WinDbug之DUMP蓝屏分析

Microsoft (R) Windows Debugger Version 6.2.8400.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:dumpMEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: LanManNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`0185e000 PsLoadedModuleList = 0xfffff800`01a9be50
Debug session time: Mon Jul 16 14:24:49.415 2012 (UTC + 8:00)
System Uptime: 283 days 3:55:02.586
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols

Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck CA, {1, fffffa800be97440, fffffa800c237440, 0}

Probably caused by : usbhub.sys

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a result of a problem in a driver or
a problem in PnP itself. The first argument describes the nature of the
problem, the second argument is the address of the PDO. The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO
A specific instance of a driver has enumerated multiple PDOs with
identical device id and unique ids.
Arg2: fffffa800be97440, Newly reported PDO.
Arg3: fffffa800c237440, PDO of which it is a duplicate.
Arg4: 0000000000000000

Debugging Details:
------------------

BUGCHECK_STR: 0xCA_1

DEVICE_OBJECT: fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcc2d

MODULE_NAME: usbhub

FAULTING_MODULE: fffff88004524000 usbhub

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: System

CURRENT_IRQL: 0

LOCK_ADDRESS: fffff80001ad2400 -- (!locks fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400) Exclusively owned
Contention Count = 176
Threads: fffffa80036cd680-01<*>
1 total locks, 1 locks currently held

PNP_TRIAGE:
Lock address : 0xfffff80001ad2400
Thread Count : 1
Thread address: 0xfffffa80036cd680
Thread wait : 0x5d7a082e

LAST_CONTROL_TRANSFER: from fffff80001cbb117 to fffff800018cff00

STACK_TEXT:
fffff880`0219e778 fffff800`01cbb117 : 00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 : nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 : fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 : nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 : fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c : nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 : fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 : nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 : 00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 : nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 : fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 : fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID: X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

4: kd> !devobj fffffa800be97440 f
Device object (fffffa800be97440) is for:
USBPDO-10 Driverusbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010
ExtensionFlags (0x00000810) DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
Device queue is not busy.
4: kd> !drvobj fffffa8005456b50 f
Driver object (fffffa8005456b50) is for:
Driverusbhub
Driver Extension List: (id , addr)

Device Object list:
fffffa800be97440 fffffa8014e13440 fffffa800c237440 fffffa80055e7060
fffffa800559b060 fffffa8005480050 fffffa8005478050 fffffa8005470050
fffffa8005468050 fffffa8005460050 fffffa8005458050

DriverEntry: fffff88004571064 usbhub!GsDriverEntry
DriverStartIo: 00000000
DriverUnload: fffff8800454a5ec usbhub!UsbhDriverUnload
AddDevice: fffff8800454a70c usbhub!UsbhAddDevice

Dispatch routines:
[00] IRP_MJ_CREATE fffff88004525f60 usbhub!UsbhGenDispatch
[01] IRP_MJ_CREATE_NAMED_PIPE fffff800018b665c nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff88004525f60 usbhub!UsbhGenDispatch
[03] IRP_MJ_READ fffff800018b665c nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE fffff800018b665c nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff800018b665c nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff800018b665c nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff800018b665c nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff800018b665c nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[10] IRP_MJ_SHUTDOWN fffff8800454b454 usbhub!UsbhDeviceShutdown
[11] IRP_MJ_LOCK_CONTROL fffff800018b665c nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff800018b665c nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff800018b665c nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff800018b665c nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff88004525f60 usbhub!UsbhGenDispatch
[17] IRP_MJ_SYSTEM_CONTROL fffff88004525f60 usbhub!UsbhGenDispatch
[18] IRP_MJ_DEVICE_CHANGE fffff800018b665c nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff800018b665c nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff88004525f60 usbhub!UsbhGenDispatch

4: kd> lmvm usbhub
start end module name
fffff880`04524000 fffff880`0457e000 usbhub (pdb symbols) C:Program FilesWindows Kits8.0Debuggersx86symusbhub.pdb295DCA65F67B44BF8DD26C3B6D89A6F71usbhub.pdb
Loaded symbol image file: usbhub.sys
Image path: SystemRootsystem32DRIVERSusbhub.sys
Image name: usbhub.sys
Timestamp: Tue Jul 14 08:07:09 2009 (4A5BCC2D)
CheckSum: 0005BB10
ImageSize: 0005A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

-------------------
1.system32drivers delete usbehci.sys usbhub.sys usbohci.sys usbport.sys
2. 设备管理器，卸载所有usb驱动
3.system32drivers delete usbui.dll
4.restart pc

==========================================================

==========================================================

对2012/7/16 14:28产生的dump文件进行分析后，结果如下：

PNP_DETECTED_FATAL_ERROR (ca)
PnP encountered a severe error, either as a result of a problem in a driver or
a problem in PnP itself.  The first argument describes the nature of the
problem, the second argument is the address of the PDO.  The other arguments
vary depending on argument 1.
Arguments:
Arg1: 0000000000000001, Duplicate PDO

       A specific instance of a driver has enumerated multiple PDOs with

       identical device id and unique ids.

Arg2: fffffa800be97440, Newly reported PDO.

Arg3: fffffa800c237440, PDO of which it is a duplicate.

Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xCA_1

DEVICE_OBJECT: fffffa800be97440

DRIVER_OBJECT: fffffa8005456b50

IMAGE_NAME:  usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bcc2d

MODULE_NAME: usbhub

FAULTING_MODULE: fffff88004524000 usbhub

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LOCK_ADDRESS:  fffff80001ad2400 -- (!locks fffff80001ad2400)

Resource @ nt!PiEngineLock (0xfffff80001ad2400)    Exclusively owned
    Contention Count = 176
     Threads: fffffa80036cd680-01<*> 
1 total locks, 1 locks currently held

PNP_TRIAGE: 
Lock address  : 0xfffff80001ad2400
Thread Count  : 1
Thread address: 0xfffffa80036cd680
Thread wait   : 0x5d7a082e

LAST_CONTROL_TRANSFER:  from fffff80001cbb117 to fffff800018cff00

STACK_TEXT:  
fffff880`0219e778 fffff800`01cbb117 : 00000000`000000ca 00000000`00000001 fffffa80`0be97440 fffffa80`0c237440 : nt!KeBugCheckEx
fffff880`0219e780 fffff800`01cbbef8 : fffffa80`03ea3290 fffffa80`14f13010 fffffa80`03ea3290 00000000`00000001 : nt!PiProcessNewDeviceNode+0x587
fffff880`0219e950 fffff800`01cbc438 : fffff800`01acfd80 00000000`00000000 00000000`00000001 fffff800`01b3c71c : nt!PipProcessDevNodeTree+0x2e8
fffff880`0219ebc0 fffff800`019d0347 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98
fffff880`0219ec10 fffff800`018dd161 : fffff800`019d0020 fffff800`01bc9501 fffffa80`036cd600 fffffa80`036cd680 : nt!PnpDeviceActionWorker+0x327
fffff880`0219ecb0 fffff800`01b73166 : 00000000`00000000 fffffa80`036cd680 00000000`00000080 fffffa80`036c0040 : nt!ExpWorkerThread+0x111
fffff880`0219ed40 fffff800`018ae486 : fffff880`01f3c180 fffffa80`036cd680 fffff880`01f470c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0219ed80 00000000`00000000 : fffff880`0219f000 fffff880`02199000 fffff880`0219e9f0 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xCA_1_IMAGE_usbhub.sys

BUCKET_ID:  X64_0xCA_1_IMAGE_usbhub.sys

Followup: MachineOwner
---------

　　由以上信息可以得知导致系统crush的原因为fffffa800be97440和fffffa800c237440发生了冲突，出错模块为 usbhub.sys，该文件为USB设备驱动程序文件。

 

4: kd> ! devobj fffffa800be97440
Device object (fffffa800be97440) is for:
 USBPDO-10 Driverusbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800be97590 DevObjExt fffffa800be97f90 DevNode fffffa8014f13010 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

4: kd> ! devobj fffffa800c237440
Device object (fffffa800c237440) is for:
 USBPDO-7 Driverusbhub DriverObject fffffa8005456b50
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00003040
Dacl fffff9a100064f51 DevExt fffffa800c237590 DevObjExt fffffa800c237f90 DevNode fffffa800a30a690 
ExtensionFlags (0x00000810)  DOE_START_PENDING, DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)  
Device queue is not busy.

由此处信息可以得知：

devobj fffffa800be97440 的DevNode为fffffa8014f13010

devobj fffffa800c237440 的DevNode为fffffa800a30a690

4: kd> dt _DEVICE_NODE fffffa8014f13010 instancepath

nt!_DEVICE_NODE

   +0x028 InstancePath : _UNICODE_STRING

"USBVID_04B3&PID_30255&12dde233&0&1"

4: kd> dt _DEVICE_NODE fffffa800a30a690 instancepath

nt!_DEVICE_NODE

   +0x028 InstancePath : _UNICODE_STRING

"USBVID_04B3&PID_30255&12dde233&0&1"

　　由此处信息可以得知DevNode fffffa8014f13010 和fffffa800a30a690的实例路径均为USBVID_04B3&PID_30255&12dde233&0&1。

　　VID 代表厂商ID，VID_04B3 表示该USB设备芯片提供商为IBM； PID 代表型号ID， VID_04B3&PID_3025表示设备USB NetVista Full Width Keyboard，该设备的多个实例发生了冲突从而导致计算机蓝屏，该设备的驱动程序有bug，需要对驱动程序进行更新。