Author Topic: [Solved] Memory leak with avast pre-release build 5.0.661  (Read 16083 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
[Solved] Memory leak with avast pre-release build 5.0.661
« on: August 27, 2010, 11:22:11 PM »
I can't be sure - as the dump file can't be saved with CTM running - that the CTM 178 will BSOD with new pre-released build of avast 5.0.661.
I've tested two conditions: running Firefox inside and outside the avast sandbox. The result was the same (BSOD), although with different numbers. Seems it's not the sandbox (as I've posted earlier http://forum.avast.com/index.php?topic=61503.msg521478#msg521478 and http://forum.avast.com/index.php?topic=61433.msg519066#msg519066).

The computer BSOD after some hours of use. I think it could be related to the memory usage or disk faults.

My fear is that when avast release its new version and when CTM releases its new version on September, both will conflict and this problem will not be addressed.

Is there any way I can help troubleshooting this?
I can give remote access to my computer if its needed to test.

This problem does not occur with avast official release and CTM 178 and Firefox not sandboxed.

Thanks.
« Last Edit: August 31, 2010, 07:12:27 PM by Tech »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #1 on: August 29, 2010, 02:50:52 AM »
I know this is a solitary problem and very technical.
Anyway, system is stable with avast 5.0.594, CTM 2.8.155286.178, Mozy 2.2.2.3.
But I fear I will no longer be happy... :'(
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2083
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #2 on: August 29, 2010, 12:08:53 PM »
I'm going to examine this problem today - I have already downloaded the latest CTM+Mozy builds.
Yesterday I tested build 661+CTM 178 (Win7 x86) and there were no BSODs.

I read your post on CTM forum that their software doesn't block the creating of minidumps (http://forums.comodo.com/news-announcements-feedback-ctm/comodo-time-machine-28155286178-bug-reports-t59643.0.html) - maybe it's blocked by someone else? or it hasn't been created at all?

Quote
Is there any way to troubleshoot the following BSODs without the dumps?

0x0000007E (0xC0000005, 0x82C3F7F3, 0xAFE757B8, 0xAFE75390)
0x00000609 (0x00000003, 0x00040BC0, 0x000010C2, 0x00000000)
I’m really surprised the difference of the first number of them.

0x7E - driver exception, last 3 numbers are addresses where it occurred
0x609 - it's not a standard windows bsod code, it belongs to the 3rd application (CTM/Mozy/Truecrypt/...) in your case
it's impossible to debug these BSODs without minidumps

I'll keep you informed.
« Last Edit: August 29, 2010, 03:34:23 PM by pk »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #3 on: August 29, 2010, 05:39:24 PM »
I read your post on CTM forum that their software doesn't block the creating of minidumps
Yeah, it blocks. If something write to the disk without CTM drivers loaded, the snapshots (and the system) could break.
Doskey was talking about applications dumps and not kernel dumps. BSODs generate a dump but it can't be saved without CTM drivers on.

I'm going to test again with latest avast beta version... let's play with it :)
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2083
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #4 on: August 29, 2010, 05:44:11 PM »
i'm testing it right now - no bsods yet (Win7 x86, build 666, CTM+Mozy)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #5 on: August 29, 2010, 07:59:01 PM »
pk, maybe it was PeerBlock (the first application which crashes) or it could be K9. Both have loaded drivers.
The computer become inoperable after 1h30, nothing special needs to be done. I could wait for the BSOD but I can't do nothing... Something similar as I can't "read" system drive (the one protected by CTM). Other drivers I can read.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #6 on: August 29, 2010, 08:00:21 PM »
More crashes... (and the first one, from PeerBlock on screenshot-59).
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #7 on: August 29, 2010, 08:08:01 PM »
Boot time was not affected by the beta of avast.
I mean, the first one was. There is a slight curve today, but the boot time came to normal after the second boot.

I've uninstalled PeerBlock and testing.
I really don't want to uninstall K9. It's a pain because it does not have an option to export/import settings.

A long time ago, Vlk helped me to identify this following this:

Code: [Select]
I'd be very grateful if you could give it another test, but before doing so, do some preparations. Namely:

- enable PTE tracking by opening regedit and going to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

and creating a new REG_DWORD value called "TrackPtes" and setting it to 1. You will have to reboot the computer for the change to become effective (note: on some systems, I have actually seen this setting to cause some stability problems (on its own).... I hope this won't be the case on your computer).



Then, when you install AIS (you can wait for the new build tonight), you will be monitoring the number of allocated PTEs by using the following program:
http://public.avast.com/~vlk/poolmon.exe

This is a program that you will run with the following parameter:

poolmon.exe -iMdl


it will display (in the Diff column) the number of currently allocated MDLs (which is equivalent to the number of PTEs). Normally, this number should be below 1000-2000. In your dump, it was visible that the number was like 350000 before the system crashed (that's a huge number!). I'd be interested in seeing how fast the number grows, and which applications (or actions) make it grow faster (e.g. running eMule etc)... This may help us to track down the issue and fix it.


Thanks much
-Ondrej

I've read that the PTEs method could be the reason itself for crashes, I mean, change the registry key could crash by itself.
I'll test this if necessary. What do you think pk?
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #8 on: August 29, 2010, 08:44:41 PM »
Working stable for 55 minutes  ::)
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #9 on: August 29, 2010, 10:08:11 PM »
Things start to fail again... Seems I'll BSOD in some minutes ;D
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2083
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #10 on: August 29, 2010, 10:08:40 PM »
screenshots show that your system does have enough memory (sounds like a mem leak)

could you please check memory graphs in process explorer? (on the top of GUI) Especially Physical Memory (Available), Kernel Memory (Paged + NonPaged), etc. You can also execute "poolmon -a" (http://public.avast.com/~kurtin/poolmon.exe) to see allocated paged/nonpaged memory by their tags (you can post poolmon's screenshot).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #11 on: August 29, 2010, 11:00:59 PM »
screenshots show that your system does have enough memory (sounds like a mem leak)
Post what I could get before the computer get unusable (screenshot-94).

could you please check memory graphs in process explorer? (on the top of GUI) Especially Physical Memory (Available), Kernel Memory (Paged + NonPaged), etc.
Is that? The screenshot-94?

You can also execute "poolmon -a" (http://public.avast.com/~kurtin/poolmon.exe) to see allocated paged/nonpaged memory by their tags (you can post poolmon's screenshot).
When started the poolmon -iMdl command (like Vlk said) the Diff column goes with 2830. Using the computer it peaks to 2950 and then return back. But, like I said, the problems occur after 1h30... (screenshot-99).
The poolmon -a does not fit in a window. I'm posting how it is right now. (screenshot-98).
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2083
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #12 on: August 29, 2010, 11:14:02 PM »
nice... post "process explorer graph" + "procmon -a" pics after one hour, I'll compare them (now it seems quite normal).
"procmon -iMdl" was used when we were hunting for memleak in one old avast+mozy case (avast caused a mem leak and these types of leaks were tagged as "Mdl", that's why we wanted poolmon to focus on Mdl blocks). If there is a problem with registry leak, these blocks are tagged as "CMxx" (as Config Manager), etc etc. It really depends which values will be outta limit after one hour.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #13 on: August 29, 2010, 11:31:15 PM »
nice... post "process explorer graph" + "procmon -a" pics after one hour, I'll compare them (now it seems quite normal).
"procmon -iMdl" was used when we were hunting for memleak in one old avast+mozy case (avast caused a mem leak and these types of leaks were tagged as "Mdl", that's why we wanted poolmon to focus on Mdl blocks). If there is a problem with registry leak, these blocks are tagged as "CMxx" (as Config Manager), etc etc. It really depends which values will be outta limit after one hour.
Ok. Everything is running now and I need to wait... and pray that I could take a screenshot when it begins...
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: BSOD with CTM and avast pre-release build 5.0.661
« Reply #14 on: August 30, 2010, 02:57:45 AM »
I need to left the computer for 2h30... It was unusable...
Process Explorer crashed miserably...
Most of the screenshots couldn't be saved in any drive.
The video resolution dropped... A mess...

The only difference between now (I've restored a snapshot) and then is avast beta.
With avast 5.0.594 everything works. With the latest 661 beta I have a memory leak.
The best things in life are free.