🖥️
よくブルスクになる場合の解析方法
参考
使用したツール
手順
- WinDbgを管理者権限で開く
- WinDbgの左上の「ファイル」をクリックする
- 右側パネルにある、DumpFileのBrowserをクリックして、DumpFileを選択する
※C:\Windows\Minidumpに格納されている
- Openをクリックする
- !analyze -vをくりっく※青く表示されているのでわかりやすい
- しばらく待つと、以下の様な内容が**!analyze -v**の下に出力される
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DPC_WATCHDOG_VIOLATION (133)
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
or above.
Arguments:
Arg1: 0000000000000001, The system cumulatively spent an extended period of time at
DISPATCH_LEVEL or above.
Arg2: 0000000000001e00, The watchdog period (in ticks).
Arg3: fffff8021d71d340, cast to nt!DPC_WATCHDOG_GLOBAL_TRIAGE_BLOCK, which contains
additional information regarding the cumulative timeout
Arg4: 0000000000000000
Debugging Details:
------------------
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: TickPeriods ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 312
Key : Analysis.Elapsed.mSec
Value: 2933
Key : Analysis.IO.Other.Mb
Value: 14
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 30
Key : Analysis.Init.CPU.mSec
Value: 156
Key : Analysis.Init.Elapsed.mSec
Value: 17086
Key : Analysis.Memory.CommitPeak.Mb
Value: 99
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x133
Key : Bugcheck.Code.TargetModel
Value: 0x133
Key : Failure.Bucket
Value: 0x133_ISR_nvlddmkm!unknown_function
Key : Failure.Hash
Value: {f97493a5-ea2b-23ca-a808-8602773c2a86}
Key : Hypervisor.Enlightenments.ValueHex
Value: 1417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 21631230
Key : Hypervisor.Flags.ValueHex
Value: 14a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 3f7
Key : Stack.Pointer
Value: ISR
Key : WER.OS.Branch
Value: ni_release
Key : WER.OS.Version
Value: 10.0.22621.1
BUGCHECK_CODE: 133
BUGCHECK_P1: 1
BUGCHECK_P2: 1e00
BUGCHECK_P3: fffff8021d71d340
BUGCHECK_P4: 0
FILE_IN_CAB: 102924-9531-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
FAULTING_THREAD: ffff838bb9f3b080
DPC_TIMEOUT_TYPE: DPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDED
TRAP_FRAME: ffff800ab1655880 -- (.trap 0xffff800ab1655880)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000344853c592de
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802537eb6e0 rsp=ffff800ab1655a18 rbp=0000000000000000
r8=0000000000000000 r9=0000000000900401 r10=fffff8025354fa40
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nvlddmkm+0xc1b6e0:
fffff802`537eb6e0 483b0d99603600 cmp rcx,qword ptr [nvlddmkm+0xf81780 (fffff802`53b51780)] ds:fffff802`53b51780=????????????????
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: EscapeFromTarkov.exe
STACK_TEXT:
ffffe401`00378c88 fffff802`1cc39779 : 00000000`00000133 00000000`00000001 00000000`00001e00 fffff802`1d71d340 : nt!KeBugCheckEx
ffffe401`00378c90 fffff802`1cc38fe1 : 000005f5`04714521 00000000`00021f27 00000000`00021f26 00000000`00000000 : nt!KeAccumulateTicks+0x239
ffffe401`00378cf0 fffff802`1cc37071 : 00000000`00000000 ffffe401`02762300 ffffe401`00451180 00000000`00000000 : nt!KiUpdateRunTime+0xd1
ffffe401`00378ea0 fffff802`1cc36b6a : fffff802`1d65ff60 ffffe401`02762330 ffffe401`02762330 00000000`00000002 : nt!KeClockInterruptNotify+0xc1
ffffe401`00378f40 fffff802`1cd15f4c : 00000005`0efd3cb1 ffff838b`a4765ea0 ffff838b`a4765f50 00000000`ffffffff : nt!HalpTimerClockInterrupt+0x10a
ffffe401`00378f70 fffff802`1ce16ffa : ffff800a`b1655900 ffff838b`a4765ea0 00000000`00000000 00000000`00000000 : nt!KiCallInterruptServiceRoutine+0x9c
ffffe401`00378fb0 fffff802`1ce178c7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptSubDispatchNoLockNoEtw+0xfa
ffff800a`b1655880 fffff802`537eb6e0 : fffff802`52cf4dd5 00000000`00000000 fffff802`52cfac7f 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0x37
ffff800a`b1655a18 fffff802`52cf4dd5 : 00000000`00000000 fffff802`52cfac7f 00000000`00000000 ffffb442`e2a0cb2e : nvlddmkm+0xc1b6e0
ffff800a`b1655a20 00000000`00000000 : fffff802`52cfac7f 00000000`00000000 ffffb442`e2a0cb2e 00000000`00000000 : nvlddmkm+0x124dd5
SYMBOL_NAME: nvlddmkm+c1b6e0
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .process /r /p 0xffff838bbbf09080; .thread 0xffff838bb9f3b080 ; kb
BUCKET_ID_FUNC_OFFSET: c1b6e0
FAILURE_BUCKET_ID: 0x133_ISR_nvlddmkm!unknown_function
OS_VERSION: 10.0.22621.1
BUILDLAB_STR: ni_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f97493a5-ea2b-23ca-a808-8602773c2a86}
Followup: MachineOwner
---------```
出力の解析
-
モジュール名:
nvlddmkm.sysというファイル名がIMAGE_NAMEフィールドに記載されています。このファイルはNVIDIAのディスプレイドライバ関連であるため、グラフィックドライバに問題がある可能性を示唆 -
エラー内容:
DPC_TIMEOUT_TYPEの項目でDPC_QUEUE_EXECUTION_TIMEOUT_EXCEEDEDと指定されていることから、DPC(Deferred Procedure Call)の実行に長時間かかっていることが原因 -
プロセス名:
PROCESS_NAMEでEscapeFromTarkov.exeがアクティブだったことが記録されています。このため、このプロセスが高負荷をかけた際にエラーが発生した可能性
結論
nvlddmkm.sysつまり、グラフィックドライバに原因がありそう
って感じで調査ができる
Discussion