The computer BSOD after some hours of use. I think it could be related to the memory usage or disk faults.
My fear is that when avast release its new version and when CTM releases its new version on September, both will conflict and this problem will not be addressed.
Is there any way I can help troubleshooting this?
I can give remote access to my computer if its needed to test.
This problem does not occur with avast official release and CTM 178 and Firefox not sandboxed.
I know this is a solitary problem and very technical.
Anyway, system is stable with avast 5.0.594, CTM 2.8.155286.178, Mozy 2.2.2.3.
But I fear I will no longer be happy…
I’m going to examine this problem today - I have already downloaded the latest CTM+Mozy builds.
Yesterday I tested build 661+CTM 178 (Win7 x86) and there were no BSODs.
Is there any way to troubleshoot the following BSODs without the dumps?
0x0000007E (0xC0000005, 0x82C3F7F3, 0xAFE757B8, 0xAFE75390)
0x00000609 (0x00000003, 0x00040BC0, 0x000010C2, 0x00000000)
I’m really surprised the difference of the first number of them.
0x7E - driver exception, last 3 numbers are addresses where it occurred
0x609 - it’s not a standard windows bsod code, it belongs to the 3rd application (CTM/Mozy/Truecrypt/…) in your case
it’s impossible to debug these BSODs without minidumps
Yeah, it blocks. If something write to the disk without CTM drivers loaded, the snapshots (and the system) could break.
Doskey was talking about applications dumps and not kernel dumps. BSODs generate a dump but it can’t be saved without CTM drivers on.
I’m going to test again with latest avast beta version… let’s play with it
pk, maybe it was PeerBlock (the first application which crashes) or it could be K9. Both have loaded drivers.
The computer become inoperable after 1h30, nothing special needs to be done. I could wait for the BSOD but I can’t do nothing… Something similar as I can’t “read” system drive (the one protected by CTM). Other drivers I can read.
Boot time was not affected by the beta of avast.
I mean, the first one was. There is a slight curve today, but the boot time came to normal after the second boot.
I’ve uninstalled PeerBlock and testing.
I really don’t want to uninstall K9. It’s a pain because it does not have an option to export/import settings.
A long time ago, Vlk helped me to identify this following this:
I'd be very grateful if you could give it another test, but before doing so, do some preparations. Namely:
- enable PTE tracking by opening regedit and going to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
and creating a new REG_DWORD value called "TrackPtes" and setting it to 1. You will have to reboot the computer for the change to become effective (note: on some systems, I have actually seen this setting to cause some stability problems (on its own).... I hope this won't be the case on your computer).
Then, when you install AIS (you can wait for the new build tonight), you will be monitoring the number of allocated PTEs by using the following program:
http://public.avast.com/~vlk/poolmon.exe
This is a program that you will run with the following parameter:
poolmon.exe -iMdl
it will display (in the Diff column) the number of currently allocated MDLs (which is equivalent to the number of PTEs). Normally, this number should be below 1000-2000. In your dump, it was visible that the number was like 350000 before the system crashed (that's a huge number!). I'd be interested in seeing how fast the number grows, and which applications (or actions) make it grow faster (e.g. running eMule etc)... This may help us to track down the issue and fix it.
Thanks much
-Ondrej
I’ve read that the PTEs method could be the reason itself for crashes, I mean, change the registry key could crash by itself.
I’ll test this if necessary. What do you think pk?
screenshots show that your system does have enough memory (sounds like a mem leak)
could you please check memory graphs in process explorer? (on the top of GUI) Especially Physical Memory (Available), Kernel Memory (Paged + NonPaged), etc. You can also execute “poolmon -a” (http://public.avast.com/~kurtin/poolmon.exe) to see allocated paged/nonpaged memory by their tags (you can post poolmon’s screenshot).
Post what I could get before the computer get unusable (screenshot-94).
Is that? The screenshot-94?
When started the poolmon -iMdl command (like Vlk said) the Diff column goes with 2830. Using the computer it peaks to 2950 and then return back. But, like I said, the problems occur after 1h30… (screenshot-99).
The poolmon -a does not fit in a window. I’m posting how it is right now. (screenshot-98).
nice… post “process explorer graph” + “procmon -a” pics after one hour, I’ll compare them (now it seems quite normal).
“procmon -iMdl” was used when we were hunting for memleak in one old avast+mozy case (avast caused a mem leak and these types of leaks were tagged as “Mdl”, that’s why we wanted poolmon to focus on Mdl blocks). If there is a problem with registry leak, these blocks are tagged as “CMxx” (as Config Manager), etc etc. It really depends which values will be outta limit after one hour.
I need to left the computer for 2h30… It was unusable…
Process Explorer crashed miserably…
Most of the screenshots couldn’t be saved in any drive.
The video resolution dropped… A mess…
The only difference between now (I’ve restored a snapshot) and then is avast beta.
With avast 5.0.594 everything works. With the latest 661 beta I have a memory leak.
I can return to that “problematic” snapshot in 15 seconds…
The problem is that I can’t live with it more than 2 hours…
I’ve disabled avast programs updates (automatic to manual).
But I’ll be glad if we can solve this.
Indeed, the problem is easily reproducible. 2h of use and it colapses.
Now I’m back to avast 5.0.594 and it’s working again.
When I get some instructions of you on how to troubleshoot it or you need more informations, I’ll get there again.
Last time, Mozy service crashed, avast services crashed and the system can’t recognize the installation…
Take screenshots are almost impossible.
Poolmon indicates CMci and SeIf on the top. What does that mean?
I’ve looked into Process Manager and nothing seems that much problematic. Excel was using the most memory amount.
Diff seems a normal number.