24H2 BSOD With Error “MEMORY_MANAGEMENT (1a)”

NTFSD
1

Hello All,

We have upgraded to Windows 11 24H2, and now our custom drivers consistently causes a BSOD with the error code "MEMORY_MANAGEMENT (1a)".

BUGCHECK_CODE: 1a

BUGCHECK_P1: 8840

BUGCHECK_P2: ffffc4000e8c8c60

BUGCHECK_P3: 0

BUGCHECK_P4: 0

Before the 24H2 update, drivers was functioning perfectly under the same conditions in previous versions of Windows 11, so I believe this issue is related to the 24H2 update.

The analysis output is below. We have done some analysis but could not find which module is causing the BSOD. We request your help in analyzing the shared dump file to identify the problematic code or module. Thank you very much.

8: kd> !analyze -v *

MEMORY_MANAGEMENT (1a)

Any other values for parameter 1 must be individually examined.

Arguments:
Arg1: 0000000000008840, The subtype of the BugCheck.
Arg2: ffffc4000e8c8c60
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 108

Key  : Analysis.Elapsed.mSec
Value: 69

Key  : Analysis.IO.Other.Mb
Value: 1

Key  : Analysis.IO.Read.Mb
Value: 2

Key  : Analysis.IO.Write.Mb
Value: 1

Key  : Analysis.Init.CPU.mSec
Value: 258546

Key  : Analysis.Init.Elapsed.mSec
Value: 10381393

Key  : Analysis.Memory.CommitPeak.Mb
Value: 110

Key  : Bugcheck.Code.KiBugCheckData
Value: 0x1a

Key  : Bugcheck.Code.LegacyAPI
Value: 0x1a

Key  : Dump.Attributes.AsUlong
Value: 21800

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 100

Key  : Failure.Bucket
Value: WRONG_SYMBOLS_X64_26100.1.amd64fre.ge_release.240331-1435_TIMESTAMP_850309-225321_D8A9F461_nt_wrong_symbols!D8A9F461144F000

Key  : Failure.Hash
Value: {1dcd88f5-eae1-cea2-c312-5c68661cbb74}

Key  : WER.OS.Branch
Value: ge_release

Key  : WER.OS.Version
Value: 10.0.26100.1

BUGCHECK_CODE: 1a

BUGCHECK_P1: 8840

BUGCHECK_P2: ffffc4000e8c8c60

BUGCHECK_P3: 0

BUGCHECK_P4: 0

FILE_IN_CAB: MEMORY2.DMP

ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

WRONG_SYMBOLS_TIMESTAMP: d8a9f461

WRONG_SYMBOLS_SIZE: 144f000

FAULTING_MODULE: fffff80784400000 nt

DUMP_FILE_ATTRIBUTES: 0x21800

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

STACK_TEXT:
fffffc88af4ea568 fffff80784adab01 : 000000000000001a 0000000000008840 ffffc4000e8c8c60 0000000000000000 : nt!KeBugCheckEx
fffffc88af4ea570 fffff8078480c965 : fffff807852389c0 fffff80700000000 ffffa182fa8de040 0000000000000002 : nt!strncpy+0x256a1
fffffc88af4ea640 fffff80784887c2a : ffffa182fa8de040 ffffa182fa8de040 0000000000000080 fffff8078480c760 : nt!IoGetTransactionParameterBlock+0x1fc5
fffffc88af4eab30 fffff80784aa0b24 : ffffd100eb790180 ffffa182fa8de040 fffff80784887bd0 0000000000000000 : nt!PsGetCurrentThreadStackBase+0x55a
fffffc88af4eab80 0000000000000000 : fffffc88af4eb000 fffffc88af4e4000 0000000000000000 0000000000000000 : nt!KeSaveStateForHibernate+0x1084

STACK_COMMAND: .cxr; .ecxr ; kb

EXCEPTION_CODE_STR: D8A9F461

EXCEPTION_STR: WRONG_SYMBOLS

PROCESS_NAME: ntoskrnl.wrong.symbols.exe

IMAGE_NAME: ntoskrnl.wrong.symbols.exe

MODULE_NAME: nt_wrong_symbols

SYMBOL_NAME: nt_wrong_symbols!D8A9F461144F000

FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_26100.1.amd64fre.ge_release.240331-1435_TIMESTAMP_850309-225321_D8A9F461_nt_wrong_symbols!D8A9F461144F000

OS_VERSION: 10.0.26100.1

BUILDLAB_STR: ge_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {1dcd88f5-eae1-cea2-c312-5c68661cbb74}

Followup: MachineOwner

8: kd> kv

Child-SP RetAddr : Args to Child : Call Site

00 fffffc88af4ea568 fffff80784adab01 : 000000000000001a 0000000000008840 ffffc4000e8c8c60 0000000000000000 : nt!KeBugCheckEx
01 fffffc88af4ea570 fffff8078480c965 : fffff807852389c0 fffff80700000000 ffffa182fa8de040 0000000000000002 : nt!strncpy+0x256a1
02 fffffc88af4ea640 fffff80784887c2a : ffffa182fa8de040 ffffa182fa8de040 0000000000000080 fffff8078480c760 : nt!IoGetTransactionParameterBlock+0x1fc5
03 fffffc88af4eab30 fffff80784aa0b24 : ffffd100eb790180 ffffa182fa8de040 fffff80784887bd0 0000000000000000 : nt!PsGetCurrentThreadStackBase+0x55a
04 fffffc88af4eab80 0000000000000000 : fffffc88af4eb000 fffffc88af4e4000 0000000000000000 0000000000000000 : nt!KeSaveStateForHibernate+0x1084

2

Hello All, I am sharing the output of the !analyze -v with Microsoft symbols loaded

8: kd> !analyze -v

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

MEMORY_MANAGEMENT (1a)

Any other values for parameter 1 must be individually examined.

Arguments:
Arg1: 0000000000008840, The subtype of the BugCheck.
Arg2: ffffc4000e8c8c60
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 1827

Key  : Analysis.Elapsed.mSec
Value: 1892

Key  : Analysis.IO.Other.Mb
Value: 1

Key  : Analysis.IO.Read.Mb
Value: 2

Key  : Analysis.IO.Write.Mb
Value: 10

Key  : Analysis.Init.CPU.mSec
Value: 417452

Key  : Analysis.Init.Elapsed.mSec
Value: 23488717

Key  : Analysis.Memory.CommitPeak.Mb
Value: 523

Key  : Bugcheck.Code.KiBugCheckData
Value: 0x1a

Key  : Bugcheck.Code.LegacyAPI
Value: 0x1a

Key  : Dump.Attributes.AsUlong
Value: 21800

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 100

Key  : Failure.Bucket
Value: 0x1a_8840_nt!MiGatherMappedPages

Key  : Failure.Hash
Value: {ce81522f-ddd8-3aad-df97-e3c05850ee58}

Key  : Hypervisor.Enlightenments.ValueHex
Value: 7417df84

Key  : Hypervisor.Flags.AnyHypervisorPresent
Value: 1

Key  : Hypervisor.Flags.ApicEnlightened
Value: 0

Key  : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1

Key  : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key  : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key  : Hypervisor.Flags.CpuManager
Value: 1

Key  : Hypervisor.Flags.DeprecateAutoEoi
Value: 1

Key  : Hypervisor.Flags.DynamicCpuDisabled
Value: 1

Key  : Hypervisor.Flags.Epf
Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1

Key  : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key  : Hypervisor.Flags.MaxBankNumber
Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl
Value: 1

Key  : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1

Key  : Hypervisor.Flags.Phase0InitDone
Value: 1

Key  : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key  : Hypervisor.Flags.RootScheduler
Value: 0

Key  : Hypervisor.Flags.SynicAvailable
Value: 1

Key  : Hypervisor.Flags.UseQpcBias
Value: 0

Key  : Hypervisor.Flags.Value
Value: 55447806

Key  : Hypervisor.Flags.ValueHex
Value: 34e10fe

Key  : Hypervisor.Flags.VpAssistPage
Value: 1

Key  : Hypervisor.Flags.VsmAvailable
Value: 1

Key  : Hypervisor.RootFlags.AccessStats
Value: 1

Key  : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1

Key  : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key  : Hypervisor.RootFlags.HostTimelineSync
Value: 1

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key  : Hypervisor.RootFlags.IsHyperV
Value: 1

Key  : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1

Key  : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1

Key  : Hypervisor.RootFlags.MceEnlightened
Value: 1

Key  : Hypervisor.RootFlags.Nested
Value: 0

Key  : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1

Key  : Hypervisor.RootFlags.Value
Value: 1015

Key  : Hypervisor.RootFlags.ValueHex
Value: 3f7

Key  : SecureKernel.HalpHvciEnabled
Value: 1

Key  : WER.OS.Branch
Value: ge_release

Key  : WER.OS.Version
Value: 10.0.26100.1

BUGCHECK_CODE: 1a

BUGCHECK_P1: 8840

BUGCHECK_P2: ffffc4000e8c8c60

BUGCHECK_P3: 0

BUGCHECK_P4: 0

FILE_IN_CAB: MEMORY2.DMP

TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b

DUMP_FILE_ATTRIBUTES: 0x21800

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

PROCESS_NAME: System

STACK_TEXT:
fffffc88af4ea568 fffff80784adab01 : 000000000000001a 0000000000008840 ffffc4000e8c8c60 0000000000000000 : nt!KeBugCheckEx
fffffc88af4ea570 fffff8078480c965 : fffff807852389c0 fffff80700000000 ffffa182fa8de040 0000000000000002 : nt!MiGatherMappedPages+0x2cdfe1
fffffc88af4ea640 fffff80784887c2a : ffffa182fa8de040 ffffa182fa8de040 0000000000000080 fffff8078480c760 : nt!MiMappedPageWriter+0x205
fffffc88af4eab30 fffff80784aa0b24 : ffffd100eb790180 ffffa182fa8de040 fffff80784887bd0 0000000000000000 : nt!PspSystemThreadStartup+0x5a
fffffc88af4eab80 0000000000000000 : fffffc88af4eb000 fffffc88af4e4000 0000000000000000 0000000000000000 : nt!KiStartSystemThread+0x34

SYMBOL_NAME: nt!MiGatherMappedPages+2cdfe1

MODULE_NAME: nt

STACK_COMMAND: .cxr; .ecxr ; kb

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID_FUNC_OFFSET: 2cdfe1

FAILURE_BUCKET_ID: 0x1a_8840_nt!MiGatherMappedPages

OS_VERSION: 10.0.26100.1

BUILDLAB_STR: ge_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {ce81522f-ddd8-3aad-df97-e3c05850ee58}

Followup: MachineOwner