A latest evaluation of a Home windows kernel-memory dump has supplied an in depth look right into a DRIVER_POWER_STATE_FAILURE, a important error that leads to a Blue Display screen of Dying (BSOD).
The investigation reveals how a single malfunctioning driver could cause a system-wide impasse, in the end forcing the working system to crash.
The failure, recognized by the bugcheck code 0x9F, was traced again to the rassstp.sys driver, a part chargeable for dealing with Safe Socket Tunneling Protocol (SSTP) VPN connections.
The debugging session started by inspecting the system state on the time of the crash. The !analyze -v command, a strong diagnostic device within the Home windows Debugger, shortly recognized the DRIVER_POWER_STATE_FAILURE.
This error signifies {that a} driver failed to reply to a power-related I/O Request Packet (IRP) inside the designated time-frame. On this case, the timeout was set to 300 seconds.
The primary argument of the bugcheck indicated that the timeout occurred whereas the system was ready to synchronize with the Plug and Play (PnP) subsystem.
The PnP supervisor is chargeable for coordinating the addition, elimination, and administration of {hardware} and drivers. The third argument pointed to the precise thread that was holding onto the PnP lock, stopping different system processes from continuing.
Tracing The Root Trigger
Additional investigation from the researcher into the faulting thread revealed that it was a PnP machine occasion employee working inside the System course of.
This employee thread was tasked with processing a “shock elimination” of the WAN Miniport (SSTP) community adapter. Throughout this course of, the thread acquired an unique lock on the PnP engine (PiEngineLock) to make sure the elimination may proceed with out interference.
Nevertheless, the method stalled when the employee thread referred to as upon the rassstp.sys driver to carry out its a part of the machine elimination. The motive force failed to finish the operation and by no means signaled again to the employee thread that it was completed.
Consequently, the employee thread remained in a ready state, holding the important PiEngineLock for the whole 300-second timeout interval. The failure of the rassstp.sys driver to launch the employee thread created a domino impact throughout the system.
With the PiEngineLock held indefinitely, different important system operations that required entry to the PnP subsystem have been blocked. The evaluation recognized three different threads that have been ready for this lock.
Most critically, one of many ready threads belonged to wininit.exe, a core Home windows course of chargeable for system startup and shutdown.
This thread was trying to execute a system shutdown by transitioning the system’s energy state. To do that, it wanted to amass the PiEngineLock to inform all gadgets of the approaching energy change.
Because the stalled PnP employee already held the lock, the shutdown course of was utterly halted. This impasse situation, the place the system may neither full the machine elimination nor provoke a shutdown, left the working system with no selection however to set off a bugcheck to forestall additional instability.
Discover this Story Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Extra Immediate Updates.
