adgnetworktdidrv.sys cause BAD_POOL_HEADER blue screen

[wby238]

adgnetworktdidrv.sys cause bluescreen many times. after I update to latest, it cause bluescreen per 1 hour

Your environment

64bit Windows 7 Ultimate with SP1 adgnetworktdidrv.sys version: 6.3.30.0 adguard version: 6.4.1814.4903

windbg output

Loading Dump File [C:\Windows\Minidump\110718-11965-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700
Machine Name:
Kernel base = 0xfffff800`0445f000 PsLoadedModuleList = 0xfffff800`04699c90
Debug session time: Wed Nov  7 22:01:00.536 2018 (UTC + 8:00)
System Uptime: 0 days 0:53:45.333
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
........................................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff8000465ac40, 0, fffff8000465ac40}

*** WARNING: Unable to verify timestamp for adgnetworktdidrv.sys
*** ERROR: Module load completed but symbols could not be loaded for adgnetworktdidrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+4fb )

Followup:     Pool_corruption
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff8000465ac40, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff8000465ac40, the read back blink freelist value (should be the same as 2).

Debugging Details:
------------------

KEY_VALUES_STRING: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING:  7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

SYSTEM_MANUFACTURER:  ASUS

SYSTEM_PRODUCT_NAME:  All Series

SYSTEM_SKU:  All

SYSTEM_VERSION:  System Version

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  2204

BIOS_DATE:  05/14/2015

BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT:  B85-PRO

BASEBOARD_VERSION:  Rev X.0x

DUMP_TYPE:  2

BUGCHECK_P1: 3

BUGCHECK_P2: fffff8000465ac40

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8000465ac40

BUGCHECK_STR:  0x19_3

CPU_COUNT: 8

CPU_MHZ: d40

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 19'00000000 (cache) 19'00000000 (init)

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  spd.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  PC-20160924NCBL

ANALYSIS_SESSION_TIME:  11-07-2018 22:14:42.0424

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8000463b253 to fffff800044f29a0

STACK_TEXT:  
fffff880`0a091dd8 fffff800`0463b253 : 00000000`00000019 00000000`00000003 fffff800`0465ac40 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a091de0 fffff880`0549256f : 00000000`00000000 fffffa80`1fc44210 fffff980`45878fb8 00000000`00000000 : nt!ExFreePool+0x4fb
fffff880`0a091ed0 fffff800`04975d56 : fffff980`00000000 00000000`00000002 00000000`00000020 fffffa80`19266f30 : tdx!TdxTdiDispatchCreate+0x10f
fffff880`0a091f70 fffff880`054adc9b : fffff980`45878f70 fffffa80`1fc44210 fffffa80`1b17ad60 fffffa80`2058c110 : nt!IovCallDriver+0x566
fffff880`0a091fd0 fffff980`45878f70 : fffffa80`1fc44210 fffffa80`1b17ad60 fffffa80`2058c110 fffff980`45878ea0 : adgnetworktdidrv+0x1c9b
fffff880`0a091fd8 fffffa80`1fc44210 : fffffa80`1b17ad60 fffffa80`2058c110 fffff980`45878ea0 fffff880`054ae096 : 0xfffff980`45878f70
fffff880`0a091fe0 fffffa80`1b17ad60 : fffffa80`2058c110 fffff980`45878ea0 fffff880`054ae096 fffff980`45878fb8 : 0xfffffa80`1fc44210
fffff880`0a091fe8 fffffa80`2058c110 : fffff980`45878ea0 fffff880`054ae096 fffff980`45878fb8 00000000`00000002 : 0xfffffa80`1b17ad60
fffff880`0a091ff0 fffff980`45878ea0 : fffff880`054ae096 fffff980`45878fb8 00000000`00000002 fffffa80`1b17ad60 : 0xfffffa80`2058c110
fffff880`0a091ff8 fffff880`054ae096 : fffff980`45878fb8 00000000`00000002 fffffa80`1b17ad60 fffff800`04948572 : 0xfffff980`45878ea0
fffff880`0a092000 fffff980`45878fb8 : 00000000`00000002 fffffa80`1b17ad60 fffff800`04948572 fffffa80`20c52730 : adgnetworktdidrv+0x2096
fffff880`0a092008 00000000`00000002 : fffffa80`1b17ad60 fffff800`04948572 fffffa80`20c52730 fffff880`054b82fc : 0xfffff980`45878fb8
fffff880`0a092010 fffffa80`1b17ad60 : fffff800`04948572 fffffa80`20c52730 fffff880`054b82fc fffff980`45878ea0 : 0x2
fffff880`0a092018 fffff800`04948572 : fffffa80`20c52730 fffff880`054b82fc fffff980`45878ea0 fffffa80`1b194a10 : 0xfffffa80`1b17ad60
fffff880`0a092020 fffff800`047c50a4 : 00000000`00000001 fffffa80`2202dcc8 fffff8a0`0000e9b8 00000000`000a0008 : nt!IopParseDevice+0x14e2
fffff880`0a092180 00000000`00000000 : fffffa80`2202db10 00000000`0012019f 00000000`00000000 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x8ea4

THREAD_SHA1_HASH_MOD_FUNC:  8b4ef3d1b01f3a0ba5bc55a560c625cce99894cd

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  d0936883b60dddcfc450d9316bf5f342707af700

THREAD_SHA1_HASH_MOD:  208c189ba8193ae126b0a2b3d2e20b00752089c6

FOLLOWUP_IP: 
nt!ExFreePool+4fb
fffff800`0463b253 cc              int     3

FAULT_INSTR_CODE:  d634ccc

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExFreePool+4fb

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  6.1.7601.24214

MODULE_NAME: Pool_Corruption

STACK_COMMAND:  .thread ; .cxr ; kb

FAILURE_BUCKET_ID:  X64_0x19_3_nt!ExFreePool+4fb

BUCKET_ID:  X64_0x19_3_nt!ExFreePool+4fb

PRIMARY_PROBLEM_CLASS:  X64_0x19_3_nt!ExFreePool+4fb

TARGET_TIME:  2018-11-07T14:01:00.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-08-02 10:18:10

BUILDDATESTAMP_STR:  180801-1700

BUILDLAB_STR:  win7sp1_ldr_escrow

BUILDOSVER_STR:  6.1.7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

ANALYSIS_SESSION_ELAPSED_TIME:  3d4

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x19_3_nt!exfreepool+4fb

FAILURE_ID_HASH:  {508e5570-3f70-aa7e-0a8b-e9a016213682}

Followup:     Pool_corruption
---------

minidump file

Minidump.zip

[zzebrum]

@wby238 do you use cFosSpeed? there is a process spd.exe also do you have any antivirus program installed?

[wby238]

@zzebrum Yes, I use cFosSpeed. The antivirus is HUORONG SECURITY.

[zzebrum]

@wby238 sorry for the late reply. Try to add AdGuard to exclusions in your antivirus. It seems that the spd.exe is the trick also. Our developers didn't find anything wrong with AdGuard in your minidump.

general BSODs issue: #2246

[weiby3]

@zzebrum I will try to add both to exclusions. Since I post this issue, I get another 11 BSODs. I change setting and get a full memory dump. The following info get from that full dump:

Microsoft (R) Windows Debugger Version 10.0.17763.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700
Machine Name:
Kernel base = 0xfffff800`04449000 PsLoadedModuleList = 0xfffff800`04683c90
Debug session time: Mon Nov 19 06:01:47.772 2018 (UTC + 8:00)
System Uptime: 3 days 14:00:24.568
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018).  Type ".hh dbgerr001" for details
Loading unloaded module list
.............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {3, fffff80004644c40, 0, fffff80004644c40}

*** ERROR: Module load completed but symbols could not be loaded for adgnetworktdidrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+4fb )

Followup:     Pool_corruption
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff80004644c40, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff80004644c40, the read back blink freelist value (should be the same as 2).

Debugging Details:
------------------

KEY_VALUES_STRING: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

SYSTEM_MANUFACTURER:  ASUS

SYSTEM_PRODUCT_NAME:  All Series

SYSTEM_SKU:  All

SYSTEM_VERSION:  System Version

BIOS_VENDOR:  American Megatrends Inc.

BIOS_VERSION:  2204

BIOS_DATE:  05/14/2015

BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.

BASEBOARD_PRODUCT:  B85-PRO

BASEBOARD_VERSION:  Rev X.0x

DUMP_TYPE:  1

BUGCHECK_P1: 3

BUGCHECK_P2: fffff80004644c40

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80004644c40

BUGCHECK_STR:  0x19_3

CPU_COUNT: 8

CPU_MHZ: d40

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 19'00000000 (cache) 19'00000000 (init)

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  spd.exe

CURRENT_IRQL:  2

ANALYSIS_SESSION_HOST:  PC-20160924NCBL

ANALYSIS_SESSION_TIME:  11-24-2018 00:30:45.0578

ANALYSIS_VERSION: 10.0.17763.1 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80004625253 to fffff800044dc9a0

STACK_TEXT:  
fffff880`09cbeef8 fffff800`04625253 : 00000000`00000019 00000000`00000003 fffff800`04644c40 00000000`00000000 : nt!KeBugCheckEx
fffff880`09cbef00 fffff880`011d956f : 00000000`00000000 fffffa80`5618cbf0 fffff8a0`0a0887a0 fffffa80`00000000 : nt!ExFreePool+0x4fb
fffff880`09cbeff0 fffff880`0600ec9b : fffffa80`00000000 fffffa80`5e5d3b40 fffffa80`5d8cba30 00000000`00000000 : tdx!TdxTdiDispatchCreate+0x10f
fffff880`09cbf090 fffff880`0600f096 : fffffa80`5e5d3c58 00000000`00000240 fffffa80`1b979a30 00000000`00000000 : adgnetworktdidrv+0x1c9b
fffff880`09cbf0c0 fffff880`060192fc : 00000000`00000004 fffffa80`5d8cba60 fffffa80`5e5d3b40 fffffa80`59f382e0 : adgnetworktdidrv+0x2096
fffff880`09cbf0f0 fffff800`04932572 : 00000000`00000004 00000000`00000240 fffffa80`5d8cba60 fffffa80`5d8cbaf8 : adgnetworktdidrv+0xc2fc
fffff880`09cbf120 fffff800`04859e74 : fffffa80`1b979a30 00000000`00000000 fffffa80`1d742700 fffff800`044afb00 : nt!IopParseDevice+0x14e2
fffff880`09cbf280 fffff800`04734756 : 00000000`00000000 fffff880`09cbf400 fffff800`00000240 fffffa80`1882bde0 : nt!ObpLookupObjectName+0x784
fffff880`09cbf380 fffff800`04900ce8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000007ff : nt!ObOpenObjectByName+0x306
fffff880`09cbf450 fffff800`0479086a : fffffa80`5618cbf0 00000000`c0100000 fffff880`09cbf610 00000000`00000000 : nt!IopCreateFile+0xa08
fffff880`09cbf500 fffff880`054e70bc : fffffa80`5618cbf0 00000000`00000000 fffff880`011d1000 fffff880`011e29c3 : nt!IoCreateFile+0x8a
fffff880`09cbf590 fffff880`054de28e : fffffa80`62ab3260 fffffa80`60612010 fffffa80`62ab3260 fffffa80`5e4021e8 : afd! ?? ::GFJBLGFE::`string'+0x464f
fffff880`09cbf6c0 fffff800`04737a1a : fffffa80`60612010 fffff800`044883d1 fffffa80`60612200 00000000`00000003 : afd!AfdSuperConnect+0x2ee
fffff880`09cbf850 fffff800`04903269 : fffffa80`2e8c8e50 fffffa80`2e8c8e50 fffffa80`2e8c8e50 fffff880`04840180 : nt!IopSynchronousServiceTail+0xfa
fffff880`09cbf8c0 fffff800`04795146 : 00000000`00000580 00000000`00000000 00000000`00000000 00000000`032cd358 : nt!IopXxxControlFile+0xc49
fffff880`09cbfa00 fffff800`044ea9d3 : 80000000`00000000 000007fe`f9a27a34 00000000`032cd340 00000000`00002710 : nt!NtDeviceIoControlFile+0x56
fffff880`09cbfa70 00000000`777d991a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0113da78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777d991a

THREAD_SHA1_HASH_MOD_FUNC:  6b7753a4df1dd36c24ec249467f259ddf897501c

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  335eaf46c233ccea53de231b77d4a37dffc5f75c

THREAD_SHA1_HASH_MOD:  959c914bf68be801a4b6cf43cb06e1201b5d47bf

FOLLOWUP_IP: 
nt!ExFreePool+4fb
fffff800`04625253 cc              int     3

FAULT_INSTR_CODE:  d634ccc

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExFreePool+4fb

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  6.1.7601.24214

MODULE_NAME: Pool_Corruption

STACK_COMMAND:  .thread ; .cxr ; kb

FAILURE_BUCKET_ID:  X64_0x19_3_nt!ExFreePool+4fb

BUCKET_ID:  X64_0x19_3_nt!ExFreePool+4fb

PRIMARY_PROBLEM_CLASS:  X64_0x19_3_nt!ExFreePool+4fb

TARGET_TIME:  2018-11-18T22:01:47.000Z

OSBUILD:  7601

OSSERVICEPACK:  1000

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 7

OSEDITION:  Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2018-08-02 10:18:10

BUILDDATESTAMP_STR:  180801-1700

BUILDLAB_STR:  win7sp1_ldr_escrow

BUILDOSVER_STR:  6.1.7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700

ANALYSIS_SESSION_ELAPSED_TIME:  c58

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x19_3_nt!exfreepool+4fb

FAILURE_ID_HASH:  {508e5570-3f70-aa7e-0a8b-e9a016213682}

Followup:     Pool_corruption
---------

If you need that full memory dump, I can upload it. Its original size is 2.69GB.