qBittorrent crashes the Windows after a while

[AoiRei]

Bug report

Checklist

• [x] I have read the issue reporting section in the contributing guidelines, so I know how to submit a good bug report with the required information
• [x] I have verified that the issue is not fixed and is reproducible in the latest version
• [x] (optional but recommended) I have verified that the issue is not fixed and is reproducible in the latest CI build
• [x] I have checked the frequent/common issues list and searched the issue tracker for similar bug reports (including closed ones) to avoid posting a duplicate
• [x] This report is not a support request or question, both of which are better suited for either the discussions section, forum, or subreddit. The wiki did not contain a suitable solution either
• [x] I have pasted/attached the settings file and relevant log(s) in the Attachments section at the bottom of the report. Mandatory: the settings file and at least the most recent log. See this wiki page if you're not sure where to find them.

Description

qBittorrent info and operating system(s)

• qBittorrent version: 4.3.8 64 bit
• Operating system(s) where the issue occurs: Win 10 Pro Version 10.0.19042 Build 19042

What is the problem

Crashes, ends with BSOD

Detailed steps to reproduce the problem

1. Let the program running for a while with torrents being downloaded.
2. -> Crash

What is the expected behavior

Not to crash

Extra info (if any)

I am experiencing this behaviour for some while already, old versions included (probably starting with 4.3.1)

Attachments

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 4327

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 6622

Key  : Analysis.Init.CPU.mSec
Value: 1734

Key  : Analysis.Init.Elapsed.mSec
Value: 57739

Key  : Analysis.Memory.CommitPeak.Mb
Value: 85

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key  : WER.OS.Version
Value: 10.0.19041.1

BUGCHECK_CODE: 1e

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff8074da97203

BUGCHECK_P3: ffffbd8ef614e658

BUGCHECK_P4: ffffc2801def7920

WRITE_ADDRESS: ffffc2801def7920

EXCEPTION_PARAMETER1: ffffbd8ef614e658

EXCEPTION_PARAMETER2: ffffc2801def7920

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: qbittorrent.exe

TRAP_FRAME: 9c8948000000b824 -- (.trap 0x9c8948000000b824) Unable to read trap frame at 9c894800`0000b824

STACK_TEXT:  
ffffc280`1def70a8 fffff807`49f0f7ef     : 00000000`0000001e ffffffff`c0000005 fffff807`4da97203 ffffbd8e`f614e658 : nt!KeBugCheckEx
ffffc280`1def70b0 fffff807`49e10aa6     : ffffc280`1def7920 fffff807`49d40575 ffffbd8e`f614e890 fffff807`4da97203 : nt!KiFatalFilter+0x1f
ffffc280`1def70f0 fffff807`49dccd8f     : fffff807`00000002 fffff807`49ad3ce0 ffffbd8e`f6149000 ffffbd8e`f6150000 : nt!KeExpandKernelStackAndCalloutInternal$filt$0+0x16
ffffc280`1def7130 fffff807`49e0008f     : fffff807`49ad3ce0 ffffc280`1def7710 fffff807`49dcccf0 00000000`00000000 : nt!_C_specific_handler+0x9f
ffffc280`1def71a0 fffff807`49ce6dd7     : ffffc280`1def7710 00000000`00000000 ffffbd8e`f614f120 fffff807`49cf8458 : nt!RtlpExecuteHandlerForException+0xf
ffffc280`1def71d0 fffff807`49ce59c6     : ffffbd8e`f614e658 ffffc280`1def7e20 ffffbd8e`f614e658 c3ef39ac`daf9e6bc : nt!RtlDispatchException+0x297
ffffc280`1def78f0 fffff807`49df8062     : 9c8948eb`8b4cffdf 9c894800`00008024 9c894800`0000b824 9c894800`0000d824 : nt!KiDispatchException+0x186
ffffc280`1def7fb0 fffff807`49df8030     : fffff807`49e092a5 0000f160`0abb0004 00000000`00000000 fffff807`4dd59230 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffffbd8e`f614e518 fffff807`49e092a5     : 0000f160`0abb0004 00000000`00000000 fffff807`4dd59230 ffff8207`51ce3200 : nt!KiExceptionDispatchOnExceptionStackContinue
ffffbd8e`f614e520 fffff807`49e04fe0     : fffff807`4dd59230 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x125
ffffbd8e`f614e700 fffff807`4da97203     : ffff8207`6c6150c0 00000000`00000000 ffffbd8e`f614e939 fffff807`4db90d9f : nt!KiGeneralProtectionFault+0x320
ffffbd8e`f614e890 fffff807`4da9710f     : 00000000`00000500 ffff8207`51b77ec0 ffff8207`51c508e0 ffff8207`51b77d00 : NETIO!FsbpScavengePool+0x8b
ffffbd8e`f614e8d0 fffff807`4db96b3b     : 00000001`00000004 ffff8207`5a5fe300 00000000`00000800 ffff8207`51c508e0 : NETIO!FsbAllocate+0x13f
ffffbd8e`f614e910 fffff807`4dba446e     : 00000000`00000000 00000000`00000800 ffff8207`6782cce4 ffff8207`51ce3200 : tcpip!IppAllocatePathUnderLock+0x3b
ffffbd8e`f614e9a0 fffff807`4dba49c8     : 00000001`00000842 ffff2fb3`2a53cb6e 00000000`00000000 ffff8207`51ce3040 : tcpip!IppFindOrCreatePath+0xc5e
ffffbd8e`f614ec40 fffff807`4dba47bc     : 00000000`00000000 ffff8207`51ce3200 ffff8207`6782cce4 ffff8207`6782cce4 : tcpip!IppJoinPath+0x1f8
ffffbd8e`f614ed50 fffff807`4db81783     : ffff8207`51ce3200 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IpNlpJoinPath+0xc
ffffbd8e`f614ed80 fffff807`4db81235     : ffff8207`6782ca01 fffff807`4db81220 ffffbd8e`f614f200 ffffbd8e`f614f200 : tcpip!UdpSendMessages+0x533
ffffbd8e`f614f0f0 fffff807`49cf8458     : ffffbd8e`f614f350 ffff8207`6d2148c0 fffff807`00000000 00000000`00000006 : tcpip!UdpTlProviderSendMessagesCalloutRoutine+0x15
ffffbd8e`f614f120 fffff807`49cf83cd     : fffff807`4db81220 ffffbd8e`f614f200 00000000`00000000 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffbd8e`f614f190 fffff807`4dbd553b     : 00000000`00000000 00000000`00000000 00000000`00000000 fffff807`60e64b30 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffbd8e`f614f1d0 fffff807`60e80899     : ffffbd8e`f614f540 ffffbd8e`f614fa80 ffff8207`6782ca20 ffffbd8e`f614fa80 : tcpip!UdpTlProviderSendMessages+0x7b
ffffbd8e`f614f250 fffff807`60e64a25     : 000fa4ef`bd9bbfff 87000003`00000001 ffff8207`00000000 ffffbd8e`f614f868 : afd!AfdFastDatagramSend+0x659
ffffbd8e`f614f440 fffff807`4a074b22     : 00000000`00000000 00000000`00012023 ffffbd8e`f614fa80 ffff8207`5cb12540 : afd!AfdFastIoDeviceControl+0x1825
ffffbd8e`f614f7e0 fffff807`4a074786     : 00000001`00000000 00000000`00000494 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x382
ffffbd8e`f614f920 fffff807`49e08bb5     : ffff8207`661770c0 00000016`28dff6d8 ffffbd8e`f614f9a8 ffffffff`fffdc646 : nt!NtDeviceIoControlFile+0x56
ffffbd8e`f614f990 00007ff9`256acf04     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000016`28dfe538 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`256acf04

SYMBOL_NAME: NETIO!FsbpScavengePool+8b

MODULE_NAME: NETIO

IMAGE_NAME: NETIO.SYS

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 8b

FAILURE_BUCKET_ID: 0x1E_c0000005_NETIO!FsbpScavengePool

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {4c83554c-3d7a-5a92-df5c-dfa96cf22b90}

Followup: MachineOwner

[mickrussom]

Im getting the same issue without BSOD.

4.3.8 crashes after a short while while downloading torrents. Even one at a time. Even with speed limits on downloads in place. Simply pausing the torrent stops this. While all torrents are paused it is possible to do searches, even searched with lots of results.

Description Faulting Application Path: C:\Program Files\qBittorrent\qbittorrent.exe

Problem signature Problem Event Name: BEX Application Name: qbittorrent.exe Application Version: 4.3.8.0 Application Timestamp: 612ad07e Fault Module Name: qbittorrent.exe Fault Module Version: 4.3.8.0 Fault Module Timestamp: 612ad07e Exception Offset: 00903a28 Exception Code: c0000409 Exception Data: 00000007 OS Version: 10.0.19043.2.0.0.256.4 Locale ID: 1033 Additional Information 1: 7635 Additional Information 2: 76351f1d464cde86f8899fa20da2657c Additional Information 3: 7639 Additional Information 4: 76399dd48fe659ddde7667fbdf4cde9f

Extra information about the problem Bucket ID: 111b64656a0d89200577013d8f698865 (1546706360935745637) .

[Snowknight26]

Likewise. Seeing this too but I can't be 100% certain that qBittorrent is the cause. Starting with roughly 4.3.1, qBittorrent randomly crashes (typically 0xc0000005 errors) or causes BSODs (usually netio.sys, afd.sys, ndis.sys) that all point to network-subsystem-related issues. Almost seems like after enough time and enough connections, some kind of resource exhaustion occurs and either qBittorrent crashes or the underlying OS does.

For example, here's an application crash (only relevant part is copy/pasted from WinDBG):

CONTEXT:  (.ecxr)
rax=000002b071d99fa0 rbx=0000000000000000 rcx=0000000000000000
rdx=000002b00cd46d01 rsi=000002b071d99fa0 rdi=000002b06032e918
rip=00007ff67577532d rsp=000000b7a83ff750 rbp=00000000000000b9
 r8=00000000000000b9  r9=00007ff6756eff28 r10=0000000000000004
r11=000000b7a83ff810 r12=000002b00cd46d90 r13=0000000000000000
r14=0000000000000000 r15=000002b06ea1b560
iopl=0         nv up ei ng nz na po cy
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010287
qbittorrent!std::unique_ptr<libtorrent::packet,libtorrent::packet_deleter>::get [inlined in qbittorrent!libtorrent::utp_stream::read_some+0xbd]:
00007ff6`7577532d 4c8b33          mov     r14,qword ptr [rbx] ds:00000000`00000000=????????????????
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff67577532d (qbittorrent!std::unique_ptr<libtorrent::packet,libtorrent::packet_deleter>::get)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000

PROCESS_NAME:  qbittorrent.exe

READ_ADDRESS:  0000000000000000 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000000

STACK_TEXT:  
000000b7`a83ff750 00007ff6`756effda     : ffffffff`fffffffe 000000b7`a83ff8f0 00000000`000000b9 00000000`00000068 : qbittorrent!libtorrent::utp_stream::read_some+0xbd
000000b7`a83ff7f0 00007ff6`756eb8d6     : 000000b7`a83ff8e9 00000000`00000068 00000000`00000000 00000000`00000068 : qbittorrent!libtorrent::aux::socket_type::read_some<boost::asio::mutable_buffers_1>+0x14a
000000b7`a83ff840 00007ff6`756faeff     : 000002b0`6dd385e8 000002b0`555a0000 00000000`00000000 00000000`00000000 : qbittorrent!libtorrent::peer_connection::on_receive_data+0x386
000000b7`a83ff950 00007ff6`7577a4a0     : 000002b0`2029db68 00007ff6`00000000 00000000`00000000 00000000`00000246 : qbittorrent!libtorrent::aux::allocating_handler<std::_Binder<std::_Unforced,void (__cdecl libtorrent::peer_connection::*)(boost::system::error_code const &,unsigned __int64),std::shared_ptr<libtorrent::peer_connection> &,std::_Ph<1> const &,std::_Ph<2> const &>,400>::operator()<boost::system::error_code &,unsigned __int64 &>+0x3f
000000b7`a83ff9c0 00007ff6`7577a377     : 000002b0`8eaa46c0 000000b7`a83ffa50 000000b7`a83ffc30 00000000`00000000 : qbittorrent!boost::asio::asio_handler_invoke<std::_Binder<void,std::function<void __cdecl(boost::system::error_code const &,unsigned __int64)>,boost::system::error_code const &,unsigned __int64 const &> >+0x40
000000b7`a83ffa00 00007ff6`7563a271     : 000002b0`556408c0 00000000`00000001 000000b7`a83ffb89 00000000`00000001 : qbittorrent!boost::asio::detail::completion_handler<std::_Binder<void,std::function<void __cdecl(boost::system::error_code const &,unsigned __int64)>,boost::system::error_code const &,unsigned __int64 const &>,boost::asio::io_context::basic_executor_type<std::allocator<void>,0> >::do_complete+0x117
000000b7`a83ffaf0 00007ff6`75639d6f     : 00000000`00000000 000000b7`00000000 00000000`0aa18ebd 000000b7`a83ffc98 : qbittorrent!boost::asio::detail::win_iocp_io_context::do_one+0x371
000000b7`a83ffbf0 00007ff6`7563bee6     : 00000000`00000000 000002b0`5768eca0 00000004`00000004 000002b0`55699850 : qbittorrent!boost::asio::detail::win_iocp_io_context::run+0xff
000000b7`a83ffc70 00007ff6`75638f92     : 000002b0`576766b0 00000000`00000000 00000ffe`ceac71f0 00010000`00000000 : qbittorrent!std::_LaunchPad<std::unique_ptr<std::tuple<<lambda_4a9f6a85d26148d4057aea41ac3e4854> >,std::default_delete<std::tuple<<lambda_4a9f6a85d26148d4057aea41ac3e4854> > > > >::_Go+0x56
000000b7`a83ffcc0 00007ff6`760422f0     : 000002b0`576766b0 00000000`00000000 00000000`00000000 00000000`00000000 : qbittorrent!std::_Pad::_Call_func+0x12
000000b7`a83ffcf0 00007ff8`c2dc7034     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : qbittorrent!thread_start<unsigned int (__cdecl*)(void * __ptr64)>+0x50
000000b7`a83ffd20 00007ff8`c40a2651     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
000000b7`a83ffd50 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

FAULTING_SOURCE_LINE:  g:\qbittorrent\libtorrent\src\utp_stream.cpp

FAULTING_SOURCE_FILE:  g:\qbittorrent\libtorrent\src\utp_stream.cpp

FAULTING_SOURCE_LINE_NUMBER:  1035

FAULTING_SOURCE_CODE:  
No source found for 'c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\memory'

SYMBOL_NAME:  qbittorrent!libtorrent::utp_stream::read_some+bd

MODULE_NAME: qbittorrent

IMAGE_NAME:  qbittorrent.exe

STACK_COMMAND:  ~4s ; .ecxr ; kb

FAILURE_BUCKET_ID:  NULL_POINTER_READ_c0000005_qbittorrent.exe!libtorrent::utp_stream::read_some

qbittorrent!libtorrent::utp_stream::read_some - looks like the crash happened when reading a network socket.

And then a BSOD mentioning qbittorrent.exe, once again network-related:

BUGCHECK_CODE:  d1

BUGCHECK_P1: 858

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff80218f05389

READ_ADDRESS:  0000000000000858 

[...]

PROCESS_NAME:  qbittorrent.exe

TRAP_FRAME:  ffffe10e6bf95a70 -- (.trap 0xffffe10e6bf95a70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000600 rbx=0000000000000000 rcx=0000000000000006
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80218f05389 rsp=ffffe10e6bf95c00 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000000 r10=fffff80218f05310
r11=ffffbb7a4c400000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
NDIS!NdisFreeNetBufferList+0x79:
fffff802`18f05389 80bfd800000000  cmp     byte ptr [rdi+0D8h],0 ds:00000000`000000d8=??
Resetting default scope

STACK_TEXT:  
ffffe10e`6bf95928 fffff802`13c09169     : 00000000`0000000a 00000000`00000858 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffffe10e`6bf95930 fffff802`13c05469     : ffffe10e`6bf95b80 fffff802`1a503468 00000000`00000028 00000000`00000014 : nt!KiBugCheckDispatch+0x69
ffffe10e`6bf95a70 fffff802`18f05389     : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`13a0e1f4 : nt!KiPageFault+0x469
ffffe10e`6bf95c00 fffff802`18e78e40     : ffffbb8c`d25f3760 00000000`00000000 ffffbb8c`d25f38e0 00000000`00000000 : NDIS!NdisFreeNetBufferList+0x79
ffffe10e`6bf95c40 fffff802`1a52687b     : fffff802`1a50ed20 ffffbb8c`d02cbc30 00000000`00000000 00000000`00000001 : NETIO!NetioFreeNetBufferAndNetBufferList+0x10
ffffe10e`6bf95c70 fffff802`18e65b63     : 00000000`00000000 00000000`00000001 00000000`00000001 00000000`00000000 : tcpip!TcpSendDatagramsComplete+0xbb
ffffe10e`6bf95cb0 fffff802`1a501b32     : 00000000`00000000 00000000`00989601 ffffbb8c`d25f3760 00000000`00000001 : NETIO!NetioDereferenceNetBufferListChain+0x103
ffffe10e`6bf95d30 fffff802`1a50010e     : ffffbb8c`b36a9160 00000000`000070c2 00000000`00000006 ffffe10e`6bf95e00 : tcpip!TcpReceive+0x442
ffffe10e`6bf95e20 fffff802`1a4eeb87     : 00000000`00000006 00000000`00000001 ffffe10e`6bf95e80 ffffe10e`6bf95f10 : tcpip!TcpNlClientReceivePreValidatedDatagrams+0x2e
ffffe10e`6bf95e60 fffff802`1a4ee948     : 00000000`00000006 00000000`00000000 00000000`00000000 ffffbb8c`b30ff9a0 : tcpip!IppLbIndicatePackets+0x127
ffffe10e`6bf95f10 fffff802`13bfaa9e     : ffffbb8c`b36a86b0 ffffe10e`6bf95fd0 ffffbb8c`d3d78080 ffffe10e`707015d0 : tcpip!IppLbTransmitStackCallout+0x2a8
ffffe10e`6bf95f80 fffff802`13bfaa5c     : ffffe10e`6bf95fd0 ffffbb8c`d3d78080 ffffe10e`6bf96000 fffff802`13af87bd : nt!KxSwitchKernelStackCallout+0x2e
ffffe10e`707015d0 fffff802`13af87bd     : ffffe10e`6bf95fd0 ffffbb8c`d3d78080 ffffe10e`7070161a 00000000`00000000 : nt!KiSwitchKernelStackContinue
ffffe10e`707015f0 fffff802`13af85b2     : fffff802`1a4ee6a0 ffffe10e`70701860 ffffe10e`00000002 fffff802`00000002 : nt!KiExpandKernelStackAndCalloutOnStackSegment+0x19d
ffffe10e`70701690 fffff802`13af8413     : ffffe10e`707018b0 ffffbb8c`b36a86b0 ffffbb8c`00000002 00000000`00000000 : nt!KiExpandKernelStackAndCalloutSwitchStack+0xf2
ffffe10e`70701700 fffff802`13af83cd     : fffff802`1a4ee6a0 ffffe10e`70701860 ffffbb8c`b30ff9a0 ffffbb8c`c7df97a0 : nt!KeExpandKernelStackAndCalloutInternal+0x33
ffffe10e`70701770 fffff802`1a4ef7c9     : ffffbb8c`b367c8e8 ffffbb8c`b30ff9a0 00000000`00000000 ffffe10e`70701ae0 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffe10e`707017b0 fffff802`1a543fc7     : 00000000`00000007 ffffbb8c`b367c8e8 ffffbb8c`b3752040 ffffe10e`70701b10 : tcpip!IppLoopbackEnqueue+0x729
ffffe10e`70701a10 fffff802`1a56eeaa     : 00000000`00000000 ffffe10e`00000014 ffffbb8c`b3741910 00000000`0000e900 : tcpip!IpNlpFastContinueSendLoopbackDatagrams+0x737
ffffe10e`70701b50 fffff802`1a4e9d09     : 00000000`00000001 00000000`00000000 fffff802`1a6a9230 ffffbb8c`d0dc7010 : tcpip!IppSendDatagramsCommon+0x8412a
ffffe10e`70701cd0 fffff802`1a4b8404     : ffffbb8c`c5df8040 00000001`00000014 00000000`00000000 ffffbb8c`d0dc7010 : tcpip!IpNlpFastSendDatagram+0x349
ffffe10e`70701d90 fffff802`1a4b6734     : ffffbb8c`b3699990 00000000`00989680 ffffbb8c`d15a4a20 00000139`bc8e0dca : tcpip!TcpTcbSend+0x1754
ffffe10e`70702120 fffff802`1a4b639e     : 00000000`00000000 00000000`00000000 ffffe10e`70702380 fffff802`1a4b6370 : tcpip!TcpEnqueueTcbSend+0x374
ffffe10e`70702260 fffff802`13af8458     : ffffbb8c`d0ce2101 00000000`00000000 00000000`00000000 00000000`00000001 : tcpip!TcpTlConnectionSendCalloutRoutine+0x2e
ffffe10e`707022a0 fffff802`13af83cd     : fffff802`1a4b6370 ffffe10e`70702380 ffffbb8c`d1e69740 ffffbb8c`c9f4ea20 : nt!KeExpandKernelStackAndCalloutInternal+0x78
ffffe10e`70702310 fffff802`1a524f90     : 00000000`00000000 00000000`00000000 ffffbb8c`c9f4ea20 ffffe10e`70702b80 : nt!KeExpandKernelStackAndCalloutEx+0x1d
ffffe10e`70702350 fffff802`2594f0cf     : ffffbb8c`d1e69740 ffffbb8c`d0ce2130 00000000`00000001 ffffbb8c`d1e69740 : tcpip!TcpTlConnectionSend+0x80
ffffe10e`707023c0 fffff802`2594eefa     : ffffbb8c`d0ce2130 ffffe10e`70702b80 ffffbb8c`c3cf6060 ffffbb8c`d1e69800 : afd!AfdTLStartBufferedVcSend+0x9f
ffffe10e`70702470 fffff802`25934190     : ffffbb8c`d1e69740 ffffbb8c`f8d87a48 00000000`00000001 ffffe10e`70702968 : afd!AfdFastConnectionSend+0x2a2
ffffe10e`70702540 fffff802`13e74992     : 00000000`00000000 00000000`0001201f ffffe10e`70702b80 ffffbb8c`d3ca8a10 : afd!AfdFastIoDeviceControl+0xf90
ffffe10e`707028e0 fffff802`13e745f6     : 00000000`00000000 00000000`00000458 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x382
ffffe10e`70702a20 fffff802`13c08bb8     : ffffbb8c`d3d78080 ffffe10e`70702b80 000000e3`8bbfe4c8 ffffcb81`61b12180 : nt!NtDeviceIoControlFile+0x56
ffffe10e`70702a90 00007ff9`6ed6ce54     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000e3`8bbfe328 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`6ed6ce54

SYMBOL_NAME:  NETIO!NetioFreeNetBufferAndNetBufferList+10

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  10

FAILURE_BUCKET_ID:  AV_NETIO!NetioFreeNetBufferAndNetBufferList

In the case of application crashes, is providing application crash dumps enough or does one need to have a debugger attach to the application as the crash happens to see the stack/code?

[xavier2k6]

@Snowknight26 What qBittorrent version is that trace from & can you give a bit more details too please like if it's 32bit / 64bit & OS version as well etc.

---

@mickrussom Your error code c0000409 has been seen before (although never fully solved) & is different than the c0000005 error reported here.

• Please update all your drivers & run sfc /scannow in an elevated command prompt.
• If you still experience crashes with same code, please open a "new issue"

[Snowknight26]

@xavier2k6 4.3.8, 64-bit, latest build of Windows 10 Pro for Workstation (19043.1237 at the time of the crash I believe). OS is pretty vanilla otherwise as far as drivers/network configuration goes. My machine does have ECC memory, though, and I haven't seen any indications of ECC errors in the event log, so at least that will generally rule out memory address issues (such as invalid pointers) caused by hardware/bit flips.

The crashes occur sporadically and without any user interaction - I can leave the machine running as-is, then checking on it again some hours later shows that qBittorrent has crashed with something like the above stack trace.

Let me know if you need any other info - will provide what I can.

[Chocobo1]

@arvidn There is a clear crash log at https://github.com/qbittorrent/qBittorrent/issues/15448#issuecomment-932370854 that you might be interested. The associated libtorrent version is 1.2.14 RC_1_2 1178e4e0f3b4aad4c05f0455625a6818c0b1792e.

[Snowknight26]

That particular application crash dump can be found here: https://mega.nz/file/UwNiRJhT#denuk917ctNIW3G3XVohXrgwoleM0Qq1SCCN1Bh47wA

[Snowknight26]

Another one:

CONTEXT:  (.ecxr)
rax=000001d0b21ed4b0 rbx=000000232ebff8d0 rcx=000000007ffe0380
rdx=00000000017900d1 rsi=000001d0211e5d70 rdi=0000000000000044
rip=0000000000000010 rsp=000000232ebff800 rbp=0000000000000080
 r8=0000000000000179  r9=0000000000000040 r10=0000000000000140
r11=797a7ad2f49be7e0 r12=00007ff7fa94ca00 r13=0000000000000000
r14=000000232ebff8e0 r15=000001d0211e5c00
iopl=0         nv up ei pl nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010204
00000000`00000010 ??              ???
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 0000000000000010
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000008
   Parameter[1]: 0000000000000010
Attempt to execute non-executable address 0000000000000010

PROCESS_NAME:  qbittorrent.exe

EXECUTE_ADDRESS: 10

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000`00000010 ??              ???

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000008

EXCEPTION_PARAMETER2:  0000000000000010

IP_ON_STACK: 
+0
00000023`2ebffaf0 0200            add     al,byte ptr [rax]

FRAME_ONE_INVALID: 1

STACK_TEXT:  
00000023`2ebff800 00000023`2ebffaf0     : 00007ff7`fa85cb3b 0000f4e3`11a3ae84 00000000`00000000 ffffffff`fffffffe : 0x10
00000023`2ebff808 00007ff7`fa85cb3b     : 0000f4e3`11a3ae84 00000000`00000000 ffffffff`fffffffe 00000000`ffffffff : 0x00000023`2ebffaf0
00000023`2ebff810 00000000`00000000     : 00000000`00000000 00000fff`2e32458f 00000000`00000000 00000000`00000000 : qbittorrent!_Mtx_unlock+0x1f

FAULTING_SOURCE_LINE:  d:\agent\_work\1\s\src\vctools\crt\crtw32\stdcpp\thr\mutex.c

FAULTING_SOURCE_FILE:  d:\agent\_work\1\s\src\vctools\crt\crtw32\stdcpp\thr\mutex.c

FAULTING_SOURCE_LINE_NUMBER:  182

FAULTING_SOURCE_CODE:  
No source found for 'd:\agent\_work\1\s\src\vctools\crt\crtw32\stdcpp\thr\mutex.c'

SYMBOL_NAME:  qbittorrent!_Mtx_unlock+1f

MODULE_NAME: qbittorrent

IMAGE_NAME:  qbittorrent.exe

STACK_COMMAND:  ~4s ; .ecxr ; kb

FAILURE_BUCKET_ID:  SOFTWARE_NX_FAULT_c0000005_qbittorrent.exe!_Mtx_unlock

https://mega.nz/file/J08ESLRA#ajw_HJabgsiKLwKZeiM4TWFzSQilDwiGpCkVdWpLNso

Makes you wonder if it's ASLR-related. Can't think of any other reason at the moment as to why qBittorrent was trying to read the memory at address 0x10 of all places.

[xavier2k6]

@arvidn ping https://github.com/qbittorrent/qBittorrent/issues/15448#issuecomment-932686793

[arvidn]

reading address 0x10 probably means there's a field at offset 0x10 that's being accessed on a null pointer.