Avast 8.0.1489 BSOD

I did a BSOD search on this forum and most posts are older and involving Avast 7, so I thought I’d start a new one. I just experienced a BSOD and debugging seems to point to aswFW.sys. My system is Win8 x64, AMD FX 8350 16GB RAM, 128GB SSD

Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64 Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\062413-40076-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRVC:\My\Symhttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16581.amd64fre.win8_gdr.130410-1505
Machine Name:
Kernel base = 0xfffff80283a81000 PsLoadedModuleList = 0xfffff80283d4da20
Debug session time: Mon Jun 24 10:27:16.241 2013 (UTC - 4:00)
System Uptime: 0 days 0:46:58.021
Loading Kernel Symbols



Loading User Symbols
Loading unloaded module list


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

Use !analyze -v to get detailed debugging information.

BugCheck C1, {fffff98068ca0f40, a8, c0, 21}

*** WARNING: Unable to verify timestamp for aswFW.sys
*** ERROR: Module load completed but symbols could not be loaded for aswFW.sys
Probably caused by : aswFW.sys ( aswFW+3330 )

Followup: MachineOwner

5: kd> !analyze -v


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption. Typically the current thread’s
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff98068ca0f40, Address trying to free.
Arg2: 00000000000000a8, Size of the memory block, as recorded in the pool block header.
Arg3: 00000000000000c0, Size of the memory block, as computed based on the address being freed.
Arg4: 0000000000000021, Caller is trying to free an incorrect Special Pool memory block.
- The value of parameter 2 is stored at the very beginning of the memory
page that contains the virtual address being freed (parameter 1).
- The value of parameter 3 is computed as the number of bytes
available between the virtual address being freed (parameter 1)
and the end of that memory page.
- Under normal system behavior, the computed number of bytes (parameter 3)
is equal to the number of bytes stored in the header (parameter 2)
rounded up to an alignment of 8 bytes on 32 bit systems and 16 bytes
on 64 bit systems.
- On this system, the value of parameter 3 was smaller than the value of
parameter 2, so either the caller specified an incorrect virtual
address to be freed, or the beginning of this Special Pool memory page
was corrupted.

Debugging Details:

BUGCHECK_STR: 0xC1_21

SPECIAL_POOL_CORRUPTION_TYPE: 21

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME: System

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80283c0d6fb to fffff80283adb440

STACK_TEXT:
fffff8800dff9df8 fffff80283c0d6fb : 00000000000000c1 fffff98068ca0f40 00000000000000a8 00000000000000c0 : nt!KeBugCheckEx
fffff8800dff9e00 fffff80283cf37e5 : 00000000000528c8 0000000000000000 0000000077467741 0000000000000000 : nt!MmFreeSpecialPool+0x15f
fffff8800dff9f30 fffff802840c2597 : fffff98068ca0f40 fffff98068ca0f00 fffff880000001ce fffff8800dffb000 : nt!ExFreePool+0x6d8
fffff8800dffa010 fffff88005596330 : fffff98068ca0f40 0000cf5800000000 fffff8800dffa098 fffff98068ca0f40 : nt!VerifierExFreePoolWithTag+0x47
fffff8800dffa040 fffff98068ca0f40 : 0000cf5800000000 fffff8800dffa098 fffff98068ca0f40 fffff98003aa0fa0 : aswFW+0x3330
fffff8800dffa048 0000cf5800000000 : fffff8800dffa098 fffff98068ca0f40 fffff98003aa0fa0 fffff8800559626d : 0xfffff98068ca0f40 fffff8800dffa050 fffff8800dffa098 : fffff98068ca0f40 fffff98003aa0fa0 fffff8800559626d fffff98068ca0f40 : 0x0000cf5800000000
fffff8800dffa058 fffff98068ca0f40 : fffff98003aa0fa0 fffff8800559626d fffff98068ca0f40 fffff98068ca0f40 : 0xfffff8800dffa098 fffff8800dffa060 fffff98003aa0fa0 : fffff8800559626d fffff98068ca0f40 fffff98068ca0f40 fffff98069bc8e50 : 0xfffff98068ca0f40
fffff8800dffa068 fffff8800559626d : fffff98068ca0f40 fffff98068ca0f40 fffff98069bc8e50 fffff98068ca0f40 : 0xfffff98003aa0fa0 fffff8800dffa070 fffff98068ca0f40 : fffff98068ca0f40 fffff98069bc8e50 fffff98068ca0f40 fffff880055a6550 : aswFW+0x326d fffff8800dffa078 fffff98068ca0f40 : fffff98069bc8e50 fffff98068ca0f40 fffff880055a6550 fffff880055a6520 : 0xfffff98068ca0f40
fffff8800dffa080 fffff98069bc8e50 : fffff98068ca0f40 fffff880055a6550 fffff880055a6520 fffff88000000000 : 0xfffff98068ca0f40 fffff8800dffa088 fffff98068ca0f40 : fffff880055a6550 fffff880055a6520 fffff88000000000 fffff98068ca0f40 : 0xfffff98069bc8e50
fffff8800dffa090 fffff880055a6550 : fffff880055a6520 fffff88000000000 fffff98068ca0f40 fffff98069bc8e50 : 0xfffff98068ca0f40 fffff8800dffa098 fffff880055a6520 : fffff88000000000 fffff98068ca0f40 fffff98069bc8e50 fffff88005597a0a : aswFW+0x13550 fffff8800dffa0a0 fffff88000000000 : fffff98068ca0f40 fffff98069bc8e50 fffff88005597a0a fffff98068ca0f40 : aswFW+0x13520 fffff8800dffa0a8 fffff98068ca0f40 : fffff98069bc8e50 fffff88005597a0a fffff98068ca0f40 fffff98069bc8e50 : 0xfffff88000000000
fffff8800dffa0b0 fffff98069bc8e50 : fffff88005597a0a fffff98068ca0f40 fffff98069bc8e50 fffff98068ca0f40 : 0xfffff98068ca0f40 fffff8800dffa0b8 fffff88005597a0a : fffff98068ca0f40 fffff98069bc8e50 fffff98068ca0f40 fffff98068ca0f40 : 0xfffff98069bc8e50
fffff8800dffa0c0 fffff98068ca0f40 : fffff98069bc8e50 fffff98068ca0f40 fffff98068ca0f40 fffff98069bc8f00 : aswFW+0x4a0a
fffff8800dffa0c8 fffff98069bc8e50 : fffff98068ca0f40 fffff98068ca0f40 fffff98069bc8f00 fffff880055a6970 : 0xfffff98068ca0f40 fffff8800dffa0d0 fffff98068ca0f40 : fffff98068ca0f40 fffff98069bc8f00 fffff880055a6970 fffff880055a6930 : 0xfffff98069bc8e50
fffff8800dffa0d8 fffff98068ca0f40 : fffff98069bc8f00 fffff880055a6970 fffff880055a6930 0000000000000000 : 0xfffff98068ca0f40 fffff8800dffa0e0 fffff98069bc8f00 : fffff880055a6970 fffff880055a6930 0000000000000000 fffff98068ca0f40 : 0xfffff98068ca0f40
fffff8800dffa0e8 fffff880055a6970 : fffff880055a6930 0000000000000000 fffff98068ca0f40 fffffa8013dc2990 : 0xfffff98069bc8f00 fffff8800dffa0f0 fffff880055a6930 : 0000000000000000 fffff98068ca0f40 fffffa8013dc2990 fffffa800f5c3200 : aswFW+0x13970 fffff8800dffa0f8 0000000000000000 : fffff98068ca0f40 fffffa8013dc2990 fffffa800f5c3200 fffff802`840c0eed : aswFW+0x13930

STACK_COMMAND: kb

FOLLOWUP_IP:
aswFW+3330
fffff880`05596330 ?? ???

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: aswFW+3330

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: aswFW

IMAGE_NAME: aswFW.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 518b62e8

FAILURE_BUCKET_ID: 0xC1_21_VRF_aswFW+3330

BUCKET_ID: 0xC1_21_VRF_aswFW+3330

Followup: MachineOwner

5: kd> lmvm aswFW
start end module name
fffff88005593000 fffff880055b6000 aswFW T (no symbols)
Loaded symbol image file: aswFW.sys
Image path: ??\C:\Windows\system32\drivers\aswFW.sys
Image name: aswFW.sys
Timestamp: Thu May 09 04:48:40 2013 (518B62E8)
CheckSum: 00022B93
ImageSize: 00023000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Upload any minidump or memory.dmp files, zipped to reduce size. Give the zip file you are uploading a unique name (e.g. forumusername-mem-dump.zip, etc), so they can identify it. It might not be a bad idea to create a text file (readme.txt) with any relevant information, avast topic URL, user name, etc. etc. in the zip file. Not to mention posting the name of the file you uploaded in the topic, this acts as another searchable reference.

  • Memory dump locations, Mini Dump files in, C:\Windows\Minidump\ - Full Kernel dump file, C:\windows\memory.dmp, don’t know if those locations are correct for win8 64bit.

Upload the zip file to the ftp server ftp://ftp.avast.com/incoming:

Uploaded…thanks for the reply

You’re welcome.

Thanks for uploading, hopefully it will give the avast team some useful information.

Exact same problem here.

We now have 5 machines that have died from the BSOD 50. All have had to have avast uninstalled from safemode to become operational again.

I have uploaded one of the dump files to ftp.avast.com/incoming

If this is in relation to an update earlier today, see this topic, http://forum.avast.com/index.php?topic=128242.0, essentially from Reply #13 onwards.

This is confirmed here by an avast team member and is meant to have been fixed.

I don’t know how this fix will be deployed, possibly via the avast! Emergency Update function.

How will the Emergency update work if the systems are unable to boot, I think a reinstall will be in order.

A reinstall would be going overboard a bit. There are other ways to (safe) boot. but I am guessing the OP knows this, as he’s managed to get the minidump files.

Well we don’t know exactly when the BSOD occurs in this topic, if it is immediately on boot then it may require a reinstall.

Since this appears to be reported after an avast! emergency update (for 64bit OS, not XP) in this topic, http://forum.avast.com/index.php?topic=128242.0 and pk says it is fixed, I asked how this fix was to be deployed.

Avast doesn’t function in safe mode so a reinstall of avast would be required is what I mean.

Right, gotcha. With “reinstall” I thought “Windows reinstall”, now that would be going a bit overboard :smiley: