Windows 8.1 ntoskernel.exe BSOD

[antoinehd]

Hi guys,

It has been 7 months since my last BSOD(https://www.sysnative.com/forums/bs...-screen-of-death-windows-8-1-a.html#post69035)
You helped me very good with it and I hope now again:thumbsup2:

Minidump included: View attachment Minidump.rar
BSOD maybe caused by new AMD driver(catalyst 14.9 WHQL), because I updated it 2 days ago and before that I had no problems for 7 months(with catalyst 14.4).
AMD released a beta driver for the BSOD's(but in their changelog nothing is being said about random bsod's, only in-game) so I will install that one.

Blue-screen-viewer says its the ntoskernel.exe

Somebody able to check?

Thanks for helping,

:wave:

 

[Jared]

[B]KMODE_EXCEPTION_NOT_HANDLED (1e)[/B]
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: [COLOR="#FF0000"]ffffffffc0000047[/COLOR], The exception code that was not handled
Arg2: fffff8034a2ef1ac, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception

We have a Kernel mode exception occur which wasn't handled, this is usually when the exception is unexpected.

0: kd> [COLOR="#008000"]!error ffffffffc0000047[/COLOR]
Error code: (NTSTATUS) 0xc0000047 (3221225543) - [COLOR="#FF0000"]An attempt was made to release a semaphore such that its maximum count would have been exceeded.[/COLOR]

Smeaphores are ways to limit the amount of times something can access a shared resource, everytime a thread releases a semaphore, it's count increases.
Lets say it's an application that allows a specific number of windows to open, for example 10.
When something that uses the application opens a window the count is reduced to 9, when it has finished it will release the semaphore and increase the count back to the maximum which is 10.
So this error states that something tried to release the semaphore when it was at the maximum value, otherwise it would go over the limit.

fffff803`4bf045c8 fffff803`4a3e1eda : 00000000`0000001e ffffffff`c0000047 fffff803`4a2ef1ac 00000000`00000000 : [COLOR="#0000FF"]nt!KeBugCheckEx[/COLOR]
fffff803`4bf045d0 fffff803`4a3621ed : fffff803`4bf04dd0 00000000`00000001 fffff803`4bf04d30 fffff803`4bf04740 : [COLOR="#800080"]nt!KiFatalExceptionHandler+0x22[/COLOR]
fffff803`4bf04610 fffff803`4a2ef3a5 : 00000000`00000001 fffff803`4a207000 fffff803`4bf04d00 fffff800`00000000 : [COLOR="#800080"]nt!RtlpExecuteHandlerForException+0xd[/COLOR]
fffff803`4bf04640 fffff803`4a2ef1e2 : 00000000`00000000 00000000`00000000 00000000`c0000047 00000000`00000000 : [COLOR="#800080"]nt!RtlDispatchException+0x1a5[/COLOR]
fffff803`4bf04d10 fffff803`4a38f02b : 00000000`00000002 fffff803`00000000 00000000`00000000 ffffe000`b92ea840 : [COLOR="#800080"]nt!RtlRaiseStatus+0x4e[/COLOR]
fffff803`4bf052b0 fffff800`624a4abe : 00000000`00000064 ffffe000`00000001 00000000`00000000 ffffe000`bf81acd0 : nt! ?? ::FNODOBFM::`string'+0x23e7b
fffff803`4bf05360 00000000`00000064 : ffffe000`00000001 00000000`00000000 ffffe000`bf81acd0 00000000`00000000 : [COLOR="#FF0000"]CORM40+0x1abe[/COLOR]
fffff803`4bf05368 ffffe000`00000001 : 00000000`00000000 ffffe000`bf81acd0 00000000`00000000 00000000`00000000 : 0x64
fffff803`4bf05370 00000000`00000000 : ffffe000`bf81acd0 00000000`00000000 00000000`00000000 ffffe000`bf1a3ac0 : 0xffffe000`00000001

It seems CORM40.sys was the culprit in releasing the semaphore, I'm unsure what it is as I don't have a Kernel memory dump.

0: kd> !process ffffe000b91f7540
GetPointerFromAddress: unable to read from fffff8034a55b000
PROCESS ffffe000b91f7540
    SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
    DirBase: 001aa000  ObjectTable: ffffc0013dc03000  HandleCount: [COLOR="#FF0000"]<Data Not Accessible>[/COLOR]
    Image: System
    VadRoot ffffe000bd853230 Vads 41 Clone 0 [COLOR="#FF0000"]Private[/COLOR] 26. Modified 1228579. Locked 320.
    DeviceMap ffffc0013dc0c350
    Token                             ffffc0013dc05670
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (1236, 50, 450) (4944KB, 200KB, 1800KB)
    PeakWorkingSetSize                4348
    VirtualSize                       9 Mb
    PeakVirtualSize                   21 Mb
    PageFaultCount                    16786
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      30

        *** Error in reading nt!_ETHREAD @ ffffe000b9272880

So lets look at the actual driver then, see if anything sticks out.

0: kd> [COLOR="#008000"]lmvm CORM40[/COLOR]
start             end                 module name
fffff800`624a3000 fffff800`624b1000   CORM40   T (no symbols)           
    Loaded symbol image file: CORM40.sys
    Image path: \SystemRoot\system32\drivers\CORM40.sys
    Image name: CORM40.sys
    Timestamp:        [COLOR="#FF0000"]Mon Mar 11 06:56:54 2013[/COLOR] (513D8036)
    CheckSum:         00015A5B
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

It's outdated by over a year, an update should solve this.
I believe this driver is for a Corsair M40 Gaming Mouse, looking at the loaded modules I see a lot of USB modules being loaded and unloaded so I wouldn't be surprised.
Check your manufacturer's site, if you can't find anything then try device manager.

 

[antoinehd]

So same problems as 7 months ago.

 

[Jared]

Yep, the exact same problem I'm afraid.
The best option I would say is a new mouse as it's causing problems that can't seem to be resolved.

 

[antoinehd]

Thanks anyway, thread can be closed.