Debugging Stop 0xA0 - INTERNAL_POWER_ERROR

[x BlueRobot]

INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 0000000000004001, (INTERNAL_POWER_ERROR_KE_SUBCODE) An internal failure has
    occured in kernel executive during a power operation.
Arg2: 0000000000000102, (INTERNAL_POWER_ERROR_KE_SETDESTINATION_FAILED)
    Failed to change the target destination of an
    interrupt line.
Arg3: ffff868ca9b03c30, (reserved)
Arg4: ffffffffc0350057, (reserved)

This bugcheck was ultimately caused by a bug between the integrated graphics card and the IOMMU. The issue lies with the UMA or Unified Memory Architecture. To resolve the issue, you will need explicitly set the UMA Frame buffer size to either 1GB or 2GB, however, it is recommended that you check your processor documentation since this may vary between devices. The rest of this post will attempt to explain why this fix works.

Let's begin with the call stack:

10: kd> knL
 # Child-SP          RetAddr               Call Site
00 ffffab8f`96cc7578 fffff800`3be825f4     nt!KeBugCheckEx
01 ffffab8f`96cc7580 fffff800`3bc1e4d8     nt!KiIntSteerSetDestination+0x130d94
02 ffffab8f`96cc75c0 fffff800`3bc1e2f2     nt!KiIntSteerDistributeInterrupts+0xd8
03 ffffab8f`96cc7600 fffff800`3bc1e047     nt!KeIntSteerPeriodic+0xd2
04 ffffab8f`96cc7710 fffff800`3bc1f5c0     nt!PpmParkSteerInterrupts+0x447
05 ffffab8f`96cc7b40 fffff800`3bc9a32e     nt!PpmCheckRun+0x40
06 ffffab8f`96cc7bb0 fffff800`3bc99614     nt!KiExecuteAllDpcs+0x30e
07 ffffab8f`96cc7d20 fffff800`3bdfe115     nt!KiRetireDpcList+0x1f4
08 ffffab8f`96cc7fb0 fffff800`3bdfdf00     nt!KxRetireDpcList+0x5
09 ffffab8f`9a1676a0 fffff800`3bdfd5ce     nt!KiDispatchInterruptContinue
0a ffffab8f`9a1676d0 fffff800`3bca181d     nt!KiDpcInterrupt+0x2ee
0b ffffab8f`9a167860 fffff800`3bca0677     nt!MiUnlockWorkingSetShared+0xad
0c ffffab8f`9a167890 fffff800`3bc9f1da     nt!MiUserFault+0xf27
0d ffffab8f`9a167920 fffff800`3be0525e     nt!MmAccessFault+0x16a
0e ffffab8f`9a167ac0 00007ffb`5e8a028e     nt!KiPageFault+0x35e
0f 0000005e`7af18df8 00000000`00000000     0x00007ffb`5e8a028e

The key point here is the last few calls, these are related to the processor power management (PPM) infrastructure, hence why we've experienced a power-related bugcheck. To be more specific, the calls are implementing a key feature which is known as core parking and is aimed at providing better power performance by reducing the number of processor cores which are required to service an interrupt.

The PPM and the thread scheduler will determine the number of cores which are required and then "park" those cores which are not required. These cores are then set to a low power state in order to reduce power consumption. The cores which have been nominated to not be parked will then have interrupts such as DPCs and threads "steered" towards them. This is determined by an internal algorithm which is implemented by the nt!PpmCheckRun function which is periodically called based upon a timer which is fired at set intervals.

Most of the PPM statistics can be found by running the !ppm debugger command or by examining the PowerState field of the processor's KPRCB structure:

0: kd> dt _KPRCB -y PowerState -v
nt!_KPRCB
struct _KPRCB, 376 elements, 0xbf00 bytes
   +0x8340 PowerState : struct _PROCESSOR_POWER_STATE, 50 elements, 0x230 bytes

The !ppmstate debugger command will provide you with the address of this structure immediately if you're interested in examining as shown below.

0: kd> !ppmstate

Prcb.PowerState - 0xfffff8072061e4c0 

  IdleStates:             0x0000000000000000
  IdleTimeLast:           0.000.000us (0x0 )
  IdleTimeTotal:          0.000.000us (0x0 )
  IdleAccounting:         0x0000000000000000

[...]

There is a few other commands associated to processor power management which include !ppmcheck and !ppmsettings.

At this point you may wondering what does UMA have to do with this? With integrated graphics cards and controllers, they do not have their dedicated video memory (VRAM) and therefore will share a portion of the RAM. This is implemented and managed by the IOMMU through the use of GPU isolation. This is to ensure that the graphics card controller is only able to access portions of RAM allocated for it. This special portion is called the frame buffer. These frame buffers are typically accessed during power transitions.

Now, in order to utilise the IOMMU technology, Intel and AMD introduced hardware virtualisation which was partly intended for the use of virtual machines and to prevent DMA attacks by ensuring that devices could only access portions of memory allocated to them by the IOMMU addressing tables. The IOMMU is also used by hardware virtualisation for interrupt remapping; the pieces should all be fitting together quite nicely now.

For the processor to determine where an interrupt originated from, each device is associated with a source or device Id. If we examine the fourth parameter of the bugcheck, we've see that the following error:

10: kd> !error ffffffffc0350057
Error code: (NTSTATUS) 0xc0350057 (3224698967) - The supplied device ID is invalid.

Most modern - if not all - PCIe devices use MSI interrupts instead of the traditional line-based interrupt format. MSI interrupts involve a device writing to a particular I/O memory-mapped address, which in this case, would be part of the frame buffer for the GPU. The interrupt is then remapped by the IOMMU through a interrupt routing table, which keeps track of where the interrupt originated from and the destination processor core. If the device Id is not recognised then the interrupt is discarded and a bugcheck is thrown as shown above.

References:

https://www.amd.com/en/support/kb/faq/pa-280
Understanding the Windows I/O System | Microsoft Press Store
IOMMU-based GPU isolation - Windows drivers
GitHub - 3dgie/AMD-Vi: Some documentation on AMD IOMMU emulation in Qemu
Life of Interrupts: Remapping | Cloud, Computing, Chaos

 

[x BlueRobot]

INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 00000000000000f0, The system failed to complete(suspend) a power transition in a timely manner.
Arg2: 0000000000000004, The system power state in transition.
Arg3: 000000000000000e, The sleep checkpoint most recently reached.
Arg4: ffffb806b407d040, A pointer to the thread currently processing the request.

This is quite an easy bugcheck to debug if you know the undocumented !devpowerstate command. It will list the power states of all the device nodes which are currently managed by the PnP Manager at the time of the crash. The second parameter indicates the system power state which we are transitioning to i.e. hibernation. The fourth parameter points to the thread which is responsible handling the power request. If we examine the call stack of thread, we can see why the system failed to complete the power transition in a timely manner: the thread waits indefinitely upon the signaling of a notification event from the power manager.

8: kd> knL
  *** Stack trace for last set context - .thread/.cxr resets it
 # Child-SP          RetAddr               Call Site
00 ffffb484`1123f560 fffff807`23d33797     nt!KiSwapContext+0x76
01 ffffb484`1123f6a0 fffff807`23d35649     nt!KiSwapThread+0x3a7
02 ffffb484`1123f780 fffff807`23d2f564     nt!KiCommitThreadWait+0x159
03 ffffb484`1123f820 fffff807`2444a87f     nt!KeWaitForSingleObject+0x234
04 ffffb484`1123f910 fffff807`2444c6c3     nt!PopEndMirroring+0x8f
05 ffffb484`1123f9d0 fffff807`2444c4b5     nt!MmDuplicateMemory+0x1b3
06 ffffb484`1123fa60 fffff807`23cdc845     nt!PopTransitionToSleep+0x135
07 ffffb484`1123faf0 fffff807`23e1aa44     nt!PspSystemThreadStartup+0x55
08 ffffb484`1123fb40 00000000`00000000     nt!KiStartSystemThread+0x34

Afterwards, in thread which eventually throws the bugcheck, the watchdog timer for the power transition expires and its DPC is executed. This simply setups the associated arguments for the bugcheck and then throws exception.

8: kd> knL
 # Child-SP          RetAddr               Call Site
00 ffffb484`0769f718 fffff807`23fcc335     nt!KeBugCheckEx
01 ffffb484`0769f720 fffff807`23c45664     nt!PopPowerActionWatchdog+0xa5
02 ffffb484`0769f760 fffff807`23c43c54     nt!KiProcessExpiredTimerList+0x204
03 ffffb484`0769f890 fffff807`23e1a8de     nt!KiRetireDpcList+0x714
04 ffffb484`0769fb40 00000000`00000000     nt!KiIdleLoop+0x9e

The watchdog timer and state can be found within the POP_POWER_ACTION structure. The address of this structure can be found by using the !powertriage command.

8: kd> dt nt!_POP_POWER_ACTION fffff80724622300
   +0x000 Updates          : 0 ''
   +0x001 State            : 0x3 ''
   +0x002 Shutdown         : 0 ''
   +0x004 Action           : 2 ( PowerActionSleep )
   +0x008 LightestState    : 4 ( PowerSystemSleeping3 )
   +0x00c Flags            : 0x80000004
   +0x010 Status           : 0n0
   +0x014 DeviceType       : 7 ( PolicySystemIdle )
   +0x018 DeviceTypeFlags  : 0
   +0x01c IrpMinor         : 0x2 ''
   +0x01d Waking           : 0 ''
   +0x020 SystemState      : 4 ( PowerSystemSleeping3 )
   +0x024 NextSystemState  : 1 ( PowerSystemWorking )
   +0x028 EffectiveSystemState : 5 ( PowerSystemHibernate )
   +0x02c CurrentSystemState : 1 ( PowerSystemWorking )
   +0x030 ShutdownBugCode  : (null)
   +0x038 DevState         : 0xffffb806`b0647da0 _POP_DEVICE_SYS_STATE
   +0x040 HiberContext     : 0xffffb806`a92814f0 _POP_HIBER_CONTEXT
   +0x048 WakeTime         : 0
   +0x050 SleepTime        : 0
   +0x058 WakeFirstUnattendedTime : 0
   +0x060 WakeAlarmSignaled : 3 ( PoConditionMaximum )
   +0x068 WakeAlarm        : [3] <unnamed-tag>
   +0x0b0 WakeAlarmPaused  : 0x1 ''
   +0x0b8 WakeAlarmLastTime : 0
   +0x0c0 DozeDeferralStartTime : 0
   +0x0c8 FilteredCapabilities : SYSTEM_POWER_CAPABILITIES
   +0x118 WatchdogLock     : 0
   +0x120 WatchdogDpc      : _KDPC
   +0x160 WatchdogTimer    : _KTIMER
   +0x1a0 WatchdogInitialized : 0x1 ''
   +0x1a4 WatchdogState    : 1 ( PopPowerActionWatchdogStateTransitioning )
   +0x1a8 WatchdogStartTime : 0x0000004c`7dd47c3c
   +0x1b0 ActionWorkerThread : 0xffffb806`b7c39040 _KTHREAD
   +0x1b8 PromoteActionWorkerThread : (null)
   +0x1c0 UnlockAfterSleepWorkerThread : (null)

To find the possible device(s) which are causing the issue, look for device(s) which haven't transitioned to sleep yet, by using !devpowerstate command:

8: kd> !devpowerstate
Dumping IopRootDeviceNode (= 0xffffb806a3511aa0)

[...]

  +  HTREE\ROOT\0
     0xffffb806a35ece00 \Driver\PnpManager NA !podev

     +  ROOT\UNNAMED_DEVICE\0001
        0xffffb806a36d4e20 \Driver\PnpManager D3 !podev
          Upper DO 0xffffb806a8ccd450 NvModuleTracker !podev Unable to load image \SystemRoot\System32\drivers\NvModuleTracker.sys, Win32 error 0n2


     +  ROOT\UNNAMED_DEVICE\0002
        0xffffb806a34b6ab0 \Driver\PnpManager D0 !podev
          Upper DO 0xffffb806a8ce0050 nvvhci !podev Unable to load image \SystemRoot\System32\drivers\nvvhci.sys, Win32 error 0n2

     +  ROOT\SYSTEM\0001
        0xffffb806a37dfd70 \Driver\PnpManager D0 !podev
          Upper DO 0xffffb806a8ce2850 CorsairVBusDriver !podev Unable to load image \SystemRoot\System32\drivers\CorsairVBusDriver.sys, Win32 error 0n2


     +  ROOT\SYSTEM\0002
        0xffffb806a37e0d70 \Driver\PnpManager D0 !podev
          Upper DO 0xffffb806a8b6db00 vbdenum !podev Unable to load image \SystemRoot\System32\drivers\vbdenum.sys, Win32 error 0n2

[...]

As we can see, there is a number of mouse-related devices which haven't transisitioned to sleep yet. The issue was related to the Logitech USB mouse dongle.

Addendum:

The third parameter is part of a enumeration called _POP_SLEEP_CHECKPOINT which is below:

0: kd> dt _POP_SLEEP_CHECKPOINT
nt!_POP_SLEEP_CHECKPOINT
   PopSleepCheckpointInvalid = 0n0
   PopSleepCheckpointPowerTransitionStart = 0n1
   PopSleepCheckpointSuspendAppsBefore = 0n2
   PopSleepCheckpointSuspendAppsAfter = 0n3
   PopSleepCheckpointSuspendServicesBefore = 0n4
   PopSleepCheckpointSuspendServicesAfter = 0n5
   PopSleepCheckpointNotifySuperfetchBefore = 0n6
   PopSleepCheckpointNotifySuperfetchAfter = 0n7
   PopSleepCheckpointNotifyCallbacksBefore = 0n8
   PopSleepCheckpointNotifyCallbacksAfter = 0n9
   PopSleepCheckpointSleepTransactionCommitted = 0n10
   PopSleepCheckpointQueryDriversBefore = 0n11
   PopSleepCheckpointQueryDriversAfter = 0n12
   PopSleepCheckpointAllocatingHiberContext = 0n13
   PopSleepCheckpointSuspendDriversBefore = 0n14
   PopSleepCheckpointPreSleepNotification = 0n16
   PopSleepCheckpointInterruptsDisabledBegin = 0n17
   PopSleepCheckpointInvokeHandlerBefore = 0n18
   PopSleepCheckpointSaveHiberContextBegin = 0n19
   PopSleepCheckpointInitializeDumpStackFailed = 0n20
   PopSleepCheckpointHiberWriteFailed = 0n21
   PopSleepCheckpointHiberFileTooSmall = 0n22
   PopSleepCheckpointSaveHiberContextFailed = 0n23
   PopSleepCheckpointSaveHiberContextEnd = 0n24
   PopSleepCheckpointHiberKernelHandoff = 0n25
   PopSleepCheckpointInvokeHandlerAfter = 0n26
   PopSleepCheckpointReadHiberfileBefore = 0n27
   PopSleepCheckpointInitializeDumpStackForReadFailed = 0n28
   PopSleepCheckpointHiberReadFailed = 0n29
   PopSleepCheckpointChecksumFailure = 0n30
   PopSleepCheckpointDecompressionFailed = 0n31
   PopSleepCheckpointReadHiberfileAfter = 0n32
   PopSleepCheckpointInterruptsDisabledEnd = 0n33
   PopSleepCheckpointWakeDriversAfter = 0n36
   PopSleepCheckpointResumeAppsBefore = 0n37
   PopSleepCheckpointResumeAppsAfter = 0n38
   PopSleepCheckpointResumeServicesBefore = 0n39
   PopSleepCheckpointResumeServicesAfter = 0n40
   PopSleepCheckpointPowerTransitionEnd = 0n41
   PopSleepCheckpointAllocatingHiberContextNoFileObject = 0n42
   PopSleepCheckpointAllocatingHiberContextGetDumpStackFailed = 0n43
   PopSleepCheckpointAllocatingHiberContextLoadResumeContextFailed = 0n44
   PopSleepCheckpointAllocatingHiberContextBcdOpenFailed = 0n45
   PopSleepCheckpointAllocatingHiberContextEstablishResumeObjectFailed = 0n46
   PopSleepCheckpointAllocatingHiberContextSetPendingResumeFailed = 0n47
   PopSleepCheckpointAllocatingHiberContextAllocateIoPagesPagesFailed = 0n48
   PopSleepCheckpointAllocatingHiberContextAdapterBuffersInvalid1 = 0n49
   PopSleepCheckpointAllocatingHiberContextAllocateDumpPagesFailed = 0n50
   PopSleepCheckpointAllocatingHiberContextAdapterBuffersInvalid2 = 0n51
   PopSleepCheckpointAllocatingHiberContextUnHibernatedMdlFailed = 0n52
   PopSleepCheckpointAllocatingHiberContextSecureResourcesFailed = 0n53
   PopSleepCheckpointPrepareSleepBefore = 0n54
   PopSleepCheckpointPrepareSleepAfter = 0n55
   PopSleepCheckpointBootstatAvailable = 0n56
   PopSleepCheckpointMax = 0n57

 

[x BlueRobot]

INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 0000000000000608, A driver has attempted to transition a component to idle without
    a preceeding active request.
Arg2: ffffc301c24404b8, POP_FX_COMPONENT component
Arg3: 0000000000000000, POP_FX_COMPONENT_FLAGS component condition
Arg4: 0000000000000000

There three parameters to this bugcheck, the first of which indicates the type of exception which has occurred, this this case, we can see that a driver has attempted to transition to an idle power state without an active power IRP being generated beforehand. This is going to cause a number of issues, especially with the power management framework, whereby a single physical device may be divided into smaller logical devices for more efficient power management.

The second parameter points to the component which was transitioning to the idle state. The third parameter is quite important it is used to control if the component will be placed in the F0 (fully on) power state by the power management framework during a power transition. The component will remain in that power state until the associated power IRP has been completed.

The call stack doesn't reveal much other than that the component was transitioning to an idle state. The nt!PoFxIdleComponent function simply looks up the registered ComponentIdle call back routine from the Callbacks field of the _PO_FX_DEVICE structure. The field is a pointer to another structure called _POP_FX_DRIVER_CALLBACKS which is an array to a number of function pointers.

0: kd> dt _POP_FX_DRIVER_CALLBACKS
nt!_POP_FX_DRIVER_CALLBACKS
   +0x000 ComponentActive  : Ptr64     void
   +0x008 ComponentIdle    : Ptr64     void
   +0x010 ComponentIdleState : Ptr64     void
   +0x018 DevicePowerRequired : Ptr64     void
   +0x020 DevicePowerNotRequired : Ptr64     void
   +0x028 PowerControl     : Ptr64     long
   +0x030 ComponentCriticalTransition : Ptr64     void
   +0x038 DripsWatchdogCallback : Ptr64     void
   +0x040 DirectedPowerUpCallback : Ptr64     void
   +0x048 DirectedPowerDownCallback : Ptr64     void

0: kd> knL
 # Child-SP          RetAddr               Call Site
00 fffff002`01007678 fffff803`286f27ec     nt!KeBugCheckEx
01 fffff002`01007680 fffff803`286065c0     nt!PopFxBugCheck+0x1c
02 fffff002`010076c0 fffff803`28462549     nt!PopFxIdleComponent+0x1a4060
03 fffff002`01007720 fffff803`2a75ba73     nt!PoFxIdleComponent+0x39
04 (Inline Function) --------`--------     Wdf01000!FxPoxInterface::PoxIdleComponent+0x15
05 fffff002`01007790 fffff803`2a7bc227     Wdf01000!FxPoxInterface::DeclareComponentIdle+0x15e47
06 fffff002`010077c0 fffff803`2a74186b     Wdf01000!FxPkgPnp::PowerPolWakeCapableDeviceIdle+0x17
07 (Inline Function) --------`--------     Wdf01000!FxPkgPnp::PowerPolicyEnterNewState+0x10a
08 fffff002`010077f0 fffff803`2a741008     Wdf01000!FxPkgPnp::PowerPolicyProcessEventInner+0x20b
09 fffff002`01007970 fffff803`2a745a7a     Wdf01000!FxPkgPnp::_PowerPolicyProcessEventInner+0x68
0a (Inline Function) --------`--------     Wdf01000!FxEventQueue::EventQueueWorker+0x86
0b fffff002`010079b0 fffff803`28467c0f     Wdf01000!FxThreadedEventQueue::_WorkItemCallback+0x9a
0c fffff002`01007a00 fffff803`284bd095     nt!IopProcessWorkItem+0xff
0d fffff002`01007a70 fffff803`2852a7a5     nt!ExpWorkerThread+0x105
0e fffff002`01007b10 fffff803`285c8b2a     nt!PspSystemThreadStartup+0x55
0f fffff002`01007b60 00000000`00000000     nt!KiStartSystemThread+0x2a

Let's examine the the device component from the second parameter. The Device field of the structure points to the associated device.

0: kd> dt _POP_FX_COMPONENT ffffc301c24404b8
nt!_POP_FX_COMPONENT
   +0x000 Id               : _GUID {00000000-0000-0000-0000-000000000000}
   +0x010 Index            : 0
   +0x018 WorkOrder        : _POP_FX_WORK_ORDER
   +0x050 Device           : 0xffffc301`c19d2010 _POP_FX_DEVICE
   +0x058 Flags            : _POP_FX_COMPONENT_FLAGS
   +0x060 Resident         : 0n0
   +0x068 ActiveEvent      : _KEVENT
   +0x080 IdleLock         : 0
   +0x088 IdleConditionComplete : 0n0
   +0x08c IdleStateComplete : 0n0
   +0x090 IdleStamp        : 0x90afe7bb
   +0x098 CurrentIdleState : 1
   +0x09c IdleStateCount   : 2
   +0x0a0 IdleStates       : 0xffffc301`c2440670 _POP_FX_IDLE_STATE
   +0x0a8 DeepestWakeableIdleState : 1
   +0x0ac ProviderCount    : 0
   +0x0b0 Providers        : (null)
   +0x0b8 IdleProviderCount : 0
   +0x0bc DependentCount   : 0
   +0x0c0 Dependents       : (null)
   +0x0c8 Accounting       : _POP_FX_ACCOUNTING
   +0x1a8 Performance      : (null)
   +0x1b0 PowerProfile     : (null)

If we dump this structure, then we can the device object which the power request is intended for and the I/O request packet which represents the power request itself.

0: kd> dt _POP_FX_DEVICE ffffc301`c19d2010
nt!_POP_FX_DEVICE
   +0x000 Link             : _LIST_ENTRY [ 0xffffc301`c19d1560 - 0xffffc301`c19d29b0 ]
   +0x010 Irp              : 0xffffc301`c1a92b90 _IRP
   +0x018 IrpData          : 0xffffc301`c24406a0 _POP_IRP_DATA
   +0x020 Status           : _POP_FX_DEVICE_STATUS
   +0x024 PowerReqCall     : 0n0
   +0x028 PowerNotReqCall  : 0n0
   +0x030 DevNode          : 0xffffc301`a9bb1bd0 _DEVICE_NODE
   +0x038 DpmContext       : 0xffffc301`bf3b7bf0 PEPHANDLE__
   +0x040 Plugin           : 0xffffc301`a8e75ad0 _POP_FX_PLUGIN
   +0x048 PluginHandle     : 0xffffc301`a9bbabc0 PEPHANDLE__
   +0x050 AcpiPlugin       : (null)
   +0x058 AcpiPluginHandle : (null)
   +0x060 DeviceObject     : 0xffffc301`a9b79060 _DEVICE_OBJECT
   +0x068 TargetDevice     : 0xffffc301`a9f22cc0 _DEVICE_OBJECT
   +0x070 Callbacks        : _POP_FX_DRIVER_CALLBACKS
   +0x0c0 DriverContext    : 0xffffc301`bf273508 Void
   +0x0c8 AcpiLink         : _LIST_ENTRY [ 0xffffc301`c19d20d8 - 0xffffc301`c19d20d8 ]
   +0x0d8 DeviceId         : _UNICODE_STRING "\_SB.PCI0.HDAS"
   +0x0e8 RemoveLock       : _IO_REMOVE_LOCK
   +0x108 AcpiRemoveLock   : _IO_REMOVE_LOCK
   +0x128 WorkOrder        : _POP_FX_WORK_ORDER
   +0x160 IdleLock         : 0
   +0x168 IdleTimer        : _KTIMER
   +0x1a8 IdleDpc          : _KDPC
   +0x1e8 IdleTimeout      : 0x1c9c380
   +0x1f0 IdleStamp        : 0x90afe5c2
   +0x1f8 NextIrpDeviceObject : [2] (null)
   +0x208 NextIrpPowerState : [2] _POWER_STATE
   +0x210 NextIrpCallerCompletion : [2] (null)
   +0x220 NextIrpCallerContext : [2] (null)
   +0x230 IrpCompleteEvent : _KEVENT
   +0x248 PowerOnDumpDeviceCallback : (null)
   +0x250 Accounting       : _POP_FX_ACCOUNTING
   +0x330 Flags            : 0x130
   +0x334 ComponentCount   : 1
   +0x338 Components       : 0xffffc301`c24404b0  -> 0xffffc301`c24404b8 _POP_FX_COMPONENT
   +0x340 LogEntries       : 0x40
   +0x348 Log              : 0xffffc301`c24407a0 _POP_FX_LOG_ENTRY
   +0x350 LogIndex         : 0n65
   +0x358 DripsWatchdogDriverObject : (null)
   +0x360 DripsWatchdogContext : _POP_FX_DRIPS_WATCHDOG_CONTEXT
   +0x388 DirectedTimeout  : 0x78
   +0x390 DirectedWorkOrder : _POP_FX_WORK_ORDER
   +0x3c8 DirectedWorkWatchdogInfo : _POP_FX_WORK_ORDER_WATCHDOG_INFO
   +0x478 DirectedLock     : 0
   +0x480 DirectedTransitionCallCount : 0n0
   +0x488 DirectedTransitionState : _POP_FX_DEVICE_DIRECTED_TRANSITION_STATE
   +0x498 PowerProfile     : (null)
   +0x4a0 FriendlyName     : _UNICODE_STRING "--- memory read error at address 0xffffd70a`052dedc0 ---"

The Status field points to a status structure called _POP_FX_DEVICE_STATUS, this structure contains a little information about the status of the device including if an active power transition is occurring.

0: kd> dt _POP_FX_DEVICE_STATUS ffffc301`c19d2030
nt!_POP_FX_DEVICE_STATUS
   +0x000 Value            : 0n192
   +0x000 SystemTransition : 0y0
   +0x000 PepD0Notify      : 0y0
   +0x000 IdleTimerOn      : 0y0
   +0x000 IgnoreIdleTimeout : 0y0
   +0x000 IrpInUse         : 0y0
   +0x000 IrpPending       : 0y0
   +0x000 DPNRDeviceNotified : 0y1
   +0x000 DPNRReceivedFromPep : 0y1
   +0x000 IrpFirstPendingIndex : 0y0
   +0x000 IrpLastPendingIndex : 0y0
   +0x000 SIrpBlocked      : 0y0
   +0x000 BlockFastResume  : 0y0
   +0x000 DirectedPoweredDown : 0y0
   +0x000 DirectedTransitionInProgress : 0y0
   +0x000 Reserved         : 0y000000000000000000 (0)

As we can see, there is currently no active I/O request packet for the power transition which explains the bugcheck description. If we examine the IrpData field and then dump the associated structure, we can find the target device object along with the IRP itself.

0: kd> dt _POP_IRP_DATA 0xffffc301`c24406a0
nt!_POP_IRP_DATA
   +0x000 Link             : _LIST_ENTRY [ 0xfffff803`288456f0 - 0xffffc301`c3dd8428 ]
   +0x010 Irp              : 0xffffc301`c1a92b90 _IRP
   +0x018 Pdo              : 0xffffc301`a9b79060 _DEVICE_OBJECT
   +0x020 TargetDevice     : 0xffffc301`a9f22cc0 _DEVICE_OBJECT
   +0x028 CurrentDevice    : (null)
   +0x030 WatchdogStart    : 0x8ff0a19c
   +0x038 WatchdogTimer    : _KTIMER
   +0x078 WatchdogDpc      : _KDPC
   +0x0b8 MinorFunction    : 0x2 ''
   +0x0bc PowerStateType   : 1 ( DevicePowerState )
   +0x0c0 PowerState       : _POWER_STATE
   +0x0c4 WatchdogEnabled  : 0x1 ''
   +0x0c8 FxDevice         : 0xffffc301`c19d2010 _POP_FX_DEVICE
   +0x0d0 SystemTransition : 0 ''
   +0x0d1 NotifyPEP        : 0x1 ''
   +0x0d4 IrpSequenceID    : 0n108
   +0x0d8 Device           : <anonymous-tag>
   +0x0d8 System           : <anonymous-tag>
   +0x0f8 DStateReason     : 0 ( PepNotifyDeviceDStateReasonNone )

The IRP has been set to pending and therefore will not be active yet.

0: kd> !irp ffffc301`c1a92b90
Irp is active with 6 stacks 6 is current (= 0xffffc301c1a92dc8)
 No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  Pending has been returned
     cmd  flg cl Device   File     Completion-Context
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000 

            Args: 00000000 00000000 00000000 00000000
 [N/A(0), N/A(0)]
            0  0 00000000 00000000 00000000-00000000 

            Args: 00000000 00000000 00000000 00000000
ffffc301c1a92cf0: Could not read IrpStack

Let's examine the device object and we'll see that it belongs to the Intel Audio bus.

0: kd> !devobj 0xffffc301`a9f22cc0
Device object (ffffc301a9f22cc0) is for:
 InfoMask field not found for _OBJECT_HEADER at ffffc301a9f22c90
Unable to load image \SystemRoot\System32\drivers\IntcAudioBus.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for IntcAudioBus.sys
 \Driver\IntcAudioBus DriverObject ffffc301a9e7adc0
Current Irp 00000000 RefCount 0 Type 0000002a Flags 0000200c
SecurityDescriptor ffffd70a016ad5e0 DevExt ffffc301bf69a310 DevObjExt ffffc301a9f22e38
ExtensionFlags (0000000000)
Characteristics (0x00000100)  FILE_DEVICE_SECURE_OPEN
AttachedTo (Lower) ffffc301a9bd7df0ffffc301a9bd7df0: Could not read device object or _DEVICE_OBJECT not found

Device queue is not busy.

0: kd> lmvm IntcAudioBus
Browse full module list
start             end                 module name
fffff803`31430000 fffff803`31468000   IntcAudioBus T (no symbols)        
    Loaded symbol image file: IntcAudioBus.sys
    Image path: \SystemRoot\System32\drivers\IntcAudioBus.sys
    Image name: IntcAudioBus.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Dec 21 13:21:41 2016 (585A81E5)
    CheckSum:         0003FE8D
    ImageSize:        00038000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

The driver appears to be quite outdated and therefore it is strongly recommended that the driver is updated.

References:

PoFxIdleComponent function (wdm.h) - Windows drivers
Component-Level Power Management - Windows drivers

 

[x BlueRobot]

INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 000000000000000c, Dump stack failed to initialize.
Arg2: ffffffffc0000001, Status code
Arg3: ffff8287897a1cf0, Address of the dump stack context
Arg4: 0000000000000000

This is a very rare variation of this bugcheck and is due to a driver within the dump stack not being initialized correctly. This appears to be used as part of hibernation. There is a number of different drivers which begin with a prefix of hiber_* and dump_*. The latter of which is used for writing information to a dump file and the hibernation file.

The error code doesn't provide much useful information other than an operation wasn't successful.

0: kd> !error ffffffffc0000001
Error code: (NTSTATUS) 0xc0000001 (3221225473) - {Operation Failed}  The requested operation was unsuccessful.

If we examine the call stack then it would suggest that the operation was related to going into a hibernation power state:

0: kd> !stack -p
Call Stack : 10 frames
## Stack-Pointer    Return-Address   Call-Site    
00 ffff808145267618 fffff80246da0508 nt!KeBugCheckEx+0
    Parameter[0] = 0000000000c896a0
    Parameter[1] = 000000000000000c
    Parameter[2] = ffffffffc0000001
    Parameter[3] = ffff8287897a1cf0
01 ffff808145267620 fffff80246d90320 nt!PopRestoreHiberContext+10090 (perf)
    Parameter[0] = (unknown)    
    Parameter[1] = (unknown)    
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
02 ffff8081452676b0 fffff80246d9006a nt!PopHandleNextState+210
    Parameter[0] = fffff80247050460
    Parameter[1] = ffff808145267840
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
03 ffff808145267700 fffff80246d8fde7 nt!PopIssueNextState+1a
    Parameter[0] = fffff80247050460
    Parameter[1] = ffff808145267840
    Parameter[2] = 0000000000000009
    Parameter[3] = (unknown)    
04 ffff808145267730 fffff80246d932d9 nt!PopInvokeSystemStateHandler+33b 
    Parameter[0] = 0000000000000000
    Parameter[1] = ffff82877c419310 << Pointer to Hibernation Context
    Parameter[2] = (unknown)   
    Parameter[3] = (unknown)    
05 ffff808145267930 fffff80246d92d6a nt!PopEndMirroring+1e9
    Parameter[0] = (unknown)    
    Parameter[1] = (unknown)    
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
06 ffff8081452679f0 fffff80246d92a55 nt!MmDuplicateMemory+2be
    Parameter[0] = ffff808145267ab0
    Parameter[1] = (unknown)    
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
07 ffff808145267a80 fffff80246755935 nt!PopTransitionToSleep+135 
    Parameter[0] = (unknown)    
    Parameter[1] = (unknown)    
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
08 ffff808145267b10 fffff802467fe728 nt!PspSystemThreadStartup+55
    Parameter[0] = ffff828780f6d040
    Parameter[1] = ffff808148e476c8
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)    
09 ffff808145267b60 0000000000000000 nt!KiStartSystemThread+28
    Parameter[0] = (unknown)    
    Parameter[1] = (unknown)    
    Parameter[2] = (unknown)    
    Parameter[3] = (unknown)

The third parameter contains a pointer to a structure called _DUMP_STACK_CONTEXT:

0: kd> dt _DUMP_STACK_CONTEXT ffff8287897a1cf0
nt!_DUMP_STACK_CONTEXT
   +0x000 Init             : _DUMP_INITIALIZATION_CONTEXT
   +0x108 PartitionOffset  : _LARGE_INTEGER 0x13d00000
   +0x110 DumpPointers     : 0xffff8287`897a1e70 Void
   +0x110 StorageInfo      : 0xffff8287`897a1e70 Void
   +0x118 UseStorageInfo   : 0 ''
   +0x11c PointersLength   : 0x68
   +0x120 ModulePrefix     : 0xfffff802`46bc9ce0  "hiber_"
   +0x128 DriverList       : _LIST_ENTRY [ 0xffff8287`855adb90 - 0xffff8287`855add90 ]
   +0x138 InitMsg          : _STRING ""
   +0x148 ProgMsg          : _STRING ""
   +0x158 DoneMsg          : _STRING ""
   +0x168 FileObject       : 0xffff8287`823566e0 Void
   +0x170 UsageType        : 2 ( DeviceUsageTypeHibernation )

I assume that the file object points to the hibernation file? Unfortunately, since this is a Minidump, I wasn't able to get this information.

0: kd> !poaction
PopAction: fffff80247022e40
  State..........: 3 - Set System State
  Updates........: 0
  Action.........: Sleep
  Lightest State.: Hibernate
  Flags..........: 8000000c OverrideApps|Critical
  Irp minor......: SetPower
  System State...: Hibernate
  Hiber Context..: ffff82877c419310

The hibernation context itself appears to be available as the following:

0: kd> dt _POP_HIBER_CONTEXT ffff82877c419310
nt!_POP_HIBER_CONTEXT
   +0x000 Reset            : 0 ''
   +0x001 HiberFlags       : 0x1 ''
   +0x002 WroteHiberFile   : 0x1 ''
   +0x003 KernelPhaseVerificationActive : 0x1 ''
   +0x004 InitializationFinished : 0x1 ''
   +0x008 NextTableLockHeld : 0n0
   +0x00c BootPhaseFinishedBarrier : 0n0
   +0x010 KernelResumeFinishedBarrier : 0n0
   +0x014 HvCaptureReadyBarrier : 0n0
   +0x018 HvCaptureCompletedBarrier : 0n0
   +0x01c MapFrozen        : 0x1 ''
   +0x020 DiscardMap       : _RTL_BITMAP
   +0x020 KernelPhaseMap   : _RTL_BITMAP
   +0x030 BootPhaseMap     : _RTL_BITMAP
   +0x040 ClonedRanges     : _LIST_ENTRY [ 0xffff8287`855ae050 - 0xffff8287`855aded0 ]
   +0x050 ClonedRangeCount : 5
   +0x058 ClonedPageCount  : 6
   +0x060 CurrentMap       : 0xffff8287`7c419340 _RTL_BITMAP
   +0x068 NextCloneRange   : 0xffff8287`7c419350 _LIST_ENTRY [ 0xffff8287`855ae050 - 0xffff8287`855aded0 ]
   +0x070 NextPreserve     : 0x245ed6
   +0x078 LoaderMdl        : 0xffff8287`8a377000 _MDL
   +0x080 AllocatedMdl     : 0xffff8287`8ac36300 _MDL
   +0x088 PagesOut         : 0x772f
   +0x090 IoPages          : 0xffffe381`c2fd6000 Void
   +0x098 IoPagesCount     : 0x1e
   +0x0a0 CurrentMcb       : 0xffff8081`45267650 Void
   +0x0a8 DumpStack        : 0xffff8287`897a1cf0 _DUMP_STACK_CONTEXT
[...]

The failure bucket of the bugcheck appeared to blame the following driver:

0: kd> lmvm hiber_iaStorA
Browse full module list
start             end                 module name
fffff802`76c50000 fffff802`7779f000   hiber_iaStorA   (deferred)          
    Image path: hiber_iaStorA.sys
    Image name: hiber_iaStorA.sys
    Browse all global symbols  functions  data
    Timestamp:        Mon Aug  7 15:23:28 2017 (598877E0)
    CheckSum:         000E251A
    ImageSize:        00B4F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

This driver is related Intel RST and has caused a number of problems in the past, particularly with Windows 7 systems, I would only recommend that this driver is updated to the latest version.

References:

What are these ghost drivers named dump_diskdump.sys and other dump_*.sys that didn't come from any file?