Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Debug Analysis

Status
Not open for further replies.

Hitchy

Technical User
Apr 19, 2005
39
GB
Please can anybody tell me what this means. Or rather, what specific driver (if it is a driver) is at fault.

Opened log file 'c:\debuglog2.txt'
0: kd> .sympath srv*c:\symbols*Symbol search path is: srv*c:\symbols*0: kd> .sympath srv*c:\symbols*Symbol search path is: srv*c:\symbols*0: kd> .reload;!analyze -v;r;kv;.logclose;q
Loading Kernel Symbols
.....................................................................................................................................
Loading unloaded module list
..................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Parameter 1 = 0x1000 .. 0x1020 - deadlock verifier error codes.
Typically the code is 0x1001 (deadlock detected) and you can
issue a '!deadlock' KD command to get more information.
Arguments:
Arg1: 00000090, A driver switched stacks. The current stack is neither a thread
stack nor a DPC stack. Typically the driver doing this should be
on the stack obtained from `kb' command.
Arg2: ffdff120
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

Unable to load image SAVRT.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for SAVRT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SAVRT.SYS

BUGCHECK_STR: 0xc4_90

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from 00000000 to f345aaf4

TRAP_FRAME: 81ab8e14 -- (.trap ffffffff81ab8e14)
.trap ffffffff81ab8e14
ErrCode = 00000000
eax=e182a0e8 ebx=00000000 ecx=e12177f6 edx=e2ea1008 esi=e120007f edi=0000007f
eip=f345aaf4 esp=81ab8e88 ebp=e1200008 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202
SAVRT+0x33af4:
f345aaf4 ?? ???
.trap
Resetting default scope

STACK_TEXT:
81ab8e84 00000000 e2ea1008 00000089 f34687eb SAVRT+0x33af4


FOLLOWUP_IP:
SAVRT+33af4
f345aaf4 ?? ???

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: SAVRT+33af4

MODULE_NAME: SAVRT

IMAGE_NAME: SAVRT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 41ba0a1f

STACK_COMMAND: .trap ffffffff81ab8e14 ; kb

FAILURE_BUCKET_ID: 0xc4_90_SAVRT+33af4

BUCKET_ID: 0xc4_90_SAVRT+33af4

Followup: MachineOwner
---------

eax=ffdff13c ebx=ffdff120 ecx=00000000 edx=81ab8c44 esi=00000000 edi=00000000
eip=805371aa esp=81ab8c0c ebp=81ab8c24 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KeBugCheckEx+0x1b:
805371aa 5d pop ebp
ChildEBP RetAddr Args to Child
81ab8c24 8067a445 000000c4 00000090 ffdff120 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo])
81ab8c44 8067a73f 81ab8c70 8067ad32 00000000 nt!ViDeadlockCheckStackLimits+0x6e (FPO: [Non-Fpo])
81ab8c4c 8067ad32 00000000 00000000 00000000 nt!ViDeadlockCanProceed+0x2a (FPO: [Non-Fpo])
81ab8c70 80550e91 81b44ce8 00000050 81bab398 nt!VfDeadlockDeleteMemoryRange+0x13 (FPO: [Non-Fpo])
81ab8cb4 805503e3 81b44ce8 00000000 81ab8cd0 nt!ExFreePoolWithTag+0xad (FPO: [Non-Fpo])
81ab8cc4 804fe845 81b44ce8 81ab8d00 80679468 nt!ExFreePool+0xf (FPO: [Non-Fpo])
81ab8cd0 80679468 8055bd80 81b44ce8 8067215d nt!ExFreeToPagedLookasideList+0x1e (FPO: [Non-Fpo])
81ab8cdc 8067215d 81b53d98 01872000 fe5f78b8 nt!VfIrpReleaseCallStackData+0x15 (FPO: [0,0,0])
81ab8d00 804fb09e 00000000 fe5f78a8 fe5f78b8 nt!IovCallDriver+0xb8 (FPO: [Non-Fpo])
81ab8d14 804fb0c5 81bab398 fe5f780a fe5f78c0 nt!IopPageReadInternal+0xf3 (FPO: [Non-Fpo])
81ab8d34 804fadec 81b53d98 fe5f78e0 fe5f78c0 nt!IoPageRead+0x1b (FPO: [Non-Fpo])
81ab8da8 804e9893 1595f880 e12177f6 c038485c nt!MiDispatchFault+0x280 (FPO: [Non-Fpo])
81ab8dfc 804e0944 00000000 e12177f6 00000000 nt!MmAccessFault+0x642 (FPO: [Non-Fpo])
81ab8dfc f345aaf4 00000000 e12177f6 00000000 nt!KiTrap0E+0xd0 (FPO: [0,0] TrapFrame @ 81ab8e14)
WARNING: Stack unwind information not available. Following frames may be wrong.
81ab8e84 00000000 e2ea1008 00000089 f34687eb SAVRT+0x33af4
Closing open log file c:\debuglog2.txt



Thanks,
Hitchy
 
Not sure if you solved this. Looks like a Norton AV Fault. If you have it, Run Live update and check you have the latest updates.

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004
 
. turn off the verifier service. It is making your system brittle at this point.

In Safe Mode:
Start, Run, verifier /reset

Then reboot into Normal mode.

. SAVRT.SYS is the driver involved. As StuReeves mentioned, this is a Symantec/Norton Antivirus file.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top