CentOS7 の KVM 上に構築した Windows Server 2012R2 が Windows Update で大容量のパッチをダウンロードしようとすると、クラッシュするようなので MEMORY.DMP から原因を探る。
以下 URL から「スタンドアロンの Debugging Tools for Windows (WinDbg)」をダウンロードし、Windows10 の端末にインストールした
WDK と WinDbg のダウンロード
https://msdn.microsoft.com/ja-jp/windows/hardware/hh852365
MEMORY.DMP を解析すると、ntkrnlmp.exe でエラーが発生している?
ntkrnlmp.exe はマルチプロセッサ用のカーネルのため、vcpu を 1 にするとクラッシュしないのだろうか。
根本解決方法が不明。
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000051, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff802a0721499, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes
0000000000000051
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiSearchForNewThread+69
fffff802`a0721499 895550 mov dword ptr [rbp+50h],edx
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: TrustedInstall
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre
TRAP_FRAME: ffffd00134a0c070 -- (.trap 0xffffd00134a0c070)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff802a093b240 rbx=0000000000000000 rcx=00000000ffffffff
rdx=00000000fffffffe rsi=0000000000000000 rdi=0000000000000000
rip=fffff802a0721499 rsp=ffffd00134a0c200 rbp=0000000000000001
r8=0000000000003055 r9=ffffffffffffffff r10=fffff802a068e000
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiSearchForNewThread+0x69:
fffff802`a0721499 895550 mov dword ptr [rbp+50h],edx ss:0018:00000000`00000051=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff802a07e83e9 to fffff802a07dc8a0
STACK_TEXT:
ffffd001`34a0bf28 fffff802`a07e83e9 : 00000000`0000000a 00000000`00000051 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
ffffd001`34a0bf30 fffff802`a07e6c3a : 00000000`00000001 fffff802`a098c180 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`34a0c070 fffff802`a0721499 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
ffffd001`34a0c200 fffff802`a0720f02 : fffff802`a098c180 ffffe001`f892d880 ffffc001`fffffffe 00000000`fffffffe : nt!KiSearchForNewThread+0x69
ffffd001`34a0c290 fffff802`a07209f9 : ffffe001`f892d880 00000000`00000000 00000000`0008ff1c 00000000`00000000 : nt!KiSwapThread+0xd2
ffffd001`34a0c330 fffff802`a07205c5 : 00000000`00000001 fffff802`a098c180 ffffe001`0000001f 00000000`00000000 : nt!KiCommitThreadWait+0x129
ffffd001`34a0c3b0 fffff802`a0a3a9c9 : ffffd001`00000002 ffffd001`34a0c530 ffffe001`f8cca490 ffffd001`00000006 : nt!KeWaitForMultipleObjects+0x9a5
ffffd001`34a0c460 fffff802`a0aede06 : 00000000`00000002 00000000`00000001 ffffd001`34a0cb01 ffffc001`288177f0 : nt!ObWaitForMultipleObjects+0x289
ffffd001`34a0c970 fffff802`a07e80b3 : ffffe001`f892d880 00000040`112df9a8 ffffd001`34a0cbe8 fffff6bf`ff68d2c0 : nt!NtWaitForMultipleObjects+0xd6
ffffd001`34a0cbd0 00007ffe`d2bc13da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000040`112df988 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`d2bc13da
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiSearchForNewThread+69
fffff802`a0721499 895550 mov dword ptr [rbp+50h],edx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiSearchForNewThread+69
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 56509ee1
BUCKET_ID_FUNC_OFFSET: 69
FAILURE_BUCKET_ID: AV_nt!KiSearchForNewThread
BUCKET_ID: AV_nt!KiSearchForNewThread
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_nt!kisearchfornewthread
FAILURE_ID_HASH: {bd56f6cd-4e04-7838-d2db-c18a3fbed707}
Followup: MachineOwner
---------