Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BSOD, WFP, Windows 7 SP1 7601 (x64), Kaspersky Free 17.0.0.611e #1797

Closed
Alex-302 opened this issue Jun 21, 2017 · 6 comments
Closed

BSOD, WFP, Windows 7 SP1 7601 (x64), Kaspersky Free 17.0.0.611e #1797

Alex-302 opened this issue Jun 21, 2017 · 6 comments
Assignees
@confessor-adguard
Labels
bsod bug compatibility kernel

Comments

@Alex-302
Copy link
Member

image

Minidump:
062117-9672-01.dmp.txt
WER-15880-0.sysdata.xml.txt
@atkrv
Copy link

atkrv commented Jun 21, 2017

Minidump analysis: 
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8800262f470, Address of the instruction which caused the bugcheck
Arg3: fffff880093781c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP: 
NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
fffff880`0262f470 41837b5003      cmp     dword ptr [r11+50h],3
CONTEXT:  fffff880093781c0 -- (.cxr 0xfffff880093781c0)
rax=0000000000000000 rbx=fffff88009378d80 rcx=0000000000001001
rdx=fffffa800d105330 rsi=fffff88009378f80 rdi=fffff88009378db8
rip=fffff8800262f470 rsp=fffff88009378ba0 rbp=fffffa800d105010
 r8=0000000000000102  r9=0000000000000014 r10=fffffa804f426860
r11=0000000000000000 r12=fffff8800264f358 r13=fffff88009378d01
r14=fffffa800d105010 r15=fffffa800d105010
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
NETIO!StreamInvokeCalloutAndNormalizeAction+0x1d0:
fffff880`0262f470 41837b5003      cmp     dword ptr [r11+50h],3 ds:002b:00000000`00000050=????????
Resetting default scope
CUSTOMER_CRASH_COUNT:  1
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
BUGCHECK_STR:  0x3B
PROCESS_NAME:  avp.exe
CURRENT_IRQL:  0
LAST_CONTROL_TRANSFER:  from fffff8800263b0b8 to fffff8800262f470
STACK_TEXT:  
fffff880`09378ba0 fffff880`0263b0b8 : 00000000`00000000 fffff880`09378f80 fffff880`09378d30 fffff880`09378db8 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x1d0
fffff880`09378c40 fffff880`0263c0b1 : fffffa80`0d105010 fffff880`09378f80 fffff880`09378d80 fffff880`093793d0 : NETIO!StreamCalloutProcessData+0x48
fffff880`09378c90 fffff880`0263d186 : fffff880`09378d80 fffff880`093793d0 fffff880`09378f01 fffffa80`0d105010 : NETIO!StreamCalloutProcessingLoop+0xa1
fffff880`09378d20 fffff880`0261dc3a : fffff880`09378f80 fffff880`01c19530 00000000`00000001 fffffa80`0d550014 : NETIO!StreamProcessCallout+0x1e6
fffff880`09378e10 fffff880`02604f58 : 00000000`00000014 fffffa80`0cf65c20 fffffa80`50ff4a58 fffff880`093793d0 : NETIO! ?? ::FNODOBFM::`string'+0x71f2
fffff880`09378f30 fffff880`026065d2 : fffff880`09370014 fffffa80`0cf65c20 fffffa80`0d55ebc0 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x238
fffff880`09379000 fffff880`0263f833 : fffff880`093794a4 fffffa80`0cf65c20 fffff8a0`00000001 fffff880`093793d0 : NETIO!KfdClassify+0x934
fffff880`09379370 fffff880`0263fe6d : 00000000`00000000 00000000`0003bd74 00000000`00000011 fffffa80`0d55ea50 : NETIO!StreamInternalClassify+0xf3
fffff880`09379440 fffff880`0264026e : 00000000`00000014 fffffa80`0d55ea50 00000000`00000000 fffffa80`0d4d10b0 : NETIO!StreamInject+0x21d
fffff880`09379510 fffff880`027aadf3 : fffffa80`0d55ea50 00000000`00000139 fffffa80`50d7de00 fffffa80`50d7de01 : NETIO!FwppStreamInject+0x12e
fffff880`093795a0 fffff880`051d71a2 : fffffa80`52d592a0 fffff880`09379671 fffffa80`4fd6a810 fffff6fb`40000770 : fwpkclnt!FwpsStreamInjectAsync0+0xcf
fffff880`09379600 fffffa80`52d592a0 : fffff880`09379671 fffffa80`4fd6a810 fffff6fb`40000770 fffff6fb`00000139 : klwtp+0xa1a2
fffff880`09379608 fffff880`09379671 : fffffa80`4fd6a810 fffff6fb`40000770 fffff6fb`00000139 00000000`00000014 : 0xfffffa80`52d592a0
fffff880`09379610 fffffa80`4fd6a810 : fffff6fb`40000770 fffff6fb`00000139 00000000`00000014 fffff880`00000011 : 0xfffff880`09379671
fffff880`09379618 fffff6fb`40000770 : fffff6fb`00000139 00000000`00000014 fffff880`00000011 fffffa80`50d7de00 : 0xfffffa80`4fd6a810
fffff880`09379620 fffff6fb`00000139 : 00000000`00000014 fffff880`00000011 fffffa80`50d7de00 00000000`0000001f : 0xfffff6fb`40000770
fffff880`09379628 00000000`00000014 : fffff880`00000011 fffffa80`50d7de00 00000000`0000001f fffff880`051d7364 : 0xfffff6fb`00000139
fffff880`09379630 fffff880`00000011 : fffffa80`50d7de00 00000000`0000001f fffff880`051d7364 fffffa80`4fd6a810 : 0x14
fffff880`09379638 fffffa80`50d7de00 : 00000000`0000001f fffff880`051d7364 fffffa80`4fd6a810 fffff680`000eea50 : 0xfffff880`00000011
fffff880`09379640 00000000`0000001f : fffff880`051d7364 fffffa80`4fd6a810 fffff680`000eea50 fffffa80`50d7de00 : 0xfffffa80`50d7de00
fffff880`09379648 fffff880`051d7364 : fffffa80`4fd6a810 fffff680`000eea50 fffffa80`50d7de00 00000000`00000000 : 0x1f
fffff880`09379650 fffffa80`4fd6a810 : fffff680`000eea50 fffffa80`50d7de00 00000000`00000000 00000000`00000001 : klwtp+0xa364
fffff880`09379658 fffff680`000eea50 : fffffa80`50d7de00 00000000`00000000 00000000`00000001 00000980`00000000 : 0xfffffa80`4fd6a810
fffff880`09379660 fffffa80`50d7de00 : 00000000`00000000 00000000`00000001 00000980`00000000 8bc00002`3accd867 : 0xfffff680`000eea50
fffff880`09379668 00000000`00000000 : 00000000`00000001 00000980`00000000 8bc00002`3accd867 fffffa80`53dffc00 : 0xfffffa80`50d7de00
FOLLOWUP_IP: 
NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
fffff880`0262f470 41837b5003      cmp     dword ptr [r11+50h],3
SYMBOL_STACK_INDEX:  0
SYMBOL_NAME:  NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
FOLLOWUP_NAME:  MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME:  NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP:  58e3b357
STACK_COMMAND:  .cxr 0xfffff880093781c0 ; kb
FAILURE_BUCKET_ID:  X64_0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
BUCKET_ID:  X64_0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
Followup: MachineOwner

@Alex-302
Copy link
Member Author

New minidump:
062617-9625-01.rar.txt

@atkrv
Copy link

atkrv commented Jun 26, 2017

Minidump analysis: 
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880025b4470, Address of the instruction which caused the bugcheck
Arg3: fffff88003b941c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
fffff880`025b4470 41837b5003      cmp     dword ptr [r11+50h],3

CONTEXT:  fffff88003b941c0 -- (.cxr 0xfffff88003b941c0)
rax=0000000000000000 rbx=fffff88003b94d80 rcx=0000000000001001
rdx=fffffa80543c6d10 rsi=fffff88003b94f80 rdi=fffff88003b94db8
rip=fffff880025b4470 rsp=fffff88003b94ba0 rbp=fffffa80543c69f0
 r8=0000000000000102  r9=0000000000000014 r10=fffff88004d50740
r11=0000000000000000 r12=fffff880025d4358 r13=0000000000000001
r14=fffffa80543c69f0 r15=fffffa80543c69f0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
NETIO!StreamInvokeCalloutAndNormalizeAction+0x1d0:
fffff880`025b4470 41837b5003      cmp     dword ptr [r11+50h],3 ds:002b:00000000`00000050=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff880025b58c4 to fffff880025b4470

STACK_TEXT:  
fffff880`03b94ba0 fffff880`025b58c4 : fffff880`03b94f80 fffff880`03b94f80 fffff880`03b94d80 fffffa80`543c69f0 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x1d0
fffff880`03b94c40 fffff880`025c111d : fffffa80`543c69f0 fffff880`03b94d80 fffffa80`543c69f0 fffff880`03b953d0 : NETIO!StreamCalloutProcessDisconnect+0x34
fffff880`03b94c90 fffff880`025c2186 : fffff880`03b94d80 fffff880`03b953d0 fffff880`03b94f01 fffffa80`543c69f0 : NETIO!StreamCalloutProcessingLoop+0x10d
fffff880`03b94d20 fffff880`025a2c3a : fffff880`03b94f80 fffff880`04d4b530 00000000`00000001 fffffa80`550a0014 : NETIO!StreamProcessCallout+0x1e6
fffff880`03b94e10 fffff880`02589f58 : fffff800`03e70014 fffffa80`56fd1060 fffffa80`576599e8 fffff880`03b953d0 : NETIO! ?? ::FNODOBFM::`string'+0x71f2
fffff880`03b94f30 fffff880`0258b5d2 : fffff880`03b90014 fffffa80`56fd1060 fffffa80`550ace40 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x238
fffff880`03b95000 fffff880`025c4833 : fffff880`03b954a4 fffffa80`56fd1060 fffffa80`00000001 fffff880`03b953d0 : NETIO!KfdClassify+0x934
fffff880`03b95370 fffff880`025c4e6d : 00000000`00000000 00000000`00402f32 00000000`00000005 fffffa80`550accd0 : NETIO!StreamInternalClassify+0xf3
fffff880`03b95440 fffff880`025c526e : 00000000`00000014 fffffa80`550accd0 00000000`00000000 fffffa80`52b9b810 : NETIO!StreamInject+0x21d
fffff880`03b95510 fffff880`02434df3 : fffffa80`550accd0 00000000`00000139 fffffa80`5014e620 00000000`00000000 : NETIO!FwppStreamInject+0x12e
fffff880`03b955a0 fffff880`01fe12ca : fffffa80`579b1ba0 fffff880`03b95671 fffffa80`556fa728 fffffa80`556fa728 : fwpkclnt!FwpsStreamInjectAsync0+0xcf
fffff880`03b95600 fffffa80`579b1ba0 : fffff880`03b95671 fffffa80`556fa728 fffffa80`556fa728 00000000`00000139 : klwtp+0xa2ca
fffff880`03b95608 fffff880`03b95671 : fffffa80`556fa728 fffffa80`556fa728 00000000`00000139 fffffa80`00000014 : 0xfffffa80`579b1ba0
fffff880`03b95610 fffffa80`556fa728 : fffffa80`556fa728 00000000`00000139 fffffa80`00000014 00000000`00000005 : 0xfffff880`03b95671
fffff880`03b95618 fffffa80`556fa728 : 00000000`00000139 fffffa80`00000014 00000000`00000005 fffffa80`5014e620 : 0xfffffa80`556fa728
fffff880`03b95620 00000000`00000139 : fffffa80`00000014 00000000`00000005 fffffa80`5014e620 00000000`00000000 : 0xfffffa80`556fa728
fffff880`03b95628 fffffa80`00000014 : 00000000`00000005 fffffa80`5014e620 00000000`00000000 fffff880`01fe1010 : 0x139
fffff880`03b95630 00000000`00000005 : fffffa80`5014e620 00000000`00000000 fffff880`01fe1010 00000000`00000000 : 0xfffffa80`00000014
fffff880`03b95638 fffffa80`5014e620 : 00000000`00000000 fffff880`01fe1010 00000000`00000000 fffff800`03e770a3 : 0x5
fffff880`03b95640 00000000`00000000 : fffff880`01fe1010 00000000`00000000 fffff800`03e770a3 fffffa80`5014e620 : 0xfffffa80`5014e620


FOLLOWUP_IP: 
NETIO!StreamInvokeCalloutAndNormalizeAction+1d0
fffff880`025b4470 41837b5003      cmp     dword ptr [r11+50h],3

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  NETIO!StreamInvokeCalloutAndNormalizeAction+1d0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  58e3b357

STACK_COMMAND:  .cxr 0xfffff88003b941c0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction+1d0

BUCKET_ID:  X64_0x3B_NETIO!StreamInvokeCalloutAndNormalizeAction+1d0

Followup: MachineOwner

@Alex-302
Copy link
Member Author

Alex-302 commented Jul 13, 2017
edited

Again.
Adguard 6.2.379.1987, WFP.

Сигнатура проблемы:
Имя события проблемы: BlueScreen
Версия ОС: 6.1.7601.2.1.0.256.4
Код языка: 1049

Дополнительные сведения об этой проблеме:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF880027B24E7
BCP3: FFFFF8800C0F51D0
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Minidump.rar.txt

@atkrv
Copy link

atkrv commented Jul 13, 2017

Minidump analysis: 
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880027b24e7, Address of the instruction which caused the bugcheck
Arg3: fffff8800c0f51d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
NETIO!StreamDataBlockEndOfStream+7
fffff880`027b24e7 ff4154          inc     dword ptr [rcx+54h]

CONTEXT:  fffff8800c0f51d0 -- (.cxr 0xfffff8800c0f51d0)
rax=fffff8800c0f5c70 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=fffff8800c0f5d80 rdi=0000000000000004
rip=fffff880027b24e7 rsp=fffff8800c0f5bb0 rbp=fffff8800c0f5f80
 r8=fffff8800c0f5f80  r9=0000000000000004 r10=fffff88003da1740
r11=fffff8800c0f5bf8 r12=fffffa804f897901 r13=0000000000000004
r14=fffff8800c0f5db8 r15=fffffa8054e42b90
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010282
NETIO!StreamDataBlockEndOfStream+0x7:
fffff880`027b24e7 ff4154          inc     dword ptr [rcx+54h] ds:002b:00000000`00000054=????????
Resetting default scope

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  avp.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff880027b278f to fffff880027b24e7

STACK_TEXT:  
fffff880`0c0f5bb0 fffff880`027b278f : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`550d72d0 : NETIO!StreamDataBlockEndOfStream+0x7
fffff880`0c0f5c00 fffff880`027bd8df : fffff880`0c0f5f80 fffff880`0c0f5d80 fffff880`0c0f5d80 fffffa80`54e42b90 : NETIO!StreamApplyCalloutActionToDisconnect+0x3f
fffff880`0c0f5c40 fffff880`027c911d : fffffa80`54e42b90 fffff880`0c0f5d80 fffffa80`54e42b90 fffff880`0c0f63d0 : NETIO!StreamCalloutProcessDisconnect+0x4f
fffff880`0c0f5c90 fffff880`027ca186 : fffff880`0c0f5d80 fffff880`0c0f63d0 fffff880`0c0f5f01 fffffa80`54e42b90 : NETIO!StreamCalloutProcessingLoop+0x10d
fffff880`0c0f5d20 fffff880`027aac3a : fffff880`0c0f5f80 fffff880`03d9c530 00000000`00000001 fffffa80`55370014 : NETIO!StreamProcessCallout+0x1e6
fffff880`0c0f5e10 fffff880`02791f58 : fffff880`0c0f0014 fffffa80`51121c20 fffffa80`543d2ca8 fffff880`0c0f63d0 : NETIO! ?? ::FNODOBFM::`string'+0x71f2
fffff880`0c0f5f30 fffff880`027935d2 : fffff880`0c0f0014 fffffa80`51121c20 fffffa80`55374790 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x238
fffff880`0c0f6000 fffff880`027cc833 : fffff880`0c0f64a4 fffffa80`51121c20 00000000`00000001 fffff880`0c0f63d0 : NETIO!KfdClassify+0x934
fffff880`0c0f6370 fffff880`027cce6d : 00000000`00000000 00000000`0015d9c6 00000000`00000005 fffffa80`55374620 : NETIO!StreamInternalClassify+0xf3
fffff880`0c0f6440 fffff880`027cd26e : 00000000`00000014 fffffa80`55374620 00000000`00000000 fffffa80`5477e0b0 : NETIO!StreamInject+0x21d
fffff880`0c0f6510 fffff880`02634df3 : fffffa80`55374620 00000000`00000139 fffffa80`53138e00 00000000`00000000 : NETIO!FwppStreamInject+0x12e
fffff880`0c0f65a0 fffff880`019e72ca : fffffa80`536b9850 fffff880`0c0f6671 fffffa80`53581048 fffffa80`53581048 : fwpkclnt!FwpsStreamInjectAsync0+0xcf
fffff880`0c0f6600 fffffa80`536b9850 : fffff880`0c0f6671 fffffa80`53581048 fffffa80`53581048 00000000`00000139 : klwtp+0xa2ca
fffff880`0c0f6608 fffff880`0c0f6671 : fffffa80`53581048 fffffa80`53581048 00000000`00000139 fffffa80`00000014 : 0xfffffa80`536b9850
fffff880`0c0f6610 fffffa80`53581048 : fffffa80`53581048 00000000`00000139 fffffa80`00000014 00000000`00000005 : 0xfffff880`0c0f6671
fffff880`0c0f6618 fffffa80`53581048 : 00000000`00000139 fffffa80`00000014 00000000`00000005 fffffa80`53138e00 : 0xfffffa80`53581048
fffff880`0c0f6620 00000000`00000139 : fffffa80`00000014 00000000`00000005 fffffa80`53138e00 00000000`00000000 : 0xfffffa80`53581048
fffff880`0c0f6628 fffffa80`00000014 : 00000000`00000005 fffffa80`53138e00 00000000`00000000 fffff880`019e7010 : 0x139
fffff880`0c0f6630 00000000`00000005 : fffffa80`53138e00 00000000`00000000 fffff880`019e7010 00000000`00000000 : 0xfffffa80`00000014
fffff880`0c0f6638 fffffa80`53138e00 : 00000000`00000000 fffff880`019e7010 00000000`00000000 fffff800`03e7f0a3 : 0x5
fffff880`0c0f6640 00000000`00000000 : fffff880`019e7010 00000000`00000000 fffff800`03e7f0a3 fffffa80`53138e00 : 0xfffffa80`53138e00


FOLLOWUP_IP: 
NETIO!StreamDataBlockEndOfStream+7
fffff880`027b24e7 ff4154          inc     dword ptr [rcx+54h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  NETIO!StreamDataBlockEndOfStream+7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  58e3b357

STACK_COMMAND:  .cxr 0xfffff8800c0f51d0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_NETIO!StreamDataBlockEndOfStream+7

BUCKET_ID:  X64_0x3B_NETIO!StreamDataBlockEndOfStream+7

Followup: MachineOwner

@atkrv atkrv added the bsod label Dec 13, 2017
@vozersky
Copy link
Member

vozersky commented Jul 5, 2018

the network driver has been reworked, here's the latest release candidate
if you will encounter bsods again, please let us know in the new consolidated issue

@vozersky vozersky closed this as completed Jul 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@confessor-adguard confessor-adguard

Labels
bsod bug compatibility kernel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ameshkov @Alex-302 @confessor-adguard @vozersky @atkrv