【随笔】【蓝屏】DMA错误
现象:
安装微软商店的windbg工具可分析崩溃详细信息:
************* Preparing the environment for Debugger Extensions Gallery repositories **************ExtensionRepository : ImplicitUseExperimentalFeatureForNugetShare : trueAllowNugetExeUpdate : trueNonInteractiveNuget : trueAllowNugetMSCredentialProviderInstall : trueAllowParallelInitializationOfLocalRepositories : trueEnableRedirectToChakraJsProvider : false-- Configuring repositories----> Repository : LocalInstalled, Enabled: true----> Repository : UserExtensions, Enabled: true>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds************* Waiting for Debugger Extensions Gallery to Initialize **************>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.078 seconds----> Repository : UserExtensions, Enabled: true, Packages count: 0----> Repository : LocalInstalled, Enabled: true, Packages count: 45Microsoft (R) Windows Debugger Version 10.0.27920.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.Loading Dump File [C:\Windows\Minidump\091425-16968-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are availableSymbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (20 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Kernel base = 0xfffff807`6c400000 PsLoadedModuleList = 0xfffff807`6d0134b0
Debug session time: Sun Sep 14 19:24:18.420 2025 (UTC + 8:00)
System Uptime: 0 days 0:10:55.112
Loading Kernel Symbols
..Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols..............................................................
................................................................
................................................................
................................................................
..
Loading User SymbolsLoading unloaded module list
................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`6c814df0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff807`6fd37e80=00000000000000e6
0: kd> !analyze -v
Loading Kernel Symbols
..Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols..............................................................
................................................................
................................................................
................................................................
..
Loading User SymbolsLoading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: 0000000000000000, Device Object of faulting device.
Arg3: 000000000003ac30, Faulting information (usually faulting physical address).
Arg4: 0000000000000005, Fault type (hardware specific).Debugging Details:
------------------*** WARNING: Check Image - Checksum mismatch - Dump: 0x208038, File: 0x2080c6 - C:\ProgramData\Dbg\sym\BTHport.sys\2AFD096C202000\BTHport.sysKEY_VALUES_STRING: 1Key : Analysis.CPU.mSecValue: 937Key : Analysis.Elapsed.mSecValue: 88679Key : Analysis.IO.Other.MbValue: 0Key : Analysis.IO.Read.MbValue: 1Key : Analysis.IO.Write.MbValue: 34Key : Analysis.Init.CPU.mSecValue: 437Key : Analysis.Init.Elapsed.mSecValue: 328850Key : Analysis.Memory.CommitPeak.MbValue: 110Key : Analysis.Version.DbgEngValue: 10.0.27920.1001Key : Analysis.Version.DescriptionValue: 10.2506.23.01 amd64freKey : Analysis.Version.ExtValue: 1.2506.23.1Key : Bugcheck.Code.LegacyAPIValue: 0xe6Key : Bugcheck.Code.TargetModelValue: 0xe6Key : Dump.Attributes.AsUlongValue: 0x1008Key : Dump.Attributes.DiagDataWrittenToHeaderValue: 1Key : Dump.Attributes.ErrorCodeValue: 0x0Key : Dump.Attributes.KernelGeneratedTriageDumpValue: 1Key : Dump.Attributes.LastLineValue: Dump completed successfully.Key : Dump.Attributes.ProgressPercentageValue: 0Key : Failure.BucketValue: 0xE6_26_nt!IvtHandleInterruptKey : Failure.HashValue: {11608481-d56e-58cc-4b64-17c92254d2f4}Key : Stack.PointerValue: ISRKey : WER.System.BIOSRevisionValue: 15.19.0.0BUGCHECK_CODE: e6BUGCHECK_P1: 26BUGCHECK_P2: 0BUGCHECK_P3: 3ac30BUGCHECK_P4: 5FILE_IN_CAB: 091425-16968-01.dmpDUMP_FILE_ATTRIBUTES: 0x1008Kernel Generated Triage DumpFAULTING_THREAD: fffff8076d14d700BLACKBOXBSD: 1 (!blackboxbsd)BLACKBOXNTFS: 1 (!blackboxntfs)BLACKBOXPNP: 1 (!blackboxpnp)BLACKBOXWINLOGON: 1 (!blackboxwinlogon)CUSTOMER_CRASH_COUNT: 1PROCESS_NAME: SystemSTACK_TEXT:
fffff807`6fd37e78 fffff807`6c92a4dd : 00000000`000000e6 00000000`00000026 00000000`00000000 00000000`0003ac30 : nt!KeBugCheckEx
fffff807`6fd37e80 fffff807`6c912a2b : fffff807`66622100 fffff807`00000001 fffff807`00000000 00000000`00000000 : nt!IvtHandleInterrupt+0x26d
fffff807`6fd37f20 fffff807`6c715f4c : fffff807`6d10d5d0 ffffd000`16657e70 fffff807`6d10d680 fffff807`6d10d5d0 : nt!HalpIommuInterruptRoutine+0x4b
fffff807`6fd37f50 fffff807`6c816ecc : fffff807`6fd28a70 fffff807`6d10d5d0 fffff807`6d14d700 fffff807`6c81e5e0 : nt!KiCallInterruptServiceRoutine+0x9c
fffff807`6fd37f90 fffff807`6c817487 : 00000001`869230d4 00000000`00000000 00000001`867a5bd7 00000000`00000000 : nt!KiInterruptSubDispatchNoLock+0x11c
fffff807`6fd289f0 fffff807`6c819dba : 00000000`00000000 fffff807`662b5fc0 00000000`00000000 fffff807`6d14d700 : nt!KiInterruptDispatchNoLock+0x37
fffff807`6fd28b80 00000000`00000000 : fffff807`6fd29000 fffff807`6fd22000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5aSYMBOL_NAME: nt!IvtHandleInterrupt+26dMODULE_NAME: ntIMAGE_NAME: ntkrnlmp.exeIMAGE_VERSION: 10.0.22621.4317STACK_COMMAND: .process /r /p 0xfffff8076d149f40; .thread 0xfffff8076d14d700 ; kbBUCKET_ID_FUNC_OFFSET: 26dFAILURE_BUCKET_ID: 0xE6_26_nt!IvtHandleInterruptOSPLATFORM_TYPE: x64OSNAME: Windows 10FAILURE_ID_HASH: {11608481-d56e-58cc-4b64-17c92254d2f4}Followup: MachineOwner
---------C:\ProgramData\Dbg\sym\BTHport.sys\2AFD096C202000\BTHport.sys
日志中提到 *** WARNING: Check Image - Checksum mismatch,即该路径下的 BTHport.sys 符号文件与系统中实际运行的 BTHport.sys 驱动校验和不匹配。这通常意味着:
- 系统中的蓝牙驱动可能已更新,但调试器下载的符号文件仍是旧版本;
- 或驱动文件被意外修改(如损坏、第三方软件替换等),导致符号匹配失败。
这种不匹配可能会影响调试准确性,但不一定是之前 DRIVER_VERIFIER_DMA_VIOLATION 崩溃的直接原因,仅说明调试符号与实际驱动存在版本差异。