- May 7, 2013
- 10,400
This is an odd bugcheck because it may be thrown when Driver Verifier isn't actually running, this is because DMA Protection is automatically enabled on Windows 10 1809+ systems. The bugcheck is almost exclusively caused by drivers, although, it may be worthwhile updating the BIOS too if no problematic drivers can be identified through the use of the DMA Verification option of Driver Verifier.
If you're wondering what DMA means, it stands for Direct Memory Access and is used by I/O devices (e.g. graphics card) to access RAM independently of the CPU. As this can be abused by malicious software, DMA Protection was introduced to try and mitigate against such issues.
Quite simply, the bugcheck is caused when a driver isn't handling a DMA operation correctly. There can a number of reasons for this and the bugcheck itself rarely actually indicates why. The second parameter is the most important here and indicates the device object which was responsible for causing the DMA violation. It is very common for this to be associated to a network card or some form of USB device.
Let's use !devobj to dump the associated device object:
As we can see, the device object is for the PCI bus, which makes perfect sense since the PCI bus is directly involved with DMA operations, although, pci.sys is not the problem here but instead the device which is attached above in the device stack.
Unfortunately, the name is paged out and therefore we won't be able to directly confirm what the device was. However, there was a symbol load error for a third-party driver and this is very likely the driver which is associated to the device which had it's name paged out.
The driver appears to be associated to ASMedia USB 3.0. The user never confirmed if this was the main issue since they used a Dell support tool to "reset" their drivers back to the ones which were shipped with the device originally. This appeared to resolve their issue.
The fault type from the fourth parameter is part of _FAULT_INFORMATION_ARM64 structure which in turn is part of _IOMMU_DMA_DEVICE (interestingly, symbols are missing?).
References:
Bug Check 0xE6 DRIVER_VERIFIER_DMA_VIOLATION - Windows drivers
DMA Verification - Windows drivers
Kernel DMA Protection (Memory Access Protection) for OEMs
If you're wondering what DMA means, it stands for Direct Memory Access and is used by I/O devices (e.g. graphics card) to access RAM independently of the CPU. As this can be abused by malicious software, DMA Protection was introduced to try and mitigate against such issues.
Rich (BB code):
DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: ffffde0a1209c570, Device Object of faulting device.
Arg3: 0000000000000024, Faulting information (usually faulting physical address).
Arg4: 0000000000000006, Fault type (hardware specific).Quite simply, the bugcheck is caused when a driver isn't handling a DMA operation correctly. There can a number of reasons for this and the bugcheck itself rarely actually indicates why. The second parameter is the most important here and indicates the device object which was responsible for causing the DMA violation. It is very common for this to be associated to a network card or some form of USB device.
Let's use !devobj to dump the associated device object:
Rich (BB code):
0: kd> !devobj ffffde0a1209c570
Device object (ffffde0a1209c570) is for:
Cannot read info offset from nt!ObpInfoMaskToOffset
\Driver\pci DriverObject ffffde0a0dfe5060
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00001040
SecurityDescriptor ffff8e86bf0203a0 DevExt ffffde0a1209c6c0 DevObjExt ffffde0a1209cdf0 DevNode ffffde0a1209d6e0
ExtensionFlags (0x00000800) DOE_DEFAULT_SD_PRESENT
Characteristics (0000000000)
AttachedDevice (Upper) ffffde0a12eee0a0Unable to load image \SystemRoot\System32\drivers\asmtxhci.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for asmtxhci.sys
Name paged out
Device queue is not busy.As we can see, the device object is for the PCI bus, which makes perfect sense since the PCI bus is directly involved with DMA operations, although, pci.sys is not the problem here but instead the device which is attached above in the device stack.
Rich (BB code):
0: kd> !devobj ffffde0a12eee0a0
Device object (ffffde0a12eee0a0) is for:
InfoMask field not found for _OBJECT_HEADER at ffffde0a12eee070
Name paged out DriverObject ffffde0a12ecbb40
Current Irp 00000000 RefCount 0 Type 00000004 Flags 00002040
SecurityDescriptor ffff8e86bf0203a0 DevExt ffffde0a12eee1f0 DevObjExt ffffde0a12eee3f0
Characteristics (0x00000080) FILE_AUTOGENERATED_DEVICE_NAME
Device queue is not busy.Unfortunately, the name is paged out and therefore we won't be able to directly confirm what the device was. However, there was a symbol load error for a third-party driver and this is very likely the driver which is associated to the device which had it's name paged out.
Rich (BB code):
0: kd> lmvm asmtxhci
Browse full module list
start end module name
fffff807`83110000 fffff807`83187000 asmtxhci T (no symbols)
Loaded symbol image file: asmtxhci.sys
Image path: \SystemRoot\System32\drivers\asmtxhci.sys
Image name: asmtxhci.sys
Browse all global symbols functions data
Timestamp: Thu Oct 25 09:32:18 2018 (5BD17F92)
CheckSum: 0007E9EC
ImageSize: 00077000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:The driver appears to be associated to ASMedia USB 3.0. The user never confirmed if this was the main issue since they used a Dell support tool to "reset" their drivers back to the ones which were shipped with the device originally. This appeared to resolve their issue.
The fault type from the fourth parameter is part of _FAULT_INFORMATION_ARM64 structure which in turn is part of _IOMMU_DMA_DEVICE (interestingly, symbols are missing?).
Rich (BB code):
0: kd> dt _FAULT_INFORMATION_ARM64
nt!_FAULT_INFORMATION_ARM64
+0x000 DomainHandle : Ptr64 Void
+0x008 FaultAddress : Ptr64 Void
+0x010 PhysicalDeviceObject : Ptr64 _DEVICE_OBJECT
+0x018 InputMappingId : Uint4B
+0x01c Flags : _FAULT_INFORMATION_ARM64_FLAGS
+0x020 Type : _FAULT_INFORMATION_ARM64_TYPE
Rich (BB code):
0: kd> dt _FAULT_INFORMATION_ARM64_TYPE
nt!_FAULT_INFORMATION_ARM64_TYPE
UnsupportedUpstreamTransaction = 0n0
AddressSizeFault = 0n1
TlbMatchConflict = 0n2
ExternalFault = 0n3
PermissionFault = 0n4
AccessFlagFault = 0n5
TranslationFault = 0n6
MaxFaultType = 0n7References:
Bug Check 0xE6 DRIVER_VERIFIER_DMA_VIOLATION - Windows drivers
DMA Verification - Windows drivers
Kernel DMA Protection (Memory Access Protection) for OEMs