[Solved] Memory leak with avast pre-release build 5.0.661

I can’t be sure - as the dump file can’t be saved with CTM running - that the CTM 178 will BSOD with new pre-released build of avast 5.0.661.
I’ve tested two conditions: running Firefox inside and outside the avast sandbox. The result was the same (BSOD), although with different numbers. Seems it’s not the sandbox (as I’ve posted earlier http://forum.avast.com/index.php?topic=61503.msg521478#msg521478 and http://forum.avast.com/index.php?topic=61433.msg519066#msg519066).

The computer BSOD after some hours of use. I think it could be related to the memory usage or disk faults.

My fear is that when avast release its new version and when CTM releases its new version on September, both will conflict and this problem will not be addressed.

Is there any way I can help troubleshooting this?
I can give remote access to my computer if its needed to test.

This problem does not occur with avast official release and CTM 178 and Firefox not sandboxed.

Thanks.

I know this is a solitary problem and very technical.
Anyway, system is stable with avast 5.0.594, CTM 2.8.155286.178, Mozy 2.2.2.3.
But I fear I will no longer be happy… :cry:

I’m going to examine this problem today - I have already downloaded the latest CTM+Mozy builds.
Yesterday I tested build 661+CTM 178 (Win7 x86) and there were no BSODs.

I read your post on CTM forum that their software doesn’t block the creating of minidumps (http://forums.comodo.com/news-announcements-feedback-ctm/comodo-time-machine-28155286178-bug-reports-t59643.0.html) - maybe it’s blocked by someone else? or it hasn’t been created at all?

Is there any way to troubleshoot the following BSODs without the dumps?

0x0000007E (0xC0000005, 0x82C3F7F3, 0xAFE757B8, 0xAFE75390)
0x00000609 (0x00000003, 0x00040BC0, 0x000010C2, 0x00000000)
I’m really surprised the difference of the first number of them.

0x7E - driver exception, last 3 numbers are addresses where it occurred
0x609 - it’s not a standard windows bsod code, it belongs to the 3rd application (CTM/Mozy/Truecrypt/…) in your case
it’s impossible to debug these BSODs without minidumps

I’ll keep you informed.

Yeah, it blocks. If something write to the disk without CTM drivers loaded, the snapshots (and the system) could break.
Doskey was talking about applications dumps and not kernel dumps. BSODs generate a dump but it can’t be saved without CTM drivers on.

I’m going to test again with latest avast beta version… let’s play with it :slight_smile:

i’m testing it right now - no bsods yet (Win7 x86, build 666, CTM+Mozy)

pk, maybe it was PeerBlock (the first application which crashes) or it could be K9. Both have loaded drivers.
The computer become inoperable after 1h30, nothing special needs to be done. I could wait for the BSOD but I can’t do nothing… Something similar as I can’t “read” system drive (the one protected by CTM). Other drivers I can read.

More crashes… (and the first one, from PeerBlock on screenshot-59).

Boot time was not affected by the beta of avast.
I mean, the first one was. There is a slight curve today, but the boot time came to normal after the second boot.

I’ve uninstalled PeerBlock and testing.
I really don’t want to uninstall K9. It’s a pain because it does not have an option to export/import settings.

A long time ago, Vlk helped me to identify this following this:


I'd be very grateful if you could give it another test, but before doing so, do some preparations. Namely:

- enable PTE tracking by opening regedit and going to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

and creating a new REG_DWORD value called "TrackPtes" and setting it to 1. You will have to reboot the computer for the change to become effective (note: on some systems, I have actually seen this setting to cause some stability problems (on its own).... I hope this won't be the case on your computer).



Then, when you install AIS (you can wait for the new build tonight), you will be monitoring the number of allocated PTEs by using the following program:
http://public.avast.com/~vlk/poolmon.exe

This is a program that you will run with the following parameter:

poolmon.exe -iMdl


it will display (in the Diff column) the number of currently allocated MDLs (which is equivalent to the number of PTEs). Normally, this number should be below 1000-2000. In your dump, it was visible that the number was like 350000 before the system crashed (that's a huge number!). I'd be interested in seeing how fast the number grows, and which applications (or actions) make it grow faster (e.g. running eMule etc)... This may help us to track down the issue and fix it.


Thanks much
-Ondrej

I’ve read that the PTEs method could be the reason itself for crashes, I mean, change the registry key could crash by itself.
I’ll test this if necessary. What do you think pk?

Working stable for 55 minutes ::slight_smile:

Things start to fail again… Seems I’ll BSOD in some minutes ;D

screenshots show that your system does have enough memory (sounds like a mem leak)

could you please check memory graphs in process explorer? (on the top of GUI) Especially Physical Memory (Available), Kernel Memory (Paged + NonPaged), etc. You can also execute “poolmon -a” (http://public.avast.com/~kurtin/poolmon.exe) to see allocated paged/nonpaged memory by their tags (you can post poolmon’s screenshot).

Post what I could get before the computer get unusable (screenshot-94).

Is that? The screenshot-94?

When started the poolmon -iMdl command (like Vlk said) the Diff column goes with 2830. Using the computer it peaks to 2950 and then return back. But, like I said, the problems occur after 1h30… (screenshot-99).
The poolmon -a does not fit in a window. I’m posting how it is right now. (screenshot-98).

nice… post “process explorer graph” + “procmon -a” pics after one hour, I’ll compare them (now it seems quite normal).
“procmon -iMdl” was used when we were hunting for memleak in one old avast+mozy case (avast caused a mem leak and these types of leaks were tagged as “Mdl”, that’s why we wanted poolmon to focus on Mdl blocks). If there is a problem with registry leak, these blocks are tagged as “CMxx” (as Config Manager), etc etc. It really depends which values will be outta limit after one hour.

Ok. Everything is running now and I need to wait… and pray that I could take a screenshot when it begins…

I need to left the computer for 2h30… It was unusable…
Process Explorer crashed miserably…
Most of the screenshots couldn’t be saved in any drive.
The video resolution dropped… A mess…

The only difference between now (I’ve restored a snapshot) and then is avast beta.
With avast 5.0.594 everything works. With the latest 661 beta I have a memory leak.

Other screenshot.

More one (sorry, the limit of 200kb of attachments is annoying…).

The last I could take before the computer collapsed…

I can return to that “problematic” snapshot in 15 seconds…
The problem is that I can’t live with it more than 2 hours…
I’ve disabled avast programs updates (automatic to manual).
But I’ll be glad if we can solve this.

Indeed, the problem is easily reproducible. 2h of use and it colapses.
Now I’m back to avast 5.0.594 and it’s working again.
When I get some instructions of you on how to troubleshoot it or you need more informations, I’ll get there again.

Last time, Mozy service crashed, avast services crashed and the system can’t recognize the installation…
Take screenshots are almost impossible.
Poolmon indicates CMci and SeIf on the top. What does that mean?
I’ve looked into Process Manager and nothing seems that much problematic. Excel was using the most memory amount.
Diff seems a normal number.