I have Avast pro on several machines. 1 Win7x64 box when I log into the Admin account states that windows shut down unexpectedly. When I look at the minidump it says the process that fails is AvEmUpdate.exe and the module is NETIO. There are 2 users on this machine and as admin I only see the message for the dump message. Attached the minidump file. I am at version 18.5.2342 and it is set to update automatically.
Reported to Avast.
Hi mark.howell,
AvEmUpdate.exe process just caused tcp ip communication not BSOD.
The crash was caused by NETIO!StreamDataPermit+17 which tried to read from memory address 50 (invalid memory).
Would you provide us the memory dump file for analysis ? You attached only text output from windbg analysis
Thank you for response
There was a Memory dump file from the 17th. I attached it as text. This forum won’t allow the upload of the actual dump file. I will also continue to investigate what is going on with the netio. If you want the .dmp files email me.
There is avast ftp server where you can upload dump files and logs.
So zip the dump file, name it as : mark_howell_BSOD_StreamDataPermit.zip and upload it to ftp://ftp.avast.com/incoming
Thank you
Hi mark.howell,
can you try to disable antirootkit module and let us know if it helped?
there is aswArPot+0x150ab on stack but still dump file would be great source of information.
Thank you
STACK_TEXT:
fffff88008164248 fffff800
0370ed69 : 000000000000000a 00000000
00000050 0000000000000002 00000000
00000000 : nt!KeBugCheckEx
fffff88008164250 fffff800
0370cb88 : 0000000000000000 00000000
00000050 0000000000000000 00000000
00000000 : nt!KiBugCheckDispatch+0x69
fffff88008164390 fffff880
015ab807 : fffffa8004811cd0 fffff880
015c0358 fffff88008164758 fffff880
015a13b3 : nt!KiPageFault+0x448
fffff88008164520 fffff880
015abe2e : 0000000000000000 fffff880
08164930 fffff88008164758 fffffa80
04b52510 : NETIO!StreamDataPermit+0x17
fffff88008164580 fffff880
015acfd6 : 0000000000000000 fffff880
08164930 fffff880081646d0 fffff880
08164758 : NETIO!StreamApplyCalloutActionToData+0xfe
fffff880081645e0 fffff880
015adf81 : fffffa8004811d80 fffff880
08164930 fffff88008164720 fffff880
08164d90 : NETIO!StreamCalloutProcessData+0x96
fffff88008164630 fffff880
015af056 : fffff88008164720 fffff880
08164d90 fffff88008164901 fffffa80
04811d80 : NETIO!StreamCalloutProcessingLoop+0xa1
fffff880081646c0 fffff880
0158fb12 : fffff88008164930 fffff880
040d6c00 0000000000000000 fffff880
08160014 : NETIO!StreamProcessCallout+0x1e6
fffff880081647b0 fffff880
015771d8 : fffffa8004780014 fffff880
08164e90 fffffa8005e66148 fffff880
08164d90 : NETIO! ?? ::FNODOBFM::string'+0x71f2 fffff880
081648e0 fffff88001578832 : fffff880
08160014 fffff88008164e90 fffff880
08164f20 0000000000000000 : NETIO!ArbitrateAndEnforce+0x238 fffff880
081649b0 fffff880015b22b9 : fffff880
08165160 fffff88008164e90 fffffa80
00000001 fffff88008164d90 : NETIO!KfdClassify+0x902 fffff880
08164d20 fffff880015b2779 : fffffa80
05e660f0 0000000000000014 00000000
00000000 0000000000000000 : NETIO!StreamClassify+0x109 fffff880
08164e40 fffff880015b2ebc : fffffa80
05b86290 fffffa8003a96db0 fffffa80
063a3500 fffffa8004820740 : NETIO!StreamCommonInspect+0x249 fffff880
08165120 fffff88001707e94 : fffffa80
05e660f0 fffffa80063a35c0 00000000
00000000 0000000000000014 : NETIO!WfpStreamInspectSend+0x11c fffff880
081651a0 fffff880016c1648 : fffff880
081654e0 0000000000000000 00000000
00004800 fffff880081654e0 : tcpip!InetInspectSend+0x34 fffff880
081651d0 fffff88001665c3b : fffff880
081652f8 0000000000000000 00000000
00000000 fffff8a00a628c01 : tcpip! ?? ::FNODOBFM::
string’+0x32f42
fffff88008165280 fffff800
036c13d9 : fffff8a01401f530 00000000
00000000 fffff880081655e0 fffff880
08165540 : tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
fffff880081652b0 fffff880
0166695a : fffff88001665c20 fffff880
081653d0 fffff88000000000 fffff880
0431c601 : nt!KeExpandKernelStackAndCalloutEx+0x2c9
fffff880081653a0 fffff880
04336b1b : fffffa8005c0c5f0 00000000
0038b7cc 00000000000000ee fffffa80
043557b0 : tcpip!TcpTlConnectionSend+0x7a
fffff88008165410 fffff880
0431b469 : fffffa80061982f8 fffff800
03880100 0000000000000001 00000000
00000000 : afd+0x46b1b
fffff880081655d0 fffff880
03e800ab : 00000000000000ee fffff880
0430d2e0 0000000000000010 fffff880
08165c60 : afd+0x2b469
fffff88008165940 fffff800
03b1b28e : fffffa800516adc0 fffff880
08165c60 0000000000000000 00000000
00000230 : aswArPot+0x150ab
fffff880081659c0 fffff800
039adf86 : fffffa8003b8e060 00000000
00000000 0000000000000001 00000000
00d25a20 : nt!IopXxxControlFile+0x6be
fffff88008165b00 fffff800
0370e9d3 : 0000000000d25a20 00000000
00000000 0000000000000000 00000000
0000023c : nt!NtDeviceIoControlFile+0x56
fffff88008165b70 00000000
73d32e09 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000000ae918 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : 0x73d32e09