PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c2b72000, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff960000c23b4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
OVERLAPPED_MODULE: Address regions for 'ladfBakerRamd64' and 'ladfBakerCam' overlap
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c20e0
fffff900c2b72000
FAULTING_IP:
win32k!sfac_GetLongGlyphIDs+84
fffff960`000c23b4 44891e mov dword ptr [rsi],r11d
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800ca3e460 -- (.trap 0xfffff8800ca3e460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000004056196
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960000c23b4 rsp=fffff8800ca3e5f0 rbp=0000000000000a82
r8=0000000004056254 r9=000000000405618e r10=0000000000000a82
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
win32k!sfac_GetLongGlyphIDs+0x84:
fffff960`000c23b4 44891e mov dword ptr [rsi],r11d ds:00000000`00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000310b024 to fffff8000308a700
STACK_TEXT:
fffff880`0ca3e2f8 fffff800`0310b024 : 00000000`00000050 fffff900`c2b72000 00000000`00000001 fffff880`0ca3e460 : nt!KeBugCheckEx
fffff880`0ca3e300 fffff800`030887ee : 00000000`00000001 00000000`0000390f fffffa80`08dc4e00 fffff880`0ca3e630 : nt! ?? ::FNODOBFM::`string'+0x427f7
fffff880`0ca3e460 fffff960`000c23b4 : 00000000`0000390f fffff900`c2b72000 00000000`0000ffff fffff960`000c1cd8 : nt!KiPageFault+0x16e
fffff880`0ca3e5f0 fffff960`000c22fb : fffff960`000c2760 00000000`00000696 00000000`00001b4c 00000000`00003cfb : win32k!sfac_GetLongGlyphIDs+0x84
fffff880`0ca3e640 fffff960`000c222a : 00000000`04056154 00000000`00003cfb 00000000`000038a8 00000000`000038a8 : win32k!sfac_GetWinNTGlyphIDs+0xbb
fffff880`0ca3e6b0 fffff960`000c2102 : 00000000`00000000 00000000`00000000 fffff880`0ca3e840 00000000`00000034 : win32k!fs_WinNTGetGlyphIDs+0x6a
fffff880`0ca3e700 fffff960`000c1e52 : 00000000`04051a06 fffff880`0ca3e840 00000000`00004390 00000000`04050696 : win32k!cjComputeGLYPHSET_MSFT_UNICODE+0x252
fffff880`0ca3e7c0 fffff960`000b9167 : fffff900`c07a9790 00000000`00000001 00000000`00000001 00000000`00000000 : win32k!bLoadGlyphSet+0x13a
fffff880`0ca3e7f0 fffff960`000b9316 : fffff900`c07a9790 fffff900`00000001 fffff900`c07a9790 fffff960`00228eac : win32k!bReloadGlyphSet+0x24b
fffff880`0ca3eeb0 fffff960`000b926a : 00000000`00000000 fffff900`c07a9790 fffff900`00000001 fffff900`c01bb854 : win32k!ttfdQueryFontTree+0x66
fffff880`0ca3ef00 fffff960`001046c3 : fffff960`000b9210 fffff900`c069c780 00000000`00000001 00000000`00000000 : win32k!ttfdSemQueryFontTree+0x5a
fffff880`0ca3ef40 fffff960`00104563 : fffff880`0ca3f050 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!PDEVOBJ::QueryFontTree+0x63
fffff880`0ca3efc0 fffff960`000c0086 : fffff900`c008a010 00000000`00000000 00000000`00000002 00000000`00000000 : win32k!PFEOBJ::pfdg+0xa3
fffff880`0ca3f020 fffff960`00118cd8 : fffff900`c01bb740 fffff880`0ca3f2b0 fffff880`0ca3f1b0 fffff880`0ca3f280 : win32k!RFONTOBJ::bRealizeFont+0x46
fffff880`0ca3f140 fffff960`000bbf10 : 00000000`00000000 fffff900`00000000 00000000`00000000 fffffa80`00000002 : win32k!RFONTOBJ::bInit+0x548
fffff880`0ca3f260 fffff960`000c6f47 : 00000000`00000000 fffff960`000c6f28 00000000`00000000 00000000`00000000 : win32k!GreGetTextMetricsW+0x4c
fffff880`0ca3f2a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!NtGdiGetTextMetricsW+0x1f
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!sfac_GetLongGlyphIDs+84
fffff960`000c23b4 44891e mov dword ptr [rsi],r11d
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k!sfac_GetLongGlyphIDs+84
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4de066b5
FAILURE_BUCKET_ID: X64_0x50_win32k!sfac_GetLongGlyphIDs+84
BUCKET_ID: X64_0x50_win32k!sfac_GetLongGlyphIDs+84
Followup: MachineOwner
---------