BSOD randomly (KERNEL_MODE_HEAP_CORRUPTION)

[alexthekukats]

What happened:
Randomly got a BSOD.

What did you expect to happen?:
Not get BSOD.

How did you reproduce it?:
It keeps happening every couple of hours.

Debug Information:
mini dump file:

---

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

---

KERNEL_MODE_HEAP_CORRUPTION (13a)
The kernel mode heap manager has detected corruption in a heap.
Arguments:
Arg1: 0000000000000011, Type of corruption detected
Arg2: ffffbc03ea802140, Address of the heap that reported the corruption
Arg3: ffffbc0408689810, Address at which the corruption was detected
Arg4: 0000000000000000

Debugging Details:

*** WARNING: Unable to verify timestamp for portmaster-kext_v1-1-2.sys
fffff80373f1d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
GetUlongFromAddress: unable to read from fffff80373e312e0

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3921

Key  : Analysis.Elapsed.mSec
Value: 5315

Key  : Analysis.IO.Other.Mb
Value: 9

Key  : Analysis.IO.Read.Mb
Value: 0

Key  : Analysis.IO.Write.Mb
Value: 24

Key  : Analysis.Init.CPU.mSec
Value: 734

Key  : Analysis.Init.Elapsed.mSec
Value: 285688

Key  : Analysis.Memory.CommitPeak.Mb
Value: 86

Key  : Bugcheck.Code.LegacyAPI
Value: 0x13a

Key  : Dump.Attributes.AsUlong
Value: 1808

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0

Key  : Dump.Attributes.KernelGeneratedTriageDump
Value: 1

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 0

Key  : Failure.Bucket
Value: 0x13a_11_IoSB_portmaster_kext_v1_1_2!unknown_function

Key  : Failure.Hash
Value: {4146a5fa-ae40-5dbb-a11b-4ff688a82d90}

Key  : Hypervisor.Enlightenments.ValueHex
Value: 1417cf94

Key  : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key  : Hypervisor.Flags.ApicEnlightened
Value: 1

Key  : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 0

Key  : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key  : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key  : Hypervisor.Flags.CpuManager
Value: 1

Key  : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key  : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key  : Hypervisor.Flags.Epf
Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key  : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key  : Hypervisor.Flags.MaxBankNumber
Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key  : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key  : Hypervisor.Flags.Phase0InitDone
Value: 1

Key  : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key  : Hypervisor.Flags.RootScheduler
Value: 0

Key  : Hypervisor.Flags.SynicAvailable
Value: 1

Key  : Hypervisor.Flags.UseQpcBias
Value: 0

Key  : Hypervisor.Flags.Value
Value: 4853999

Key  : Hypervisor.Flags.ValueHex
Value: 4a10ef

Key  : Hypervisor.Flags.VpAssistPage
Value: 1

Key  : Hypervisor.Flags.VsmAvailable
Value: 1

Key  : Hypervisor.RootFlags.AccessStats
Value: 1

Key  : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key  : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key  : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key  : Hypervisor.RootFlags.IsHyperV
Value: 1

Key  : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key  : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key  : Hypervisor.RootFlags.Nested
Value: 0

Key  : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key  : Hypervisor.RootFlags.Value
Value: 1015

Key  : Hypervisor.RootFlags.ValueHex
Value: 3f7

BUGCHECK_CODE: 13a

BUGCHECK_P1: 11

BUGCHECK_P2: ffffbc03ea802140

BUGCHECK_P3: ffffbc0408689810

BUGCHECK_P4: 0

FILE_IN_CAB: 122123-12656-01.dmp

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x1808
Kernel Generated Triage Dump

POOL_ADDRESS: Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
ffffbc0408689810

FREED_POOL_TAG: IoSB

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: portmaster-cor

STACK_TEXT:
ffff9303b5017338 fffff803737b2c14 : 000000000000013a 0000000000000011 ffffbc03ea802140 ffffbc0408689810 : nt!KeBugCheckEx
ffff9303b5017340 fffff803737b2c74 : 0000000000000011 0000000000000000 ffffbc03ea802140 ffffbc0403e3ba50 : nt!RtlpHeapHandleError+0x40
ffff9303b5017380 fffff803737b2891 : 0000000001d00060 ffffffffffffffff 0000000000000000 ffffffffffffffff : nt!RtlpHpHeapHandleError+0x58
ffff9303b50173b0 fffff803736ad25c : ffffbc0403e3ba50 fffff8037347e13c ffffbc0400000001 ffff9303b5017539 : nt!RtlpLogHeapFailure+0x45
ffff9303b50173e0 fffff8037347eea9 : ffffbc03ea802380 ffffbc04048241ff 0000000000000000 0000000000000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x1b2f1c
ffff9303b5017470 fffff80373cac2b0 : ffffbc0408689810 000000000000000e 0000000000000060 0000000000000001 : nt!RtlpHpFreeHeap+0x159
ffff9303b5017510 fffff803c0528ec4 : ffffbc0442536f49 0000000000000000 ffffbc030000000e 0000000000000060 : nt!ExFreePoolWithTag+0x1a0
ffff9303b50175a0 ffffbc0442536f49 : 0000000000000000 ffffbc030000000e 0000000000000060 ffff9303b5017618 : portmaster_kext_v1_1_2+0x8ec4
ffff9303b50175a8 0000000000000000 : ffffbc030000000e 0000000000000060 ffff9303b5017618 fffff803c05266d7 : 0xffffbc04`42536f49

SYMBOL_NAME: portmaster_kext_v1_1_2+8ec4

MODULE_NAME: portmaster_kext_v1_1_2

IMAGE_NAME: portmaster-kext_v1-1-2.sys

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 8ec4

FAILURE_BUCKET_ID: 0x13a_11_IoSB_portmaster_kext_v1_1_2!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {4146a5fa-ae40-5dbb-a11b-4ff688a82d90}

Followup: MachineOwner

Additional logs can be found here:
core errors:

�NJ{"Created":1703119604,"Modified":1703119604,"Expires":1705711604,"Deleted":0}S
executing core/portmaster-core.exe version 1.6.2 on windows amd64
===== Error Report =====
Message: failed to load config file: invalid character '\x00' looking for beginning of value
Timestamp: 2023-12-21 01:46:44.6850908 +0100 CET m=+0.018001001
ModuleName: config
TaskName: start module
TaskType:
Severity: error
PanicValue: %!s()
StackTrace:

goroutine 1 [running]:
runtime/debug.Stack()
/usr/local/go/src/runtime/debug/stack.go:24 +0x5e
github.com/safing/portbase/modules.(*Module).NewErrorMessage(0xc0001a62c0, {0x149b448, 0xc}, {0x164ca00?, 0xc00060c500?})
/home/user/git/safing/portbase/modules/error.go:48 +0x45
github.com/safing/portbase/modules.startModules()
/home/user/git/safing/portbase/modules/start.go:200 +0x1c8
github.com/safing/portbase/modules.Start()
/home/user/git/safing/portbase/modules/start.go:99 +0x273
github.com/safing/portbase/run.Run()
/home/user/git/safing/portbase/run/main.go:34 +0x1f
main.main()
/home/user/git/safing/portmaster/cmds/portmaster-core/main.go:42 +0x165

===== End of Report =====

-->

[alexthekukats]

ps: it wont even launch anymore. "Error invoking remote method 'api.startService': Error: failed to start portmaster"

[alexthekukats]

extra info: this started happening after i uninstalled it, then later reinstalled it

[alechkos]

The same here, after the start of npm install got BSOD with KERNEL_M0DE_HEAD_CORRUPTION on Windows 11

The log of minidump file:

KERNEL_MODE_HEAP_CORRUPTION (13a)
The kernel mode heap manager has detected corruption in a heap.
Arguments:
Arg1: 0000000000000011, Type of corruption detected
Arg2: ffff8a021a010140, Address of the heap that reported the corruption
Arg3: ffff8a02618144f0, Address at which the corruption was detected
Arg4: 0000000000000000

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for portmaster-kext_v1-1-2.sys
fffff8000f31d470: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
HeapDbgInitExtension Failed

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 3155

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 17259

    Key  : Analysis.Init.CPU.mSec
    Value: 155

    Key  : Analysis.Init.Elapsed.mSec
    Value: 7791

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 88

    Key  : WER.OS.Branch
    Value: ni_release_svc_prod3

    Key  : WER.OS.Timestamp
    Value: 2023-10-18T18:09:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.2506


FILE_IN_CAB:  012824-23828-01.dmp

TAG_NOT_DEFINED_202b:  *** Unknown TAG in analysis list 202b


BUGCHECK_CODE:  13a

BUGCHECK_P1: 11

BUGCHECK_P2: ffff8a021a010140

BUGCHECK_P3: ffff8a02618144f0

BUGCHECK_P4: 0

POOL_ADDRESS: Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 ffff8a02618144f0

FREED_POOL_TAG:  PMas

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  portmaster-core_v1-6-5.exe

STACK_TEXT:
fffffd8a`38a2f378 fffff800`0ebb2b84     : 00000000`0000013a 00000000`00000011 ffff8a02`1a010140 ffff8a02`618144f0 : nt!KeBugCheckEx
fffffd8a`38a2f380 fffff800`0ebb2be4     : 00000000`00000011 00000000`00000000 ffff8a02`1a010140 ffff8a02`58f49680 : nt!RtlpHeapHandleError+0x40
fffffd8a`38a2f3c0 fffff800`0ebb2801     : 00000000`01d00060 ffffffff`ffffffff 00000000`00000000 ffffffff`ffffffff : nt!RtlpHpHeapHandleError+0x58
fffffd8a`38a2f3f0 fffff800`0eaad7d0     : ffff8a02`58f49680 fffff800`0e87e4ac ffff8a02`00000001 fffffd8a`38a2f579 : nt!RtlpLogHeapFailure+0x45
fffffd8a`38a2f420 fffff800`0e87f219     : ffff8a02`1a010380 ffff8a02`2fe9a1ff 00000000`00000000 00000000`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x1b35b0
fffffd8a`38a2f4b0 fffff800`0f0ac2b0     : ffff8a02`618144f0 00000000`00000002 00000000`00000001 00000000`00000001 : nt!RtlpHpFreeHeap+0x159
fffffd8a`38a2f550 fffff800`7f708ec4     : ffff8a02`73614d50 00000000`00000000 ffff8a02`00000002 00000000`00000060 : nt!ExFreePoolWithTag+0x1a0
fffffd8a`38a2f5e0 ffff8a02`73614d50     : 00000000`00000000 ffff8a02`00000002 00000000`00000060 fffffd8a`38a2f700 : portmaster_kext_v1_1_2+0x8ec4
fffffd8a`38a2f5e8 00000000`00000000     : ffff8a02`00000002 00000000`00000060 fffffd8a`38a2f700 fffff800`7f7066d7 : 0xffff8a02`73614d50


SYMBOL_NAME:  portmaster_kext_v1_1_2+8ec4

MODULE_NAME: portmaster_kext_v1_1_2

IMAGE_NAME:  portmaster-kext_v1-1-2.sys

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  8ec4

FAILURE_BUCKET_ID:  0x13a_11_PMas_portmaster_kext_v1_1_2!unknown_function

OS_VERSION:  10.0.22621.2506

BUILDLAB_STR:  ni_release_svc_prod3

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {38f08178-bf1c-fabf-7c9b-d78dd082202e}

Followup:     MachineOwner
---------

@dhaavi

[Raphty]

Blue Screens on windows are currently discussed in #1297
if @dhaavi want's to handle an issue here then he can open this issue again otherwise pleas keep similar issues together.