[.02] Bluescreen with error "PAGE_FAULT_IN_NONPAGED_ARE

Listing issues addressed in beta version 4.07
scarid
Posts: 23
Joined: Wed Jul 17, 2013 2:18 pm

[.02] Bluescreen with error "PAGE_FAULT_IN_NONPAGED_ARE

Post by scarid » Thu Oct 17, 2013 9:59 am

Hello,

I often get a Bluescreen when I open a sandboxed application. The Bluescreen says "PAGE_FAULT_IN_NONPAGED_AREA".

System details:

- Sandboxie 4.06
- Windows 8.1 Professional x64 (Windows 8 seems to work now with Sandboxie 4.06...if not I will update this post)

I have this problem since 4.05.07 Beta or something like that. It doesn't matter which application is sandboxed but I have the feeling that Google Chrome is mostly affected. But it's possible that the reason for this is that Chrome is my most used application. The problem only occurs sporadically when I start a sandboxed application the first time after the operating system boot. If the problem doesn't occur at this time it won't occur furthermore during the same Windows logon session. But it can happen again when I reboot.

How can I help to localize the problem? It is really annoying. And I have this problem on three computers.

Thank you very much for your help and this great product!

Labak54
Posts: 5
Joined: Fri Mar 08, 2013 11:16 am

Post by Labak54 » Fri Oct 18, 2013 7:49 am

Same Problem - Sandboxie 4.06 - Windows 8 Professional x64 - IE10

I have this problem since 4.05.xx too.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Fri Oct 18, 2013 10:57 am

I received a couple of similar problem reports and I think this has something to do with user accounts, although I still don't know what is causing this, or how to reproduce the problem so I can fix it. Can you try to create a new user account and use it instead of your current user account, to see if it has any effect on the problem?
tzuk

scarid
Posts: 23
Joined: Wed Jul 17, 2013 2:18 pm

Post by scarid » Fri Oct 18, 2013 11:53 am

On all computers I use limited user accounts that are only members of the local group "Users". The accounts therefore don't have administrator priviledges. Is this fully supported by Sandboxie? No problem...I can create a new account and check if the problem persists.

balloonshark
Posts: 51
Joined: Tue Apr 28, 2009 6:49 am

Post by balloonshark » Sat Oct 19, 2013 7:12 am

I was actually going to bump my old thread but I'll post here for the time being. I'm using Widows 8 64 bit with a limited user account and Sbie 4.04 and had the same problem. I disabled fast startup and for the past month I haven't seen a BSOD when starting my browser sandboxed after booting up.

How to disable fast startup. http://www.eightforums.com/tutorials/63 ... s-8-a.html

Another change I have made is letting the Intel Rapid Storage Icon fully load before I start my browsing session. I have a feeling the problem is with fast startup.

If you happen to disable fast startup and it helps please post back so Tzuk can look into the matter.

Edit: My old thread is here. http://www.sandboxie.com/phpbb/viewtopic.php?t=16309

balloonshark
Posts: 51
Joined: Tue Apr 28, 2009 6:49 am

Post by balloonshark » Sun Oct 20, 2013 10:33 am

Never mind. I just had another BSOD :x. Do any of you use Shadow Defender? I'll post the rest in my other thread.

scarid
Posts: 23
Joined: Wed Jul 17, 2013 2:18 pm

Post by scarid » Sun Oct 20, 2013 4:59 pm

No, I don't use Shadow Defender. I disabled the fast startup feature of Windows 8 and currently check if it helps. But after your post it doesn't seem to help. :?

Maybe Tzuk has the right guess in relation to user accounts. We should keep that in mind and test it.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Sun Oct 20, 2013 8:47 pm

I'm sorry that I can only offer this vague guess. I examined the first couple of crash dumps for this type of crash and it was clear the problem is caused due to a corrupted security token. A security token is the internal data structure that contains the security data for the user account, and half of that data was missing in the dump, causing this crash. But I could not identify in the dump why the security token data became corrupted in the first place. Hopefully in time the precise reason will become clear, and I will be able to trigger this problem myself and study it.
tzuk

nsb
Posts: 15
Joined: Fri Nov 16, 2012 7:34 pm

Post by nsb » Mon Oct 21, 2013 11:10 am

now i upgraded to 8.1 but i also recorded this issue.

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA

Same symptoms than scarid ("The problem only occurs sporadically when I start a sandboxed application the first time after the operating system boot. If the problem doesn't occur at this time it won't occur furthermore during the same Windows logon session. But it can happen again when I reboot"), fast startup disabled, standard user account.

johnnymumble
Posts: 1
Joined: Sun Nov 10, 2013 6:59 pm

Same issue

Post by johnnymumble » Sun Nov 10, 2013 7:09 pm

I am getting the same PAGE_FAULT_IN_NONPAGED_AREA error. I have not really been able to identify a pattern yet except that it seems to occur within a few minutes of booting up or not at all.

I am running Windows 8.1 and Windows 8 before that, I had the same problem with both versions. I have Sandboxie installed on a Windows 7 machine with no issues. I cannot say if the issue occurred on the machine prior to installing Sandboxie because I installed Sandboxie immediately.

EDIT: Forgot to mention that I do not run as an admin user either.

Here is a bit from WinDbg if it helps:

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffc00009a8200c, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800c396269a, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:
------------------


READ_ADDRESS: ffffc00009a8200c Paged pool

FAULTING_IP:
nt!memcpy+21a
fffff800`c396269a f30f6f4402f0 movdqu xmm0,xmmword ptr [rdx+rax-10h]

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: chrome.exe

CURRENT_IRQL: 0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

TRAP_FRAME: ffffd0003c2c80c0 -- (.trap 0xffffd0003c2c80c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc00010ed578c rbx=0000000000000000 rcx=fffffffffffffff4
rdx=fffffffff8bac890 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800c396269a rsp=ffffd0003c2c8258 rbp=ffffc00010ed5368
r8=00000000000002c0 r9=0000000000000006 r10=0000000000000000
r11=ffffc00010ed54c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt!memcpy+0x21a:
fffff800`c396269a f30f6f4402f0 movdqu xmm0,xmmword ptr [rdx+rax-10h] ds:ffffc000`09a8200c=????????????????????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff800c396afd8 to fffff800c3955ca0

STACK_TEXT:
ffffd000`3c2c7ed8 fffff800`c396afd8 : 00000000`00000050 ffffc000`09a8200c 00000000`00000000 ffffd000`3c2c80c0 : nt!KeBugCheckEx
ffffd000`3c2c7ee0 fffff800`c38690fd : 00000000`00000000 ffffe000`01194080 ffffd000`3c2c80c0 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x4e48
ffffd000`3c2c7f80 fffff800`c395ff2f : 00000000`00000000 00000000`00000000 ffffd000`3c2c8300 ffffd000`3c2c80c0 : nt!MmAccessFault+0x7ed
ffffd000`3c2c80c0 fffff800`c396269a : fffff800`c3bbdcda ffffc000`10ed5002 ffffc000`10ed5060 ffffe000`00b5ea70 : nt!KiPageFault+0x12f
ffffd000`3c2c8258 fffff800`c3bbdcda : ffffc000`10ed5002 ffffc000`10ed5060 ffffe000`00b5ea70 00000000`000007ff : nt!memcpy+0x21a
ffffd000`3c2c8260 fffff800`c3cc8c91 : ffffc000`04d9d3f0 ffffd000`3c2c8390 00000000`00000000 00000000`00000078 : nt!SepDuplicateToken+0x346
ffffd000`3c2c8320 fffff800`c3c01003 : ffffc000`054cf060 00000000`00000000 ffffc000`054cf590 00000000`000007ff : nt!SepSetLogonSessionToken+0x81
ffffd000`3c2c83a0 fffff800`c3e1deef : 00000000`00000003 00000000`00000000 ffffc000`00000002 ffffc000`0000000d : nt!SepFilterToken+0x55b
ffffd000`3c2c84b0 fffff800`03fe3a95 : 00000000`00000000 ffffc000`03c77560 00000000`00000000 00000000`00000000 : nt!SeFilterToken+0xbf
ffffd000`3c2c8530 fffff800`03fe4462 : ffffc000`09a818f0 ffffc000`00000000 ffffc000`099292e0 ffffc000`09164280 : SbieDrv+0x1ca95
ffffd000`3c2c85d0 fffff800`03fe4629 : ffffc000`10e4d8f0 ffffd000`3c2c86c8 ffffd000`3c2c8600 ffffc000`10e540d0 : SbieDrv+0x1d462
ffffd000`3c2c8620 fffff800`03fdac6a : ffffc000`10e540d0 ffffd000`3c2c86c8 ffffd000`3c2c86c8 ffffd000`3c2c87a0 : SbieDrv+0x1d629
ffffd000`3c2c8670 fffff800`c3baad8e : ffffe000`01194080 ffffe000`01194080 ffffd000`3c2c87a0 fffff800`c3ae3e50 : SbieDrv+0x13c6a
ffffd000`3c2c86a0 fffff800`c3c5b0cc : 00000000`ffb56000 ffffd000`3c2c8740 ffffe000`00993080 00000000`00000000 : nt!PsCallImageNotifyRoutines+0x12e
ffffd000`3c2c8710 fffff800`c3c5adb5 : 00000000`ffb5d000 00000000`ffb5d000 ffffe000`00993080 ffffe000`01194080 : nt!DbgkCreateThread+0x168
ffffd000`3c2c8950 fffff800`c395c3f5 : fffff800`c3af6180 00000000`00000000 fffff800`c3c5ad0c ffffe000`01194080 : nt!PspUserThreadStartup+0xa9
ffffd000`3c2c89c0 fffff800`c395c377 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThread+0x16
ffffd000`3c2c8b00 00007ffc`9fed43b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThreadReturn
00000000`0061fc78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`9fed43b4


STACK_COMMAND: kb

FOLLOWUP_IP:
SbieDrv+1ca95
fffff800`03fe3a95 85c0 test eax,eax

SYMBOL_STACK_INDEX: 9

SYMBOL_NAME: SbieDrv+1ca95

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SbieDrv

IMAGE_NAME: SbieDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 525e8f90

FAILURE_BUCKET_ID: AV_SbieDrv+1ca95

BUCKET_ID: AV_SbieDrv+1ca95

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_sbiedrv+1ca95

FAILURE_ID_HASH: {90030c0e-167c-96c0-3d18-5bad6b90e84c}

Followup: MachineOwner
---------

nsb
Posts: 15
Joined: Fri Nov 16, 2012 7:34 pm

Post by nsb » Sun Nov 10, 2013 8:44 pm

look at 4.07.03 to see if it makes any difference

scarid
Posts: 23
Joined: Wed Jul 17, 2013 2:18 pm

Post by scarid » Fri Nov 15, 2013 8:58 am

Since 4.07.03 I didn't get a bluescreen anymore till today. Thank you for your great work, Tzuk!

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Fri Nov 15, 2013 11:08 am

Just to confirm, "till today" means that you still didn't see a crash, yes? Thanks for the encouraging update! :)
tzuk

scarid
Posts: 23
Joined: Wed Jul 17, 2013 2:18 pm

Post by scarid » Fri Nov 15, 2013 3:33 pm

Hey Tzuk! Yes, my message could have been a bit clearer. :wink: But your guess is right. I didn't get any bluescreen since 4.07.03. These are good news. If something changes about it I will update this post.

Mr.X
Posts: 567
Joined: Sat Jul 13, 2013 2:34 pm
Location: Mexico

Post by Mr.X » Fri Nov 15, 2013 5:08 pm

The same problem here with 4.07.03. Bluescreen says "PAGE_FAULT_IN_NONPAGED_AREA"

Scenario:
Windows 8 x86
Standard User Account
Fast start up disabled
Google Chrome

And the culprit is SbieDrv.sys according to Nirsoft BlueScreenView
Windows 8.1 x64/x86 EN | Sandboxie latest beta or stable | All software latest versions unless stated otherwise

Locked

Who is online

Users browsing this forum: No registered users and 1 guest