-
Notifications
You must be signed in to change notification settings - Fork 17
Description
Please answer the following questions for yourself before submitting an issue
- Filters were updated before reproducing an issue
- I checked the knowledge base and found no answer
- I checked to make sure that this issue has not already been filed
AdGuard version
2.18
Browser version
Safari 26
OS version
MacOS 26.3
Ad Blocking
AdGuard Base filter
Privacy
No response
Social
No response
Annoyances
No response
Security
No response
Other
No response
Language-specific
No response
Which DNS server do you use?
DNS protection disabled
DNS protocol
None
Custom DNS
No response
What Stealth Mode options do you have enabled?
No response
Support ticket ID
No response
Issue Details
Over the last year or so Ad Guard has crashed regularly. To fix it I usually need to do a full reset, as for the crash 13 feb. If I don't fix it I get a new crash message and get stuck in a loop.
Prerequisites
- AdGuard version: 2.18.0 (build 2089)
- macOS versions: 26.2 (25C56) and 26.3 (25D125)
- Machine: MacBook Pro (Mac16,8), Apple Silicon (ARM64)
Issue Details
The network extension (com.adguard.mac.adguard.network-extension) crashes repeatedly -- 3 incidents in 7 days. The same binary is involved in all cases (UUID 447d4b99-d0af-306b-8701-b1d75f8bee1a).
Crash 1: Heap corruption in HTML content filter (Feb 13)
The HTML parser crashes during realloc in html_elem_add_child, with libmalloc reporting:
BUG IN CLIENT OF LIBMALLOC: memory corruption of free block
Exception type: EXC_BREAKPOINT / SIGTRAP
Stack trace (faulting thread)
_xzm_xzone_malloc_freelist_outlined (libsystem_malloc.dylib)
xzm_realloc (libsystem_malloc.dylib)
_malloc_zone_realloc (libsystem_malloc.dylib)
_realloc (libsystem_malloc.dylib)
html_elem_add_child (AdguardCore)
finish_tag(html_parser*) (AdguardCore)
html_parser_input (AdguardCore)
AGEditingHtmlParser::input() (AdguardCore)
HtmlFilter::processData() (AdguardCore)
HtmlFilter::processHttpResponseBody() (AdguardCore)
AGProxyFilter::runStreamFilterChain() (AdguardCore)
AGProxyFilter::processHttpResponseBody() (AdguardCore)
AGHttpFilteringUnit::processDecodedResponseBody() (AdguardCore)
AGHttpFilteringUnit::decompressorCallback() (AdguardCore)
http_decompressor_run (AdguardCore)
AGHttpFilteringUnit::processResponseBody() (AdguardCore)
AGHttpFilteringUnit::processForwardIncoming() (AdguardCore)
AGProcessingChain::runSingleUnit() (AdguardCore)
AGProcessingChain::runChainForward() (AdguardCore)
AGProcessingChain::process() (AdguardCore)
AGProxySession::onRead() (AdguardCore)
AGFDVSocket::onRead() (AdguardCore)
A second thread was concurrently running regex matching in the HTML filter (pcre2_match_8 via HtmlFilter::checkContentFilterRules) on what appears to be the same HTML elements, which may point to a race condition.
Crash 2: Use-after-free / PAC trap during session teardown (Feb 7)
During proxy session shutdown, the NEAppProxyFlow deallocation triggers a pointer authentication failure when calling CFErrorGetDomain on what appears to be an already-freed object.
Exception type: EXC_BREAKPOINT / SIGTRAP
ESR: pointer authentication trap DA
Stack trace (faulting thread)
CF_IS_OBJC (CoreFoundation)
CFErrorGetDomain (CoreFoundation)
flow_error_to_errno (NetworkExtension)
flow_handle_pending_write_requests (NetworkExtension)
__NEFlowDeallocate (NetworkExtension)
_CFRelease (CoreFoundation)
-[NEAppProxyFlow dealloc] (NetworkExtension)
AGNEVSocket::~AGNEVSocket() (AdguardCore)
AGNEVSocket::~AGNEVSocket() (AdguardCore)
AGProxySession::~AGProxySession() (AdguardCore)
AGProxySession::~AGProxySession() (AdguardCore)
AGProxyServer::createSession()::$_0 (AdguardCore)
AGProxySession::shutDownSession()::$_0 (AdguardCore)
AGEventLoop::runTasksQueue() (AdguardCore)
event_once_cb (AdguardCore)
event_process_active_single_queue (AdguardCore)
event_base_loop (AdguardCore)
AGEventLoop::run() (AdguardCore)
AGThread::run_thread(void*) (AdguardCore)
Diagnostic: Excessive disk writes (Feb 12)
macOS flagged the network extension for writing 2,147 MB in ~10.7 hours (55.5 KB/sec average), exceeding the macOS disk write budget of 24.86 KB/sec.
Full crash reports
I have the full .ips and .diag files available and can attach them if needed.
Expected Behavior
The network extension should run stably without crashing or exceeding macOS resource budgets.
Actual Behavior
See issue details.
Screenshots
Screenshot 1
Additional Information
No response