WinDbug之DUMP蓝屏分析
Microsoft (R) Windows Debugger Version 6.2.8400.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\dump\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0185e000 PsLoadedModuleList = 0xfffff800`01a9be50
Debug session time: Mon Jul 16 14:24:49.415 2012 (UTC + 8:00)
System Uptime: 283 days 3:55:02.586
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck CA, {1, fffffa800be97440, fffffa800c237440, 0}
Probably caused by : usbhub.sys
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a result of a problem in a driver or
a problem in PnP itself. The first argument describes the nature of the
problem, the second argument is the address of the PDO. The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO
A specific instance of a driver has enumerated multiple PDOs with
identical device id and unique ids.
Arg2: fffffa800be97440, Newly reported PDO.
Arg3: fffffa800c237440, PDO of which it is a duplicate.
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xCA_1
DEVICE_OBJECT: fffffa800be97440
DRIVER_OBJECT: fffffa8005456b50
IMAGE_NAME: usbhub.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc2d
MODULE_NAME: usbhub
FAULTING_MODULE: fffff88004524000 usbhub
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LOCK_ADDRESS: fffff80001ad2400 -- (!locks fffff80001ad2400)
Resource @ nt!PiEngineLock (0xfffff80001ad2400) Exclusively owned
Contention Count = 176
Threads: fffffa80036cd680-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0xfffff80001ad2400
Thread Count : 1
Thread address: 0xfffffa80036cd680
Thread wait : 0x5d7a082e
LAST_CONTROL_TRANSFER: from fffff80001cbb117 to fffff800018cff00
STACK_TEXT:
fffff880`0219e778 fffff800`01cbb117 : 00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 : nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 : fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 : nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 : fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c : nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 : fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 : nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 : 00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 : nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 : fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 : fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys
BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys
Followup: MachineOwner
---------
4: kd> !devobj fffffa800be97440 f
Device object (fffffa800be97440) is for:
USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
4: kd> !drvobj fffffa8005456b50 f
Driver object (fffffa8005456b50) is for:
\Driver\usbhub
Driver Extension List: (id , addr)
Device Object list:
fffffa800be97440 fffffa8014e13440 fffffa800c237440 fffffa80055e7060
fffffa800559b060 fffffa8005480050 fffffa8005478050 fffffa8005470050
fffffa8005468050 fffffa8005460050 fffffa8005458050
DriverEntry: fffff88004571064 usbhub!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: fffff8800454a5ec usbhub!UsbhDriverUnload
AddDevice: fffff8800454a70c usbhub!UsbhAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE fffff88004525f60 usbhub!UsbhGenDispatch
[01] IRP_MJ_CREATE_NAMED_PIPE fffff800018b665c nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff88004525f60 usbhub!UsbhGenDispatch
[03] IRP_MJ_READ fffff800018b665c nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE fffff800018b665c nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff800018b665c nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff800018b665c nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff800018b665c nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[10] IRP_MJ_SHUTDOWN fffff8800454b454 usbhub!UsbhDeviceShutdown
[11] IRP_MJ_LOCK_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff800018b665c nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff800018b665c nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff88004525f60 usbhub!UsbhGenDispatch
[17] IRP_MJ_SYSTEM_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[18] IRP_MJ_DEVICE_CHANGE fffff800018b665c nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff88004525f60 usbhub!UsbhGenDispatch
4: kd> lmvm usbhub
start end module name
fffff880`04524000 fffff880`0457e000 usbhub (pdb symbols) C:\Program Files\Windows Kits\8.0\Debuggers\x86\sym\usbhub.pdb\295DCA65F67B44BF8DD26C3B6D89A6F71\usbhub.pdb
Loaded symbol image file: usbhub.sys
Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
Image name: usbhub.sys
Timestamp: Tue Jul 14 08:07:09 2009 (4A5BCC2D)
CheckSum: 0005BB10
ImageSize: 0005A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
-------------------
1.system32\drivers\ delete usbehci.sys usbhub.sys usbohci.sys usbport.sys
2. 设备管理器,卸载所有usb驱动
3.system32\drivers\ delete usbui.dll
4.restart pc
==========================================================
==========================================================
对2012/7/16 14:28产生的dump文件进行分析后,结果如下:
PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a
result of a problem in a driver or
a problem in PnP itself. The first argument
describes the nature of the
problem, the second argument is the address of
the PDO. The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO
A specific instance of a driver has enumerated multiple PDOs with
identical device id and unique ids.
Arg2: fffffa800be97440, Newly reported PDO.
Arg3: fffffa800c237440, PDO of which it is a duplicate.
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xCA_1
DEVICE_OBJECT:
fffffa800be97440
DRIVER_OBJECT: fffffa8005456b50
IMAGE_NAME:
usbhub.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc2d
MODULE_NAME:
usbhub
FAULTING_MODULE:
fffff88004524000 usbhub
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LOCK_ADDRESS: fffff80001ad2400 -- (!locks
fffff80001ad2400)
Resource @ nt!PiEngineLock (0xfffff80001ad2400)
Exclusively owned
Contention Count = 176
Threads:
fffffa80036cd680-01<*>
1 total locks, 1 locks currently held
PNP_TRIAGE:
Lock address : 0xfffff80001ad2400
Thread Count : 1
Thread address: 0xfffffa80036cd680
Thread wait : 0x5d7a082e
LAST_CONTROL_TRANSFER: from
fffff80001cbb117 to fffff800018cff00
STACK_TEXT:
fffff880`0219e778 fffff800`01cbb117 :
00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 :
nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 :
fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 :
nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 :
fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c :
nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 :
00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 :
nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 :
fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 :
nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 :
00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 :
nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 :
fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 :
nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 :
fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 :
nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID:
X64_0xCA_1_IMAGE_usbhub.sys
BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys
Followup: MachineOwner
---------
由以上信息可以得知导致系统crush的原因为fffffa800be97440和fffffa800c237440发生了冲突,出错模块为 usbhub.sys,该文件为USB设备驱动程序文件。
4:
kd> ! devobj fffffa800be97440
Device object (fffffa800be97440) is for:
USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
4:
kd> ! devobj fffffa800c237440
Device object (fffffa800c237440) is for:
USBPDO-7 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800c237590 DevObjExt fffffa800c237f90 DevNode fffffa800a30a690
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
由此处信息可以得知:
devobj fffffa800be97440 的DevNode为fffffa8014f13010
devobj fffffa800c237440 的DevNode为fffffa800a30a690
4: kd> dt _DEVICE_NODE fffffa8014f13010 instancepath
nt!_DEVICE_NODE
+0x028 InstancePath : _UNICODE_STRING
"USB\VID_04B3&PID_3025\5&12dde233&0&1"
4: kd> dt _DEVICE_NODE fffffa800a30a690 instancepath
nt!_DEVICE_NODE
+0x028 InstancePath : _UNICODE_STRING
"USB\VID_04B3&PID_3025\5&12dde233&0&1"
由此处信息可以得知DevNode fffffa8014f13010 和fffffa800a30a690的实例路径均为USB\VID_04B3&PID_3025\5&12dde233&0&1。
VID 代表厂商ID,VID_04B3 表示该USB设备芯片提供商为IBM; PID 代表型号ID, VID_04B3&PID_3025表示设备USB NetVista Full Width Keyboard,该设备的多个实例发生了冲突从而导致计算机蓝屏,该设备的驱动程序有bug,需要对驱动程序进行更新。