Blue Screen BSOD BAD_POOL_CALLER (c2) in AdguardSvc.exe when connecting to VPN

[KPTheProf]

AdGuard version

7.16.0 (4542) (CL 1.13.115, DL 2.4.37 )

Browser version

Microsoft Edge 122.0.2365.92 (Official build) (64-bit)

OS version

Windows 11 23H2, Version 10.0.22631, Build 22631

What filters do you have enabled?

AdGuard Base filter, AdGuard Tracking Protection filter, AdGuard Social Media filter

What Stealth Mode options do you have enabled?

No response

Support ticket ID

887244

Issue Details

Steps to reproduce:

1. Using FortiClient 7.2.4 EMS and connect to corporate VPN
2. Computer will then blue screen

Note that there was no issue when connecting with FortiClient 7.2.3 EMS, but our organization is forcing an upgrade to the later version.

Actual Behavior

Blue Screen BSOD BAD_POOL_CALLER (c2) in AdguardSvc.exe. I used WinDbg to analyse the .dmp file

Expected Behavior

No BSOD please :)

Screenshots

I cannot grab a screen shot of the BSOD

Additional Information

I have the dump files available if required, but attached is the WinDbg text analysis from them.

crashdump.txt

[KPTheProf]

At the request of your tech support I have updated to nightly build 7.17.0 nightly 22 (4660) (CL 1.14.38, DL 2.5.4 ), but I'm still having the same BSOD issue.

I have verified that by turning off the AdGuard protection and then connecting to the VPN, it does not BSOD, but as soon as I enable protection whilst connected to the VPN I get the same BSOD.

[KPTheProf]

I've attached a second WinDbg analysis file (as text) from my testing above where I've connected to the VPN successfully with AdGuard disabled and then turn on AdGuard and the BSOD fault is being caused by AdguardSvc.exe crashdump2.txt

[KolbasovAnton]

@KPTheProf Greetings!

First of all, switch logs in AdGuard to debug mode (Settings -> General Settings -> logging level). Next time, when You will reproduce this bug, please, remember the time it happens. Then archive the whole folder "Logs" from C:\ProgramData\Adguard (notice, that ProgramData is hidden folder) and send it to [email protected]. Mention the number 5062 in mail's subject and don't forget to write down exact time of bug.

Previously, You can try any of these actions and see, if it helps:

• Disable FortiClient 7.2.4 EMS in "List of filtered applications" (Settings -> Network).
• Turn off "Filter localhost" option (Settings -> General Settings -> Advanced settings).
• Reset settings to defaults (Settings -> General Settings).

We need your logs, anyway, not only dump files.

[KPTheProf]

Hi @KolbasovAnton, I've emailed the debug logs to the devteam address. As for your other points

• There is no FortiClient listed in the filtered applications, it's a VPN client and not a browser.
• I turned off the "Filter localhost", same issue with BSOD.
• I Reset the setting to defaults and still the same issue with BSOD.

[KolbasovAnton]

@KPTheProf Thank You for the logs, we'll examine them.

Also, try to switch off "Use WFP network driver" option in Settings -> Network.

[KPTheProf]

Hi @KolbasovAnton I've turned off the "Use WFP network driver" and rebooted. Connected to the VPN and no BSOD this time. What affect does this have if I leave it disabled for now until you can come up with a resolution?

[KolbasovAnton]

@KPTheProf Glad to hear it works. Nothing special, You just switched to another network driver - TDI instead of WFP. https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/

[KPTheProf]

Hi @KolbasovAnton, so is switching to the TDI driver the recommended fix for the issue, or will the WFP driver be updated? "WFP driver is generally preferrable and is enabled by default for all newer Windows OS versions"

[silverwings15]

off topic but i'm still getting a lot of random BSODs with the latest Adguard 7.17 Beta 3, even though the errors were supposedly fix many versions ago. the most common error is KMODE_EXCEPTION_NOT_HANDLED, but also sometimes DRIVER_IRQL_NOT_GREATER_OR_EQUAL

[KolbasovAnton]

@KPTheProf This is temporary solution, I'll report our developers about your problem.

@silverwings15 Release version of AG 7.17 is on the way, if these issues will still occur, please, let us know about it once more. Which conditions leads to these errors?

[silverwings15]

@KolbasovAnton will do. they occur 0-2 times a day while i'm using the laptop normally, most typically when using Firefox or sometimes Microsoft Word. if you can show me how to procure logs/crashdumps, i can send them to you next time it happens

[KolbasovAnton]

@KPTheProf Can I ask You to reproduce this bsod once more and make a dump file after it? Here's the guide. Please, send it to [email protected], mentioning your case in subject (5062).

@silverwings15 Yes, please, record them. How to collect logs. How to make a dump file.

[KPTheProf]

Hi @KolbasovAnton, I've emailed the dump to the dev team as requested.

[KolbasovAnton]

@KPTheProf Thank You very much, I attached it to our task.

[northis]

@KPTheProf We need additional info for this. We would be grateful if you send us a BSOD minidump. How to get it. Thank you in advance.

[KPTheProf]

Hi @northis apologies for the delay, I've now emailed the minidump to devteam as requested.

[silverwings15]

i've also emailed my own dump to [email protected] some days ago @northis @KolbasovAnton

[northis]

@KPTheProf The crash occurred in NETIO.SYS, not in AdGuard.

[northis]

@silverwings15 Got your dump files, thank you, we will investigate them.

[silverwings15]

i just sent a new collection of dumplogs, this time for the error DRIVER_IRQL_NOT_LESS_OR_EQUAL

[silverwings15]

any updates on this?

[northis]

@silverwings15 We are preparing an update for our filtering drivers, could you please check out this build with updated drivers? It is not published yet, but we want to collect more feedback about this BSOD issue. These new drivers could fix the issue. This build is unstable, so before the update, export your settings to a file to be ready to rollback to your current version in case of some problems (Settings -> General Settings -> Export settings...).

[silverwings15]

i have the nightly build installed, will inform you in due time

[silverwings15]

been running the nightly and now the beta build, no crashes so far 🤞🤞

[war59312]

I believe I am getting this as well.

Please see https://www.bleepingcomputer.com/forums/t/798659/win11-23h2-netiosys-driver-irql-not-less-or-equal/

My Logs @ https://drive.google.com/drive/folders/1bUTYXrb_Wc6vAYL5dQ5eGLsFDq0I9HjI?usp=sharing include the mini dumb. If need the big fat memory dumb can send it as well.

Edit: Crashed again this morning (July 3 2024 at 1:37am), even tried with 7.18.0 RC (4770) (CL 1.15.47, DL 2.5.33 ).

New Log at same place of @ https://drive.google.com/drive/folders/1bUTYXrb_Wc6vAYL5dQ5eGLsFDq0I9HjI?usp=sharing

Upgraded to 7.18 final release, will see if get another blue screen.

Edit 2: Sadly crashed again. Thus for now I have forced uninstalled Adguard via Advanced method at https://adguard.com/kb/adguard-for-windows/installation/#uninstall

Had to do this bedcause it kept leaving the driver behind: \SystemRoot\system32\drivers\adgnetworkwfpdrv.sys

It's now gone. Will see if get another BSOD with Adguad not even installed.

Edit 3: So far after uninstalling Adguard, holding strong. Will see.

been up for: 2 day(s), 1 hour(s), 49 minute(s), 33 second(s)

Edit 4: First time been up more than 3 days since this issue started..

been up for: 3 day(s), 1 hour(s), 57 minute(s), 5 second(s)

So yeah for sure adgurd at this point. :( Will see if it makes it a week.

Edit 5: Logs and system info sent to [email protected]

Still up and looking good: without Adguard installed:

been up for: 3 day(s), 6 hour(s), 55 minute(s), 42 second(s)

Edit 6: Well for sure it was Adguard at this point. Uptime of 5 day(s), 19 hour(s), 57 minute(s), 10 second(s). Longest I've had in a month since this had started so yeah.