일반적으로 블루스크린은 커널모드에서 문제가 생겨 발생한다. 내 경험상의 원인은 대부분 Windows 자체가 아니라 Intel, AMD, Nvidia, Realtek ... 등에서 만든 드라이버 문제로 인해서 발생한다.
이러한 블루스크린이 발생한뒤 분석하는법을 약 3달쯤 알았는데, 오늘 또 블루스크린이 발생했다(...) 3달이나 지나 방법을 또 까먹어 이것저것 찾아보았는데, 이럴바에 내 블로그에 올려두는것이 속 편할듯 하여 포스팅을 쓴다.
1. Dell의 메뉴얼 참조
Windows 디버거를 사용하여 블루 스크린 문제를 해결하는 방법 | Dell 대한민국
지침 컴퓨터에 블루 스크린이 나타나는 경우 발생한 상황을 알아내고 문제를 해결하며 재발을 방지하려면 어떻게 해야 할까요? 이 상황에서는 메모리 덤프 파일이 유용할 수 있습니다. 메모리
www.dell.com
Microsoft 의 메뉴얼도 있지만, 체감상 Dell의 메뉴얼이 훨신 잘 되어 있다.
일반적으로 블루스크린 발생 후 Windows는 자체적으로 `.dmp` 파일을 생성한다. Dell의 메뉴얼을 참조하여 생성된 `.dmp` 파일을 디버깅하여 출력 결과를 얻자.
2. 출력결과 분석
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805e7cb8680 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff601ebc650f0=000000000000000a
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000050, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8057b203e1f, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1453
Key : Analysis.Elapsed.mSec
Value: 7686
Key : Analysis.IO.Other.Mb
Value: 28
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 36
Key : Analysis.Init.CPU.mSec
Value: 890
Key : Analysis.Init.Elapsed.mSec
Value: 34715
Key : Analysis.Memory.CommitPeak.Mb
Value: 108
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0xd1
Key : Bugcheck.Code.TargetModel
Value: 0xd1
Key : Dump.Attributes.AsUlong
Value: 21808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: AV_NETIO!StreamInvokeCalloutAndNormalizeAction
Key : Failure.Hash
Value: {c2ca2d1f-cfdc-88d5-c7bc-7693b8f0de04}
Key : Hypervisor.Enlightenments.ValueHex
Value: 7497cf94
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 1
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 38408431
Key : Hypervisor.Flags.ValueHex
Value: 24a10ef
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 3f7
BUGCHECK_CODE: d1
BUGCHECK_P1: 50
BUGCHECK_P2: 2
BUGCHECK_P3: 0
BUGCHECK_P4: fffff8057b203e1f
FILE_IN_CAB: 102924-12781-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x21808
Kernel Generated Triage Dump
FAULTING_THREAD: ffffe40edbd2d040
READ_ADDRESS: fffff805e87c34b0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
0000000000000050
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
TRAP_FRAME: fffff601ebc65230 -- (.trap 0xfffff601ebc65230)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=ffffe40effbf6a00
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8057b203e1f rsp=fffff601ebc653c0 rbp=0000000000000003
r8=0000000000001001 r9=0000000000001001 r10=0000000000000000
r11=ffffe40ef6396560 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
NETIO!StreamInvokeCalloutAndNormalizeAction+0x2f3:
fffff8057b203e1f 396a50 cmp dword ptr [rdx+50h],ebp ds:0000000000000050=????????
Resetting default scope
STACK_TEXT:
fffff601ebc650e8 fffff805e7e87ae9 : 000000000000000a 0000000000000050 0000000000000002 0000000000000000 : nt!KeBugCheckEx
fffff601ebc650f0 fffff805e7e82da8 : ffffe40ef668ab02 0000000000000108 fffff601ebc65440 fffff8058516e800 : nt!KiBugCheckDispatch+0x69
fffff601ebc65230 fffff8057b203e1f : 0000000000000000 ffffe40ef6396560 ffffe40ef6396501 ffffe40ef2d332b0 : nt!KiPageFault+0x468
fffff601ebc653c0 fffff8057b200dcb : 0000000000000000 ffffe40f0003ea00 ffffe40ef6396560 fffff601ebc65898 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x2f3
fffff601ebc654b0 fffff8057b201219 : ffffe40effbf6a60 fffff601ebc65680 ffffe40ef6396560 fffff601ebc65e30 : NETIO!StreamCalloutProcessData+0x5f
fffff601ebc65540 fffff8057b1e0785 : fffff601ebc65e30 fffff601ebc65680 ffffe40ef6396560 ffffe40ef6396501 : NETIO!StreamCalloutProcessingLoop+0x175
fffff601ebc655e0 fffff8057b1af60a : 0000000000000014 fffff80585161310 fffff60100000001 fffff601ebc660f0 : NETIO!StreamProcessCallout+0x609
fffff601ebc65710 fffff8057b1ae3c0 : ffffe40ed97e0014 fffff601ebc660f0 ffffe40eef284e50 fffff601ebc65e30 : NETIO!ProcessCallout+0x2ea
fffff601ebc657e0 fffff8057b1f8646 : 0000000000004800 ffffe40ed98e6aa0 fffff601ebc65ae8 ffffe40ed98e9bc0 : NETIO!ArbitrateAndEnforce+0x1e0
fffff601ebc65920 fffff805e7b3e2c8 : fffff601ebc65b60 fffff8057b1f8600 0000000000000002 fffff601ebc65e00 : NETIO!ArbitrateAndEnforceCallout+0x46
fffff601ebc65980 fffff805e7b3e1dd : fffff8057b1f8600 fffff601ebc65b60 ffffe40ed8ef8ec0 fffff601ebc660f0 : nt!KeExpandKernelStackAndCalloutInternal+0xd8
fffff601ebc659f0 fffff8057b1d4cfe : 0000000000000000 fffff601ebc65e80 0000000000000001 fffff601ebc66110 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff601ebc65a30 fffff8057b1c8932 : 0000000000000000 fffff8057b22e000 0000000000000014 ffffe40ed98e6aa0 : NETIO!NetioExpandKernelStackAndCallout+0x7e
fffff601ebc65a80 fffff8057b203934 : 0000000100010006 ffffe40eef2894c0 ffffe40eef286430 ffffe40ef2d64400 : NETIO!KfdClassify+0x622
fffff601ebc65d90 fffff8057b1fdc7d : ffffe40efe69eeb0 fffff601ebc66000 fffff601ebc66520 ffffe40effbf6a60 : NETIO!StreamInternalClassify+0x168
fffff601ebc65f00 fffff8057b1a623e : ffffe40ef644cc01 fffff805e7ac6825 ffffe40f06543000 00000000000000ff : NETIO!StreamClassify+0x43d
fffff601ebc66090 fffff8057b1a5e61 : 0000000000000000 ffffe40ef644cc70 0000000000000000 0000000000000000 : NETIO!StreamCommonInspect+0x29a
fffff601ebc664a0 fffff8057b43545c : 0000000000000000 ffffe40effbf6c88 fffff601ebc66620 ffffe40edbe468e0 : NETIO!WfpStreamInspectReceive+0x1d1
fffff601ebc66520 fffff8057b3f9f03 : fffffffffffac002 0000000000000000 0000000000000000 ffffe40edbeaf668 : tcpip!TcpProcessFastDatagramBatch+0xcac
fffff601ebc66680 fffff8057b3f8806 : 0000000000000001 0000000000000002 0000000000000000 ffffe40effbf6a60 : tcpip!TcpTcbReceive+0x313
fffff601ebc66810 fffff8057b4b46b2 : ffffe40edbeaf7b0 ffffe40edbeaf7b0 ffffe40edbe468e0 ffffe40edbe468e0 : tcpip!TcpMatchReceive+0x226
fffff601ebc66960 fffff8057b4b4356 : ffffe40e00000007 0000000000000000 ffffe40edf478001 0000000000000000 : tcpip!TcpReceive+0x312
fffff601ebc669f0 fffff8057b468ecf : 0000000000000001 ffffe40edbeaf7b0 00000000ffffff00 fffff805e7ad1300 : tcpip!TcpNlClientReceiveDatagrams+0x16
fffff601ebc66a20 fffff8057b467a31 : fffff8057b5cb750 0000000000000006 ffffe40edf682828 fffff601ebc66b80 : tcpip!IppProcessDeliverList+0xbf
fffff601ebc66b20 fffff8057b4a4172 : fffff8057b5cb750 ffffe40edbe938a0 0000000000000000 ffffe40edf6d2400 : tcpip!IppReceiveHeaderBatch+0x301
fffff601ebc66bf0 fffff8057b4f2217 : ffffe40edf2a13e0 0000000000000000 0000000e00000501 fffff60100000000 : tcpip!IppReceivePackets+0x4e2
fffff601ebc66d30 fffff8057b4f5868 : ffffe40edf2a13e0 ffffe40edf6ce2a0 0000000000000000 ffffe40f11390230 : tcpip!IpFlcReceivePreValidatedPackets+0xad7
fffff601ebc66e70 fffff805e7b3e2c8 : fffff601ebc67110 ffffe40edbd2d0bd 0000000000000002 fffff601ebc67110 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x568
fffff601ebc66fe0 fffff805e7b3e1dd : fffff8057b4f5300 fffff601ebc67110 ffffe40edbcfb6f0 0000000000000000 : nt!KeExpandKernelStackAndCalloutInternal+0xd8
fffff601ebc67050 fffff8057b48ed28 : ffffe40edf6d22a0 00000000c0000225 0000000000000001 fffff8057ce53288 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff601ebc67090 fffff8057b4f52e8 : 0000000000000000 fffff601ebc67260 0000000000000000 ffffe40edf94b010 : tcpip!NetioExpandKernelStackAndCallout+0x58
fffff601ebc670e0 fffff8057affa1b3 : fffff601ebc671d0 ffffe40edf6ce2a0 ffffe40e00000007 ffffe40f00000007 : tcpip!FlReceiveNetBufferListChain+0x138
fffff601ebc67160 fffff8057aff7447 : ffffe40edf9688b0 0000000000000000 0000000000000000 0000000000000007 : ndis!ndisMIndicateNetBufferListsToOpen+0x503
fffff601ebc67450 fffff8057affb6df : ffffe40ede95b1a0 ffffe40edf6ce2a0 ffffe40ede95b1a0 fffff8057b4f5b01 : ndis!ndisMTopReceiveNetBufferLists+0x227
fffff601ebc67560 fffff80585d79a9b : ffffe40edf6ce2a0 ffffe40edf6d5030 ffffe40edf544080 ffffe40edf543000 : ndis!NdisMIndicateReceiveNetBufferLists+0xb2f
fffff601ebc67780 ffffe40edf6ce2a0 : ffffe40edf6d5030 ffffe40edf544080 ffffe40edf543000 0000000000000801 : e1r+0x19a9b
fffff601ebc67788 ffffe40edf6d5030 : ffffe40edf544080 ffffe40edf543000 0000000000000801 0000000000000007 : 0xffffe40edf6ce2a0
fffff601ebc67790 ffffe40edf544080 : ffffe40edf543000 0000000000000801 0000000000000007 ffffe40edf6ce2a0 : 0xffffe40edf6d5030
fffff601ebc67798 ffffe40edf543000 : 0000000000000801 0000000000000007 ffffe40edf6ce2a0 ffffe40edf6d22a0 : 0xffffe40edf544080
fffff601ebc677a0 0000000000000801 : 0000000000000007 ffffe40edf6ce2a0 ffffe40edf6d22a0 0000000000000000 : 0xffffe40edf543000
fffff601ebc677a8 0000000000000007 : ffffe40edf6ce2a0 ffffe40edf6d22a0 0000000000000000 ffffe40edf544080 : 0x801
fffff601ebc677b0 ffffe40edf6ce2a0 : ffffe40edf6d22a0 0000000000000000 ffffe40edf544080 0000000000000007 : 0x7
fffff601ebc677b8 ffffe40edf6d22a0 : 0000000000000000 ffffe40edf544080 0000000000000007 fffff80585d7acc8 : 0xffffe40edf6ce2a0
fffff601ebc677c0 0000000000000000 : ffffe40edf544080 0000000000000007 fffff80585d7acc8 ffffe40edf6d2200 : 0xffffe40edf6d22a0
SYMBOL_NAME: NETIO!StreamInvokeCalloutAndNormalizeAction+2f3
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
IMAGE_VERSION: 10.0.26100.1882
STACK_COMMAND: .process /r /p 0xffffe40ed74ae040; .thread 0xffffe40edbd2d040 ; kb
BUCKET_ID_FUNC_OFFSET: 2f3
FAILURE_BUCKET_ID: AV_NETIO!StreamInvokeCalloutAndNormalizeAction
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {c2ca2d1f-cfdc-88d5-c7bc-7693b8f0de04}
Followup: MachineOwner
---------우선 꽤 긴데, 귀찮다면 ChatGPT 와 같은 LLM 모델을 통해 분석을 대신 부탁해도 된다. 대략적인 원인을 파악해 줄 것이다. 해당 포스팅에서는 내가 직접 디버깅된 결과를 분석해 볼 것이다.
2-1. DRIVER_IRQL_NOT_LESS_OR_EQUAL
최상단에 `DRIVER_IRQL_NOT_LESS_OR_EQUAL` 이라는 명칭이 보인다. 아래부터는 이러한 설명이 보인다.
너무 높은 인터럽트 요청 수준(IRQL)에서 페이지 가능한(또는 완전히 유효하지 않은) 주소에 액세스하려고 시도했습니다.
이는 일반적으로 다음과 같습니다
부적절한 주소를 사용하는 운전자로 인해 발생합니다.
커널 디버거를 사용할 수 있는 경우 스택 백트레이스를 가져옵니다.해당 오류 코드 관련해서, Microsoft 커뮤니티에서는 Microsoft 담당자의 답변도 살펴볼 수 있는데, 세상 쓸모없는 답변이다.
물론 어느정도 이해는 하지만, 일반적으로 저런 방식으로 블루스크린 문제는 해결되지 않는다. 특히 `Dism` 과 `sfc` 명령어가 정확히 어떤 방식으로 동작하는지는 모르겠으나, Windows 운영체제를 사용한지 거의 20년이 다 되어가는데 저 명령어를 처음 접한 순간부터, 현재까지 단한번도 저 명령어를 통해 문제가 해결된 경험이 없다.
2-2. Arguments
Arguments:
Arg1: 0000000000000050, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8057b203e1f, address which referenced memory`Arguments` 에는 위와같은 정보를 제공해주고 있다.
- 0x0000000000000050 : 접근하고자 시도한 메모리 주소
- 0x0000000000000002 : IRQL(너무 높은 인터럽트 요청 수준, 즉 일종의 메모리 접근 권한문제)
- 0x0000000000000000 : 주석과 같이 0는 오직 읽기(read) 만 가능함을 의미
- 0xfffff8057b203e1f : 오류가 발생한 드라이버 또는 커널 모듈의 특정 위치
2-2. STACK_TEXT
STACK_TEXT:
fffff601ebc650e8 fffff805e7e87ae9 : 000000000000000a 0000000000000050 0000000000000002 0000000000000000 : nt!KeBugCheckEx
fffff601ebc650f0 fffff805e7e82da8 : ffffe40ef668ab02 0000000000000108 fffff601ebc65440 fffff8058516e800 : nt!KiBugCheckDispatch+0x69
fffff601ebc65230 fffff8057b203e1f : 0000000000000000 ffffe40ef6396560 ffffe40ef6396501 ffffe40ef2d332b0 : nt!KiPageFault+0x468
fffff601ebc653c0 fffff8057b200dcb : 0000000000000000 ffffe40f0003ea00 ffffe40ef6396560 fffff601ebc65898 : NETIO!StreamInvokeCalloutAndNormalizeAction+0x2f3
fffff601ebc654b0 fffff8057b201219 : ffffe40effbf6a60 fffff601ebc65680 ffffe40ef6396560 fffff601ebc65e30 : NETIO!StreamCalloutProcessData+0x5f
fffff601ebc65540 fffff8057b1e0785 : fffff601ebc65e30 fffff601ebc65680 ffffe40ef6396560 ffffe40ef6396501 : NETIO!StreamCalloutProcessingLoop+0x175
fffff601ebc655e0 fffff8057b1af60a : 0000000000000014 fffff80585161310 fffff60100000001 fffff601ebc660f0 : NETIO!StreamProcessCallout+0x609
fffff601ebc65710 fffff8057b1ae3c0 : ffffe40ed97e0014 fffff601ebc660f0 ffffe40eef284e50 fffff601ebc65e30 : NETIO!ProcessCallout+0x2ea
fffff601ebc657e0 fffff8057b1f8646 : 0000000000004800 ffffe40ed98e6aa0 fffff601ebc65ae8 ffffe40ed98e9bc0 : NETIO!ArbitrateAndEnforce+0x1e0
fffff601ebc65920 fffff805e7b3e2c8 : fffff601ebc65b60 fffff8057b1f8600 0000000000000002 fffff601ebc65e00 : NETIO!ArbitrateAndEnforceCallout+0x46
fffff601ebc65980 fffff805e7b3e1dd : fffff8057b1f8600 fffff601ebc65b60 ffffe40ed8ef8ec0 fffff601ebc660f0 : nt!KeExpandKernelStackAndCalloutInternal+0xd8
fffff601ebc659f0 fffff8057b1d4cfe : 0000000000000000 fffff601ebc65e80 0000000000000001 fffff601ebc66110 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff601ebc65a30 fffff8057b1c8932 : 0000000000000000 fffff8057b22e000 0000000000000014 ffffe40ed98e6aa0 : NETIO!NetioExpandKernelStackAndCallout+0x7e
fffff601ebc65a80 fffff8057b203934 : 0000000100010006 ffffe40eef2894c0 ffffe40eef286430 ffffe40ef2d64400 : NETIO!KfdClassify+0x622
fffff601ebc65d90 fffff8057b1fdc7d : ffffe40efe69eeb0 fffff601ebc66000 fffff601ebc66520 ffffe40effbf6a60 : NETIO!StreamInternalClassify+0x168
fffff601ebc65f00 fffff8057b1a623e : ffffe40ef644cc01 fffff805e7ac6825 ffffe40f06543000 00000000000000ff : NETIO!StreamClassify+0x43d
fffff601ebc66090 fffff8057b1a5e61 : 0000000000000000 ffffe40ef644cc70 0000000000000000 0000000000000000 : NETIO!StreamCommonInspect+0x29a
fffff601ebc664a0 fffff8057b43545c : 0000000000000000 ffffe40effbf6c88 fffff601ebc66620 ffffe40edbe468e0 : NETIO!WfpStreamInspectReceive+0x1d1
fffff601ebc66520 fffff8057b3f9f03 : fffffffffffac002 0000000000000000 0000000000000000 ffffe40edbeaf668 : tcpip!TcpProcessFastDatagramBatch+0xcac
fffff601ebc66680 fffff8057b3f8806 : 0000000000000001 0000000000000002 0000000000000000 ffffe40effbf6a60 : tcpip!TcpTcbReceive+0x313
fffff601ebc66810 fffff8057b4b46b2 : ffffe40edbeaf7b0 ffffe40edbeaf7b0 ffffe40edbe468e0 ffffe40edbe468e0 : tcpip!TcpMatchReceive+0x226
fffff601ebc66960 fffff8057b4b4356 : ffffe40e00000007 0000000000000000 ffffe40edf478001 0000000000000000 : tcpip!TcpReceive+0x312
fffff601ebc669f0 fffff8057b468ecf : 0000000000000001 ffffe40edbeaf7b0 00000000ffffff00 fffff805e7ad1300 : tcpip!TcpNlClientReceiveDatagrams+0x16
fffff601ebc66a20 fffff8057b467a31 : fffff8057b5cb750 0000000000000006 ffffe40edf682828 fffff601ebc66b80 : tcpip!IppProcessDeliverList+0xbf
fffff601ebc66b20 fffff8057b4a4172 : fffff8057b5cb750 ffffe40edbe938a0 0000000000000000 ffffe40edf6d2400 : tcpip!IppReceiveHeaderBatch+0x301
fffff601ebc66bf0 fffff8057b4f2217 : ffffe40edf2a13e0 0000000000000000 0000000e00000501 fffff60100000000 : tcpip!IppReceivePackets+0x4e2
fffff601ebc66d30 fffff8057b4f5868 : ffffe40edf2a13e0 ffffe40edf6ce2a0 0000000000000000 ffffe40f11390230 : tcpip!IpFlcReceivePreValidatedPackets+0xad7
fffff601ebc66e70 fffff805e7b3e2c8 : fffff601ebc67110 ffffe40edbd2d0bd 0000000000000002 fffff601ebc67110 : tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x568
fffff601ebc66fe0 fffff805e7b3e1dd : fffff8057b4f5300 fffff601ebc67110 ffffe40edbcfb6f0 0000000000000000 : nt!KeExpandKernelStackAndCalloutInternal+0xd8
fffff601ebc67050 fffff8057b48ed28 : ffffe40edf6d22a0 00000000c0000225 0000000000000001 fffff8057ce53288 : nt!KeExpandKernelStackAndCalloutEx+0x1d
fffff601ebc67090 fffff8057b4f52e8 : 0000000000000000 fffff601ebc67260 0000000000000000 ffffe40edf94b010 : tcpip!NetioExpandKernelStackAndCallout+0x58
fffff601ebc670e0 fffff8057affa1b3 : fffff601ebc671d0 ffffe40edf6ce2a0 ffffe40e00000007 ffffe40f00000007 : tcpip!FlReceiveNetBufferListChain+0x138
fffff601ebc67160 fffff8057aff7447 : ffffe40edf9688b0 0000000000000000 0000000000000000 0000000000000007 : ndis!ndisMIndicateNetBufferListsToOpen+0x503
fffff601ebc67450 fffff8057affb6df : ffffe40ede95b1a0 ffffe40edf6ce2a0 ffffe40ede95b1a0 fffff8057b4f5b01 : ndis!ndisMTopReceiveNetBufferLists+0x227
fffff601ebc67560 fffff80585d79a9b : ffffe40edf6ce2a0 ffffe40edf6d5030 ffffe40edf544080 ffffe40edf543000 : ndis!NdisMIndicateReceiveNetBufferLists+0xb2f
fffff601ebc67780 ffffe40edf6ce2a0 : ffffe40edf6d5030 ffffe40edf544080 ffffe40edf543000 0000000000000801 : e1r+0x19a9b
fffff601ebc67788 ffffe40edf6d5030 : ffffe40edf544080 ffffe40edf543000 0000000000000801 0000000000000007 : 0xffffe40edf6ce2a0
fffff601ebc67790 ffffe40edf544080 : ffffe40edf543000 0000000000000801 0000000000000007 ffffe40edf6ce2a0 : 0xffffe40edf6d5030
fffff601ebc67798 ffffe40edf543000 : 0000000000000801 0000000000000007 ffffe40edf6ce2a0 ffffe40edf6d22a0 : 0xffffe40edf544080
fffff601ebc677a0 0000000000000801 : 0000000000000007 ffffe40edf6ce2a0 ffffe40edf6d22a0 0000000000000000 : 0xffffe40edf543000
fffff601ebc677a8 0000000000000007 : ffffe40edf6ce2a0 ffffe40edf6d22a0 0000000000000000 ffffe40edf544080 : 0x801
fffff601ebc677b0 ffffe40edf6ce2a0 : ffffe40edf6d22a0 0000000000000000 ffffe40edf544080 0000000000000007 : 0x7
fffff601ebc677b8 ffffe40edf6d22a0 : 0000000000000000 ffffe40edf544080 0000000000000007 fffff80585d7acc8 : 0xffffe40edf6ce2a0
fffff601ebc677c0 0000000000000000 : ffffe40edf544080 0000000000000007 fffff80585d7acc8 ffffe40edf6d2200 : 0xffffe40edf6d22a0핵심적인 정보는 `STACK_TEXT` 와 그 내용으로부터 확인할 수 있다. 위에서 언급한 Arg4 메모리 위치가 3번째 줄에서 확인되며, 그 메시지는 아래와 같다.
fffff601ebc65230 fffff8057b203e1f : 0000000000000000 ffffe40ef6396560 ffffe40ef6396501 ffffe40ef2d332b0 : nt!KiPageFault+0x468즉 PageFault 오류가 발생한것이며, 이는 `StreamInvokeCalloutAndNormalizeAction` 함수를 호출하던 도중에 발생하였다.
STACK 이므로 하단에 있을수록 더 먼저 발생한 사건이고, 최상단에 있는것이 나중에 발생한 사건일것이다. 때문에 `nids` 즉, Network Driver Interface Specification 에서부터 시작되어서 `tcpip` 를 통해서 특정 작업을 수행하다가, `NETIO` 작업을 수행하던 도중 `StreamInvokeCalloutAndNormalizeAction` 작업에서 가상메모리-메모리간 스왑과정에서 시스템에 접근해서는 안되는 메모리 영역(null 이거나, 접근 권한이 없거나) 을 접근하면서 만들어낸 문제라는 사실을 확인할 수 있다.
2-3. 요약사항
분석결과 최하단에는 간단하게 요약사항이 적혀있다.
SYMBOL_NAME: NETIO!StreamInvokeCalloutAndNormalizeAction+2f3
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
IMAGE_VERSION: 10.0.26100.1882
STACK_COMMAND: .process /r /p 0xffffe40ed74ae040; .thread 0xffffe40edbd2d040 ; kb
BUCKET_ID_FUNC_OFFSET: 2f3
FAILURE_BUCKET_ID: AV_NETIO!StreamInvokeCalloutAndNormalizeAction
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {c2ca2d1f-cfdc-88d5-c7bc-7693b8f0de04}
Followup: MachineOwner
3. 해결방법
위와 같은 오류 메세지는 모두 Network와 연관된 HW, SW가 문제라고 지목한다. 나는 여러번의 블루스크린 발생 메세지 중에서, 이러한 Network 블루스크린 문제가 반복되어 왔으므로 명확히 Network 장비 문제라는점을 확인할 수 있었다.
하지만 만약 DRAM, MMU(Memory management unit) 와 같은 HW 장비에 이상이 발생한 경우, 여러번의 블루스크린에서 Network 장비 뿐만 아니라 여러 장비에서 복합적인 문제가 발생했을 것이기에 한번의 Dump 파일 분석만으로 Network 장비 문제라고 단정지을수는 없다.
최종적으로, Intel I211 Network Driver를 업데이트 하는것으로 해결하였다.
4. 25/01/22 추가사항.
그 뒤로도 계속해서 관련 블루스크린이 발생하여 원인을 조사해 본 결과, 네트워크 단에서 작동하는 광고차단 프로그램 AdGuard 와 Windows 24H2 의 호환성 문제로 추측되어 AdGuard 를 일시적으로 비활성화 한 결과 문제가 해결되었다.