Constant random bluescreening with DPC_WATCHDOG_VIOLATION

[Roki100]

Pre-Submit Checklist:

• Check applicable sources for existing issues:
  • Windows Known Issues
  • Linux Known Issues
  • Github Issues

What happened: I installed portmaster yesterday, and my windows bluescreened at me like ~2 hours after the installation during watching a youtube video with a DPC_WATCHDOG_VIOLATION code, and well... today, a while ago i got the same BSOD during same thing (watching youtube video), with a similar timestamp because my pc was up for like ~2-3hours it randomly freezes the entire os and all i see is the bsod a second later, i havent experienced any BSOD in years, and started getting them after installing portmaster, so it is most likely the cause, for now i disabled the service to not run at all until i'll/anyone else find a fix for this, tho i think i am alone who experiences this I suspect portmaster-kext_v1-0-11.sys here as it seems to be the only driver used by portmaster, and the error code seems to be mostly caused by drivers

What did you expect to happen?: Windows, and portmaster working fine without any issues

How did you reproduce it?: Casually using the pc like everyday

Debug Information: No error logs for that time in logs folder

Additional question: Does portmaster only "overlay" the network intefaces and stuff or add something more into it (e.g. settings)? Because during a BSOD it surely didnt close gracefully and i just want to have it completely disabled for now what i did so far: disabled the startup of PortmasterCore service and auto startup of portmaster-start.exe app

[dhaavi]

Hey @Roki100, thanks a lot for reporting this!

We've been looking into this for quite some time now. We introduced some improvements at the end of https://github.com/safing/portmaster/issues/385 - after which we barely heard about this anymore.

The problem is that our kernel extension is taking too long for its operation, which we improved in the latest version. I'm not sure how this still happens, but we'll look into it. Can you share the Minidump of the crash? Then we can see where our kernel extension died (ie. was killed my Windows) and see how we can solve it.

It should be located at C:\Windows\Minidump - maybe send it via email, not sure if there could be sensitive info in there. Here is a guide: https://docs.microsoft.com/en-us/troubleshoot/windows-client/performance/read-small-memory-dump-file

Does portmaster only "overlay" the network intefaces and stuff or add something more into it (e.g. settings)? Because during a BSOD it surely didnt close gracefully and i just want to have it completely disabled for now

The Portmaster does make any configuration changes to the network stack or interfaces.

what i did so far: disabled the startup of PortmasterCore service and auto startup of portmaster-start.exe app

That will suffice.

[Roki100]

So far when portmaster is disabled everything seems to work fine for around ~6 hours, so it surely was the cause, but getting to the point: Getting you a minidump of the crash might be a problem, because for some reason the files are already gone 🤔 first thing i did was opening bluescreenview and all i can provide is a tiny bluescreenview export i made by accident, which i dont think will be helpful:

==================================================
Dump File         : 040222-20968-01.dmp
Crash Time        : 02.04.2022 02:50:50
Bug Check String  : 
Bug Check Code    : 0x00000133
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000501
Parameter 3       : 00000000`00000500
Parameter 4       : fffff803`740fb320
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+3f70d0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+3f70d0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\040222-20968-01.dmp
Processors Count  : 16
Major Version     : 15
Minor Version     : 19041
Dump File Size    : 6 458 804
Dump File Time    : 02.04.2022 16:58:56
==================================================

Not sure why my windows deletes the dumps "early" (this happens for a pretty long time), but if needed i can re-enable portmaster and wait for a next bsod to provide a full dmp, i assume windows deletes minidumps when being somewhat low on disk space but i am not sure how that works What is also interesting is the fact the "Caused by driver" is the kernel itself, where the obvious issue is portmaster somewhere 🤔

[dhaavi]

Getting the Minidump would be really great!

I am quite surprised how often this happens on your device. Do you remember if there was more network traffic than usual when it happened?

[Raphty]

I am cleaning out old issues. If you feel this issue should not have been closed let me know.

Please keep in mind, the free version of Portmaster only has limited support. For free users our active Discord community as well as the chat bot are the fastest and best way to get their help. https://discord.gg/safing If you find our work brings value to you, please consider supporting it by purchasing Plus or Pro Packages https://safing.io/pricing/. If you are already a subscriber, first Thank You! and also if you want priority support pleas send in an email and let me know your username so I can prioritize your request accordingly.

[Roki100]

I actually forgot about this issue, sorry lol, ALTHOUGH i gotta admit its sad to see portmaster to be yet another software to join the money-greedy side (after what? a year since i last checked?), i was hoping i'll use it one day again but i guess my hopes were too high it seems :/

[Raphty]

not sure what you see as money greedy. we are giving away a lot of work for free. the development of Portmaster took years, and we all have to eat.