PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffffffffffffd0, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff80333004584, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for FACEIT.sys
Could not read faulting driver name
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
PROCESSES_ANALYSIS: 1
SERVICE_ANALYSIS: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
DUMP_TYPE: 2
BUGCHECK_P1: ffffffffffffffd0
BUGCHECK_P2: 2
BUGCHECK_P3: fffff80333004584
BUGCHECK_P4: 2
READ_ADDRESS: fffff803335733b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffffffffffffd0
FAULTING_IP:
nt!ObfReferenceObjectWithTag+24
fffff803`33004584 f0480fc15ed0 lock xadd qword ptr [rsi-30h],rbx
MM_INTERNAL_CODE: 2
CPU_COUNT: c
CPU_MHZ: d48
CPU_VENDOR: AuthenticAMD
CPU_FAMILY: 17
CPU_MODEL: 8
CPU_STEPPING: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-18V31A3
ANALYSIS_SESSION_TIME: 01-16-2020 01:58:33.0818
ANALYSIS_VERSION: 10.0.18362.1 x86fre
TRAP_FRAME: ffffe9016c78e3a0 -- (.trap 0xffffe9016c78e3a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000008000 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000746c6644 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80333004584 rsp=ffffe9016c78e530 rbp=fffff803877cb1bc
r8=ffff88811b9b8d20 r9=ffff88811b9b8d20 r10=ffff888119202000
r11=ffffe9016c78e4f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ObfReferenceObjectWithTag+0x24:
fffff803`33004584 f0480fc15ed0 lock xadd qword ptr [rsi-30h],rbx ds:ffffffff`ffffffd0=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff803331e35d6 to fffff803331c14e0
STACK_TEXT:
ffffe901`6c78e0f8 fffff803`331e35d6 : 00000000`00000050 ffffffff`ffffffd0 00000000`00000002 ffffe901`6c78e3a0 : nt!KeBugCheckEx
ffffe901`6c78e100 fffff803`33072eef : 00000000`00000000 00000000`00000002 00000000`00000000 ffffffff`ffffffd0 : nt!MiSystemFault+0x1d6866
ffffe901`6c78e200 fffff803`331cf520 : 00000000`00000001 00000000`00000070 ffff8881`2bd48dd0 ffff8881`18010000 : nt!MmAccessFault+0x34f
ffffe901`6c78e3a0 fffff803`33004584 : 00000000`00000000 00000000`00000058 00000000`00000000 fffff803`3336f06d : nt!KiPageFault+0x360
ffffe901`6c78e530 fffff803`330d2206 : ffff8881`2a7e8b00 ffff8881`1b9b8d20 ffff8881`280f6040 00000000`00000000 : nt!ObfReferenceObjectWithTag+0x24
ffffe901`6c78e570 fffff803`330d1d05 : fffff803`00000000 00000000`00000001 ffffe901`6c78e680 ffff8881`1b9b8d20 : nt!IopQueueWorkItemProlog+0x52
ffffe901`6c78e5a0 fffff803`88825a38 : ffff8881`1b9b78e0 00000000`00000000 00000000`00000000 ffff8881`1b9b78e0 : nt!IoQueueWorkItem+0x15
ffffe901`6c78e5d0 ffff8881`1b9b78e0 : 00000000`00000000 00000000`00000000 ffff8881`1b9b78e0 ffffe901`6c78e5b0 : FACEIT+0x1065a38
ffffe901`6c78e5d8 00000000`00000000 : 00000000`00000000 ffff8881`1b9b78e0 ffffe901`6c78e5b0 00000000`00000038 : 0xffff8881`1b9b78e0
THREAD_SHA1_HASH_MOD_FUNC: 34852ae56a881c7330b4cf4720e201e7f2dbf97c
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6d2703c4691137d5e146b31bdfba5fb941937219
THREAD_SHA1_HASH_MOD: a74cd514b2e0f22229ac9a51240214a38c96fede
FOLLOWUP_IP:
FACEIT+1065a38
fffff803`88825a38 e910000000 jmp FACEIT+0x1065a4d (fffff803`88825a4d)
FAULT_INSTR_CODE: 10e9
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: FACEIT+1065a38
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: FACEIT
IMAGE_NAME: FACEIT.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5e188842
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1065a38
FAILURE_BUCKET_ID: AV_INVALID_FACEIT!unknown_function
BUCKET_ID: AV_INVALID_FACEIT!unknown_function
PRIMARY_PROBLEM_CLASS: AV_INVALID_FACEIT!unknown_function
TARGET_TIME: 2020-01-10T17:15:00.000Z
OSBUILD: 18362
OSSERVICEPACK: 535
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 1980-01-11 18:53:20
BUILDDATESTAMP_STR: 190318-1202
BUILDLAB_STR: 19h1_release
BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
ANALYSIS_SESSION_ELAPSED_TIME: 6e4d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_invalid_faceit!unknown_function
FAILURE_ID_HASH: {c16d4f0e-c865-34f7-3c81-3d50019d3ee7}
Followup: MachineOwner