BSOD by Chrome

[Sphaneda]

Hi all,
I recently started to get BSOD. This happens only when I start searching from the Address Bar in Chrome !
I get the 0x0000008E stop message.
Attached is the dump I analysed and I spotted a problem in ntkrnlpa.exe.
Could someone please analyse the attached dump and give me an answer or point me in the right direction ?
Regards,
Sven

 

[zigzag3143]

Hi all,
I recently started to get BSOD. This happens only when I start searching from the Address Bar in Chrome !
I get the 0x0000008E stop message.
Attached is the dump I analysed and I spotted a problem in ntkrnlpa.exe.
Could someone please analyse the attached dump and give me an answer or point me in the right direction ?
Regards,
Sven

Two problems right off the bat.

1-Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%.

They use a driver, found in your dmp,sptd.sys, that is notorious for causing BSODs.

Use this SPTD uninstaller DuplexSecure - Downloads

when you're done you can use this Freeware MagicISO Virtual CD/DVD-ROM(MagicDisc) in its place.

2-Old drivers needing updating

PBADRV.sys    1/7/2008 2:52:14 PM        0x8d51e000    0x8d529000    0x0000b000    0x478274de                        
OA001Ufd.sys    6/3/2008 5:30:22 AM        0x975da000    0x975fd520    0x00023520    0x48450f2e                        
OA001Vid.sys    9/19/2008 5:29:51 AM        0x97596000    0x975d9bc0    0x00043bc0    0x48d3710f                        
tap0901.sys    11/19/2008 2:22:30 PM        0x9552b000    0x95531280    0x00006280    0x49245966                        
dsNcAdpt.sys    3/30/2009 10:39:02 PM        0x9555c000    0x95567000    0x0000b000    0x49d18246                        
spldr.sys    5/11/2009 12:13:47 PM        0x8d4c1000    0x8d4c9000    0x00008000    0x4a084ebb                        
GEARAspiWDM.sys    5/18/2009 8:16:53 AM        0x95505000    0x9550a280    0x00005280    0x4a1151b5                        
e1y6232.sys    6/12/2009 9:16:04 PM        0x83600000    0x8363a000    0x0003a000    0x4a32fdd4                        
rimmptsk.sys    6/25/2009 3:58:09 AM        0x96c0a000    0x96c1b000    0x00011000    0x4a432e11

How To Find Drivers:

- search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.

- - The most common drivers are listed on this page: Driver Reference Driver Reference
- - Driver manufacturer links are on this page: Drivers and Downloads

 

[Sphaneda]

Further analysis

Hi Zigzag,
Thanks for the quick analysis.
I could go further with the analyse of the dump file and here is what I got. Can you do further analysis as well.
BSOD seems to be caused by Chrome aling with ntkrpamp.exe.


Loading Dump File [C:\Users\sxxxx.CIRB-CIBG\Desktop\071311-18673-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.x86fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0x82e4f000 PsLoadedModuleList = 0x82f984d0
Debug session time: Wed Jul 13 20:51:11.331 2011 (UTC + 2:00)
System Uptime: 0 days 0:50:31.061
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 8307bf2e, 8f31b864, 0}

Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8307bf2e, The address that the exception occurred at
Arg3: 8f31b864, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
nt!ExpAllocateHandleTableEntry+1f
8307bf2e f00fba2800 lock bts dword ptr [eax],0

TRAP_FRAME: 8f31b864 -- (.trap 0xffffffff8f31b864)
ErrCode = 00000002
eax=0000000c ebx=00000000 ecx=0000000c edx=000f001f esi=00000000 edi=8616aa70
eip=8307bf2e esp=8f31b8d8 ebp=8f31b8e8 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010296
nt!ExpAllocateHandleTableEntry+0x1f:
8307bf2e f00fba2800 lock bts dword ptr [eax],0 ds:0023:0000000c=????????
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 8308fde3 to 8307bf2e

STACK_TEXT:
8f31b8e8 8308fde3 8f31b908 8f31b950 bf9dbe38 nt!ExpAllocateHandleTableEntry+0x1f
8f31b900 83072c18 00000000 8f31b950 bf9dbe50 nt!ExCreateHandle+0x1a
8f31b958 8307322e 00000000 bf9dbe50 000f001f nt!ObpCreateHandle+0x2a8
8f31bafc 83073155 00000000 000f001f 00000000 nt!ObInsertObjectEx+0xd0
8f31bb18 830730fa bf9dbe50 00000000 000f001f nt!ObInsertObject+0x1e
8f31bb84 82e8d1ea 8f31bc98 000f001f 00000000 nt!NtCreateSection+0x1df
8f31bb84 82e8adf5 8f31bc98 000f001f 00000000 nt!KiFastCallEntry+0x12a
8f31bd00 82eccaab 80000e20 00000000 8616aa70 nt!ZwCreateSection+0x11
8f31bd50 83057f64 00000001 a23c7268 00000000 nt!ExpWorkerThread+0x10d
8f31bd90 82f00219 82ecc99e 00000001 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!ExpAllocateHandleTableEntry+1f
8307bf2e f00fba2800 lock bts dword ptr [eax],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!ExpAllocateHandleTableEntry+1f

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4d9fd753

FAILURE_BUCKET_ID: 0x8E_nt!ExpAllocateHandleTableEntry+1f

BUCKET_ID: 0x8E_nt!ExpAllocateHandleTableEntry+1f

Followup: MachineOwner
---------

0: kd> .tlist
0n0 System Process
0n4 SYSTEM
0n476 smss.exe
0n652 csrss.exe
0n712 wininit.exe
0n720 csrss.exe
0n768 services.exe
0n800 lsass.exe
0n808 lsm.exe
0n928 svchost.exe
0n964 winlogon.exe
0n1036 nvvsvc.exe
0n1080 svchost.exe
0n1148 svchost.exe
0n1216 svchost.exe
0n1264 svchost.exe
0n1316 stacsv.exe
0n1500 svchost.exe
0n1664 WUDFHost.exe
0n1712 WUDFHost.exe
0n1764 svchost.exe
0n1856 wlanext.exe
0n1868 conhost.exe
0n1944 spoolsv.exe
0n1972 HostControlService.exe
0n1992 HostStorageService.exe
0n2020 svchost.exe
0n440 svchost.exe
0n572 svchost.exe
0n760 schedul2.exe
0n708 armsvc.exe
0n1272 AEstSrv.exe
0n1560 afcdpsrv.exe
0n1588 AppleMobileDeviceService.exe
0n2044 mDNSResponder.exe
0n672 cronsvc.exe
0n2164 DHQFMSvc.exe
0n2240 dsNcService.exe
0n2344 EvtEng.exe
0n2412 fsgk32st.exe
0n2456 fsgk32.exe
0n2476 FreeAgentService.exe
0n2676 FSMA32.EXE
0n2752 FsUsbExService.Exe
0n2816 FSHDLL32.EXE
0n2828 IPROSetMonitor.exe
0n2992 svchost.exe
0n3224 RegSrvc.exe
0n3276 svchost.exe
0n3300 nvSCPAPISvr.exe
0n3336 svchost.exe
0n3360 TeamViewer_Service.exe
0n3400 TuneUpUtilitiesService32.exe
0n3520 vmware-usbarbitrator.exe
0n3552 vmnat.exe
0n3604 vmware-authd.exe
0n3688 unsecapp.exe
0n3720 vmnetdhcp.exe
0n3888 WmiPrvSE.exe
0n2160 fsdfwd.exe
0n2320 fsorsp.exe
0n2284 FNRB32.exe
0n3296 FIH32.exe
0n3168 fssm32.exe
0n2784 svchost.exe
0n4848 fsav32.exe
0n5100 svchost.exe
0n5872 NvXDSync.exe
0n5884 nvvsvc.exe
0n3844 IAStorDataMgrSvc.exe
0n5184 svchost.exe
0n5268 SearchIndexer.exe
0n5504 taskhost.exe
0n3684 TuneUpUtilitiesApp32.exe
0n4292 dwm.exe
0n1244 explorer.exe
0n488 FSM32.EXE
0n3484 stxmenumgr.exe
0n4184 wmdc.exe
0n3944 IAStorIcon.exe
0n3936 TrueImageMonitor.exe
0n3960 TrueImageMonitor.exe
0n6108 schedhlp.exe
0n4508 beid35gui.exe
0n3768 jusched.exe
0n1920 sttray.exe
0n1608 SetPoint.exe
0n4680 sidebar.exe
0n3068 YouSendIt.exe
0n4296 Dropbox.exe
0n5476 KHALMNPR.exe
0n5408 WmiPrvSE.exe
0n1076 wmpnetwk.exe
0n7420 WmiPrvSE.exe
0n7576 firefox.exe
0n6324 plugin-container.exe
0n492 plugin-container.exe
0n1228 audiodg.exe
0n7212 windbg.exe

Best regards,
Sven

 

[MvdB]

Probably caused by : ntkrpamp.exe ( nt!ExpAllocateHandleTableEntry+1f )

Even though the analysis seems to point to this exe... It is most probably not the real cause. You would have much greater problems if it was....

Have you followed the advise and updated the drivers etc? If so and if you still get bsod's please upload th latest?

 

[zigzag3143]

Sphaneda

You obviously have anothe DMP file because your date is newer. Please upload it for analysis. After we make sure you have updated the drivers and sptd.sys we should be able to tell what the true cause is.