Microsoft (R) Windows Debugger Version 6.2.8400.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\dump\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0185e000 PsLoadedModuleList = 0xfffff800`01a9be50
Debug session time: Mon Jul 16 14:24:49.415 2012 (UTC + 8:00)
System Uptime: 283 days 3:55:02.586
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols

Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck CA, {1, fffffa800be97440, fffffa800c237440, 0}

Probably caused by : usbhub.sys

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a result of a problem in a driver or
a problem in PnP itself. The first argument describes the nature of the
problem, the second argument is the address of the PDO. The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO
A specific instance of a driver has enumerated multiple PDOs with
identical device id and unique ids.
Arg2: fffffa800be97440, Newly reported PDO.
Arg3: fffffa800c237440, PDO of which it is a duplicate.
Arg4: 0000000000000000

Debugging Details:
------------------

BUGCHECK_STR: 0xCA_1

DEVICE_OBJECT: fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc2d

MODULE_NAME: usbhub

FAULTING_MODULE: fffff88004524000 usbhub

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LOCK_ADDRESS: fffff80001ad2400 -- (!locks fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400) Exclusively owned
Contention Count = 176
Threads: fffffa80036cd680-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff80001ad2400
Thread Count : 1
Thread address: 0xfffffa80036cd680
Thread wait : 0x5d7a082e

LAST_CONTROL_TRANSFER: from fffff80001cbb117 to fffff800018cff00

STACK_TEXT:
fffff880`0219e778 fffff800`01cbb117 : 00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 : nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 : fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 : nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 : fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c : nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 : fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 : nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 : 00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 : nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 : fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 : fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

4: kd> !devobj fffffa800be97440 f
Device object (fffffa800be97440) is for:
USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
4: kd> !drvobj fffffa8005456b50 f
Driver object (fffffa8005456b50) is for:
\Driver\usbhub
Driver Extension List: (id , addr)

Device Object list:
fffffa800be97440 fffffa8014e13440 fffffa800c237440 fffffa80055e7060
fffffa800559b060 fffffa8005480050 fffffa8005478050 fffffa8005470050
fffffa8005468050 fffffa8005460050 fffffa8005458050

DriverEntry: fffff88004571064 usbhub!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: fffff8800454a5ec usbhub!UsbhDriverUnload
AddDevice: fffff8800454a70c usbhub!UsbhAddDevice

Dispatch routines:
[00] IRP_MJ_CREATE fffff88004525f60 usbhub!UsbhGenDispatch
[01] IRP_MJ_CREATE_NAMED_PIPE fffff800018b665c nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff88004525f60 usbhub!UsbhGenDispatch
[03] IRP_MJ_READ fffff800018b665c nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE fffff800018b665c nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff800018b665c nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff800018b665c nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff800018b665c nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[10] IRP_MJ_SHUTDOWN fffff8800454b454 usbhub!UsbhDeviceShutdown
[11] IRP_MJ_LOCK_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff800018b665c nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff800018b665c nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff88004525f60 usbhub!UsbhGenDispatch
[17] IRP_MJ_SYSTEM_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[18] IRP_MJ_DEVICE_CHANGE fffff800018b665c nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff88004525f60 usbhub!UsbhGenDispatch

4: kd> lmvm usbhub
start end module name
fffff880`04524000 fffff880`0457e000 usbhub (pdb symbols) C:\Program Files\Windows Kits\8.0\Debuggers\x86\sym\usbhub.pdb\295DCA65F67B44BF8DD26C3B6D89A6F71\usbhub.pdb
Loaded symbol image file: usbhub.sys
Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
Image name: usbhub.sys
Timestamp: Tue Jul 14 08:07:09 2009 (4A5BCC2D)
CheckSum: 0005BB10
ImageSize: 0005A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

-------------------
1.system32\drivers\ delete usbehci.sys usbhub.sys usbohci.sys usbport.sys
2. 设备管理器,卸载所有usb驱动
3.system32\drivers\ delete usbui.dll
4.restart pc

==========================================================

==========================================================

对2012/7/16 14:28产生的dump文件进行分析后,结果如下:

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a
result of a problem in a driver or
a problem in PnP itself.  The first argument
describes the nature of the
problem, the second argument is the address of
the PDO.  The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO

A specific instance of a driver
has enumerated multiple PDOs with

identical device id and unique ids.

Arg2: fffffa800be97440, Newly reported PDO.

Arg3: fffffa800c237440, PDO of which it is a duplicate.

Arg4: 0000000000000000

Debugging Details:
------------------

BUGCHECK_STR:  0xCA_1

DEVICE_OBJECT:
fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME:
 usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bcc2d

MODULE_NAME:
usbhub

FAULTING_MODULE:
fffff88004524000 usbhub

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LOCK_ADDRESS:  fffff80001ad2400 -- (!locks
fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400)
   Exclusively owned
    Contention Count = 176
     Threads:
fffffa80036cd680-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
Lock address  : 0xfffff80001ad2400
Thread Count  : 1
Thread address: 0xfffffa80036cd680
Thread wait   : 0x5d7a082e

LAST_CONTROL_TRANSFER:  from
fffff80001cbb117 to fffff800018cff00

STACK_TEXT:  
fffff880`0219e778 fffff800`01cbb117 :
00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 :
nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 :
fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 :
nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 :
fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c :
nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 :
00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 :
nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 :
fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 :
nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 :
00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 :
nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 :
fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 :
nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 :
fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 :
nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:
 X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID:  X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

  由以上信息可以得知导致系统crush的原因为fffffa800be97440和fffffa800c237440发生了冲突,出错模块为 usbhub.sys,该文件为USB设备驱动程序文件。

 

4:
kd> ! devobj fffffa800be97440
Device object (fffffa800be97440) is for:
 USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

4:
kd> ! devobj fffffa800c237440
Device object (fffffa800c237440) is for:
 USBPDO-7 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800c237590 DevObjExt fffffa800c237f90 DevNode fffffa800a30a690 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

由此处信息可以得知:

devobj fffffa800be97440
的DevNode为fffffa8014f13010

devobj fffffa800c237440 的DevNode为fffffa800a30a690

4: kd> dt _DEVICE_NODE fffffa8014f13010 instancepath

nt!_DEVICE_NODE

+0x028
InstancePath : _UNICODE_STRING

"USB\VID_04B3&PID_3025\5&12dde233&0&1"

4: kd> dt _DEVICE_NODE fffffa800a30a690 instancepath

nt!_DEVICE_NODE

+0x028
InstancePath : _UNICODE_STRING

"USB\VID_04B3&PID_3025\5&12dde233&0&1"

  由此处信息可以得知DevNode fffffa8014f13010
和fffffa800a30a690的实例路径均为USB\VID_04B3&PID_3025\5&12dde233&0&1。

  VID 代表厂商ID,VID_04B3 表示该USB设备芯片提供商为IBM; PID 代表型号ID, VID_04B3&PID_3025表示设备USB NetVista Full Width Keyboard,该设备的多个实例发生了冲突从而导致计算机蓝屏,该设备的驱动程序有bug,需要对驱动程序进行更新。

 

WinDbug之DUMP蓝屏分析的更多相关文章

  1. 【原创】FltSendMessage蓝屏分析

    INVALID_PROCESS_DETACH_ATTEMPT (6)Arguments:Arg1: 00000000Arg2: 00000000Arg3: 00000000Arg4: 00000000 ...

  2. 电脑蓝屏分析教程,附工具WinDbg(x86 x64)6.12.0002.633下载

    我们常常在使用电脑中,有时会碰到电脑蓝屏,我们经常束手无策,不知道为什么会蓝屏?有些蓝屏后自动重启能正常进入系统,那么我们就可以借助工具进行分析.而有些可能需要进入到安全模式或者pe系统才会正常,那么 ...

  3. 一次真实的蓝屏分析 ntkrnlmp.exe

    故事背景: 话说我一直都是远程公司的电脑,在我晚上11点敲代码敲得正爽的时候,被远程的主机挂掉了,毫无征兆的挂掉了,我特么还好有闲着没事就ctrl + s保存代码的习惯,要不然白敲了那么久,我以为是公 ...

  4. 记一次Windows蓝屏分析

    大半夜收到此类信息,应该是让所有系统管理员最头大的事情了 首先我快速通过iDRAC,发现服务器发生了重启操作,并得到相关日志信息 通过Dell的官方解释,确定了该问题是OS层面的异常导致.打开Wind ...

  5. 【原创】FltGetFileNameInformation蓝屏分析

    FAULTING_IP: nt!SeCreateAccessStateEx+5b80564184 848788000000 test byte ptr [edi+88h],al TRAP_FRAME: ...

  6. 关闭win10 自动更新 及蓝屏解决办法

    "控制面板-管理工具-服务"(或在"此电脑"鼠标右键,点击"管理"),找到Windows Update项目后,将"启动类型&quo ...

  7. 记一次解决关机蓝屏 | MULTIPLE_IRP_COMPLETE_REQUESTS | klflt.sys

    已经解决蓝屏问题,原因是卡巴斯基安全软件驱动导致,需要卸载卡巴斯基安全软件,详细过程如下. 一.关机时蓝屏 Win10系统,在关机动画快结束时突然蓝屏,提示:你的设备遇到问题,需要重启,终止代码:MU ...

  8. Win 10 蓝屏,出现DRIVER_POWER_STATE_FAILURE的解决方法

    笔者个人笔记本电脑,用的是华硕的飞行堡垒FZ系列,上个月装了个Ubuntu的系统,之后换回Windows后,电脑疯狂蓝屏,错误代码只有这个DRIVER_POWER_STATE_FAILURE.一开始我 ...

  9. 蓝屏 Dump文件分析方法

    WinDbg使用有点麻烦,还要符号表什么的.试了下,感觉显示很乱,分析的也不够全面... 试试其他的吧!今天电脑蓝屏了,就使用其dump文件测试,如下: 1.首先,最详细的,要属Osr Online这 ...

随机推荐

  1. OOP——UML六种关系

    UML定义的关系主要有:泛化.实现.依赖.关联.聚合.组合,这六种关系紧密程度依次加强,分别看一下 泛化 概念:泛化是一种一般与特殊.一般与具体之间关系的描述,具体描述建立在一般描述的基础之上,并对其 ...

  2. Svn正确的使用方法

    想必大家现在都比较喜欢使用svn(subversion)完成代码管理了,因为它的开源,轻巧,易用.但是这样一个宝贝如果不知道其正确的用法,也会让我们百思不得其解,甚至耽误项目进度,浪费程序员的心血和结 ...

  3. 【 D3.js 高级系列 — 9.0 】 交互式提示框

    一般来说,图表中不宜存在过多文字.但是,有时需要一些文字来描述某些图形元素.那么,可以实现一种交互:当用户鼠标滑到某图形元素时,出现一个提示框,里面写有描述文字.这是一种简单.普遍的交互式,几乎适用于 ...

  4. Java应用调优指南之-工具篇

    1. 土法调优两大件 先忆苦思甜,一般人在没有Profile工具的时候,调优的两大件,无非Heap Dump 与 Thread Dump. 1.1 Heap Dump jmap -dump:live, ...

  5. Ejabberd源码解析前奏--管理

    一.ejabberdctl 使用ejabberdctl命令行管理脚本,你可以执行ejabberdctl命令和一些普通的ejabberd命令(后面会详细解说).这意味着你可以在一个本地或远程ejabbe ...

  6. 组以逗号分隔的子串及跨平update join

    下列语句可以对组以逗号分隔的子串 set @device_cd_array += ', ' set @device_cd_array += @nodeid ,, '') update时要join表要先 ...

  7. poco网络库分析,教你如何学习使用开源库

    Poco::Net库中有 FTPClient HTML HTTP HTTPClient HTTPServer ICMP Logging Mail Messages NetCore NTP OAuth ...

  8. 关于KOBE 退役

    今天在网上看到一行话,写在KOBE 退役之际 关于职业,最值得问的是自己我有没有像科比那样始终表现出对团队的忠诚和对职业的热爱?从不被别人的误解和攻击打倒?在团队最困难的时候站出来做能做的一切?用职业 ...

  9. HDU 4749-Parade Show(KMP变形)

    题意: 给出一个母串和一个模式串求母串中最多能分成最大的子串数(每个字串中的各个数字的大小关系和模式串相同) 分析: KMP变形匹配规则变一下即可,用当前数字和下个数字的差表示,大小关系方便匹配 #i ...

  10. 通过SQL进行远程访问

    通过SQL语句访问远程数据库 1.得建立链接服务器:  --删除链接服务器 if exists(select * from master.dbo.sysservers where isremote=0 ...