Help for a friend - Windows 8.1 0xF4 BSOD

tom982

tom982

Emeritus
Joined
May 31, 2012
Posts
4,351
Location
New York
Would someone be able to have a look at this for my friend please? I said I'd take a look for him and didn't spot anything obvious, so I'm a little out of my depth now.

There's only one dump attached but I can get him to run the collection app if need be.

OS: Windows 8.1
Architecture: x64
Original OS: Windows 7
OEM? No
System Age: 2 years
OS age: No idea, sorry

CPU: Intel i5 2500K
Video card: No idea, sorry
Motherboard: No idea, sorry
PSU: No idea, sorry

Manufacturer: Custom build
Laptop/desktop: Desktop

I can get answers to all of those questions if needed but I don't know them off the top of my head.

Thanks in advance.
 

Attachments

Re: Help for a friend - Windows 8.1 0xF4

Code: 
0: kd> .bugcheck
Bugcheck code 000000F4
Arguments 00000000`00000003 fffffa80`09eadb30 fffffa80`09eade10 fffff800`03dca130

//Critical process termination

0: kd> kn
 # Child-SP          RetAddr           Call Site
00 fffff880`0fbc3e38 fffff800`03e52e92 nt!KeBugCheckEx //Bugcheck
01 fffff880`0fbc3e40 fffff800`03dfe87b nt!PspCatchCriticalBreak+0x92 //Catch break point if applicable
02 fffff880`0fbc3e80 fffff800`03d7ee08 nt!PspTerminateAllThreads+0x17436 //Terminate all the process' threads
03 fffff880`0fbc3ed0 fffff800`03ac2153 nt!NtTerminateProcess+0xf4 //Terminate [rpcess
04 fffff880`0fbc3f50 fffff800`03abe710 nt!KiSystemServiceCopyEnd+0x13 //Transition to Kernel mode
05 fffff880`0fbc40e8 fffff800`03b0e78f nt!KiServiceLinkage //Transition to user mode
06 fffff880`0fbc40f0 fffff800`03ac2542 nt!KiDispatchException+0x488e4 //Dispatch exception handler
07 fffff880`0fbc4900 fffff800`03ac10ba nt!KiExceptionDispatch+0xc2 //Access violation
08 fffff880`0fbc4ae0 00000000`77908e5d nt!KiPageFault+0x23a //Page fault
09 00000000`00d40ca0 00000000`00000000 0x77908e5d //User mode function

0: kd> !process fffffa8009eadb30 3
GetPointerFromAddress: unable to read from fffff80003cfc000
PROCESS fffffa8009eadb30
    SessionId: none  Cid: 02d0    Peb: 7fffffdb000  ParentCid: 0204
    DirBase: 1cee06000  ObjectTable: fffff8a001693e10  HandleCount: <Data Not Accessible>
    Image: wininit.exe //Windows Initialisation process
    VadRoot fffffa8009e544e0 Vads 67 Clone 0 Private 697. Modified 257. Locked 2.
    DeviceMap fffff8a000008bc0
    Token                             fffff8a0016906e0
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         102808
    QuotaPoolUsage[NonPagedPool]      20976
    Working Set Sizes (now,min,max)  (554, 50, 345) (2216KB, 200KB, 1380KB)
    PeakWorkingSetSize                1301
    VirtualSize                       48 Mb
    PeakVirtualSize                   59 Mb
    PageFaultCount                    1895
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      786

        *** Error in reading nt!_ETHREAD @ fffffa8009eaeb50

0: kd> dc fffff80003dca130
fffff800`03dca130  6d726554 74616e69 20676e69 74697263  Terminating crit
fffff800`03dca140  6c616369 6f727020 73736563 25783020  ical process 0x%
fffff800`03dca150  25282070 000a2973 90909090 90909090  p (%s)..........
fffff800`03dca160  61657242 6f202c6b 67492072 65726f6e  Break, or Ignore
fffff800`03dca170  69622820 00203f29 90909090 90909090   (bi)? .........
fffff800`03dca180  74697243 6c616369 72687420 20646165  Critical thread 
fffff800`03dca190  70257830 6e692820 29732520 69786520  0x%p (in %s) exi
fffff800`03dca1a0  0a646574 90909000 90909090 90909090  ted.............

Nothing helpful in the dump file, considering it's a minidump.
We'll need a better dump file, preferablly a full memory dump, and the log collection app.

Go the Start
Right click My Computer
Select Properties
Click Advanced system settings
Click on the Advanced tab
Select Settings under Startup and Recovery
Then under Write debugging information select Complete memory dump.

Once a dump is created go to:
C:/Windows/memory.dmp
Copy the file to the desktop, zip it up and upload it to a file sharing site like Onedrive. After the upload is done post the download link in your next reply.
 
Re: Help for a friend - Windows 8.1 0xF4

I'm betting my right leg that it's a bug in one of Kaspersky's kernel suite drivers.
 
Re: Help for a friend - Windows 8.1 0xF4

I'm so, so sorry for the delay guys! I just came to check on the thread because I hadn't heard from anyone and there are two replies that I'm sure I haven't seen before. Absolutely no idea what happened :confused2:

@Jared, thanks. I've asked him to change that setting so we should get a full dump next time round. This crash was very much out of the blue so I don't know how long it'll be before it happens again (if it ever does).

@Patrick, thanks for the heads up. As I said to Jared, it isn't a regular crash at all so it's really hard to tell whether removing Kaspersky fixed the problem or not. I've passed on the information nonetheless and if it gets worse then this is the first place we'll look.

Thank you both so much for your replies!
 
Re: Help for a friend - Windows 8.1 0xF4

tom982 said:
I'm so, so sorry for the delay guys! I just came to check on the thread because I hadn't heard from anyone and there are two replies that I'm sure I haven't seen before. Absolutely no idea what happened :confused2:

@Jared, thanks. I've asked him to change that setting so we should get a full dump next time round. This crash was very much out of the blue so I don't know how long it'll be before it happens again (if it ever does).

@Patrick, thanks for the heads up. As I said to Jared, it isn't a regular crash at all so it's really hard to tell whether removing Kaspersky fixed the problem or not. I've passed on the information nonetheless and if it gets worse then this is the first place we'll look.

Thank you both so much for your replies!
Click to expand...

No problem, Tom. Keep us updated.
 
Thanks for following up on this Patrick but it hasn't crashed since. We set it to create a full dump so at least we'll have a better idea of what's going on next time.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top