BSODs

[ameshkov]

ID	Windows version	Antivirus software (with version)	AdGuard version	Minidumps	Other links	Comment
1	Win 10 x64 v1803	Kaspersky	6.3.974.3223 Beta		original issue	analysis
2	Win 10	ESET 11.2.49 SSL scanning enabled	6.3 Release	DumpAnalysis.txt.zip	forum	-
3	Win7x64 7601	ESET SS - 9.0.429.1	6.3.1399.4073	dump		Выбило при работе в Firefox 55.0.3
4	Win 10 Pro x64	Eset Nod Antivirus 11.2.49.0	6.3.1399.4073	dump	ID 1978569	-

[prolium]

Continuing to the issue #2276, a BSOD occurred again with the latest version 6.3.1374.4023 RC.
Should I upload the minidump and kernel dump files here ?

[vozersky]

@wk-952 you can use this url to upload them: https://www.dropbox.com/request/N2oxbmPcYJ0fpAodbMoL

[ameshkov]

@wk-952 another option would be to send it to devteam@adguard.com

[prolium]

@vozersky It's asking for a valid e-mail address, is that important/necessary ?
Sorry, I didn't use dropbox before.

EDIT:
I'll send a MEGA link to the above-mentioned e-mail address.

[vozersky]

Oh, not sure. You can just go ahead and upload it somewhere comfortable and then send the url to devteam@adguard.com
Or send them directly

[prolium]

All right, I've sent the e-mail with the link to both the minidump and kernel dump files.

[ameshkov]

Regarding issue ID=1

@wk-952

Dump analysis:

1. The issue arises somewhere deep inside NETIO/TCPIP probably due to a corrupted TCP context.
2. The problematic connection belongs to qbittorrent.exe, endpoint 124.183.43.143:256
3. The driver properly handles this connection and issues a command to not filter this connection.

It's hard to say what's causing it but there's no mistake in what's done by the driver.

In theory, the issue could be caused by one of the following:

1. Kaspersky WFP driver
2. Stack size limit might be not big enough as you have two WFP drivers + enabled driver verifier.

Possible solutions:

1. Disable driver verifier and see how it works without it.
   OR
2. Disable Teredo.
   OR
3. Disable AdGuard for qbittorrent.exe (settings -> filtered apps)

[prolium]

• qBittorrent was already removed from filtered apps before this issue occurred, although I have to say, it seems that the crash occurs more frequently when qBittorrent is kept downloading the whole night.
  Why is AdGuard still filtering connections from it ?
  That seems odd!

• Teredo seems to be already disabled, this is what i get from CMD:

> netsh interface teredo show state
Teredo Parameters
---------------------------------------------
Type                    : disabled
Server Name             : win1711.ipv6.microsoft.com.
Client Refresh Interval : 30 seconds
Client Port             : unspecified
State                   : offline
Error                   : none

• Regarding driver verifier, as mentioned here, the issue happened many times before driver verifier was turned on, actually this crash and another one from a faulty LAN driver from Killer Network (already solved now) were both the reason I had to turn on driver verifier.

• Not sure about Kaspersky though, I'm aware that it's very common to have issues with it, but I'm not sure how to verify this. If you have any suggestions please tell me.

I will keep Kaspersky on, but will disable driver verifier along with AdGuard's service for some days, if a crash occurred then it's highly probable a problem in Kaspersky.
Otherwise, I'll keep driver verifier turned off, disable Kaspersky, and leave AdGuard's service tuned on, if a crash occurred then it's definitely a problem in AdGuard.
If none of that worked, then the only reasonable assumption would be that the mix of Kaspersky along with AdGuard is somewhat impossible.

If you have other suggestions or info, please tell me. Thanks for the support.

[Sorrovv]

Since I updated to AdGuard for Windows 6.3 for this issue, the system has crashed with BSODs several times. Even I disabled WFP driver, the system still crashed with BSODs. I try to get the minidump file but I can't find Windows 10 BSOD dmp files and no folder C:\WINDOWS\Minidump exists. The system crashed too often, so I have no choice but to uninstall AdGuard for Windows 6.3 RC. By contrast, AdGuard for Windows 6.2 doesn't cause BSODs.

Platform: Windows 10 version 1803 64-bit
Antivirus software: Kaspersky Internet Security 18.0.0.405(h)
AdGuard version: 6.3.1374.4023 RC

[Sorrovv]

@ameshkov It has been a day and this test build doesn't cause BSODs so far. It seems to me that it really helps to solve this issue. Thank you.

[ameshkov]

@Sorrovv thank you! Fingers crossed, let's see how it goes on monday

[Sorrovv]

@ameshkov It's already Monday. There's no BDOD and everything seems to be OK. Thank you!

[ameshkov]

Awesome, thank you for testing!

[prolium]

I left the PC running since 20/7 with both Kaspersky and AdGuard running, also I let qBittorrent download during the whole period. No BSOD occurred.
Thank you very much.

[skipik]

@ameshkov Этот фикс может влиять на скорость открытия страниц? Просто на предыдущей ночной (1400) всё было довольно быстро, а на 1435 прямо заметно медленнее.

[ameshkov]

@wk-952 thank you!

@skipik в нем изменен порядок слоев в WFP драйвере, что, в теории, влиять на скорость не должно. В инструментах разработчика видно какой именно запрос теперь медленнее работает?

[skipik]

@ameshkov На фейсбуке дольше всех грузится https://www.facebook.com/ajax/bz. Визуально стало заметно, что после обновления AdGuard 1400 -> 1435 все страницы медленнее отрисовываться стали. Если нужно какой-то лог записать\прислать, то дайте знать - сделаю.

[ameshkov]

@skipik нужно два HAR-файла, записанных с релизной версией и с последней найтли.

https://support.zendesk.com/hc/en-us/articles/204410413-Generating-a-HAR-file-for-troubleshooting

[skipik]

@ameshkov Готово, отправил на почту devteam. Могу сказать, что визуально прямо чувствуется, как браузер "задышал", надеюсь, что логи это подтвердят. :)

[ameshkov]

@skipik I was able to reproduce the slowdown issue with KIS18. It seems that it does not work well in this configuration (the only way to make them work together in this nightly is to uncheck "use localhost injections" in the advanced settings).

[ameshkov]

@wk-952 @skipik @Sorrovv

Guys, another nightly that is supposed to address the Kaspersky issue:
https://uploads.adguard.com/Setup_nightnly_6.3.1446.exe

There're some serious changes inside the WFP driver so I am afraid it needs to be tested

[BlagoYar]

Не знаю, виноват ли в этом AdGuard (не особо разбираюсь в минидампах)
http://multi-up.com/1204669

Windows 7 x64
AdGuard 6.3.1339.4073

[ameshkov]

@BlagoYar нет, тут что-то с драйвером файловой системы

fffff880`037326f8 fffff800`033bd4b3 : 00000000`00000019 00000000`00000003 fffff800`0341a940 00000000`00000000 : nt!KeBugCheckEx
fffff880`03732700 fffff800`0335e235 : fffff880`00000000 fffff880`03732890 00000000`00000000 fffff800`00000000 : nt!ExFreePool+0x4fb
fffff880`037327f0 fffff800`032f0f21 : fffffa80`06406c60 00000000`00000000 fffff880`018b9d80 fffffa80`0e8de400 : nt!FsFilterAllocateCompletionStack+0x35
fffff880`03732830 fffff800`032c06d7 : 00000000`00000000 fffff800`00000280 fffffa80`06460030 fffff880`018b9d80 : nt! ?? ::FNODOBFM::`string'+0x22ff1
fffff880`03732860 fffff800`032c04ed : 00000000`00001000 fffff880`03732ba8 fffffa80`03578bb0 fffffa80`00000000 : nt!FsRtlAcquireFileForModWriteEx+0xa3
fffff880`03732b10 fffff800`032c0988 : 00000000`00000000 fffffa80`0e8de4d0 fffffa80`00000000 fffff8a0`032d2018 : nt!MiGatherMappedPages+0x735
fffff880`03732c10 fffff800`03521df6 : fffffa80`03d10660 00000000`00000080 fffffa80`03cedb10 eb026d8d`44000efc : nt!MiMappedPageWriter+0x198
fffff880`03732d00 fffff800`032786e6 : fffff800`03405e80 fffffa80`03d10660 fffffa80`03d10b50 80850fc0`85fffdf9 : nt!PspSystemThreadStartup+0x5a
fffff880`03732d40 00000000`00000000 : fffff880`03733000 fffff880`0372d000 fffff880`03732890 00000000`00000000 : nt!KxStartSystemThread+0x16

[skipik]

@ameshkov It seems that slowdown problem is fixed in this new 1446 build.

[prolium]

The nightly build 6.3.1446 is stable for me, PC was running for almost 2 days with Kaspersky enabled. No BSODs so far.

EDIT: I've upgraded Kaspersky yesterday to 2019, I'll report in 2 days from now if it causes BSOD.

[vadimplSPb]

Ночные версии достаточно ставить поверх предыдущей, или сначала необходим полный деинсталл? (На двух компах примерно месяц сплошные BSOD, направили в эту ветку)

[skipik]

@vadimplSPb Настройки - общие - поменять канал обновлений на Nightly и зайти в "О программе" после этого.

[ameshkov]

@wk-952 awesome, then there's a great chance that we'll include this new driver version in the hotfix update.

Guys, once the issue is confirmed to be resolved, we will clean up the thread (comments will be backed up) and mark issues 1 and 2 as resolved.

[Sorrovv]

I've updated Adguard for Windows to the latest nightly build and upgraded Kaspersky Internet Security to version 2019 four days ago and there's no BDOD so far. Thank you.

[vadimplSPb]

Аналогично, более суток последняя ночная + KIS2018, включая опции WFP-драйвера и фильтрации https. Ни одного BSOD (и на сертификаты сайтов не ругается).
Нехорошо, что техподдержка, фактически, перемещается из официльного ветки форума напрямую к разработчикам. Если уж разработчки напрямую общаются с юзерами (а хорошо ли это?), то пусть это будет в одном месте.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.