Closed wby238 closed 5 years ago
@wby238 do you use cFosSpeed? there is a process spd.exe also do you have any antivirus program installed?
@zzebrum Yes, I use cFosSpeed. The antivirus is HUORONG SECURITY.
@wby238 sorry for the late reply. Try to add AdGuard to exclusions in your antivirus. It seems that the spd.exe is the trick also. Our developers didn't find anything wrong with AdGuard in your minidump.
general BSODs issue: #2246
@zzebrum I will try to add both to exclusions. Since I post this issue, I get another 11 BSODs. I change setting and get a full memory dump. The following info get from that full dump:
Microsoft (R) Windows Debugger Version 10.0.17763.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Summary Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700
Machine Name:
Kernel base = 0xfffff800`04449000 PsLoadedModuleList = 0xfffff800`04683c90
Debug session time: Mon Nov 19 06:01:47.772 2018 (UTC + 8:00)
System Uptime: 3 days 14:00:24.568
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd8018). Type ".hh dbgerr001" for details
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffff80004644c40, 0, fffff80004644c40}
*** ERROR: Module load completed but symbols could not be loaded for adgnetworktdidrv.sys
Probably caused by : Pool_Corruption ( nt!ExFreePool+4fb )
Followup: Pool_corruption
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff80004644c40, the pool entry being checked.
Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
Arg4: fffff80004644c40, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700
SYSTEM_MANUFACTURER: ASUS
SYSTEM_PRODUCT_NAME: All Series
SYSTEM_SKU: All
SYSTEM_VERSION: System Version
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 2204
BIOS_DATE: 05/14/2015
BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
BASEBOARD_PRODUCT: B85-PRO
BASEBOARD_VERSION: Rev X.0x
DUMP_TYPE: 1
BUGCHECK_P1: 3
BUGCHECK_P2: fffff80004644c40
BUGCHECK_P3: 0
BUGCHECK_P4: fffff80004644c40
BUGCHECK_STR: 0x19_3
CPU_COUNT: 8
CPU_MHZ: d40
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 19'00000000 (cache) 19'00000000 (init)
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: spd.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: PC-20160924NCBL
ANALYSIS_SESSION_TIME: 11-24-2018 00:30:45.0578
ANALYSIS_VERSION: 10.0.17763.1 amd64fre
LAST_CONTROL_TRANSFER: from fffff80004625253 to fffff800044dc9a0
STACK_TEXT:
fffff880`09cbeef8 fffff800`04625253 : 00000000`00000019 00000000`00000003 fffff800`04644c40 00000000`00000000 : nt!KeBugCheckEx
fffff880`09cbef00 fffff880`011d956f : 00000000`00000000 fffffa80`5618cbf0 fffff8a0`0a0887a0 fffffa80`00000000 : nt!ExFreePool+0x4fb
fffff880`09cbeff0 fffff880`0600ec9b : fffffa80`00000000 fffffa80`5e5d3b40 fffffa80`5d8cba30 00000000`00000000 : tdx!TdxTdiDispatchCreate+0x10f
fffff880`09cbf090 fffff880`0600f096 : fffffa80`5e5d3c58 00000000`00000240 fffffa80`1b979a30 00000000`00000000 : adgnetworktdidrv+0x1c9b
fffff880`09cbf0c0 fffff880`060192fc : 00000000`00000004 fffffa80`5d8cba60 fffffa80`5e5d3b40 fffffa80`59f382e0 : adgnetworktdidrv+0x2096
fffff880`09cbf0f0 fffff800`04932572 : 00000000`00000004 00000000`00000240 fffffa80`5d8cba60 fffffa80`5d8cbaf8 : adgnetworktdidrv+0xc2fc
fffff880`09cbf120 fffff800`04859e74 : fffffa80`1b979a30 00000000`00000000 fffffa80`1d742700 fffff800`044afb00 : nt!IopParseDevice+0x14e2
fffff880`09cbf280 fffff800`04734756 : 00000000`00000000 fffff880`09cbf400 fffff800`00000240 fffffa80`1882bde0 : nt!ObpLookupObjectName+0x784
fffff880`09cbf380 fffff800`04900ce8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000007ff : nt!ObOpenObjectByName+0x306
fffff880`09cbf450 fffff800`0479086a : fffffa80`5618cbf0 00000000`c0100000 fffff880`09cbf610 00000000`00000000 : nt!IopCreateFile+0xa08
fffff880`09cbf500 fffff880`054e70bc : fffffa80`5618cbf0 00000000`00000000 fffff880`011d1000 fffff880`011e29c3 : nt!IoCreateFile+0x8a
fffff880`09cbf590 fffff880`054de28e : fffffa80`62ab3260 fffffa80`60612010 fffffa80`62ab3260 fffffa80`5e4021e8 : afd! ?? ::GFJBLGFE::`string'+0x464f
fffff880`09cbf6c0 fffff800`04737a1a : fffffa80`60612010 fffff800`044883d1 fffffa80`60612200 00000000`00000003 : afd!AfdSuperConnect+0x2ee
fffff880`09cbf850 fffff800`04903269 : fffffa80`2e8c8e50 fffffa80`2e8c8e50 fffffa80`2e8c8e50 fffff880`04840180 : nt!IopSynchronousServiceTail+0xfa
fffff880`09cbf8c0 fffff800`04795146 : 00000000`00000580 00000000`00000000 00000000`00000000 00000000`032cd358 : nt!IopXxxControlFile+0xc49
fffff880`09cbfa00 fffff800`044ea9d3 : 80000000`00000000 000007fe`f9a27a34 00000000`032cd340 00000000`00002710 : nt!NtDeviceIoControlFile+0x56
fffff880`09cbfa70 00000000`777d991a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0113da78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777d991a
THREAD_SHA1_HASH_MOD_FUNC: 6b7753a4df1dd36c24ec249467f259ddf897501c
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 335eaf46c233ccea53de231b77d4a37dffc5f75c
THREAD_SHA1_HASH_MOD: 959c914bf68be801a4b6cf43cb06e1201b5d47bf
FOLLOWUP_IP:
nt!ExFreePool+4fb
fffff800`04625253 cc int 3
FAULT_INSTR_CODE: d634ccc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExFreePool+4fb
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION: 6.1.7601.24214
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExFreePool+4fb
BUCKET_ID: X64_0x19_3_nt!ExFreePool+4fb
PRIMARY_PROBLEM_CLASS: X64_0x19_3_nt!ExFreePool+4fb
TARGET_TIME: 2018-11-18T22:01:47.000Z
OSBUILD: 7601
OSSERVICEPACK: 1000
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt (Service Pack 1) TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-08-02 10:18:10
BUILDDATESTAMP_STR: 180801-1700
BUILDLAB_STR: win7sp1_ldr_escrow
BUILDOSVER_STR: 6.1.7601.24214.amd64fre.win7sp1_ldr_escrow.180801-1700
ANALYSIS_SESSION_ELAPSED_TIME: c58
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x19_3_nt!exfreepool+4fb
FAILURE_ID_HASH: {508e5570-3f70-aa7e-0a8b-e9a016213682}
Followup: Pool_corruption
---------
If you need that full memory dump, I can upload it. Its original size is 2.69GB.
adgnetworktdidrv.sys cause bluescreen many times. after I update to latest, it cause bluescreen per 1 hour
Your environment
64bit Windows 7 Ultimate with SP1 adgnetworktdidrv.sys version: 6.3.30.0 adguard version: 6.4.1814.4903
windbg output
minidump file
Minidump.zip