Attachment 716879 Details for Bug 928186 – c4-log

c4-log

c4.txt (text/plain), 7.31 KB, created by Min Deng on 2013-03-27 05:35:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Min Deng

Created: 2013-03-27 05:35:50 UTC

Size: 7.31 KB

patch

obsolete

>Loading unloaded module list
>......................
>*******************************************************************************
>*                                                                             *
>*                        Bugcheck Analysis                                    *
>*                                                                             *
>*******************************************************************************
>
>Use !analyze -v to get detailed debugging information.
>
>BugCheck C4, {62, fffffa8004e3b2b0, fffffa8004e3b210, 100}
>
>*** ERROR: Module load completed but symbols could not be loaded for vioser.sys
>Probably caused by : vioser.sys
>
>Followup: MachineOwner
>---------
>
>2: kd> !analyze -v
>*******************************************************************************
>*                                                                             *
>*                        Bugcheck Analysis                                    *
>*                                                                             *
>*******************************************************************************
>
>DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
>A device driver attempting to corrupt the system has been caught.  This is
>because the driver was specified in the registry as being suspect (by the
>administrator) and the kernel has enabled substantial checking of this driver.
>If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
>be among the most commonly seen crashes.
>Arguments:
>Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
>Arg2: fffffa8004e3b2b0, name of the driver having the issue.
>Arg3: fffffa8004e3b210, verifier internal structure with driver information.
>Arg4: 0000000000000100, total # of (paged+nonpaged) allocations that weren't freed.
>	Type !verifier 3 drivername.sys for info on the allocations
>	that were leaked that caused the bugcheck.
>
>Debugging Details:
>------------------
>
>
>BUGCHECK_STR:  0xc4_62
>
>IMAGE_NAME:  vioser.sys
>
>DEBUG_FLR_IMAGE_TIMESTAMP:  51406942
>
>MODULE_NAME: vioser
>
>FAULTING_MODULE: fffffa60041a3000 vioser
>
>VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa8004e3b210
>   +0x000 Links            : _LIST_ENTRY [ 0xfffff800`017f0e70 - 0xfffffa80`04e3b2e0 ]
>   +0x010 Loads            : 0xb
>   +0x014 Unloads          : 0xa
>   +0x018 BaseName         : _UNICODE_STRING "vioser.sys"
>   +0x028 StartAddress     : 0xfffffa60`041a3000 Void
>   +0x030 EndAddress       : 0xfffffa60`041b6000 Void
>   +0x038 Flags            : 1
>   +0x040 Signature        : 0x98761940
>   +0x050 PoolPageHeaders  : _SLIST_HEADER
>   +0x060 PoolTrackers     : _SLIST_HEADER
>   +0x070 CurrentPagedPoolAllocations : 0
>   +0x074 CurrentNonPagedPoolAllocations : 0x100
>   +0x078 PeakPagedPoolAllocations : 0
>   +0x07c PeakNonPagedPoolAllocations : 0x146
>   +0x080 PagedBytes       : 0
>   +0x088 NonPagedBytes    : 0x101400
>   +0x090 PeakPagedBytes   : 0
>   +0x098 PeakNonPagedBytes : 0x144450
>
>DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
>
>PROCESS_NAME:  System
>
>CURRENT_IRQL:  0
>
>LAST_CONTROL_TRANSFER:  from fffff80001a9754d to fffff800016a5ad0
>
>STACK_TEXT:  
>fffffa60`019e5738 fffff800`01a9754d : 00000000`000000c4 00000000`00000062 fffffa80`04e3b2b0 fffffa80`04e3b210 : nt!KeBugCheckEx
>fffffa60`019e5740 fffff800`01aa4557 : fffffa60`00000000 00000000`00000012 00000000`00000000 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3d
>fffffa60`019e5780 fffff800`019c4b86 : fffffa80`06c2b1f0 fffffa80`06c2b1f0 00000000`00000000 fffffa60`041a3000 : nt!ViCheckDriverUnloading+0xb7
>fffffa60`019e57c0 fffff800`019c5711 : 00000000`00000000 00000000`00000080 00000000`00000000 fffff800`0169b800 : nt!VerifierDriverUnloading+0x26
>fffffa60`019e57f0 fffff800`01a84671 : 00000000`00000000 00000000`00000000 fffffa80`06057010 fffffa80`76697244 : nt!MmUnloadSystemImage+0x2d2
>fffffa60`019e5860 fffff800`016aa4d3 : fffffa80`04f70dc0 fffffa80`06057010 fffffa80`06057080 00000000`00000000 : nt!IopDeleteDriver+0x41
>fffffa60`019e5890 fffff800`018a37d6 : fffffa80`074e2b40 fffffa80`074e2b40 00000000`00000000 00000000`00000003 : nt!ObfDereferenceObject+0x103
>fffffa60`019e5920 fffff800`016aa4d3 : fffff800`01a186d0 fffff800`01a81f84 00000000`00000010 00000000`00000002 : nt!IopDeleteDevice+0x36
>fffffa60`019e5950 fffff800`01a18712 : fffff880`06d9f590 fffff800`01a186d0 fffff880`06b8f628 00000000`6c727050 : nt!ObfDereferenceObject+0x103
>fffffa60`019e59e0 fffff800`01a821b7 : fffffa80`07545680 00000000`00000001 fffffa80`06167a30 fffff800`017e0218 : nt!IopFreeRelationList+0x42
>fffffa60`019e5a20 fffff800`01a82307 : fffffa80`07545680 fffffa80`064658a8 fffffa80`064658a8 00000000`00000002 : nt!PnpDelayedRemoveWorker+0x97
>fffffa60`019e5a70 fffff800`0177b8d9 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!PnpChainDereferenceComplete+0x127
>fffffa60`019e5aa0 fffff800`01a86b09 : 00000000`00000000 fffffa80`06167a00 fffffa80`06169520 00000000`00000001 : nt!PnpIsChainDereferenced+0xc9
>fffffa60`019e5b20 fffff800`01a86d8c : fffffa60`019e5cf8 00000000`00010200 fffffa60`019e5c00 00000000`00000000 : nt!PnpProcessQueryRemoveAndEject+0xf99
>fffffa60`019e5c70 fffff800`01985d8a : 00000000`00000001 fffffa80`07535b70 fffff880`05ebfd70 fffff800`018a5800 : nt!PnpProcessTargetDeviceEvent+0x4c
>fffffa60`019e5ca0 fffff800`016acec3 : fffff800`018a5848 fffff880`06d8ac80 fffff800`017df8f8 fffffa80`04f6b040 : nt! ?? ::NNGAKEGL::`string'+0x4e537
>fffffa60`019e5cf0 fffff800`018b2f47 : fffffa80`07535b70 00000000`00000000 fffffa80`04f6b040 00000000`00000080 : nt!ExpWorkerThread+0xfb
>fffffa60`019e5d50 fffff800`016e2c36 : fffffa60`005ec180 fffffa80`04f6b040 fffffa60`005f5d40 fffffa80`04f69818 : nt!PspSystemThreadStartup+0x57
>fffffa60`019e5d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
>
>
>STACK_COMMAND:  kb
>
>FOLLOWUP_NAME:  MachineOwner
>
>FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_IMAGE_vioser.sys
>
>BUCKET_ID:  X64_0xc4_62_VRF_IMAGE_vioser.sys
>
>Followup: MachineOwner
>---------
>
>2: kd> !analyze -v
>*******************************************************************************
>*                                                                             *
>*                        Bugcheck Analysis                                    *
>*                                                                             *
>*******************************************************************************
>
>DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
>A device driver attempting to corrupt the system has been caught.  This is
>because the driver was specified in the registry as being suspect (by the
>administrator) and the kernel has enabled substantial checking of this driver.
>If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
>be among the most commonly seen crashes.
>Arguments:
>Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
>Arg2: fffffa8004e3b2b0, name of the driver having the issue.
>Arg3: fffffa8004e3b210, verifier internal structure with driver information.
>Arg4: 0000000000000100, total # of (paged+nonpaged) allocations that weren't freed.
>	Type !verifier 3 drivername.sys for info on the allocations
>	that were leaked that caused the bugcheck.
>
>Debugging Details:
>------------------
>

Actions: View

Attachments on bug 928186: 716879 | 716883 | 752496