[SOLVED] BSOD "DRIVER_VERIFIER_DMA_VIOLATION" ?

Mar 7, 2022
3
0
10
Hello,

occasionally I get the BSOD DRIVER_VERIFIER_DMA_VIOLATION.
I went to Google and found this thread: https://forums.tomshardware.com/thr..._dma_violation-bsod-brand-new-system.3745953/
So I hope to find help here.
Besides this dump my system is stable.

Here is some further information:

  • Windows is Windows 10 Pro 21H2 Build 19044.1566
  • I use a Stardock USB dock SDOCK4U313 connected to the USB-C port on the back and suspect this device.
  • There is no firmware update for this USB dock available.
  • The mainboard is a GA-Z270X-UD5 (rev. 1.0) with Chipset+Intel® Thunderbolt™ 3 Controller: 1 x USB Type-C™ port on the back panel, with USB 3.1 Gen 2 support
  • The driver verifier is not active, so I wonder about this BSOD.
  • I googled this article, but it is also not active: https://docs.microsoft.com/en-us/wi...tection/kernel-dma-protection-for-thunderbolt
  • According to BlueScreenView the dump is caused by ntoskrnl.exe
  • According to Intel there are no standalone drivers for the "Intel USB 3.1 eXtensible host controller" as they are included in Windows
  • The driver version is 10.0.19041.1566 from 2022-Feb-10, so fairly new with no chance of an update.
  • I followed the instruction from the other thread and uploaded a dump: https://www.dropbox.com/s/0vbqi0rulw3j44x/030722-40031-01.zip?dl=0
I'm really grateful for hints and ideas.

Thanks a lot.
 
Solution
note: you do have verifier flags turned on.
the running process that was caught was
TrueImageMonitor.exe (Acronis True Image )
it was talking to a filter driver fltsrv.sys (microsoft file)
that was talking to:
\SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys
(VMware Virtual Storage Volume Driver )
Timestamp: Wed Aug 28 03:25:49 2013

basically you need to update this old software or remove it.
or you can turn off the verifier flags so it will not bugcheck and reboot your machine more often so you have less chance of memory corruption. (reboot rather than let the machine sleep) (system was up for nearly 5 hours before the error)

you can download and run microsoft autoruns to disable or remove these old drivers if you...

Colif

Win 11 Master
Moderator
driver verifer always running. (reads thread linked and gets de ja vu at 1st reply)

NTOSKRNL = windows kernel. It handles all driver requests, power management, and memory management. It sits between Hardware and Applications. It got blamed but its not the cause

I can't read the dumps until they converted, why do you mention USB? Its all built into windows so if it mentioned USB anywhere, its more likely a device attached, and not PC.

I will get someone to convert dumps.
 
  • Like
Reactions: studio54
Mar 7, 2022
3
0
10
driver verifer always running. (reads thread linked and gets de ja vu at 1st reply)
Okay, will do.

NTOSKRNL = windows kernel. It handles all driver requests, power management, and memory management. It sits between Hardware and Applications. It got blamed but its not the cause
I'm aware of that, it's the part I forgot to mention. For this reason I don't think that ntoskrnl.exe can be the root cause.

I can't read the dumps until they converted, why do you mention USB? Its all built into windows so if it mentioned USB anywhere, its more likely a device attached, and not PC.
I mention USB, as I don't think that it can be faulty ntoskrnl.exe. Furthermode the device manager says that the "Intel USB 3.1 eXtensible host controller" has own drivers: USBXHCI.SYS and UscXhciCompanion.dll
The quad dock is fairly new an the only device I added.
But before I return it I need more proof than just suspecting it, since it does not crash immediately when plugged in, but only after a random while even when idle.
I had issues before with other docks when plugging them into the 3rd party controller USB ports of the mainboard, which are not part of the chipset.

I will get someone to convert dumps.
Awesome, thanks a lot. :giggle:
 
note: you do have verifier flags turned on.
the running process that was caught was
TrueImageMonitor.exe (Acronis True Image )
it was talking to a filter driver fltsrv.sys (microsoft file)
that was talking to:
\SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys
(VMware Virtual Storage Volume Driver )
Timestamp: Wed Aug 28 03:25:49 2013

basically you need to update this old software or remove it.
or you can turn off the verifier flags so it will not bugcheck and reboot your machine more often so you have less chance of memory corruption. (reboot rather than let the machine sleep) (system was up for nearly 5 hours before the error)

you can download and run microsoft autoruns to disable or remove these old drivers if you don't have a installer/uninstaller for them.
(various drivers from 2011, to 2013)
 
Last edited:
  • Like
Reactions: studio54
Solution
docs for driver verifier tool.
https://docs.microsoft.com/en-us/tr...rmance/use-driver-verifier-to-identify-issues

verifier.exe really does not create bad conditions for a driver, it just maps memory allocations to special pool that has a bunch of extra checks for common mistakes. The mistakes are there even if you don't check for them. It is like writing a term paper, you think it is perfect but you get it graded and the professor points out all of your mistakes.
The graded paper and the ungraded paper really does not change in the grading process.

  • There are so many common mistakes.
  • driver writing rules change over time
-Windows has put a lot more checks to block hacking and viruses.
you can not modify windows core files like you used to.

yes, sometimes people have issues trying to stop the verifier functions.
I have never had a case myself where I could not stop the verifier.
even though I had to pull a drive and remove the bad driver from the drive before I tried to boot again.
sometimes it was hard to catch the timing correctly to get into safe mode. (had to slow the boot process to get the timing correct)
 
Last edited:
  • Like
Reactions: studio54