Windows 10 BSOD - memory dump analysis help

[Thomas Vitoz]

Hi,


I am getting frequent BSOD on my laptop, I have already re-imaged it but it keeps on happening.


I have opened the DUMP file in windbg and ran !analyse -v


Can someone help with the output, how to find the problem from it, this is my first time doing so, I can see it is caused by a driver but which one...:


Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\shak\Desktop\dump\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


* Path validation summary **
Response Time (ms) Location
Deferred SRVC:\Windows\symbol_cache

http://msdl.microsoft.com/download/symbols

Symbol search path is: SRVC:\Windows\symbol_cache

http://msdl.microsoft.com/download/symbols

Executable search path is:
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 17763.1.amd64fre.rs5_release.180914-1434
Machine Name:
Kernel base = 0xfffff8047240a000 PsLoadedModuleList = 0xfffff804728259b0
Debug session time: Thu Mar 7 09:05:39.994 2019 (UTC + 1:00)
System Uptime: 0 days 0:02:54.844
Loading Kernel Symbols
......................................Page 20046694a too large to be in the dump file.
.........................
................................................................
................................................................
.......................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000f9c8a2e018). Type ".hh dbgerr001" for details Loading unloaded module list ...................................... ******************************************************************************* [LIST] [*]* [*]Bugcheck Analysis * [*]* [/LIST] ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck E6, {26, ffffba01da348060, 401, 5} Probably caused by : ntkrnlmp.exe ( nt!KiCallInterruptServiceRoutine+a5 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* [LIST] [*]* [*]Bugcheck Analysis * [*]* [/LIST] ******************************************************************************* DRIVER_VERIFIER_DMA_VIOLATION (e6) An illegal DMA operation was attempted by a driver being verified. Arguments: Arg1: 0000000000000026, IOMMU detected DMA violation. Arg2: ffffba01da348060, Device Object of faulting device. Arg3: 0000000000000401, Faulting information (usually faulting physical address). Arg4: 0000000000000005, Fault type (hardware specific). Debugging Details: ------------------ KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434 SYSTEM_MANUFACTURER: Dell Inc. SYSTEM_PRODUCT_NAME: Latitude 7390 SYSTEM_SKU: 081B BIOS_VENDOR: Dell Inc. BIOS_VERSION: 1.7.2 BIOS_DATE: 11/26/2018 BASEBOARD_MANUFACTURER: Dell Inc. BASEBOARD_PRODUCT: 09386V BASEBOARD_VERSION: A00 DUMP_TYPE: 1 BUGCHECK_P1: 26 BUGCHECK_P2: ffffba01da348060 BUGCHECK_P3: 401 BUGCHECK_P4: 5 CPU_COUNT: 8 CPU_MHZ: 840 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 8e CPU_STEPPING: a CPU_MICROCODE: 6,8e,a,0 (F,M,S,R) SIG: 96'00000000 (cache) 96'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0xE6 PROCESS_NAME: dwm.exe CURRENT_IRQL: c ANALYSIS_SESSION_HOST: LT-H0M9KC2 ANALYSIS_SESSION_TIME: 03-07-2019 12:56:14.0301 ANALYSIS_VERSION: 10.0.17763.132 amd64fre LAST_CONTROL_TRANSFER: from fffff80472eb66f7 to fffff804725bd5e0 STACK_TEXT: fffff80475a16eb8 fffff80472eb66f7 : 00000000000000e6 0000000000000026 ffffba01da348060 0000000000000401 : nt!KeBugCheckEx fffff80475a16ec0 fffff80472eb1f8c : fffff80472edf990 fffff80472edf990 fffff80472ee2900 0000000000000001 : hal!IvtHandleInterrupt+0x1b7 fffff80475a16f10 fffff8047244c8b5 : fffff80472ee28e0 ffff918322957a80 fffff80472ee2990 0000000000000008 : hal!HalpIommuInterruptRoutine+0x4c fffff80475a16f40 fffff804725beeac : ffff918322957a80 fffff80472ee28e0 000000f9c8e9f114 fffff80472ee28e0 : nt!KiCallInterruptServiceRoutine+0xa5 fffff80475a16f90 fffff804725bf2a7 : 0000000000000000 ffff918300000001 0000000000000000 ffff918322957a80 : nt!KiInterruptSubDispatchNoLock+0x11c ffff918322957a00 00007fff37f6e623 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiInterruptDispatchNoLock+0x37 000000f9c8e9ee18 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007fff37f6e623


THREAD_SHA1_HASH_MOD_FUNC: eae14f285b3e9a394cd37560986a9fe1fffa422d

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ca2ea2f518ad0036f752d2ff233b37205915a782

THREAD_SHA1_HASH_MOD: dab8392fb5efb5fe2e1ea8a7f7c62b2f6a6807b8

FOLLOWUP_IP:
nt!KiCallInterruptServiceRoutine+a5
fffff804`7244c8b5 0fb6e8 movzx ebp,al

FAULT_INSTR_CODE: 45e8b60f

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!KiCallInterruptServiceRoutine+a5

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: a5

FAILURE_BUCKET_ID: 0xE6_nt!KiCallInterruptServiceRoutine

BUCKET_ID: 0xE6_nt!KiCallInterruptServiceRoutine

PRIMARY_PROBLEM_CLASS: 0xE6_nt!KiCallInterruptServiceRoutine

TARGET_TIME: 2019-03-07T08:05:39.000Z

OSBUILD: 17763

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 180914-1434

BUILDLAB_STR: rs5_release

BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME: 6b5

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0xe6_nt!kicallinterruptserviceroutine

FAILURE_ID_HASH: {2b0e63ba-aae0-93ee-5379-fdfd15c60138}

Followup: MachineOwner
---------

More...