Solved ntoskrnl.exe/rzpmgrk.sys BSOD

0: kd> .bugcheck
Bugcheck code 000000C4
Arguments 00000000`000000f6 00000000`00000320 ffffe001`08b98900 fffff801`a2d57430
[COLOR=#800080]
//Driver Verifier bugchecked the system because a Kernel mode driver referenced a user mode handle in Kernel mode, we didn't switch back to user mode[/COLOR]

0: kd> kn
 # Child-SP          RetAddr           Call Site
00 ffffd000`2492b5a8 fffff801`2f49c6b0 nt!KeBugCheckEx [COLOR=#800080]//BSOD[/COLOR]
01 ffffd000`2492b5b0 fffff801`2f4a1fa0 nt!VerifierBugCheckIfAppropriate+0x3c [COLOR=#800080]//Bugcheck if required[/COLOR]
02 ffffd000`2492b5f0 fffff801`2f3623cb nt!VfCheckUserHandle+0x1b8 [COLOR=#800080]//Driver Verifier check the user handle[/COLOR]
03 ffffd000`2492b6d0 fffff801`2f1fb575 nt!ObReferenceObjectByHandleWithTag+0x1d18b [COLOR=#800080]//Reference handle with tag[/COLOR]
04 ffffd000`2492b770 fffff801`2f1d6ade nt!ObReferenceObjectByHandle+0x25 [COLOR=#800080]//Reference the object with handle[/COLOR]
05 ffffd000`2492b7c0 fffff801`2ef732b3 nt!NtSetEvent+0x6e [COLOR=#800080]//Set event[/COLOR]
06 ffffd000`2492b810 fffff801`2ef6b700 nt!KiSystemServiceCopyEnd+0x13 [COLOR=#800080]//Transition into Kernel mode[/COLOR]
07 ffffd000`2492b9a8 fffff801`a2d57430 nt!KiServiceLinkage [COLOR=#800080]//System service link[/COLOR]
08 ffffd000`2492b9b0 ffffcf80`04bf0001 rzpmgrk+0x1430 [COLOR=#800080]//Razer Overlay driver[/COLOR]
09 ffffd000`2492b9b8 ffffcf80`04bf0000 0xffffcf80`04bf0001 [COLOR=#800080]//Context not saved[/COLOR]
0a ffffd000`2492b9c0 00000000`00000b00 0xffffcf80`04bf0000 [COLOR=#800080]//Context not saved[/COLOR]
0b ffffd000`2492b9c8 ffffe001`088b8ef0 0xb00
0c ffffd000`2492b9d0 00000000`00000000 0xffffe001`088b8ef0 [COLOR=#800080]//Context not saved[/COLOR]

0: kd> u fffff801a2d57430 [COLOR=#800080]//Razer overlay driver caused the fault[/COLOR]
rzpmgrk+0x1430:
fffff801`a2d57430 488b4c2460      mov     rcx,qword ptr [rsp+60h] [COLOR=#800080]//Faulting instruction[/COLOR]
fffff801`a2d57435 ff15451f0000    call    qword ptr [rzpmgrk+0x3380 (fffff801`a2d59380)]
fffff801`a2d5743b 488b742468      mov     rsi,qword ptr [rsp+68h]
fffff801`a2d57440 0fb6c3          movzx   eax,bl
fffff801`a2d57443 488b5c2458      mov     rbx,qword ptr [rsp+58h]
fffff801`a2d57448 4883c440        add     rsp,40h
fffff801`a2d5744c 5f              pop     rdi
fffff801`a2d5744d c3              ret

0: kd> !handle 320
GetPointerFromAddress: unable to read from fffff8012f17a000

PROCESS ffffe00108b98900
    SessionId: none  Cid: 0b00    Peb: 7ff6b3acb000  ParentCid: 0790
    DirBase: 131a51000  ObjectTable: ffffc001a8668c00  HandleCount: <Data Not Accessible>
    Image: runonce.exe

GetPointerFromAddress: unable to read from fffff8012f0d7a18
ffffc001a8668c00: Unable to read handle table

0: kd> lmvm rzpmgrk
start             end                 module name
fffff801`a2d56000 fffff801`a2d5d280   rzpmgrk  T (no symbols)           
    Loaded symbol image file: rzpmgrk.sys
    Image path: \??\C:\Windows\system32\drivers\rzpmgrk.sys
    Image name: rzpmgrk.sys
    Timestamp:        Thu Apr 17 20:36:12 2014 (53502D2C) 
    CheckSum:         0001707D
    ImageSize:        00007280
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

2: kd> .bugcheck
Bugcheck code 0000004E
Arguments 00000000`00000099 00000000`002f0337 00000000`00000002 04000340`0034b636

[COLOR=#800080]//PFN or PTE has been corrupted[/COLOR]

2: kd> kn
 # Child-SP          RetAddr           Call Site
00 ffffd000`2313b3e8 fffff803`8ee7a573 nt!KeBugCheckEx [COLOR=#800080]//BSOD[/COLOR]
01 ffffd000`2313b3f0 fffff803`8ecd79d3 nt!MiBadShareCount+0x4b [COLOR=#800080]//Bad PFN share count, something has gone wrong[/COLOR]
02 ffffd000`2313b430 fffff803`8ecea0e3 nt!MiDeletePteRun+0x703 [COLOR=#800080]//And the page table entry[/COLOR]
03 ffffd000`2313b620 fffff803`8ecd1f66 nt!MiDeleteVirtualAddresses+0x463 [COLOR=#800080]//Delete the virtual address[/COLOR]
04 ffffd000`2313b8b0 fffff803`8eccd130 nt!MiDeleteVad+0xbc6 [COLOR=#800080]//Delete Virtual Address Descriptor[/COLOR]
05 ffffd000`2313b9a0 fffff803`8edd89b3 nt!NtFreeVirtualMemory+0x820 [COLOR=#800080]//Free virtual memory[/COLOR]
06 ffffd000`2313bb00 00007ffe`5b24185a nt!KiSystemServiceCopyEnd+0x13 [COLOR=#800080]//Transition to Kernel mode[/COLOR]
07 00000000`0089e058 00000000`00000000 0x00007ffe`5b24185a [COLOR=#800080]//User mode function, we're using a minidump...
[/COLOR]
[COLOR=#800080]//It would appear the share count on a page frame number went wrong when we remove the PTE, the share count should have been //decremented[/COLOR]

   +0x000 u1               : <unnamed-tag>
   +0x008 u2               : <unnamed-tag>
   +0x010 PteAddress       : ???? 
   +0x010 VolatilePteAddress : ???? 
   +0x010 Lock             : ??
   +0x010 PteLong          : ??
   +0x018 u3               : <unnamed-tag>
   +0x01c NodeBlinkLow     : ??
   +0x01e Unused           : ??
   +0x01e VaType           : ??
   +0x01f ViewCount        : ??
   +0x01f NodeFlinkLow     : ??
   +0x020 OriginalPte      : _MMPTE
   +0x028 u4               : <unnamed-tag>

3: kd> .bugcheck
Bugcheck code 0000000A
Arguments fffff6e0`00b72ef0 00000000`00000000 00000000`00000000 fffff802`d288f58b

[COLOR=#800080]//We access invalid or pageable memory at an IRQL of 2[/COLOR]

3: kd> !pte fffff6e0`00b72ef0
                                           VA ffffc0016e5de000
PXE at FFFFF6FB7DBEDC00    PPE at FFFFF6FB7DB80028    PDE at FFFFF6FB70005B90    PTE at FFFFF6E000B72EF0
contains 0000000000E6E863  contains 0000000306966863  contains 0000000000000000
pfn e6e       ---DA--KWEV  pfn 306966    ---DA--KWEV  not valid

//Memory was invalid

3: kd> kn
 # Child-SP          RetAddr           Call Site
00 ffffd000`b9e6e448 fffff802`d2979ae9 nt!KeBugCheckEx [COLOR=#800080]//BSOD[/COLOR]
01 ffffd000`b9e6e450 fffff802`d297833a nt!KiBugCheckDispatch+0x69 [COLOR=#800080]//Dispatch bugcheck routine[/COLOR]
02 ffffd000`b9e6e590 fffff802`d288f58b nt!KiPageFault+0x23a [COLOR=#800080]//We hit a page fault[/COLOR]
03 ffffd000`b9e6e720 fffff802`d28a2fa5 nt!MiAgeWorkingSet+0x2cb [COLOR=#800080]//Check to see if the given process is aged, if so, keep it in memory[/COLOR]
04 ffffd000`b9e6ea30 fffff802`d28a2bba nt!MiTrimOrAgeWorkingSet+0xc1 [COLOR=#800080]//Trim the working set, remove any unwanted addresses and page them out[/COLOR]
05 ffffd000`b9e6ea70 fffff802`d28ddb92 nt!MiProcessWorkingSets+0x1a6
06 ffffd000`b9e6eb60 fffff802`d295481e nt!MmWorkingSetManager+0x4a [COLOR=#800080]//Transfer control to the memory manager and balance the working set[/COLOR]
07 ffffd000`b9e6eb90 fffff802`d28e9794 nt!KeBalanceSetManager+0x11e [COLOR=#800080]//Balance working set, most likely deciding which addresses to stay in memory[/COLOR]
08 ffffd000`b9e6ec00 fffff802`d29745c6 nt!PspSystemThreadStartup+0x58
09 ffffd000`b9e6ec60 00000000`00000000 nt!KiStartSystemThread+0x16 [COLOR=#800080]//Start a system thread[/COLOR]

3: kd> .trap ffffd000`b9e6e590
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000800000000000 rbx=0000000000000000 rcx=0000ffffffffffff
rdx=0000000000000008 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802d288f58b rsp=ffffd000b9e6e720 rbp=ffffd000b9e6e820
 r8=0000000fffffffff  r9=8000000000000000 r10=0000007ffffffff8
r11=0000098000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!MiAgeWorkingSet+0x2cb:
fffff802`d288f58b 498b1e          mov     rbx,qword ptr [r14] ds:00000000`00000000=???????????????? [COLOR=#800080]//The burden of minidumps... conext not //saved properly[/COLOR]