not directly related to this issue.
Turns out 13th/14th Gen Raptor Lake desktop and laptop CPUs have a known "Vmin Shift Instability," which causes high voltage requests, crashes, and permanent, accelerated, damage-induced degradation. Need to update the microcode to prevent further damage.
What's less clear is the connection between this issue and the wof.sys issue. Did some digging and found my system was throwing WHEA errors on the Wof.sys BSOD dates:
These were the exact same days I had 4 Wof.sys BSODs. The CPU was actively throwing corrected errors while Wof.sys was handling filesystem callbacks. So my guess is there's a link there. It would be notable if both you and @VRDate were also experiencing this issue and had 13/14th gen Raptor Lake Intel CPUs with the bad microcode (0x123). Updating to 0x129 or later should fix the bad voltage handling, but won't undo any damage that has occurred.
I have a 13900HX (laptop) which Intel claims was unaffected by the killer microcode. Nonetheless I kept the BIOS as up-to-date as I could so I hope I've avoided permanent damage, but who knows?