Vista で Crash Dump [ぱそ関係]
このコーナーは Windows Vista で起きたクラッシュダンプを記録するコーナーです。
WinDbg を使って青画面の情報を出します。 メモリのダンプはデフォルトのミニではなくフルにしておきます。
ちなみに、WinDbg は管理者として実行しないとシンボルパスとか覚えてくれません。
[20070913]
Picasa で JPEG いじってたらやけに動作が重くなりお亡くなりになりました。
そのまえに QuickTime でムービー見てたのもなんとなく気になります。 前に 0x77 が出たのも QuickTime (&iTunes)インストールしたときだったし。
1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_STACK_INPAGE_ERROR (77) The requested page of kernel data could not be read in. Caused by bad block in paging file or disk controller error. In the case when the first arguments is 0 or 1, the stack signature in the kernel stack was not found. Again, bad hardware. An I/O status of c000009c (STATUS_DEVICE_DATA_ERROR) or C000016AL (STATUS_DISK_OPERATION_FAILED) normally indicates the data could not be read from the disk due to a bad block. Upon reboot autocheck will run and attempt to map out the bad sector. If the status is C0000185 (STATUS_IO_DEVICE_ERROR) and the paging file is on a SCSI disk device, then the cabling and termination should be checked. See the knowledge base article on SCSI termination. Arguments: Arg1: 00000001, (page was retrieved from disk) Arg2: ff000000, value found in stack where signature should be Arg3: 00000000, 0 Arg4: a03bbb78, address of signature on kernel stack Debugging Details: ------------------ ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1 BUGCHECK_STR: 0x77_1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 820ccac8 to 820d8569 STACK_TEXT: 838abcb4 820ccac8 00000077 00000001 ff000000 nt!KeBugCheckEx+0x1e 838abd38 820ccb24 9b467b70 838abd58 00000000 nt!MiInPageSingleKernelStack+0x282 838abd6c 820b3866 9b467be0 00000000 838abdc0 nt!KiInSwapKernelStacks+0x43 838abd7c 82225472 00000000 838a0680 00000000 nt!KeSwapProcessOrStack+0x83 838abdc0 8209141e 820b37e3 00000000 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!MiInPageSingleKernelStack+282 820ccac8 cc int 3 SYMBOL_STACK_INDEX: 1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 468308e9 SYMBOL_NAME: nt!MiInPageSingleKernelStack+282 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+282 BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+282 Followup: MachineOwner --------- 1: kd> !thread THREAD 84e80430 Cid 0004.006c Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1 Not impersonating DeviceMap 83a08a30 Owning Process 84e27940 Image: System Wait Start TickCount 20365353 Ticks: 2 (0:00:00:00.031) Context Switch Count 21909326 UserTime 00:00:00.000 KernelTime 00:00:43.664 Win32 Start Address nt!KeSwapProcessOrStack (0x820b37e3) Stack Init 838ac000 Current 838abbe8 Base 838ac000 Limit 838a9000 Call 0 Priority 23 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5 ChildEBP RetAddr Args to Child 838abcb4 820ccac8 00000077 00000001 ff000000 nt!KeBugCheckEx+0x1e 838abd38 820ccb24 9b467b70 838abd58 00000000 nt!MiInPageSingleKernelStack+0x282 838abd6c 820b3866 9b467be0 00000000 838abdc0 nt!KiInSwapKernelStacks+0x43 838abd7c 82225472 00000000 838a0680 00000000 nt!KeSwapProcessOrStack+0x83 838abdc0 8209141e 820b37e3 00000000 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
[2007/08/16]
TM_CFW.sys 2連敗。 なんかヤな感じですね。 XP までの抜群の安定感はいずこへ。
lmvm っていうコマンドがあるんですね。
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 00000003, A device object has been blocking an Irp for too long a time
Arg2: 84e33b30, Physical Device Object of the stack
Arg3: 879d1030, Functional Device Object of the stack
Arg4: 8565a960, The blocked IRP
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
DEVICE_OBJECT: 879d1030
DRIVER_OBJECT: 879cb318
IMAGE_NAME: TM_CFW.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4619ecea
MODULE_NAME: TM_CFW
FAULTING_MODULE: 8d23e000 TM_CFW
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: Idle
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 8204ada0 to 820d85c9
STACK_TEXT:
820f1b54 8204ada0 0000009f 00000003 84e33b30 nt!KeBugCheckEx+0x1e
820f1bb0 82050441 820f1cbc 00000002 00000000 nt!PopCheckIrpWatchdog+0x165
820f1bf0 820a99d1 82109fc0 00000000 8401ad46 nt!PopCheckForIdleness+0x33f
820f1ce8 820a9321 00000000 00000000 00028864 nt!KiTimerExpiration+0x498
820f1d50 820912ae 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba
820f1d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x46
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x9F_IMAGE_TM_CFW.sys
BUCKET_ID: 0x9F_IMAGE_TM_CFW.sys
Followup: MachineOwner
---------
0: kd> !devobj ffffffff879d1030 f
Device object (879d1030) is for:
NDMP11 \Driver\tmcfw DriverObject 879cb318
Current Irp 00000000 RefCount 0 Type 00000017 Flags 00002050
Dacl 8af245b8 DevExt 879d10e8 DevObjExt 879d1c30
ExtensionFlags (0x00000800)
Unknown flags 0x00000800
AttachedTo (Lower) 84e33b30 \Driver\PnpManager
Device queue is not busy.
0: kd> !drvobj ffffffff879cb318 f
Driver object (879cb318) is for:
\Driver\tmcfw
Driver Extension List: (id , addr)
(4e4d4944 879cd010)
Device Object list:
88cef418 879d3030 879d2030 879d1030
879cf120
DriverEntry: 8d3f9212 TM_CFW
DriverStartIo: 00000000
DriverUnload: 829dce8b ndis!ndisMUnload
AddDevice: 829ce954 ndis!ndisPnPAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE 82904859 ndis!ndisCreateIrpHandler
[01] IRP_MJ_CREATE_NAMED_PIPE 829cb74b ndis!ndisDummyIrpHandler
[02] IRP_MJ_CLOSE 82904c0c ndis!ndisCloseIrpHandler
[03] IRP_MJ_READ 829cb74b ndis!ndisDummyIrpHandler
[04] IRP_MJ_WRITE 829cb74b ndis!ndisDummyIrpHandler
[05] IRP_MJ_QUERY_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[06] IRP_MJ_SET_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[07] IRP_MJ_QUERY_EA 829cb74b ndis!ndisDummyIrpHandler
[08] IRP_MJ_SET_EA 829cb74b ndis!ndisDummyIrpHandler
[09] IRP_MJ_FLUSH_BUFFERS 829cb74b ndis!ndisDummyIrpHandler
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[0b] IRP_MJ_SET_VOLUME_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[0c] IRP_MJ_DIRECTORY_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[0e] IRP_MJ_DEVICE_CONTROL 829cb813 ndis!ndisDeviceControlIrpHandler
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[10] IRP_MJ_SHUTDOWN 829cb74b ndis!ndisDummyIrpHandler
[11] IRP_MJ_LOCK_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[12] IRP_MJ_CLEANUP 829cb74b ndis!ndisDummyIrpHandler
[13] IRP_MJ_CREATE_MAILSLOT 829cb74b ndis!ndisDummyIrpHandler
[14] IRP_MJ_QUERY_SECURITY 829cb74b ndis!ndisDummyIrpHandler
[15] IRP_MJ_SET_SECURITY 829cb74b ndis!ndisDummyIrpHandler
[16] IRP_MJ_POWER 829e39bc ndis!ndisPowerDispatch
[17] IRP_MJ_SYSTEM_CONTROL 829cc086 ndis!ndisWMIDispatch
[18] IRP_MJ_DEVICE_CHANGE 829cb74b ndis!ndisDummyIrpHandler
[19] IRP_MJ_QUERY_QUOTA 829cb74b ndis!ndisDummyIrpHandler
[1a] IRP_MJ_SET_QUOTA 829cb74b ndis!ndisDummyIrpHandler
[1b] IRP_MJ_PNP 829cf845 ndis!ndisPnPDispatch
0: kd> !irp 8565a960
Irp is active with 3 stacks 2 is current (= 0x8565a9f4)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 16, 2] 0 e1 879d1030 00000000 822c97d3-857d0a28 Success Error Cancel pending
\Driver\tmcfw nt!PopSystemIrpCompletion
Args: 00015400 00000000 00000005 00000003
[ 0, 0] 0 0 00000000 00000000 00000000-857d0a28
Args: 00000000 00000000 00000000 00000000
0: kd> lmvm TM_CFW
start end module name
8d23e000 8d400000 TM_CFW (no symbols)
Loaded symbol image file: TM_CFW.sys
Image path: \SystemRoot\system32\DRIVERS\TM_CFW.sys
Image name: TM_CFW.sys
Timestamp: Mon Apr 09 16:36:10 2007 (4619ECEA)
CheckSum: 00055733
ImageSize: 001C2000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
[2007/08/09]
TM_CFW.sys は "C:\Windows\System32\drivers\TM_CFW.sys" ですな。
TrendMicro の FireWall Module らしいです。。。 ってウイルスバスターじゃないですか。
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 00000003, A device object has been blocking an Irp for too long a time
Arg2: 84e33b30, Physical Device Object of the stack
Arg3: 87c7d030, Functional Device Object of the stack
Arg4: 86d98990, The blocked IRP
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
DEVICE_OBJECT: 87c7d030
DRIVER_OBJECT: 87c429f8
IMAGE_NAME: TM_CFW.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4619ecea
MODULE_NAME: TM_CFW
FAULTING_MODULE: 8c63e000 TM_CFW
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: Idle
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 8204ada0 to 820d85c9
STACK_TEXT:
820f1b54 8204ada0 0000009f 00000003 84e33b30 nt!KeBugCheckEx+0x1e
820f1bb0 82050441 820f1cd4 820f1c88 00000101 nt!PopCheckIrpWatchdog+0x165
820f1bf0 820a99d1 82109fc0 00000000 3649e240 nt!PopCheckForIdleness+0x33f
820f1ce8 820a9321 00000000 00000000 032baa26 nt!KiTimerExpiration+0x498
820f1d50 820912ae 00000000 0000000e 00000000 nt!KiRetireDpcList+0xba
820f1d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x46
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x9F_IMAGE_TM_CFW.sys
BUCKET_ID: 0x9F_IMAGE_TM_CFW.sys
Followup: MachineOwner
---------
0: kd> !devobj ffffffff87c7d030 f
Device object (87c7d030) is for:
NDMP11 \Driver\tmcfw DriverObject 87c429f8
Current Irp 00000000 RefCount 0 Type 00000017 Flags 00002050
Dacl 8934a530 DevExt 87c7d0e8 DevObjExt 87c7dc30
ExtensionFlags (0x00000800)
Unknown flags 0x00000800
AttachedTo (Lower) 84e33b30 \Driver\PnpManager
Device queue is not busy.
0: kd> !drvobj ffffffff87c429f8 f
Driver object (87c429f8) is for:
\Driver\tmcfw
Driver Extension List: (id , addr)
(4e4d4944 87c47010)
Device Object list:
87009e28 8dabaaf8 87c7f030 87c7e030
87c7d030 87c46030
DriverEntry: 8c7f9212 TM_CFW
DriverStartIo: 00000000
DriverUnload: 829dce8b ndis!ndisMUnload
AddDevice: 829ce954 ndis!ndisPnPAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE 82904859 ndis!ndisCreateIrpHandler
[01] IRP_MJ_CREATE_NAMED_PIPE 829cb74b ndis!ndisDummyIrpHandler
[02] IRP_MJ_CLOSE 82904c0c ndis!ndisCloseIrpHandler
[03] IRP_MJ_READ 829cb74b ndis!ndisDummyIrpHandler
[04] IRP_MJ_WRITE 829cb74b ndis!ndisDummyIrpHandler
[05] IRP_MJ_QUERY_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[06] IRP_MJ_SET_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[07] IRP_MJ_QUERY_EA 829cb74b ndis!ndisDummyIrpHandler
[08] IRP_MJ_SET_EA 829cb74b ndis!ndisDummyIrpHandler
[09] IRP_MJ_FLUSH_BUFFERS 829cb74b ndis!ndisDummyIrpHandler
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[0b] IRP_MJ_SET_VOLUME_INFORMATION 829cb74b ndis!ndisDummyIrpHandler
[0c] IRP_MJ_DIRECTORY_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[0d] IRP_MJ_FILE_SYSTEM_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[0e] IRP_MJ_DEVICE_CONTROL 829cb813 ndis!ndisDeviceControlIrpHandler
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[10] IRP_MJ_SHUTDOWN 829cb74b ndis!ndisDummyIrpHandler
[11] IRP_MJ_LOCK_CONTROL 829cb74b ndis!ndisDummyIrpHandler
[12] IRP_MJ_CLEANUP 829cb74b ndis!ndisDummyIrpHandler
[13] IRP_MJ_CREATE_MAILSLOT 829cb74b ndis!ndisDummyIrpHandler
[14] IRP_MJ_QUERY_SECURITY 829cb74b ndis!ndisDummyIrpHandler
[15] IRP_MJ_SET_SECURITY 829cb74b ndis!ndisDummyIrpHandler
[16] IRP_MJ_POWER 829e39bc ndis!ndisPowerDispatch
[17] IRP_MJ_SYSTEM_CONTROL 829cc086 ndis!ndisWMIDispatch
[18] IRP_MJ_DEVICE_CHANGE 829cb74b ndis!ndisDummyIrpHandler
[19] IRP_MJ_QUERY_QUOTA 829cb74b ndis!ndisDummyIrpHandler
[1a] IRP_MJ_SET_QUOTA 829cb74b ndis!ndisDummyIrpHandler
[1b] IRP_MJ_PNP 829cf845 ndis!ndisPnPDispatch
0: kd> !irp 86d98990
Irp is active with 3 stacks 2 is current (= 0x86d98a24)
No Mdl: No System Buffer: Thread 00000000: Irp stack trace.
cmd flg cl Device File Completion-Context
[ 0, 0] 0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[ 16, 2] 0 e1 87c7d030 00000000 822c97d3-8596b008 Success Error Cancel pending
\Driver\tmcfw nt!PopSystemIrpCompletion
Args: 00015500 00000000 00000005 00000003
[ 0, 0] 0 0 00000000 00000000 00000000-8596b008
Args: 00000000 00000000 00000000 00000000
[2007/07/16]
なんだかよくわかりませんが、これのあとに再起動したら Raid 0 ボリュームエラーが起きました。
1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_STACK_INPAGE_ERROR (77) The requested page of kernel data could not be read in. Caused by bad block in paging file or disk controller error. In the case when the first arguments is 0 or 1, the stack signature in the kernel stack was not found. Again, bad hardware. An I/O status of c000009c (STATUS_DEVICE_DATA_ERROR) or C000016AL (STATUS_DISK_OPERATION_FAILED) normally indicates the data could not be read from the disk due to a bad block. Upon reboot autocheck will run and attempt to map out the bad sector. If the status is C0000185 (STATUS_IO_DEVICE_ERROR) and the paging file is on a SCSI disk device, then the cabling and termination should be checked. See the knowledge base article on SCSI termination. Arguments: Arg1: 00000001, (page was retrieved from disk) Arg2: 00000000, value found in stack where signature should be Arg3: 00000000, 0 Arg4: 9ab76c38, address of signature on kernel stack Debugging Details: ------------------ ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1 BUGCHECK_STR: 0x77_1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 820ccb46 to 820d85c9 STACK_TEXT: 838abcb4 820ccb46 00000077 00000001 00000000 nt!KeBugCheckEx+0x1e 838abd38 820ccba2 9aca9d78 838abd58 00000000 nt!MiInPageSingleKernelStack+0x282 838abd6c 820b3957 9aca9de8 00000000 838abdc0 nt!KiInSwapKernelStacks+0x43 838abd7c 822254a8 00000000 838a0680 00000000 nt!KeSwapProcessOrStack+0x83 838abdc0 8209145e 820b38d4 00000000 00000000 nt!PspSystemThreadStartup+0x9d 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!MiInPageSingleKernelStack+282 820ccb46 cc int 3 SYMBOL_STACK_INDEX: 1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4549ae00 SYMBOL_NAME: nt!MiInPageSingleKernelStack+282 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+282 BUCKET_ID: 0x77_1_nt!MiInPageSingleKernelStack+282 Followup: MachineOwner ---------
リンクちゃん
コメント 0