none
凡請各位協助有關使用 WinDbg 工具分析 Memory.DMP RRS feed

  • 問題

  • 各位好 : 

    公司有一台 HP BL460c G9 刀鋒伺服器

    OS : Windows 2012 R2

    使用 Hyper-V 平台 

    運行10台 VM , 用途AP 站台

    這兩天一直出現 System Error 

    我使用 WinDbg 工具查看 Memory.DMP 檔案

    顯示結果如下

    看起來似乎是 Hyper-V 的 VSwitch 問題 

    因此請問是否建議更新 vmswitch.sys 呢 ? 

    透過 https://support.microsoft.com/en-us/help/4015547/windows-8-1-windows-server-2012-r2-update-kb4015547

    還請不吝提供建議 

    謝謝

    *******************************************************************************

    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    WORKER_INVALID (e4)
    A executive worker item was found in memory which must not contain such
    items or a work item was queued that is currently active in the system.
    Usually this is memory being freed.  This is usually caused by
    a device driver that has not cleaned up properly before freeing memory.
    Arguments:
    Arg1: 0000000000000001, Queuing of active worker item
    Arg2: ffffe0008fc1a8e0, Address of worker item
    Arg3: 0000000000000001, Queue number
    Arg4: 0000000000000000, 0

    Debugging Details:
    ------------------


    DUMP_CLASS: 1

    DUMP_QUALIFIER: 401

    BUILD_VERSION_STRING:  9600.18589.amd64fre.winblue_ltsb.170204-0600

    SYSTEM_MANUFACTURER:  HP

    SYSTEM_PRODUCT_NAME:  ProLiant BL460c Gen9

    SYSTEM_SKU:  727021-B21

    BIOS_VENDOR:  HP

    BIOS_VERSION:  I36

    BIOS_DATE:  09/12/2016

    DUMP_TYPE:  1

    BUGCHECK_P1: 1

    BUGCHECK_P2: ffffe0008fc1a8e0

    BUGCHECK_P3: 1

    BUGCHECK_P4: 0

    CPU_COUNT: 28

    CPU_MHZ: a25

    CPU_VENDOR:  GenuineIntel

    CPU_FAMILY: 6

    CPU_MODEL: 3f

    CPU_STEPPING: 2

    CPU_MICROCODE: 6,3f,2,0 (F,M,S,R)  SIG: 38'00000000 (cache) 38'00000000 (init)

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    BUGCHECK_STR:  0xE4

    PROCESS_NAME:  System

    CURRENT_IRQL:  2

    ANALYSIS_SESSION_HOST:  GORAN-PC

    ANALYSIS_SESSION_TIME:  09-29-2017 10:10:25.0973

    ANALYSIS_VERSION: 10.0.14321.1024 x86fre

    LAST_CONTROL_TRANSFER:  from fffff8031078f674 to fffff803107632a0

    STACK_TEXT:  
    ffffd001`c5b3e588 fffff803`1078f674 : 00000000`000000e4 00000000`00000001 ffffe000`8fc1a8e0 00000000`00000001 : nt!KeBugCheckEx
    ffffd001`c5b3e590 fffff801`47d4ec5c : ffffe000`8fc1a8e0 ffffe000`8fd53f70 ffff3890`2e7cb223 ffffd001`c5b3e790 : nt! ?? ::FNODOBFM::`string'+0x1bea4
    ffffd001`c5b3e630 fffff801`47d4eaf5 : ffffe000`44527356 00000000`00000001 00000000`000003bf fffff801`00000000 : vmswitch!RndisDevHostQueueWorkItem+0x34
    ffffd001`c5b3e660 fffff801`47d43136 : ffffe000`95c03bb8 ffffd001`c5b3e790 ffffd001`c5b3e708 00000000`00000000 : vmswitch!RndisDevHostDispatchControlMessage+0x101
    ffffd001`c5b3e690 fffff801`481ad1e0 : 00000000`00000003 00000000`95c03b02 ffffe000`00007de0 ffffe000`93b83a80 : vmswitch!VmsVmNicPvtKmclProcessingComplete+0x526
    ffffd001`c5b3e7c0 fffff801`48169e3d : 00000000`00000001 ffffe000`8fc19010 0028f5eb`c1298ee4 00000000`00000000 : vmbkmclr!KmclpVmbusIsr+0x290
    ffffd001`c5b3e840 fffff803`106456f0 : ffffd001`c5b3e990 ffffe000`7b48d340 ffffd001`c5b29180 ffffd001`c5b29180 : vmbusr!ParentRingInterruptDpc+0x5d
    ffffd001`c5b3e890 fffff803`10644a37 : ffffe000`94695100 ffffe000`94695180 00000000`00000000 fffff801`00000004 : nt!KiExecuteAllDpcs+0x1b0
    ffffd001`c5b3e9e0 fffff803`10766dea : ffffd001`c5b29180 ffffd001`c5b29180 ffffd001`c5b35bc0 ffffe000`94695180 : nt!KiRetireDpcList+0xd7
    ffffd001`c5b3ec60 00000000`00000000 : ffffd001`c5b3f000 ffffd001`c5b39000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a


    STACK_COMMAND:  kb

    THREAD_SHA1_HASH_MOD_FUNC:  82be62f470dd8aeea5a0fcc405021d18feb066ce

    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  809392d851d92c21629207ccd2b06ea1cc106eb4

    THREAD_SHA1_HASH_MOD:  76191c146adc909355f78750ccbb66ce3ad8a209

    FOLLOWUP_IP: 
    vmswitch!RndisDevHostQueueWorkItem+34
    fffff801`47d4ec5c 4883c428        add     rsp,28h

    FAULT_INSTR_CODE:  28c48348

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  vmswitch!RndisDevHostQueueWorkItem+34

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: vmswitch

    IMAGE_NAME:  vmswitch.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  58962b13

    BUCKET_ID_FUNC_OFFSET:  34

    FAILURE_BUCKET_ID:  0xE4_vmswitch!RndisDevHostQueueWorkItem

    BUCKET_ID:  0xE4_vmswitch!RndisDevHostQueueWorkItem

    PRIMARY_PROBLEM_CLASS:  0xE4_vmswitch!RndisDevHostQueueWorkItem

    TARGET_TIME:  2017-09-29T01:20:16.000Z

    OSBUILD:  9600

    OSSERVICEPACK:  0

    SERVICEPACK_NUMBER: 0

    OS_REVISION: 0

    SUITE_MASK:  272

    PRODUCT_TYPE:  3

    OSPLATFORM_TYPE:  x64

    OSNAME:  Windows 8.1

    OSEDITION:  Windows 8.1 Server TerminalServer SingleUserTS

    OS_LOCALE:  

    USER_LCID:  0

    OSBUILD_TIMESTAMP:  2017-02-05 00:43:09

    BUILDDATESTAMP_STR:  170204-0600

    BUILDLAB_STR:  winblue_ltsb

    BUILDOSVER_STR:  6.3.9600.18589.amd64fre.winblue_ltsb.170204-0600

    ANALYSIS_SESSION_ELAPSED_TIME: 1c25

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:0xe4_vmswitch!rndisdevhostqueueworkitem

    FAILURE_ID_HASH:  {e128a688-11fd-6446-1f87-57854cfb7490}

    Followup:     MachineOwner
    ---------

    3: kd> lmvm vmswitch
    Browse full module list
    start             end                 module name
    fffff801`47d35000 fffff801`47de4000   vmswitch   (pdb symbols)          C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\vmswitch.pdb\F750EA5905BD46EE906F9EC5A5CB84151\vmswitch.pdb
        Loaded symbol image file: vmswitch.sys
        Image path: \SystemRoot\system32\DRIVERS\vmswitch.sys
        Image name: vmswitch.sys
        Browse all global symbols  functions  data
        Timestamp:        Sun Feb  5 03:27:15 2017 (58962B13)
        CheckSum:         000B147B
        ImageSize:        000AF000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

    2017年9月29日 上午 02:41

所有回覆

  • Hi Goran Yeh,

    從您提供的資訊來看

    在釋放memory device driver沒有正確的清理

    Microsoft於四月份安全性更新針對vmswitch.sys這個component更新

    詳細的分析需要看完整的dump才能確認,建議您可以先安裝kb4015547


    請記得將對您有幫助的回覆"標示為解答"以幫助其他尋找解答及參與社群討論的朋友們。

     

    Please remember to click Mark as Answer on the post that helps you.
    This can be beneficial to other community members reading the thread.


    2017年9月29日 上午 05:40
  • 您好 : 

    好的 謝謝您的告知

    我會先在這台主機進行 KB4015547 安裝更新

    再進行後續觀察

    謝謝

    2017年9月29日 上午 06:00