BSOD (KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)) at nt!CmpGetNameControlBlock+ff (Vista 32bit SP2)

Hi,

I'm trying to carry out some stress testing by playing audio on an audio device for 24 hours on a system running on Vista 32bit SP2. For some reason, I'm getting some BSOD during the stress test which does not seem to be related in any way to what I'm doing.

Below is the crash dump analysis of the 1st BSOD I get.

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints the driver/function that caused the problem.  Always note this address as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG.  This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the system is booted /DEBUG.  This will let us see why this breakpoint is happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81dedae3, The address that the exception occurred at
Arg3: 9c5d38ec, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!CmpGetNameControlBlock+ff
81dedae3 3b01            cmp     eax,dword ptr [ecx]

TRAP_FRAME:  9c5d38ec -- (.trap 0xffffffff9c5d38ec) ErrCode = 00000000
eax=1b37ecd4 ebx=9c5d39a8 ecx=3c3e413c edx=0b1164a4 esi=a7326ae0 edi=8861a000
eip=81dedae3 esp=9c5d3960 ebp=9c5d3988 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!CmpGetNameControlBlock+0xff:
81dedae3 3b01            cmp     eax,dword ptr [ecx]  ds:0023:3c3e413c=????????
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81c37918 to 81cddb0d

STACK_TEXT:
9c5d34ac 81c37918 0000008e c0000005 81dedae3 nt!KeBugCheckEx+0x1e 9c5d387c 81c5b83a 9c5d3898 00000000 9c5d38ec nt!KiDispatchException+0x1a9
9c5d38e4 81c5b7ee 9c5d3988 81dedae3 badb0d00 nt!CommonDispatchException+0x4a
9c5d3988 81ded573 00000010 015d39cf 8f7c1024 nt!Kei386EoiHelper+0x186 9c5d39bc 81de98b8 90391a20 00000020 007c1024 nt!CmpCreateKeyControlBlock+0x315 9c5d3a10 81e17af3 00000020 8f7c1024 010732d8
nt!CmpAddInfoAfterParseFailure+0x2e7
9c5d3b78 81e3d09a a7d36890 84084b08 abe4f990 nt!CmpParseKey+0x9db
9c5d3c08 81e4aaa2 00000610 9c5d3c60 00000040 nt!ObpLookupObjectName+0x11e
9c5d3c68 81e1841f 05fff5a8 84084b08 00000001 nt!ObOpenObjectByName+0x13c
9c5d3d34 81e18259 05fff698 00020019 05fff5a8 nt!CmOpenKey+0x1b1 9c5d3d50 81c5ac7a 05fff698 00020019 05fff5a8 nt!NtOpenKey+0x16 9c5d3d50 76ff5e74 05fff698 00020019 05fff5a8 nt!KiFastCallEntry+0x12a 05fff580 76ff4bf0 769b7b35 05fff698 00020019 ntdll!KiFastSystemCallRet
05fff584 769b7b35 05fff698 00020019 05fff5a8 ntdll!ZwOpenKey+0xc
05fff5e4 769b7cc4 00000610 05fff614 00000000 ADVAPI32!LocalBaseRegOpenKey+0xfe
05fff644 769b7bbc 80000002 03e9d752 00000000 ADVAPI32!RegOpenKeyExInternalW+0x10f
05fff664 736f4280 80000002 03e9d752 00000000 ADVAPI32!RegOpenKeyExW+0x1b
WARNING: Stack unwind information not available. Following frames may be wrong.
05fff6a8 736f473d 03eb5360 80000002 00000000 mpengine!FreeSigFiles+0x1fe2e0
05fff6d8 736f5867 027a5728 05fff780 05fff744 mpengine!FreeSigFiles+0x1fe79d
05fff748 73727566 00000000 05fff780 00000004 mpengine!FreeSigFiles+0x1ff8c7 05fff7a0 736f1b8b 00000000 03d058d8 03fc9800 mpengine!FreeSigFiles+0x2315c6 05fff7bc 7351368d 03d05a18 03d058d8 03fc9800 mpengine!FreeSigFiles+0x1fbbeb
05fff7e4 73505312 03fc9800 03d058d8 00000002 mpengine!FreeSigFiles+0x1d6ed
05fff834 73504506 03d05838 03d05838 03d05838 mpengine!FreeSigFiles+0xf372
05fff884 734f5b19 00004026 0094ce5c 00000040 mpengine!FreeSigFiles+0xe566 05fff8d0 734f5e1e 00930840 00004026 0094ce5c mpengine+0x115b19 05fff8ec 742baf5d 00930840 00004026 0094ce5c mpengine!_rsignal+0x2e
05fffb44 742c3071 009307e8 00004026 0094ce5c mpsvc!ServiceCrtMain+0x422b 05fffb6c 742be9c6 0094cf78 7ffd9000 0083b340 mpsvc!ServiceCrtMain+0xc33f
05fffb84 742764cb 00946520 00109638 74276711 mpsvc!ServiceCrtMain+0x7c94
05fffb98 76fc65a1 0083b340 05fffb00 72faf53c
MpClient!MpDownloadAndUpdateSignaturesEx+0x2db8
05fffbd4 76fd3d2d 05fffc38 00109638 00113538 ntdll!RtlpTpWaitCallback+0x8f 05fffbfc 76fd2fcf 05fffc38 00113598 72faf3c4 ntdll!TppWaitpExecuteCallback+0xfe
05fffd2c 76d8d0e9 000ccae8 05fffd78 76fd19bb ntdll!TppWorkerThread+0x545
05fffd38 76fd19bb 000ccae8 72faf390 00000000 kernel32!BaseThreadInitThunk+0xe
05fffd78 76fd198e 76fd2d40 000ccae8 00000000 ntdll!__RtlUserThreadStart+0x23 05fffd90 00000000 76fd2d40 000ccae8 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!CmpGetNameControlBlock+ff
81dedae3 3b01            cmp     eax,dword ptr [ecx]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpGetNameControlBlock+ff

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0x8E_nt!CmpGetNameControlBlock+ff

BUCKET_ID:  0x8E_nt!CmpGetNameControlBlock+ff

Followup: MachineOwner
---------

From the crash dump analysis, it seem to indicate that the crash originate from MpClient, which is from Windows Defender. I disabled Windows Defender and tried again, and got another BSOD.

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints the driver/function that caused the problem.  Always note this address as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG.  This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the system is booted /DEBUG.  This will let us see why this breakpoint is happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 81e1eae3, The address that the exception occurred at
Arg3: aacac8c4, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

OVERLAPPED_MODULE: Address regions for 'drmk' and 'drmk.sys' overlap

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!CmpGetNameControlBlock+ff
81e1eae3 3b01            cmp     eax,dword ptr [ecx]

TRAP_FRAME:  aacac8c4 -- (.trap 0xffffffffaacac8c4) ErrCode = 00000000
eax=018c4201 ebx=aacac980 ecx=3c3e424b edx=31803aa5 esi=a5932cd0 edi=8861a000
eip=81e1eae3 esp=aacac938 ebp=aacac960 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!CmpGetNameControlBlock+0xff:
81e1eae3 3b01            cmp     eax,dword ptr [ecx]  ds:0023:3c3e424b=????????
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  taskeng.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81c68918 to 81d0eb0d

STACK_TEXT:
aacac484 81c68918 0000008e c0000005 81e1eae3 nt!KeBugCheckEx+0x1e
aacac854 81c8c83a aacac870 00000000 aacac8c4 nt!KiDispatchException+0x1a9 aacac8bc 81c8c7ee aacac960 81e1eae3 badb0d00 nt!CommonDispatchException+0x4a aacac960 81e1e573 00000010 01cac9a7 aacaca50 nt!Kei386EoiHelper+0x186
aacac978 81e460f6 00100010 a3a278a2 8ae97a00 nt!CmpCreateKeyControlBlock+0x315 00000000 00000000 00000000 00000000 00000000 nt!HvpGetCellMapped+0x27c


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!CmpGetNameControlBlock+ff
81e1eae3 3b01            cmp     eax,dword ptr [ecx]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpGetNameControlBlock+ff

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  49e0199e

FAILURE_BUCKET_ID:  0x8E_nt!CmpGetNameControlBlock+ff

BUCKET_ID:  0x8E_nt!CmpGetNameControlBlock+ff

Followup: MachineOwner
---------

I'm currently running MemTest86 on the system to check whether there's any RAM issue but so far, no error has been detected. Does anyone know what else could be causing these BSODs? Thanks.

|
Answer
Answer

Hi flipflop1234,

a)         What changes were made to the system between the time everything last worked and when you noticed the problem? 

A crash can be caused by a number of things, including:

         An outdated or misbehaving device driver,

         A computer virus,

         A corrupted program,

         A problem with your computer's memory or

         Hard disk or motherboard is corrupted

I would suggest you to try the following steps:

Step 1: Try to boot the computer in safe mode and check if the issue persists:

http://windows.microsoft.com/en-us/windows-vista/Start-your-computer-in-safe-mode 

If the computer works fine in safe mode, you can infer that some third party software is causing the issue.

Step 2: If this issue is occurring after installing some programs or updating drivers, you may want to perform system restore to put the computer back to an earlier point in time.

Look for the steps to perform system restore:

http://windows.microsoft.com/en-us/windows-vista/What-is-System-Restore

 

Step 3: Check your hard disk for errors; follow the steps mentioned in the link below

http://windows.microsoft.com/en-us/windows-vista/Check-your-hard-disk-for-errors  

Step 4: Try to install the latest drivers for all the devices via windows update or check the device manufacturer’s website.

 

1.         Open Windows Update by clicking the Start button, clicking All Programs, and then clicking Windows Update.

 

2.         In the left pane, click Check for updates.

 

Install all the important and recommended updates.

 

Thanks and Regards:

Ajay K

Microsoft Answers Support Engineer


Visit our Microsoft Answers Feedback Forum and let us know what you think.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated September 5, 2019 Views 3,145 Applies to: