Yubico + Avast Free 11.1.2245 => BSOD on WinXP SP3 POSReady

my testing system:

hardware:
mb: Intel Corporation - Intel Desktop Board DH55TC (XU1)
BIOS Version TCIBX10H.86A.0048.2011.1206.1342
Date 06.12.2011

CPU: Intel(R) Core™ i3 CPU 530 @ 2.93GHz
x86 Family 6 Model 37 Stepping 2, GenuineIntel
Microcode signature: 0000000D

software:

running ykinfo.exe with a YubiKey 4 connected generated a pop-up from Avast (popup of the kind “please wait while scanning unknown app”) and then immediately a BSOD.

BSOD record in the system event log:

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x806e794f, 0xa31257a8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

Memory dump analisys (WinDBG)
NOTE: i don’t have the symbols for the debugger installed… so i get a lot of warnings about incorrect symbols

Loading Dump File [C:\ykpers-1.17.3-win32\BSODs\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

[…snip…]
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.150205-1510
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

[…snip…]


  •                                                                         *
    
  •                    Bugcheck Analysis                                    *
    
  •                                                                         *
    

Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 806e794f, a31257a8, 0}

[…snip warnings about missing symbols…]



Probably caused by : aswSnx.sys ( aswSnx+2090 )

P.S. ADDITIONAL_DEBUG_TEXT:


ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: aswSnx

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  569e3e86

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP: 
hal!ExAcquireFastMutex+f
806e794f f0ff09          lock dec dword ptr [ecx]

TRAP_FRAME:  a31257a8 -- (.trap 0xffffffffa31257a8)
ErrCode = 00000002
eax=00000000 ebx=87930008 ecx=0000006c edx=00000000 esi=87930008 edi=e46c3350
eip=806e794f esp=a312581c ebp=a3125c14 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
hal!ExAcquireFastMutex+0xf:
806e794f f0ff09          lock dec dword ptr [ecx]     ds:0023:0000006c=????????
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

LAST_CONTROL_TRANSFER:  from 804fe873 to 804f9fa3

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
a3125370 804fe873 0000008e c0000005 806e794f nt!KeBugCheckEx+0x1b
a3125738 80542245 a3125754 00000000 a31257a8 nt!KeRaiseUserException+0xc29
a31257c4 8062f43a 00000000 e1037b60 e154d378 nt!Kei386EoiHelper+0x1d9
a3125c14 a6e76090 87d61898 87930008 00000000 nt!LsaDeregisterLogonProcess+0x162e6
a3125c40 804ef1f9 88c51888 00000000 806e7410 aswSnx+0x2090
a3125c64 8058082f 88c51888 87d61898 87e9c028 nt!IoBuildPartialMdl+0xed
a3125d00 80579292 000007f4 00000000 00000000 nt!NtWriteFile+0x391f
a3125d34 805417e8 000007f4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a3125d64 7c90e514 badb0d00 0022f780 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb80
a3125d68 badb0d00 0022f780 00000000 00000000 0x7c90e514
a3125d6c 0022f780 00000000 00000000 00000000 0xbadb0d00
a3125d70 00000000 00000000 00000000 00000000 0x22f780


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswSnx+2090
a6e76090 8b450c          mov     eax,dword ptr [ebp+0Ch]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  aswSnx+2090

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  aswSnx.sys

BUCKET_ID:  WRONG_SYMBOLS


Follow instructions: https://www.avast.com/faq.php?article=AVKB33#artTitle

ok… created ticket #151402 for this