Microsoft (R) Windows Debugger Version 6.2.8400.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\dump\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0185e000 PsLoadedModuleList = 0xfffff800`01a9be50
Debug session time: Mon Jul 16 14:24:49.415 2012 (UTC + 8:00)
System Uptime: 283 days 3:55:02.586
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols

Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck CA, {1, fffffa800be97440, fffffa800c237440, 0}

Probably caused by : usbhub.sys

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a result of a problem in a driver or
a problem in PnP itself. The first argument describes the nature of the
problem, the second argument is the address of the PDO. The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO
A specific instance of a driver has enumerated multiple PDOs with
identical device id and unique ids.
Arg2: fffffa800be97440, Newly reported PDO.
Arg3: fffffa800c237440, PDO of which it is a duplicate.
Arg4: 0000000000000000

Debugging Details:
------------------

BUGCHECK_STR: 0xCA_1

DEVICE_OBJECT: fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc2d

MODULE_NAME: usbhub

FAULTING_MODULE: fffff88004524000 usbhub

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LOCK_ADDRESS: fffff80001ad2400 -- (!locks fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400) Exclusively owned
Contention Count = 176
Threads: fffffa80036cd680-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff80001ad2400
Thread Count : 1
Thread address: 0xfffffa80036cd680
Thread wait : 0x5d7a082e

LAST_CONTROL_TRANSFER: from fffff80001cbb117 to fffff800018cff00

STACK_TEXT:
fffff880`0219e778 fffff800`01cbb117 : 00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 : nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 : fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 : nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 : fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c : nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 : fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 : nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 : 00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 : nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 : fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 : fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

4: kd> !devobj fffffa800be97440 f
Device object (fffffa800be97440) is for:
USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
4: kd> !drvobj fffffa8005456b50 f
Driver object (fffffa8005456b50) is for:
\Driver\usbhub
Driver Extension List: (id , addr)

Device Object list:
fffffa800be97440 fffffa8014e13440 fffffa800c237440 fffffa80055e7060
fffffa800559b060 fffffa8005480050 fffffa8005478050 fffffa8005470050
fffffa8005468050 fffffa8005460050 fffffa8005458050

DriverEntry: fffff88004571064 usbhub!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: fffff8800454a5ec usbhub!UsbhDriverUnload
AddDevice: fffff8800454a70c usbhub!UsbhAddDevice

Dispatch routines:
[00] IRP_MJ_CREATE fffff88004525f60 usbhub!UsbhGenDispatch
[01] IRP_MJ_CREATE_NAMED_PIPE fffff800018b665c nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff88004525f60 usbhub!UsbhGenDispatch
[03] IRP_MJ_READ fffff800018b665c nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE fffff800018b665c nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff800018b665c nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff800018b665c nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff800018b665c nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[10] IRP_MJ_SHUTDOWN fffff8800454b454 usbhub!UsbhDeviceShutdown
[11] IRP_MJ_LOCK_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff800018b665c nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff800018b665c nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff88004525f60 usbhub!UsbhGenDispatch
[17] IRP_MJ_SYSTEM_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[18] IRP_MJ_DEVICE_CHANGE fffff800018b665c nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff88004525f60 usbhub!UsbhGenDispatch

4: kd> lmvm usbhub
start end module name
fffff880`04524000 fffff880`0457e000 usbhub (pdb symbols) C:\Program Files\Windows Kits\8.0\Debuggers\x86\sym\usbhub.pdb\295DCA65F67B44BF8DD26C3B6D89A6F71\usbhub.pdb
Loaded symbol image file: usbhub.sys
Image path: \SystemRoot\system32\DRIVERS\usbhub.sys
Image name: usbhub.sys
Timestamp: Tue Jul 14 08:07:09 2009 (4A5BCC2D)
CheckSum: 0005BB10
ImageSize: 0005A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

-------------------
1.system32\drivers\ delete usbehci.sys usbhub.sys usbohci.sys usbport.sys
2. 设备管理器,卸载所有usb驱动
3.system32\drivers\ delete usbui.dll
4.restart pc

==========================================================

==========================================================

对2012/7/16 14:28产生的dump文件进行分析后,结果如下:

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a
result of a problem in a driver or
a problem in PnP itself.  The first argument
describes the nature of the
problem, the second argument is the address of
the PDO.  The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO

A specific instance of a driver
has enumerated multiple PDOs with

identical device id and unique ids.

Arg2: fffffa800be97440, Newly reported PDO.

Arg3: fffffa800c237440, PDO of which it is a duplicate.

Arg4: 0000000000000000

Debugging Details:
------------------

BUGCHECK_STR:  0xCA_1

DEVICE_OBJECT:
fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME:
 usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bcc2d

MODULE_NAME:
usbhub

FAULTING_MODULE:
fffff88004524000 usbhub

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LOCK_ADDRESS:  fffff80001ad2400 -- (!locks
fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400)
   Exclusively owned
    Contention Count = 176
     Threads:
fffffa80036cd680-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
Lock address  : 0xfffff80001ad2400
Thread Count  : 1
Thread address: 0xfffffa80036cd680
Thread wait   : 0x5d7a082e

LAST_CONTROL_TRANSFER:  from
fffff80001cbb117 to fffff800018cff00

STACK_TEXT:  
fffff880`0219e778 fffff800`01cbb117 :
00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 :
nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 :
fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 :
nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 :
fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c :
nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 :
00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 :
nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 :
fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 :
nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 :
00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 :
nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 :
fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 :
nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 :
fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 :
nt!KiStartSystemThread+0x16

STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:
 X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID:  X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

  由以上信息可以得知导致系统crush的原因为fffffa800be97440和fffffa800c237440发生了冲突,出错模块为 usbhub.sys,该文件为USB设备驱动程序文件。

 

4:
kd> ! devobj fffffa800be97440
Device object (fffffa800be97440) is for:
 USBPDO-10 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

4:
kd> ! devobj fffffa800c237440
Device object (fffffa800c237440) is for:
 USBPDO-7 \Driver\usbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800c237590 DevObjExt fffffa800c237f90 DevNode fffffa800a30a690 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

由此处信息可以得知:

devobj fffffa800be97440
的DevNode为fffffa8014f13010

devobj fffffa800c237440 的DevNode为fffffa800a30a690

4: kd> dt _DEVICE_NODE fffffa8014f13010 instancepath

nt!_DEVICE_NODE

+0x028
InstancePath : _UNICODE_STRING

"USB\VID_04B3&PID_3025\5&12dde233&0&1"

4: kd> dt _DEVICE_NODE fffffa800a30a690 instancepath

nt!_DEVICE_NODE

+0x028
InstancePath : _UNICODE_STRING

"USB\VID_04B3&PID_3025\5&12dde233&0&1"

  由此处信息可以得知DevNode fffffa8014f13010
和fffffa800a30a690的实例路径均为USB\VID_04B3&PID_3025\5&12dde233&0&1。

  VID 代表厂商ID,VID_04B3 表示该USB设备芯片提供商为IBM; PID 代表型号ID, VID_04B3&PID_3025表示设备USB NetVista Full Width Keyboard,该设备的多个实例发生了冲突从而导致计算机蓝屏,该设备的驱动程序有bug,需要对驱动程序进行更新。

 

WinDbug之DUMP蓝屏分析的更多相关文章

  1. 【原创】FltSendMessage蓝屏分析

    INVALID_PROCESS_DETACH_ATTEMPT (6)Arguments:Arg1: 00000000Arg2: 00000000Arg3: 00000000Arg4: 00000000 ...

  2. 电脑蓝屏分析教程,附工具WinDbg(x86 x64)6.12.0002.633下载

    我们常常在使用电脑中,有时会碰到电脑蓝屏,我们经常束手无策,不知道为什么会蓝屏?有些蓝屏后自动重启能正常进入系统,那么我们就可以借助工具进行分析.而有些可能需要进入到安全模式或者pe系统才会正常,那么 ...

  3. 一次真实的蓝屏分析 ntkrnlmp.exe

    故事背景: 话说我一直都是远程公司的电脑,在我晚上11点敲代码敲得正爽的时候,被远程的主机挂掉了,毫无征兆的挂掉了,我特么还好有闲着没事就ctrl + s保存代码的习惯,要不然白敲了那么久,我以为是公 ...

  4. 记一次Windows蓝屏分析

    大半夜收到此类信息,应该是让所有系统管理员最头大的事情了 首先我快速通过iDRAC,发现服务器发生了重启操作,并得到相关日志信息 通过Dell的官方解释,确定了该问题是OS层面的异常导致.打开Wind ...

  5. 【原创】FltGetFileNameInformation蓝屏分析

    FAULTING_IP: nt!SeCreateAccessStateEx+5b80564184 848788000000 test byte ptr [edi+88h],al TRAP_FRAME: ...

  6. 关闭win10 自动更新 及蓝屏解决办法

    "控制面板-管理工具-服务"(或在"此电脑"鼠标右键,点击"管理"),找到Windows Update项目后,将"启动类型&quo ...

  7. 记一次解决关机蓝屏 | MULTIPLE_IRP_COMPLETE_REQUESTS | klflt.sys

    已经解决蓝屏问题,原因是卡巴斯基安全软件驱动导致,需要卸载卡巴斯基安全软件,详细过程如下. 一.关机时蓝屏 Win10系统,在关机动画快结束时突然蓝屏,提示:你的设备遇到问题,需要重启,终止代码:MU ...

  8. Win 10 蓝屏,出现DRIVER_POWER_STATE_FAILURE的解决方法

    笔者个人笔记本电脑,用的是华硕的飞行堡垒FZ系列,上个月装了个Ubuntu的系统,之后换回Windows后,电脑疯狂蓝屏,错误代码只有这个DRIVER_POWER_STATE_FAILURE.一开始我 ...

  9. 蓝屏 Dump文件分析方法

    WinDbg使用有点麻烦,还要符号表什么的.试了下,感觉显示很乱,分析的也不够全面... 试试其他的吧!今天电脑蓝屏了,就使用其dump文件测试,如下: 1.首先,最详细的,要属Osr Online这 ...

随机推荐

  1. Spring学习之Ioc

    Ioc原理讲解:http://www.cnblogs.com/xdp-gacl/p/4249939.html Ioc IoC是一种编程思想,由主动编程变为被动接收. 也就是说,所有的组件都是被动的(p ...

  2. source insight 的使用

    一,新建工程:project-->new project --> ok--> ok--> close 完成项目的添加 二,sourceInsight的使用 1.跳转到标识定义处 ...

  3. 使用rsync同步Linux数据到Windows

    windows: win7,cwrsyncserver 4.1.0 linux:ubuntu 14.04,rsync 3.1.0 networks:使用360wifi [Windows端] 是否使用管 ...

  4. 嵌入式 hi3518c下ramdisk文件系统与文件系统烧写以及uboot中change-the-env

    NULL RAM : mkdir ramdisk_test  临时挂在点 dd if=/dev/zero of=123 bs=1k count=10000 建立空硬盘 losetup /dev/loo ...

  5. wait函数返回值总结

    之前在学习wait和waitpid函数的时候,就对使用宏WIFEXITED来检查获取的进程终止状态产生过疑惑:一般我们在程序中是调用的exit或者_exit函数来退出的,那么wait和waitpid函 ...

  6. centos使用网易163yum源

    CentOS系统自带的更新源的速度实在是慢,为了让CentOS6使用速度更快的YUM更新源,可以选择163(网易)的更新源. 1.下载repo文件 wget http://mirrors.163.co ...

  7. UNDO表空间设置

    flashback query和flashback table都是以用UNDO表空间的内容来进行恢复数据 查看undo内容保存的时间: SQL> show parameter undo_re N ...

  8. CentOS 7 安装 PyCharm for python

    下载链接:http://www.jetbrains.com/pycharm/ 如果只是为了开发python,这个免费版的应该已经够了. 今天讲的是怎么在CentOS7下面安装 pycharm: 下载完 ...

  9. 常用的正则表达式归纳—JavaScript正则表达式

    来源:http://www.ido321.com/856.html 1.正则优先级 首先看一下正则表达式的优先级,下表从最高优先级到最低优先级列出各种正则表达式操作符的优先权顺序: 2.常用的正则表达 ...

  10. Tkinter教程之Button篇(1)

    本文转载自:http://blog.csdn.net/jcodeer/article/details/1811298 #Tkinter教程之Button篇(1)#Button功能触发事件'''1.一个 ...