locked
BSOD EXCEPTION_CODE: (NTSTATUS) 0xc0000005 RRS feed

  • Question

  • My PC keeps Blue Screening (i.e. daily). I've run an analysis on OSR (summary below) but I'm at a loss to interpret it. 

    Can anyone shed any light on what's causing this. 

    There are a couple of dmp files if anyone can help analyse them. 
    https://onedrive.live.com/?id=C47EA93AECFA6EEB%215088&cid=C47EA93AECFA6EEB&group=0 

    Thanks. 

    CRITICAL_OBJECT_TERMINATION (f4)
    A process or thread crucial to system operation has unexpectedly exited or been
    terminated.
    Several processes and threads are necessary for the operation of the
    system; when they are terminated (for any reason), the system can no
    longer function.
    Arguments:
    Arg1: 0000000000000003, Process
    Arg2: fffffa800fcbab10, Terminating object
    Arg3: fffffa800fcbadf0, Process image file name
    Arg4: fffff8000397de20, Explanatory message (ascii)

    Debugging Details:
    ------------------

    ----- ETW minidump data unavailable-----TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

    PROCESS_OBJECT: fffffa800fcbab10

    IMAGE_NAME:  wininit.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    MODULE_NAME: wininit

    FAULTING_MODULE: 0000000000000000 

    PROCESS_NAME:  wininit.exe

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    BUGCHECK_STR:  0xF4_fffff800c0000005

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

    CURRENT_IRQL:  0

    STACK_TEXT:  
    fffff880`0e73b0e8 fffff800`03a10582 : 00000000`000000f4 00000000`00000003 fffffa80`0fcbab10 fffffa80`0fcbadf0 : nt!KeBugCheckEx
    fffff880`0e73b0f0 fffff800`039c699b : ffffffff`ffffffff fffffa80`0c8dcb50 fffffa80`0fcbab10 fffffa80`0fcbab10 : nt!PspCatchCriticalBreak+0x92
    fffff880`0e73b130 fffff800`0393226c : ffffffff`ffffffff 00000000`00000001 fffffa80`0fcbab10 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x29d16
    fffff880`0e73b180 fffff800`03679b53 : fffffa80`0fcbab10 fffff800`c0000005 fffffa80`0c8dcb50 00000000`00c20550 : nt!NtTerminateProcess+0xf4
    fffff880`0e73b200 fffff800`03676110 : fffff800`036fa6f9 fffff880`0e73bb78 fffff880`0e73b8d0 fffff880`0e73bc20 : nt!KiSystemServiceCopyEnd+0x13
    fffff880`0e73b398 fffff800`036fa6f9 : fffff880`0e73bb78 fffff880`0e73b8d0 fffff880`0e73bc20 00000000`00c21d90 : nt!KiServiceLinkage
    fffff880`0e73b3a0 fffff800`03679f42 : fffff880`0e73bb78 00000000`0000e7ec fffff880`0e73bc20 00000000`00c21868 : nt! ?? ::FNODOBFM::`string'+0x48054
    fffff880`0e73ba40 fffff800`03678aba : 00000000`00000001 00000000`00c20b08 00000000`77c34201 00000000`0000e7ec : nt!KiExceptionDispatch+0xc2
    fffff880`0e73bc20 00000000`77b2883d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
    00000000`00c20b10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b2883d


    STACK_COMMAND:  kb

    FOLLOWUP_NAME:  MachineOwner

    FAILURE_BUCKET_ID:  X64_0xF4_fffff800c0000005_IMAGE_wininit.exe

    BUCKET_ID:  X64_0xF4_fffff800c0000005_IMAGE_wininit.exe

    Followup: MachineOwner
    ---------

    Saturday, June 27, 2015 6:04 AM

Answers

  • Driver verified and Related to RTKVHD64.sys NVIDIA GeForce 9500M GS.  Completely remove the current driver and install the newest driver available.  (ours is from 2011)

    Microsoft (R) Windows Debugger Version 10.0.10075.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\zigza\Desktop\062815-94708-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    Symbol search path is:  srv*E:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
    Machine Name:
    Kernel base = 0xfffff800`03654000 PsLoadedModuleList = 0xfffff800`0389b730
    Debug session time: Sun Jun 28 00:40:10.174 2015 (UTC - 4:00)
    System Uptime: 0 days 0:01:56.797
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...............
    Loading User Symbols
    Loading unloaded module list
    ....
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D5, {fffff9800f182e40, 0, fffff880073cb57a, 0}
    
    *** WARNING: Unable to verify timestamp for RTKVHD64.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys
    
    Could not read faulting driver name
    Probably caused by : RTKVHD64.sys ( RTKVHD64+f857a )
    
    Followup:     MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
    Memory was referenced after it was freed.
    This cannot be protected by try-except.
    When possible, the guilty driver's name (Unicode string) is printed on
    the bugcheck screen and saved in KiBugCheckDriver.
    Arguments:
    Arg1: fffff9800f182e40, memory referenced
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg3: fffff880073cb57a, if non-zero, the address which referenced memory.
    Arg4: 0000000000000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    Could not read faulting driver name
    
    BIOS_DATE:  06/08/2011
    
    BASEBOARD_PRODUCT:  GA-A75-UD4H
    
    BASEBOARD_VERSION:  x.x
    
    BUGCHECK_P1: fffff9800f182e40
    
    BUGCHECK_P2: 0
    
    BUGCHECK_P3: fffff880073cb57a
    
    BUGCHECK_P4: 0
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003905100
    GetUlongPtrFromAddress: unable to read from fffff800039052e0
    GetUlongPtrFromAddress: unable to read from fffff80003905490
     fffff9800f182e40 
    
    FAULTING_IP: 
    RTKVHD64+f857a
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h]
    
    MM_INTERNAL_CODE:  0
    
    CPU_COUNT: 4
    
    CPU_MHZ: b54
    
    CPU_VENDOR:  AuthenticAMD
    
    CPU_FAMILY: 12
    
    CPU_MODEL: 1
    
    CPU_STEPPING: 0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    BUGCHECK_STR:  0xD5
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 10.0.10075.9 amd64fre
    
    TRAP_FRAME:  fffff880029629c0 -- (.trap 0xfffff880029629c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002962be8
    rdx=fffff88002962b50 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880073cb57a rsp=fffff88002962b50 rbp=0000000000000002
     r8=0000000000000000  r9=fffff880073cb57a r10=0000000000000100
    r11=fffff880009e8180 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    RTKVHD64+0xf857a:
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h] ds:00000000`00000030=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003743de7 to fffff800036c88c0
    
    STACK_TEXT:  
    fffff880`02962858 fffff800`03743de7 : 00000000`00000050 fffff980`0f182e40 00000000`00000000 fffff880`029629c0 : nt!KeBugCheckEx
    fffff880`02962860 fffff800`036c69ee : 00000000`00000000 fffff980`0f182e40 fffffa80`0f5f3000 fffff8a0`02cd2110 : nt! ?? ::FNODOBFM::`string'+0x4172f
    fffff880`029629c0 fffff880`073cb57a : fffff880`02962be8 00000000`00000000 fffff8a0`02cd2110 fffffa80`10869380 : nt!KiPageFault+0x16e
    fffff880`02962b50 fffff880`02962be8 : 00000000`00000000 fffff8a0`02cd2110 fffffa80`10869380 00000000`00000000 : RTKVHD64+0xf857a
    fffff880`02962b58 00000000`00000000 : fffff8a0`02cd2110 fffffa80`10869380 00000000`00000000 fffff800`00000000 : 0xfffff880`02962be8
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    RTKVHD64+f857a
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h]
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  RTKVHD64+f857a
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: RTKVHD64
    
    IMAGE_NAME:  RTKVHD64.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e44b9e4
    
    FAILURE_BUCKET_ID:  X64_0xD5_VRF_RTKVHD64+f857a
    
    BUCKET_ID:  X64_0xD5_VRF_RTKVHD64+f857a
    
    PRIMARY_PROBLEM_CLASS:  X64_0xD5_VRF_RTKVHD64+f857a
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0xd5_vrf_rtkvhd64+f857a
    
    FAILURE_ID_HASH:  {37aace3f-61fc-55ca-cdf3-7e7d756ab04c}
    
    Followup:     MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    Sunday, June 28, 2015 10:08 AM

All replies

  • A third party driver is terminating a windows process.  Run verifier to find which

    These crashes were related to memory corruption (probably caused by a driver). 

    Please run these two tests to verify your memory and find which driver is causing the problem.  Please run verifier first.  You do not need to run memtest yet unless verifier does not find the cause, or you want to.


    If you are over-clocking anything reset to default before running these tests.
    In other words STOP!!!  If you do not know what this means you probably are not


    1-Driver verifier (for complete directions see our wiki here)

    2-Memtest. (You can read more about running memtest here)




    Wanikiya and Dyami--Team Zigzag

    Saturday, June 27, 2015 11:19 AM
  • Thanks for your response.

    I have run Verifier and crashed my system a couple of times. I've uploaded the new mindump files here.

    https://onedrive.live.com/?id=C47EA93AECFA6EEB%215088&cid=C47EA93AECFA6EEB&group=0

    Thanks for your support so far. Let me know what else I need to do. I also plan to run the memory tests just in case. 

    Sunday, June 28, 2015 6:44 AM
  • Driver verified and Related to RTKVHD64.sys NVIDIA GeForce 9500M GS.  Completely remove the current driver and install the newest driver available.  (ours is from 2011)

    Microsoft (R) Windows Debugger Version 10.0.10075.9 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\zigza\Desktop\062815-94708-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    WARNING: Whitespace at start of path element
    Error: Empty Path.
    Symbol search path is:  srv*E:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.18869.amd64fre.win7sp1_gdr.150525-0603
    Machine Name:
    Kernel base = 0xfffff800`03654000 PsLoadedModuleList = 0xfffff800`0389b730
    Debug session time: Sun Jun 28 00:40:10.174 2015 (UTC - 4:00)
    System Uptime: 0 days 0:01:56.797
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...............
    Loading User Symbols
    Loading unloaded module list
    ....
    No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D5, {fffff9800f182e40, 0, fffff880073cb57a, 0}
    
    *** WARNING: Unable to verify timestamp for RTKVHD64.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys
    
    Could not read faulting driver name
    Probably caused by : RTKVHD64.sys ( RTKVHD64+f857a )
    
    Followup:     MachineOwner
    ---------
    
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL (d5)
    Memory was referenced after it was freed.
    This cannot be protected by try-except.
    When possible, the guilty driver's name (Unicode string) is printed on
    the bugcheck screen and saved in KiBugCheckDriver.
    Arguments:
    Arg1: fffff9800f182e40, memory referenced
    Arg2: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg3: fffff880073cb57a, if non-zero, the address which referenced memory.
    Arg4: 0000000000000000, (reserved)
    
    Debugging Details:
    ------------------
    
    
    Could not read faulting driver name
    
    BIOS_DATE:  06/08/2011
    
    BASEBOARD_PRODUCT:  GA-A75-UD4H
    
    BASEBOARD_VERSION:  x.x
    
    BUGCHECK_P1: fffff9800f182e40
    
    BUGCHECK_P2: 0
    
    BUGCHECK_P3: fffff880073cb57a
    
    BUGCHECK_P4: 0
    
    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003905100
    GetUlongPtrFromAddress: unable to read from fffff800039052e0
    GetUlongPtrFromAddress: unable to read from fffff80003905490
     fffff9800f182e40 
    
    FAULTING_IP: 
    RTKVHD64+f857a
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h]
    
    MM_INTERNAL_CODE:  0
    
    CPU_COUNT: 4
    
    CPU_MHZ: b54
    
    CPU_VENDOR:  AuthenticAMD
    
    CPU_FAMILY: 12
    
    CPU_MODEL: 1
    
    CPU_STEPPING: 0
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
    
    BUGCHECK_STR:  0xD5
    
    PROCESS_NAME:  svchost.exe
    
    CURRENT_IRQL:  0
    
    ANALYSIS_VERSION: 10.0.10075.9 amd64fre
    
    TRAP_FRAME:  fffff880029629c0 -- (.trap 0xfffff880029629c0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffff88002962be8
    rdx=fffff88002962b50 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880073cb57a rsp=fffff88002962b50 rbp=0000000000000002
     r8=0000000000000000  r9=fffff880073cb57a r10=0000000000000100
    r11=fffff880009e8180 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na pe nc
    RTKVHD64+0xf857a:
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h] ds:00000000`00000030=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003743de7 to fffff800036c88c0
    
    STACK_TEXT:  
    fffff880`02962858 fffff800`03743de7 : 00000000`00000050 fffff980`0f182e40 00000000`00000000 fffff880`029629c0 : nt!KeBugCheckEx
    fffff880`02962860 fffff800`036c69ee : 00000000`00000000 fffff980`0f182e40 fffffa80`0f5f3000 fffff8a0`02cd2110 : nt! ?? ::FNODOBFM::`string'+0x4172f
    fffff880`029629c0 fffff880`073cb57a : fffff880`02962be8 00000000`00000000 fffff8a0`02cd2110 fffffa80`10869380 : nt!KiPageFault+0x16e
    fffff880`02962b50 fffff880`02962be8 : 00000000`00000000 fffff8a0`02cd2110 fffffa80`10869380 00000000`00000000 : RTKVHD64+0xf857a
    fffff880`02962b58 00000000`00000000 : fffff8a0`02cd2110 fffffa80`10869380 00000000`00000000 fffff800`00000000 : 0xfffff880`02962be8
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    RTKVHD64+f857a
    fffff880`073cb57a 8b4630          mov     eax,dword ptr [rsi+30h]
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  RTKVHD64+f857a
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: RTKVHD64
    
    IMAGE_NAME:  RTKVHD64.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4e44b9e4
    
    FAILURE_BUCKET_ID:  X64_0xD5_VRF_RTKVHD64+f857a
    
    BUCKET_ID:  X64_0xD5_VRF_RTKVHD64+f857a
    
    PRIMARY_PROBLEM_CLASS:  X64_0xD5_VRF_RTKVHD64+f857a
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:x64_0xd5_vrf_rtkvhd64+f857a
    
    FAILURE_ID_HASH:  {37aace3f-61fc-55ca-cdf3-7e7d756ab04c}
    
    Followup:     MachineOwner
    ---------
    
    


    Wanikiya and Dyami--Team Zigzag

    Sunday, June 28, 2015 10:08 AM