Author Topic: Yubico + Avast Free 11.1.2245 => BSOD on WinXP SP3 POSReady  (Read 1366 times)

0 Members and 1 Guest are viewing this topic.

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
Yubico + Avast Free 11.1.2245 => BSOD on WinXP SP3 POSReady
« on: January 21, 2016, 09:06:09 AM »
my testing system:

hardware:
mb: Intel Corporation - Intel Desktop Board DH55TC (XU1)
BIOS Version   TCIBX10H.86A.0048.2011.1206.1342
Date   06.12.2011

CPU: Intel(R) Core(TM) i3 CPU         530  @ 2.93GHz
x86 Family 6 Model 37 Stepping 2, GenuineIntel
Microcode signature: 0000000D

software:
- OS: WinXP Pro SP3 with POSReady updates, including latest, january 2016 from MS
- Avast Free AV 2016 11.1.2245
- Yubikey CLI Personalization tools v.1.17.3-win32
https://developers.yubico.com/yubikey-personalization/Releases/ykpers-1.17.3-win32.zip

running ykinfo.exe with a YubiKey 4 connected generated a pop-up from Avast (popup of the kind "please wait while scanning unknown app") and then immediately a BSOD.

BSOD record in the system event log:

The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0x806e794f, 0xa31257a8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.


Memory dump analisys (WinDBG)
NOTE: i don't have the symbols  for the debugger installed.. so i get a lot of warnings about incorrect symbols

Loading Dump File [C:\ykpers-1.17.3-win32\BSODs\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

[...snip...]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrpamp.exe -
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.150205-1510
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720


[...snip...]
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 806e794f, a31257a8, 0}

[..snip warnings about missing symbols...]
***                                                                   ***
*************************************************************************
Probably caused by : aswSnx.sys ( aswSnx+2090 )

« Last Edit: January 21, 2016, 09:23:14 AM by Aditza »

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
Re: Yubico + Avast Free 11.1.2245 => BSOD on WinXP SP3 POSReady
« Reply #1 on: January 21, 2016, 09:20:07 AM »
P.S. ADDITIONAL_DEBUG_TEXT: 

Code: [Select]
ADDITIONAL_DEBUG_TEXT: 
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: aswSnx

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  569e3e86

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
hal!ExAcquireFastMutex+f
806e794f f0ff09          lock dec dword ptr [ecx]

TRAP_FRAME:  a31257a8 -- (.trap 0xffffffffa31257a8)
ErrCode = 00000002
eax=00000000 ebx=87930008 ecx=0000006c edx=00000000 esi=87930008 edi=e46c3350
eip=806e794f esp=a312581c ebp=a3125c14 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
hal!ExAcquireFastMutex+0xf:
806e794f f0ff09          lock dec dword ptr [ecx]     ds:0023:0000006c=????????
Resetting default scope

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

LAST_CONTROL_TRANSFER:  from 804fe873 to 804f9fa3

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
a3125370 804fe873 0000008e c0000005 806e794f nt!KeBugCheckEx+0x1b
a3125738 80542245 a3125754 00000000 a31257a8 nt!KeRaiseUserException+0xc29
a31257c4 8062f43a 00000000 e1037b60 e154d378 nt!Kei386EoiHelper+0x1d9
a3125c14 a6e76090 87d61898 87930008 00000000 nt!LsaDeregisterLogonProcess+0x162e6
a3125c40 804ef1f9 88c51888 00000000 806e7410 aswSnx+0x2090
a3125c64 8058082f 88c51888 87d61898 87e9c028 nt!IoBuildPartialMdl+0xed
a3125d00 80579292 000007f4 00000000 00000000 nt!NtWriteFile+0x391f
a3125d34 805417e8 000007f4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a3125d64 7c90e514 badb0d00 0022f780 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb80
a3125d68 badb0d00 0022f780 00000000 00000000 0x7c90e514
a3125d6c 0022f780 00000000 00000000 00000000 0xbadb0d00
a3125d70 00000000 00000000 00000000 00000000 0x22f780


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSnx+2090
a6e76090 8b450c          mov     eax,dword ptr [ebp+0Ch]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  aswSnx+2090

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  aswSnx.sys

BUCKET_ID:  WRONG_SYMBOLS


Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 66875
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Aditza

  • Jr. Member
  • **
  • Posts: 54
Re: Yubico + Avast Free 11.1.2245 => BSOD on WinXP SP3 POSReady
« Reply #3 on: January 21, 2016, 09:54:45 AM »
ok... created ticket #151402 for this