SbieDrv.sys BSOD, Windows 10 latest

[rugabunda]

Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PC\AppData\Local\CrashDumps\backup\112021-14921-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`40c00000 PsLoadedModuleList = 0xfffff800`4182a2d0
Debug session time: Sat Nov 20 13:22:53.096 2021 (UTC - 7:00)
System Uptime: 1 days 21:45:06.836
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff978edb371000, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80053604500, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for SbieDrv.sys

Could not read faulting driver name

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 1

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DEVICE

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 2

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 121

    Key  : Analysis.System
    Value: CreateObject


TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b


DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

BUGCHECK_CODE:  50

BUGCHECK_P1: ffff978edb371000

BUGCHECK_P2: 0

BUGCHECK_P3: fffff80053604500

BUGCHECK_P4: 0

READ_ADDRESS: fffff800418fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8004180f378: Unable to get Flags value from nt!KdVersionBlock
fffff8004180f378: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
 ffff978edb371000 

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  firefox.exe

TRAP_FRAME:  fffffa887e235f70 -- (.trap 0xfffffa887e235f70)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff978efbcf9a10 rbx=0000000000000000 rcx=ffff978efbcf9b60
rdx=ffffffffdf6774a0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80053604500 rsp=fffffa887e236108 rbp=fffffa887e236150
 r8=000000000000000c  r9=0000000000000002 r10=0000000000000001
r11=ffff978edb37108c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
SbieDrv+0x24500:
fffff800`53604500 0f100c11        movups  xmm1,xmmword ptr [rcx+rdx] ds:ffff978e`db371000=????????????????????????????????
Resetting default scope

STACK_TEXT:  
fffffa88`7e235cc8 fffff800`4104a81f : 00000000`00000050 ffff978e`db371000 00000000`00000000 fffffa88`7e235f70 : nt!KeBugCheckEx
fffffa88`7e235cd0 fffff800`40e9f390 : fffffa88`7e2360a0 00000000`00000000 fffffa88`7e235ff0 00000000`00000000 : nt!MiSystemFault+0x18d46f
fffffa88`7e235dd0 fffff800`4100545e : fffff800`41276000 00000000`00000000 ffff8306`af07a8c0 ffff8306`c62a0ac0 : nt!MmAccessFault+0x400
fffffa88`7e235f70 fffff800`53604500 : fffff800`535f8ace 00000000`00000000 00000000`00000000 00000000`000000ee : nt!KiPageFault+0x35e
fffffa88`7e236108 fffff800`535f8ace : 00000000`00000000 00000000`00000000 00000000`000000ee ffff978e`f00fa0d0 : SbieDrv+0x24500
fffffa88`7e236110 00000000`00000000 : 00000000`00000000 00000000`000000ee ffff978e`f00fa0d0 ffff978e`db370f76 : SbieDrv+0x18ace


SYMBOL_NAME:  SbieDrv+24500

MODULE_NAME: SbieDrv

IMAGE_NAME:  SbieDrv.sys

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  24500

FAILURE_BUCKET_ID:  AV_R_INVALID_SbieDrv!unknown_function

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {e4cfa71a-4a04-c348-ee62-87adaf21dfbb}

Followup:     MachineOwner
---------

[DavidXanatos]

could you pelase provide the dmp file?

[rugabunda]

112021-14921-01.zip

[rugabunda]

Never seen this ever before, this was a one time only case, am overclocking both cpu, ram, and infinity fabric, with high stability. Was only browsing the web when this happened. Looks like the dump is missing a lot of data?

"The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.

READ_ADDRESS: fffff800418fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8004180f378: Unable to get Flags value from nt!KdVersionBlock
fffff8004180f378: Unable to get Flags value from nt!KdVersionBlock

AV_R_INVALID_SbieDrv!unknown_function"

[isaak654]

This seems to involve version 1.00 / 5.55, other crashes were reported from stapp in the following posts :
https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-0.442171/page-6#post-3053048
https://www.wilderssecurity.com/threads/sandboxie-plus-1-0-0.442171/page-8#post-3054527

Win 10 21H2 Classic 5.55 had a BSOD.

On Thu 25/11/2021 15:43:01 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\112521-14359-01.dmp
This was probably caused by the following module: sbiedrv.sys (0xFFFFF80484644500)
Bugcheck code: 0x50 (0xFFFFD78831615000, 0x0, 0xFFFFF80484644500, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Program Files\Sandboxie\SbieDrv.sys
product: Sandboxie
company: sandboxie-plus.com
description: Sandboxie Kernel Mode Driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: sbiedrv.sys (Sandboxie Kernel Mode Driver, sandboxie-plus.com).

@DavidXanatos
I shall send you a link to the minidmp in a pm.

UPDATE:
May go back to previous build. So far I've had a BSOD last week, and then today a SbieSvc crash with this build (Classic 5.55)

Description
Faulting Application Path: C:\Program Files\Sandboxie\SbieSvc.exe

Problem signature
Problem Event Name: BEX64
Application Name: SbieSvc.exe
Application Version: 5.55.0.0
Application Timestamp: 6192a18d
Fault Module Name: ntdll.dll
Fault Module Version: 10.0.19041.1288
Fault Module Timestamp: a280d1d6
Exception Offset: 000000000011c1e8
Exception Code: c0000005
Exception Data: 0000000000000008
OS Version: 10.0.19044.2.0.0.256.48
Locale ID: 2057
Additional Information 1: e9b4
Additional Information 2: e9b418bba388d1b7b1162570c0d880ff
Additional Information 3: 255a
Additional Information 4: 255a5caf9d6a09ed9610f84d31f720a5

EDIT.. Might be an idea for other users of the build to open Windows Reliability History to see if they have had any

[rugabunda]

Just happened a second time, here is another, while watching this video on the plandemic on rumble

minidump:

120521-14031-01.zip

[rugabunda]

@DavidXanatos Would changing my Windows settings to do a "complete" memory dump, be useful to you? Its currently set to 'small memory dump, (256 KB), although, its actually 1.6 megabytes.

[DavidXanatos]

no the dump as is is fine its the same issue already reported I'll prepare a new build soon,
sory for the delay but the last week was extremly busy in my day job and stuff

[rugabunda]

Thanks Dave.