LoginSignup
0
0

More than 5 years have passed since last update.

@zVNcMGKnBAoC2YW(J M)

Windows Server 2012R2 on KVM のクラッシュ原因を解析する

Posted at

CentOS7 の KVM 上に構築した Windows Server 2012R2 が Windows Update で大容量のパッチをダウンロードしようとすると、クラッシュするようなので MEMORY.DMP から原因を探る。

以下 URL から「スタンドアロンの Debugging Tools for Windows (WinDbg)」をダウンロードし、Windows10 の端末にインストールした

WDK と WinDbg のダウンロード
https://msdn.microsoft.com/ja-jp/windows/hardware/hh852365

MEMORY.DMP を解析すると、ntkrnlmp.exe でエラーが発生している?

ntkrnlmp.exe はマルチプロセッサ用のカーネルのため、vcpu を 1 にするとクラッシュしないのだろうか。
根本解決方法が不明。

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000051, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802a0721499, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
 0000000000000051 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiSearchForNewThread+69
fffff802`a0721499 895550          mov     dword ptr [rbp+50h],edx

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

BUGCHECK_STR:  AV

PROCESS_NAME:  TrustedInstall

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre

TRAP_FRAME:  ffffd00134a0c070 -- (.trap 0xffffd00134a0c070)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff802a093b240 rbx=0000000000000000 rcx=00000000ffffffff
rdx=00000000fffffffe rsi=0000000000000000 rdi=0000000000000000
rip=fffff802a0721499 rsp=ffffd00134a0c200 rbp=0000000000000001
 r8=0000000000003055  r9=ffffffffffffffff r10=fffff802a068e000
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiSearchForNewThread+0x69:
fffff802`a0721499 895550          mov     dword ptr [rbp+50h],edx ss:0018:00000000`00000051=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff802a07e83e9 to fffff802a07dc8a0

STACK_TEXT:  
ffffd001`34a0bf28 fffff802`a07e83e9 : 00000000`0000000a 00000000`00000051 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffd001`34a0bf30 fffff802`a07e6c3a : 00000000`00000001 fffff802`a098c180 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`34a0c070 fffff802`a0721499 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
ffffd001`34a0c200 fffff802`a0720f02 : fffff802`a098c180 ffffe001`f892d880 ffffc001`fffffffe 00000000`fffffffe : nt!KiSearchForNewThread+0x69
ffffd001`34a0c290 fffff802`a07209f9 : ffffe001`f892d880 00000000`00000000 00000000`0008ff1c 00000000`00000000 : nt!KiSwapThread+0xd2
ffffd001`34a0c330 fffff802`a07205c5 : 00000000`00000001 fffff802`a098c180 ffffe001`0000001f 00000000`00000000 : nt!KiCommitThreadWait+0x129
ffffd001`34a0c3b0 fffff802`a0a3a9c9 : ffffd001`00000002 ffffd001`34a0c530 ffffe001`f8cca490 ffffd001`00000006 : nt!KeWaitForMultipleObjects+0x9a5
ffffd001`34a0c460 fffff802`a0aede06 : 00000000`00000002 00000000`00000001 ffffd001`34a0cb01 ffffc001`288177f0 : nt!ObWaitForMultipleObjects+0x289
ffffd001`34a0c970 fffff802`a07e80b3 : ffffe001`f892d880 00000040`112df9a8 ffffd001`34a0cbe8 fffff6bf`ff68d2c0 : nt!NtWaitForMultipleObjects+0xd6
ffffd001`34a0cbd0 00007ffe`d2bc13da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000040`112df988 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`d2bc13da


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiSearchForNewThread+69
fffff802`a0721499 895550          mov     dword ptr [rbp+50h],edx

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KiSearchForNewThread+69

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  56509ee1

BUCKET_ID_FUNC_OFFSET:  69

FAILURE_BUCKET_ID:  AV_nt!KiSearchForNewThread

BUCKET_ID:  AV_nt!KiSearchForNewThread

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:av_nt!kisearchfornewthread

FAILURE_ID_HASH:  {bd56f6cd-4e04-7838-d2db-c18a3fbed707}

Followup: MachineOwner
---------
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0