BSOD during CHAOS (concurrent hardware and OS Test) in Windows 8 32bit client RRS feed

  • Question

  • Hi,

    While executing HCK for a smartcard reader driver, the CHAOS test for Windows 8 32bit creates a BSOD. Am using Renesas USB 3.0 eXtensible Host Controller and the default Microsoft/Renesas driver (Ver 6.2.9200.16389).  The issue occurs only when using the default Microsoft stack for the USB 3.0 controller. CHAOS test passes when using the Renesas provided vendor driver. 

    The issue seems to occur when SMCLIB.sys is trying to free a memory, but I could not isolate the problem causing buffer. Any guidance / pointers to isolate the cause will be really great. 

    Thanks, Joseph.

    Here's the output of "analyze -v".

    3: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *

    Special pool has detected memory corruption.  Typically the current thread's
    stack backtrace will reveal the guilty party.
    Arg1: 9fef0ff0, address trying to free
    Arg2: 9fef0ff9, address where bits are corrupted
    Arg3: 00c70009, (reserved)
    Arg4: 00000024, caller is freeing an address where bytes after the end of the allocation have been overwritten

    Debugging Details:

    TRIAGER: Could not open triage file : C:\Program Files\Windows Kits\8.0\Debuggers\x86\triage\modclass.ini, error 2

    BUGCHECK_STR:  0xC1_24



    PROCESS_NAME:  Te.exe


    IRP_ADDRESS:  9ded4ce8

    DEVICE_OBJECT: 892a54f0

    DRIVER_OBJECT: 8bac3c80

    IMAGE_NAME:  ntkrpamp.exe


    MODULE_NAME: ntkrpamp

    FAULTING_MODULE: 00000000 

    LAST_CONTROL_TRANSFER:  from 8178ffcb to 81757cb0

    92d6528c 8178ffcb 000000c1 9fef0ff0 9fef0ff9 nt!KeBugCheckEx
    92d65374 81827a96 9fef0ff0 8fe1ad20 9733d940 nt!MmFreeSpecialPool+0x8c
    92d653fc 81696ecf 9fef0ff0 00000000 5ab4c00d nt!ExDeferredFreePool+0xbfa
    92d654b0 816b8f41 9ded4d28 92d654fc 92d65504 nt!IopCompleteRequest+0xa5
    92d65554 81af30a0 9ded4d28 a0382c90 00000000 nt!IopfCompleteRequest+0x663
    92d655b8 8c8012a0 839ea020 9ded4d28 86e44968 nt!IovCompleteRequest+0x123
    WARNING: Stack unwind information not available. Following frames may be wrong.
    92d655d4 8c9cdd63 a0382c90 01ed4d28 839ea020 SMCLIB!SmartcardDeviceControl+0x96
    92d65664 81af2f4b 839ea020 9ded4d28 9ded4d28 SPR3322K!PcscDeviceIoControl+0x1a63 [d:\software\sprxxx\pcsc.c @ 3008]
    92d65684 81698a9f 81b0a565 9ded4f64 9ded4f88 nt!IovCallDriver+0x2e3
    92d65698 81b0a565 92d656c0 81b0a65c 839ea020 nt!IofCallDriver+0x62
    92d656a0 81b0a65c 839ea020 9ded4d28 9e4e7738 nt!ViFilterIoCallDriver+0x10
    92d656c0 81af2f4b 9e4e77f0 9ded4d28 00000001 nt!ViFilterDispatchGeneric+0x5e
    92d656e0 81698a9f 941ee58d 00000000 9ded4d28 nt!IovCallDriver+0x2e3
    92d656f4 941ee58d 9ded4d28 92d65950 941ee49a nt!IofCallDriver+0x62
    92d65700 941ee49a 96be64f8 9ded4d28 96be64f8 MSDMFilt!FilterPassIrp+0x2d
    92d65950 81af2f4b 96be64f8 9ded4d28 9ded4d28 MSDMFilt!FilterDispatchDeviceCtl+0x8c4
    92d65970 81698a9f 81b0a565 9ded4f88 9ded4fac nt!IovCallDriver+0x2e3
    92d65984 81b0a565 92d659ac 81b0a65c 96be64f8 nt!IofCallDriver+0x62
    92d6598c 81b0a65c 96be64f8 9ded4d28 86e79380 nt!ViFilterIoCallDriver+0x10
    92d659ac 81af2f4b 86e79438 9ded4d28 00000000 nt!ViFilterDispatchGeneric+0x5e
    92d659cc 81698a9f 8487ec52 a0366f38 a0538f20 nt!IovCallDriver+0x2e3
    92d659e0 8487ec52 8b607044 00000000 5fac70d8 nt!IofCallDriver+0x62
    92d65a08 8b6022d0 9de1afd0 a0538f20 a0366f38 Wdf01000!imp_WdfRequestSend+0x2c9
    92d65a74 8487d66c 5fce51f8 5fac70d8 00000009 scfilter+0x22d0
    92d65ab4 8487d241 5fac70d8 92d65afc a0538f20 Wdf01000!FxIoQueue::DispatchRequestToDriver+0x3c0
    92d65ad4 848809da a031ae00 00000000 a031ae00 Wdf01000!FxIoQueue::DispatchEvents+0x4af
    92d65af4 8487e96c a031ae00 a0538f20 9fa60ef4 Wdf01000!FxIoQueue::QueueRequest+0x204
    92d65b28 84878bc2 9ded4d28 87155da8 9ded4d28 Wdf01000!FxPkgIo::Dispatch+0x3ba
    92d65b50 84878a33 87155da8 9ded4d28 87155da8 Wdf01000!FxDevice::Dispatch+0x155
    92d65b6c 81af2f4b 87155da8 9ded4d28 9ded4d28 Wdf01000!FxDevice::DispatchWithLock+0x77
    92d65b8c 81698a9f 81b0a565 9ded4fd0 9ded4ff4 nt!IovCallDriver+0x2e3
    92d65ba0 81b0a565 92d65bc8 81b0a65c 87155da8 nt!IofCallDriver+0x62
    92d65ba8 81b0a65c 87155da8 9ded4d28 892a54f0 nt!ViFilterIoCallDriver+0x10
    92d65bc8 81af2f4b 892a55a8 9ded4d28 8fe10000 nt!ViFilterDispatchGeneric+0x5e
    92d65be8 81698a9f 818a8f1c 8fe1ad20 9ded4d28 nt!IovCallDriver+0x2e3
    92d65bfc 818a8f1c 9ded4ffc 9ded4d28 8fe1ad20 nt!IofCallDriver+0x62
    92d65c50 818a8991 892a54f0 00000000 00000001 nt!IopSynchronousServiceTail+0x121
    92d65cf0 818a85c9 892a54f0 9ded4d28 00000000 nt!IopXxxControlFile+0x3ac
    92d65d24 817cb2fc 0000077c 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
    92d65d24 779b6954 0000077c 00000000 00000000 nt!KiFastCallEntry+0x12c
    05c4fbd8 00000000 00000000 00000000 00000000 0x779b6954


    FOLLOWUP_NAME:  MachineOwner

    FAILURE_BUCKET_ID:  0xC1_24_VRF_IMAGE_ntkrpamp.exe

    BUCKET_ID:  0xC1_24_VRF_IMAGE_ntkrpamp.exe

    Friday, February 8, 2013 5:43 AM