After a clean install of Windows 10 Home 64 Bit 1803, AvastSvc.exe (and Windows with it) crashes randomly.
I already did a fresh reinstall but it didn’t help.
The errror is ‘apc_index_mismatch’.
WinDbg returns this from memory.dmp (too big to upload):
Windows 10 Kernel Version 17134 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff801`4baa8000 PsLoadedModuleList = 0xfffff801`4be652f0
Debug session time: Mon May 21 19:05:31.273 2018 (UTC + 3:00)
System Uptime: 0 days 0:19:22.981
Loading Kernel Symbols
...............................................................
........Page 108496 not present in the dump file. Type ".hh dbgerr004" for details
........................................................
.....................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`0456a018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {77031e4f, 0, ffff, ffff910f62861b80}
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExitPico+25c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 0000000077031e4f, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: ffff910f62861b80, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_TYPE: 1
BUGCHECK_P1: 77031e4f
BUGCHECK_P2: 0
BUGCHECK_P3: ffff
BUGCHECK_P4: ffff910f62861b80
FAULTING_IP:
+0
00000000`77031e4f ?? ???
CPU_COUNT: 4
CPU_MHZ: 960
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 45
CPU_STEPPING: 1
CPU_MICROCODE: 6,45,1,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: AvastSvc.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: computer
ANALYSIS_SESSION_TIME: 05-21-2018 19:20:15.0290
ANALYSIS_VERSION: 10.0.17134.12 amd64fre
LAST_CONTROL_TRANSFER: from fffff8014bc52529 to fffff8014bc3f650
STACK_TEXT:
ffff910f`62861948 fffff801`4bc52529 : 00000000`00000001 00000000`77031e4f 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
ffff910f`62861950 fffff801`4bc52442 : ffff910f`62861b80 fffff801`4bf6d29b 00000000`fffeffff 00000000`14e4e928 : nt!KiBugCheckDispatch+0x69
ffff910f`62861a90 00000000`77031e4f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x25c
00000000`14e4f278 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77031e4f
THREAD_SHA1_HASH_MOD_FUNC: 1b1fd012b2a510c586295e696f84a9476c8f91e5
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0f91f5c83766a9be30a7eff14d85f037f9f56621
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!KiSystemServiceExitPico+25c
fffff801`4bc52442 4883ec50 sub rsp,50h
FAULT_INSTR_CODE: 50ec8348
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceExitPico+25c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5acd8966
IMAGE_VERSION: 10.0.17134.1
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25c
FAILURE_BUCKET_ID: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
BUCKET_ID: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
PRIMARY_PROBLEM_CLASS: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
TARGET_TIME: 2018-05-21T18:06:31.000Z
OSBUILD: 17134
OSSERVICEPACK: 1
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-04-11 06:04:54
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: ddb
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1_syscallnum_1b0007_nt!kisystemserviceexitpico
FAILURE_ID_HASH: {1d25e8fe-40eb-1b84-9166-c3af30bbaf7e}
Followup: MachineOwner
---------
Another dump, same issue:
Windows 10 Kernel Version 17134 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff801`78e1f000 PsLoadedModuleList = 0xfffff801`791dc2f0
Debug session time: Mon May 21 21:27:39.296 2018 (UTC + 3:00)
System Uptime: 0 days 0:09:19.003
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`049b1018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1, {77191e4f, 0, ffff, fffff1809420db80}
Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExitPico+25c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
APC_INDEX_MISMATCH (1)
This is a kernel internal error. The most common reason to see this
bugcheck is when a filesystem or a driver has a mismatched number of
calls to disable and re-enable APCs. The key data item is the
Thread->CombinedApcDisable field. This consists of two separate 16-bit
fields, the SpecialApcDisable and the KernelApcDisable. A negative value
of either indicates that a driver has disabled special or normal APCs
(respectively) without re-enabling them; a positive value indicates that
a driver has enabled special or normal APCs (respectively) too many times.
Arguments:
Arg1: 0000000077191e4f, Address of system call function or worker routine
Arg2: 0000000000000000, Thread->ApcStateIndex
Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
Arg4: fffff1809420db80, Call type (0 - system call, 1 - worker routine)
Debugging Details:
------------------
KEY_VALUES_STRING: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 401
BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_TYPE: 1
BUGCHECK_P1: 77191e4f
BUGCHECK_P2: 0
BUGCHECK_P3: ffff
BUGCHECK_P4: fffff1809420db80
FAULTING_IP:
+0
00000000`77191e4f ?? ???
CPU_COUNT: 4
CPU_MHZ: 960
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 45
CPU_STEPPING: 1
CPU_MICROCODE: 6,45,1,0 (F,M,S,R) SIG: 23'00000000 (cache) 23'00000000 (init)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXPNP: 1 (!blackboxpnp)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x1
PROCESS_NAME: AvastSvc.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: computer
ANALYSIS_SESSION_TIME: 05-21-2018 22:03:43.0477
ANALYSIS_VERSION: 10.0.17134.12 amd64fre
LAST_CONTROL_TRANSFER: from fffff80178fc9529 to fffff80178fb6650
STACK_TEXT:
fffff180`9420d948 fffff801`78fc9529 : 00000000`00000001 00000000`77191e4f 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
fffff180`9420d950 fffff801`78fc9442 : fffff180`9420db80 fffff801`792e429b 00000000`fffeffff 00000000`1535e628 : nt!KiBugCheckDispatch+0x69
fffff180`9420da90 00000000`77191e4f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x25c
00000000`1535ef78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77191e4f
THREAD_SHA1_HASH_MOD_FUNC: 1b1fd012b2a510c586295e696f84a9476c8f91e5
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 0f91f5c83766a9be30a7eff14d85f037f9f56621
THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
FOLLOWUP_IP:
nt!KiSystemServiceExitPico+25c
fffff801`78fc9442 4883ec50 sub rsp,50h
FAULT_INSTR_CODE: 50ec8348
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiSystemServiceExitPico+25c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5acd8966
IMAGE_VERSION: 10.0.17134.1
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25c
FAILURE_BUCKET_ID: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
BUCKET_ID: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
PRIMARY_PROBLEM_CLASS: 0x1_SysCallNum_1b0007_nt!KiSystemServiceExitPico
TARGET_TIME: 2018-05-21T19:27:39.000Z
OSBUILD: 17134
OSSERVICEPACK: 1
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2018-04-11 06:04:54
BUILDDATESTAMP_STR: 180410-1804
BUILDLAB_STR: rs4_release
BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
ANALYSIS_SESSION_ELAPSED_TIME: b0e
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1_syscallnum_1b0007_nt!kisystemserviceexitpico
FAILURE_ID_HASH: {1d25e8fe-40eb-1b84-9166-c3af30bbaf7e}
Followup: MachineOwner
---------
Did not happen before on Windows 1709 with Avast 18.4.2338 installed.
Used software: Avast Premier 18.4.2338, Windows 10 Home 64 Bit
No other security software or CCleaner is installed.