Bug causing KERNEL_MODE_HEAP_CORRUPTION (13a) BSOD on Windows 11 build 23H2 2024-10 Cumulative Update Version 23H2 for x64-based Systems (KB5044285)

indexfull commented 1 week ago

Pre-Submit Checklist:

Check applicable sources for existing issues:

What happened:

BSOD: KERNEL_MODE_HEAP_CORRUPTION (13a)

What did you expect to happen?:

Nothing

How did you reproduce it?:

Playing games while watching youtube on chrome

Debug Information:

Repository : LocalInstalled, Enabled: true ----> Repository : UserExtensions, Enabled: true >>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds ************* Waiting for Debugger Extensions Gallery to Initialize ************** >>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.079 seconds ----> Repository : UserExtensions, Enabled: true, Packages count: 0 ----> Repository : LocalInstalled, Enabled: true, Packages count: 42 Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\111024-11515-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 22621 MP (28 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Kernel base = 0xfffff801`5c200000 PsLoadedModuleList = 0xfffff801`5ce134b0 Debug session time: Sun Nov 10 01:00:56.644 2024 (UTC + 1:00) System Uptime: 2 days 21:01:26.652 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ................................................................ ................................................................ ...................................................... Loading User Symbols PEB is paged out (Peb.Ldr = 00000052`984ec018). Type ".hh dbgerr001" for details Loading unloaded module list .................................................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`5c614df0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffc8d`3b797380=000000000000013a 20: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_MODE_HEAP_CORRUPTION (13a) The kernel mode heap manager has detected corruption in a heap. Arguments: Arg1: 0000000000000011, Type of corruption detected Arg2: ffff9c0fa6010140, Address of the heap that reported the corruption Arg3: ffff9c0120cf0db0, Address at which the corruption was detected Arg4: 0000000000000000 Debugging Details: ------------------ fffff8015cf1d470: Unable to get MiVisibleState Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd HeapDbgInitExtension Failed KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 1140 Key : Analysis.Elapsed.mSec Value: 2616 Key : Analysis.IO.Other.Mb Value: 0 Key : Analysis.IO.Read.Mb Value: 1 Key : Analysis.IO.Write.Mb Value: 0 Key : Analysis.Init.CPU.mSec Value: 156 Key : Analysis.Init.Elapsed.mSec Value: 22770 Key : Analysis.Memory.CommitPeak.Mb Value: 100 Key : Analysis.Version.DbgEng Value: 10.0.27725.1000 Key : Analysis.Version.Description Value: 10.2408.27.01 amd64fre Key : Analysis.Version.Ext Value: 1.2408.27.1 Key : Bugcheck.Code.LegacyAPI Value: 0x13a Key : Bugcheck.Code.TargetModel Value: 0x13a Key : Dump.Attributes.AsUlong Value: 1808 Key : Dump.Attributes.DiagDataWrittenToHeader Value: 1 Key : Dump.Attributes.ErrorCode Value: 0 Key : Dump.Attributes.KernelGeneratedTriageDump Value: 1 Key : Dump.Attributes.LastLine Value: Dump completed successfully. Key : Dump.Attributes.ProgressPercentage Value: 0 Key : Failure.Bucket Value: 0x13a_11_PMas_portmaster_kext_v1_1_2!unknown_function Key : Failure.Hash Value: {38f08178-bf1c-fabf-7c9b-d78dd082202e} Key : Hypervisor.Enlightenments.ValueHex Value: 1417df84 Key : Hypervisor.Flags.AnyHypervisorPresent Value: 1 Key : Hypervisor.Flags.ApicEnlightened Value: 0 Key : Hypervisor.Flags.ApicVirtualizationAvailable Value: 1 Key : Hypervisor.Flags.AsyncMemoryHint Value: 0 Key : Hypervisor.Flags.CoreSchedulerRequested Value: 0 Key : Hypervisor.Flags.CpuManager Value: 1 Key : Hypervisor.Flags.DeprecateAutoEoi Value: 1 Key : Hypervisor.Flags.DynamicCpuDisabled Value: 1 Key : Hypervisor.Flags.Epf Value: 0 Key : Hypervisor.Flags.ExtendedProcessorMasks Value: 1 Key : Hypervisor.Flags.HardwareMbecAvailable Value: 1 Key : Hypervisor.Flags.MaxBankNumber Value: 0 Key : Hypervisor.Flags.MemoryZeroingControl Value: 0 Key : Hypervisor.Flags.NoExtendedRangeFlush Value: 0 Key : Hypervisor.Flags.NoNonArchCoreSharing Value: 1 Key : Hypervisor.Flags.Phase0InitDone Value: 1 Key : Hypervisor.Flags.PowerSchedulerQos Value: 0 Key : Hypervisor.Flags.RootScheduler Value: 0 Key : Hypervisor.Flags.SynicAvailable Value: 1 Key : Hypervisor.Flags.UseQpcBias Value: 0 Key : Hypervisor.Flags.Value Value: 21631230 Key : Hypervisor.Flags.ValueHex Value: 14a10fe Key : Hypervisor.Flags.VpAssistPage Value: 1 Key : Hypervisor.Flags.VsmAvailable Value: 1 Key : Hypervisor.RootFlags.AccessStats Value: 1 Key : Hypervisor.RootFlags.CrashdumpEnlightened Value: 1 Key : Hypervisor.RootFlags.CreateVirtualProcessor Value: 1 Key : Hypervisor.RootFlags.DisableHyperthreading Value: 0 Key : Hypervisor.RootFlags.HostTimelineSync Value: 1 Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled Value: 0 Key : Hypervisor.RootFlags.IsHyperV Value: 1 Key : Hypervisor.RootFlags.LivedumpEnlightened Value: 1 Key : Hypervisor.RootFlags.MapDeviceInterrupt Value: 1 Key : Hypervisor.RootFlags.MceEnlightened Value: 1 Key : Hypervisor.RootFlags.Nested Value: 0 Key : Hypervisor.RootFlags.StartLogicalProcessor Value: 1 Key : Hypervisor.RootFlags.Value Value: 1015 Key : Hypervisor.RootFlags.ValueHex Value: 3f7 BUGCHECK_CODE: 13a BUGCHECK_P1: 11 BUGCHECK_P2: ffff9c0fa6010140 BUGCHECK_P3: ffff9c0120cf0db0 BUGCHECK_P4: 0 FILE_IN_CAB: 111024-11515-01.dmp TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b DUMP_FILE_ATTRIBUTES: 0x1808 Kernel Generated Triage Dump FAULTING_THREAD: ffff9c0fc3871080 POOL_ADDRESS: Unable to get NonPagedPoolStart Unable to get NonPagedPoolEnd Unable to get PagedPoolStart Unable to get PagedPoolEnd unable to get nt!MmSpecialPagesInUse ffff9c0120cf0db0 FREED_POOL_TAG: PMas BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: portmaster-cor STACK_TEXT: fffffc8d`3b797378 fffff801`5c7b253c : 00000000`0000013a 00000000`00000011 ffff9c0f`a6010140 ffff9c01`20cf0db0 : nt!KeBugCheckEx fffffc8d`3b797380 fffff801`5c7b259c : 00000000`00000011 00000000`00000000 ffff9c0f`a6010140 ffff9c01`0b809990 : nt!RtlpHeapHandleError+0x40 fffffc8d`3b7973c0 fffff801`5c7b21b9 : 00000000`01d00060 ffffffff`ffffffff 00000000`00000000 ffffffff`ffffffff : nt!RtlpHpHeapHandleError+0x58 fffffc8d`3b7973f0 fffff801`5c69b426 : ffff9c01`0b809990 fffff801`5c46784c ffff9c01`00000001 fffffc8d`3b797579 : nt!RtlpLogHeapFailure+0x45 fffffc8d`3b797420 fffff801`5c4685b9 : ffff9c0f`a6010380 ffff9c0f`d9a431ff 00000000`00000000 00000000`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x1d0866 fffffc8d`3b7974b0 fffff801`5ccaaa00 : ffff9c01`20cf0db0 00000000`00000002 00000000`00000001 00000000`00000001 : nt!RtlpHpFreeHeap+0x159 fffffc8d`3b797550 fffff801`b44c8ec4 : ffff9c01`73614d50 00000000`00000000 ffff9c0f`00000002 00000000`00000060 : nt!ExFreePoolWithTag+0x1a0 fffffc8d`3b7975e0 ffff9c01`73614d50 : 00000000`00000000 ffff9c0f`00000002 00000000`00000060 fffffc8d`3b797658 : portmaster_kext_v1_1_2+0x8ec4 fffffc8d`3b7975e8 00000000`00000000 : ffff9c0f`00000002 00000000`00000060 fffffc8d`3b797658 fffff801`b44c66d7 : 0xffff9c01`73614d50 SYMBOL_NAME: portmaster_kext_v1_1_2+8ec4 MODULE_NAME: portmaster_kext_v1_1_2 IMAGE_NAME: portmaster-kext_v1-1-2.sys STACK_COMMAND: .process /r /p 0xffff9c0fbee3e080; .thread 0xffff9c0fc3871080 ; kb BUCKET_ID_FUNC_OFFSET: 8ec4 FAILURE_BUCKET_ID: 0x13a_11_PMas_portmaster_kext_v1_1_2!unknown_function OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {38f08178-bf1c-fabf-7c9b-d78dd082202e} Followup: MachineOwner --------- Additional logs can be found here: - Linux: `/opt/safing/portmaster/logs` - Windows: `%PROGRAMDATA%\Safing\Portmaster\logs` -->

github-actions[bot] commented 1 week ago

Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:

🗣️ Our community on Discord is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help.
📖 The Wiki answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing.

Raphty commented 1 week ago

@indexfull you can switch to the beta channel, we have updated the kext.

safing / portmaster

Bug causing KERNEL_MODE_HEAP_CORRUPTION (13a) BSOD on Windows 11 build 23H2 2024-10 Cumulative Update Version 23H2 for x64-based Systems (KB5044285) #1735