DMP蓝屏DRIVER_VERIFIER_DMA_VIOLATION

同事给了一个DMP文件，说是在DELL笔记本中插入了一个HDMI线之后，再拔掉就BSOD了。
使用WINDBG自动分析提示是DMA问题:

DRIVER_VERIFIER_DMA_VIOLATION (e6)
An illegal DMA operation was attempted by a driver being verified.
Arguments:
Arg1: 0000000000000026, IOMMU detected DMA violation.
Arg2: ffffa30f56b8c060, Device Object of faulting device.
Arg3: 0000000000000000, Faulting information (usually faulting physical address).
Arg4: 0000000000000006, Fault type (hardware specific).

在https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/bug-check-0xe6--driver-verifier-dma-violation 中找到DRIVER_VERIFIER_DMA_VIOLATION的第一参数0x26信息：

0x26 IOMMU 检测到 DMA 冲突。

• 参数 2 - 故障设备的 Device 对象。
• 参数 3 - 故障信息 (通常会) 物理地址出错。
• 参数 4 - 故障类型 (特定于硬件的) 。

可以看到，一个奇怪的DMA物理地址竟然是Arg3: 0000000000000000。
PCI设备都是映射到BAR内存空间的，这个应该有通过BIOS分配的物理地址的。

通地参数2再分析一下是那个驱动及设备。
1.先找到设备对象信息

0: kd> dt _DEVICE_OBJECT ffffa30f56b8c060
nt!_DEVICE_OBJECT
   +0x000 Type             : 0n3
   +0x002 Size             : 0x898
   +0x004 ReferenceCount   : 0n0
   +0x008 DriverObject     : 0xffffa30f`4b30bab0 _DRIVER_OBJECT
   +0x010 NextDevice       : 0xffffa30f`5cbab040 _DEVICE_OBJECT
   +0x018 AttachedDevice   : 0xffffa30f`5f3c9a50 _DEVICE_OBJECT
   +0x020 CurrentIrp       : (null) 
   +0x028 Timer            : (null) 
   +0x030 Flags            : 0x1040
   +0x034 Characteristics  : 0x100
   +0x038 Vpb              : (null) 
   +0x040 DeviceExtension  : 0xffffa30f`56b8c1b0 Void
   +0x048 DeviceType       : 0x22
   +0x04c StackSize        : 1 ''
   +0x050 Queue            : <anonymous-tag>
   +0x098 AlignmentRequirement : 0
   +0x0a0 DeviceQueue      : _KDEVICE_QUEUE
   +0x0c8 Dpc              : _KDPC
   +0x108 ActiveThreadCount : 0
   +0x110 SecurityDescriptor : 0xffffcb0f`d2dfeca0 Void
   +0x118 DeviceLock       : _KEVENT
   +0x130 SectorSize       : 0
   +0x132 Spare1           : 1
   +0x138 DeviceObjectExtension : 0xffffa30f`56b8c8f8 _DEVOBJ_EXTENSION
   +0x140 Reserved         : (null)

因其DeviceObjectExtension中存在DeviceNode中信息，其包括了设备的InstancePath，故可找到设备的硬件ID.
通过驱动信息可以看到是PCI驱动引起的。

0: kd> dx -id 0,0,ffffa30f4b2a8180 -r1 ((ntkrnlmp!_DRIVER_OBJECT *)0xffffa30f4b30bab0)
((ntkrnlmp!_DRIVER_OBJECT *)0xffffa30f4b30bab0)                 : 0xffffa30f4b30bab0 : Driver "\Driver\pci" [Type: _DRIVER_OBJECT *]
    [<Raw View>]     [Type: _DRIVER_OBJECT]
    HardwareDatabase : 0xfffff8064ab2e990 : "\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM" [Type: _UNICODE_STRING *]
    DeviceObject     : 0xffffa30f56b8c060 : Device for "\Driver\pci" [Type: _DEVICE_OBJECT *]
    Flags            : 0x412
    Devices

DEVOBJ_EXTENSION信息：

0: kd> dx -id 0,0,ffffa30f4b2a8180 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffa30f56b8c8f8)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffa30f56b8c8f8)                 : 0xffffa30f56b8c8f8 [Type: _DEVOBJ_EXTENSION *]
    [+0x000] Type             : 13 [Type: short]
    [+0x002] Size             : 0x0 [Type: unsigned short]
    [+0x008] DeviceObject     : 0xffffa30f56b8c060 : Device for "\Driver\pci" [Type: _DEVICE_OBJECT *]
    [+0x010] PowerFlags       : 0x10 [Type: unsigned long]
    [+0x018] Dope             : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
    [+0x020] ExtensionFlags   : 0x800 [Type: unsigned long]
    [+0x028] DeviceNode       : 0xffffa30f5af28a20 [Type: void *]
    [+0x030] AttachedTo       : 0x0 [Type: _DEVICE_OBJECT *]
    [+0x038] StartIoCount     : 0 [Type: long]
    [+0x03c] StartIoKey       : 0 [Type: long]
    [+0x040] StartIoFlags     : 0x0 [Type: unsigned long]
    [+0x048] Vpb              : 0x0 [Type: _VPB *]
    [+0x050] DependencyNode   : 0xffffa30f5c8f2370 [Type: void *]
    [+0x058] InterruptContext : 0xffffcb0fda4e6810 [Type: void *]
    [+0x060] InterruptCount   : 0 [Type: long]
    [+0x068] VerifierContext  : 0x0 [Type: void *]

DEVICE_NODE信息如下：

0: kd> dt _DEVICE_NODE 0xffffa30f5af28a20
nt!_DEVICE_NODE
   +0x000 Sibling          : (null) 
   +0x008 Child            : 0xffffa30f`55c61a70 _DEVICE_NODE
   +0x010 Parent           : 0xffffa30f`5a046cc0 _DEVICE_NODE
   +0x018 LastChild        : 0xffffa30f`55c61a70 _DEVICE_NODE
   +0x020 PhysicalDeviceObject : 0xffffa30f`56b8c060 _DEVICE_OBJECT
   +0x028 InstancePath     : _UNICODE_STRING "PCI\VEN_8086&DEV_15B5&SUBSYS_11112222&REV_00\B8CA64388CC9A00000"
   +0x038 ServiceName      : _UNICODE_STRING "USBXHCI"
   +0x048 PendingIrp       : (null) 
   +0x050 FxDevice         : 0xffffa30f`5c206050 _POP_FX_DEVICE
   +0x058 FxDeviceLock     : 0n0
   +0x060 FxRemoveEvent    : _KEVENT
   +0x078 FxActivationCount : 0n0
   +0x07c FxSleepCount     : 0n0
   +0x080 UniqueId         : _UNICODE_STRING "\_SB.PCI0.RP15.PXSX.TBL3.TBTU"
   +0x090 Plugin           : (null) 
   +0x098 Level            : 7
   +0x09c CurrentPowerState : _POWER_STATE
   +0x0a0 Notify           : _PO_DEVICE_NOTIFY
   +0x108 PoIrpManager     : _PO_IRP_MANAGER
   +0x128 PowerFlags       : 0n7
   +0x12c State            : 30f ( DeviceNodeAwaitingQueuedRemoval )
   +0x130 PreviousState    : 308 ( DeviceNodeStarted )
   +0x134 StateHistory     : [20] 301 ( DeviceNodeUninitialized )
   +0x184 StateHistoryEntry : 0x11
   +0x188 CompletionStatus : 0n0
   +0x18c Flags            : 0x6c0000f0
   +0x190 UserFlags        : 0
   +0x194 Problem          : 0
   +0x198 ProblemStatus    : 0n0
   +0x1a0 ResourceList     : 0xffffcb0f`dc2b2540 _CM_RESOURCE_LIST
   +0x1a8 ResourceListTranslated : 0xffffcb0f`dc2ad1a0 _CM_RESOURCE_LIST
   +0x1b0 DuplicatePDO     : (null) 
   +0x1b8 ResourceRequirements : 0xffffcb0f`d9b42da0 _IO_RESOURCE_REQUIREMENTS_LIST
   +0x1c0 InterfaceType    : 0xffffffff (No matching name)
   +0x1c4 BusNumber        : 0xfffffff0
   +0x1c8 ChildInterfaceType : 5 ( PCIBus )
   +0x1cc ChildBusNumber   : 0x3e
   +0x1d0 ChildBusTypeIndex : 1
   +0x1d2 RemovalPolicy    : 0x5 ''
   +0x1d3 HardwareRemovalPolicy : 0x5 ''
   +0x1d8 TargetDeviceNotify : _LIST_ENTRY [ 0xffffa30f`5af28bf8 - 0xffffa30f`5af28bf8 ]
   +0x1e8 DeviceArbiterList : _LIST_ENTRY [ 0xffffa30f`5af28c08 - 0xffffa30f`5af28c08 ]
   +0x1f8 DeviceTranslatorList : _LIST_ENTRY [ 0xffffa30f`5af28c18 - 0xffffa30f`5af28c18 ]
   +0x208 NoTranslatorMask : 0
   +0x20a QueryTranslatorMask : 0
   +0x20c NoArbiterMask    : 0
   +0x20e QueryArbiterMask : 0
   +0x210 OverUsed1        : <anonymous-tag>
   +0x218 OverUsed2        : <anonymous-tag>
   +0x220 BootResources    : 0xffffcb0f`dd3cb290 _CM_RESOURCE_LIST
   +0x228 BootResourcesTranslated : 0xffffcb0f`dd3cb7d0 _CM_RESOURCE_LIST
   +0x230 CapabilityFlags  : 0x3e53
   +0x238 DockInfo         : <anonymous-tag>
   +0x258 DisableableDepends : 0
   +0x260 PendedSetInterfaceState : _LIST_ENTRY [ 0xffffa30f`5af28c80 - 0xffffa30f`5af28c80 ]
   +0x270 LegacyBusListEntry : _LIST_ENTRY [ 0xffffa30f`5af28c90 - 0xffffa30f`5af28c90 ]
   +0x280 DriverUnloadRetryCount : 0
   +0x288 PreviousParent   : (null) 
   +0x290 DeletedChildren  : 0n0
   +0x294 NumaNodeIndex    : 0xfffffffe
   +0x298 ContainerID      : _GUID {661a0a01-81f3-11ee-a96b-806e6f6e6963}
   +0x2a8 OverrideFlags    : 0x1 ''
   +0x2ac DeviceIdsHash    : 0x35807d52
   +0x2b0 RequiresUnloadedDriver : 0 ''
   +0x2b8 PendingEjectRelations : (null) 
   +0x2c0 StateFlags       : 0
   +0x2c8 RebalanceContext : (null) 
   +0x2d0 IommuExtension   : 0xffffcb0f`dd3cb690 _DEVICE_NODE_IOMMU_EXTENSION
   +0x2d8 DirectedDripsState : _PO_DIRECTED_DRIPS_STATE