[RESOLVED] Win2008R2 RTM/SP1: wmiprvse.exe crashes in fastprox!CWbemSvcWrapper::XWbemServices::GetObjectW+95

Status: Resolved.

Update 110713: The customer confirmed that the issue went away after they updated the (very outdated) HBA driver for their Fibre Channel adapter. This again stresses the importance of keeping up-to-date with revisions of various drivers and firmware!

Just got a dump in from one of my colleagues that shows an issue where we crash in wmiprvse.exe because we're probing for stack space beyond the stack limit, thus causing an access violation. Part of the stack:

0:015> knL 20
 # Child-SP RetAddr Call Site
00 00000000`2d5cc6d0 000007fe`ffbb89e0 ole32!InternalVerifyStackAvailable+0x3f
01 00000000`2d5dc730 000007fe`ffbb8075 ole32!VerifyStackAvailable+0x10
02 00000000`2d5dc760 000007fe`ffbb88c9 ole32!CCache::GetElement+0xb8
03 00000000`2d5dc7d0 000007fe`ffbb8677 ole32!CComCatalog::GetClassInfoInternal+0x239
04 00000000`2d5dc920 000007fe`ffbb7eee ole32!CComCatalog::GetClassInfoW+0x27
05 00000000`2d5dc970 000007fe`ffbb3152 ole32!LookForConfiguredClsid+0x8e
06 00000000`2d5dc9d0 000007fe`ffbb760b ole32!ICoCreateInstanceEx+0x289
07 00000000`2d5dcc20 000007fe`ffbc332e ole32!CoCreateInstance+0x17b
08 00000000`2d5dcd10 000007fe`ffbc3282 ole32!GetCustomUnmarshaler+0x6e
09 00000000`2d5dcd50 000007fe`ffbc3542 ole32!CoUnmarshalInterface+0x178
0a 00000000`2d5dce30 000007fe`ff76523e ole32!NdrExtInterfacePointerUnmarshall+0x162
0b 00000000`2d5dcea0 000007fe`ff76f6cf rpcrt4!NdrpPointerUnmarshall+0xc4
0c 00000000`2d5dcf10 000007fe`ff76fc40 rpcrt4!NdrPointerUnmarshall+0x2b
0d 00000000`2d5dcf50 000007fe`ff76f6cf rpcrt4!NdrpPointerUnmarshall+0x1f6
0e 00000000`2d5dcfc0 000007fe`ff777a48 rpcrt4!NdrPointerUnmarshall+0x2b
0f 00000000`2d5dd000 000007fe`ff810af9 rpcrt4!NdrpClientUnMarshal+0x1ea
10 00000000`2d5dd0a0 000007fe`ffcff82f rpcrt4!NdrpClientCall2+0x1133
11 00000000`2d5dd810 000007fe`ffbbd8a2 ole32!ObjectStublessClient+0x1ad
12 00000000`2d5ddba0 000007fe`eb0572e3 ole32!ObjectStubless+0x42
13 00000000`2d5ddbf0 000007fe`e96b660b fastprox!CWbemSvcWrapper::XWbemServices::GetObjectW+0x95
14 00000000`2d5ddc50 000007fe`e96b676b wmiprov!CheckIfThisIsAValidKeyProperty+0x63
15 00000000`2d5ddcc0 000007fe`e96a7d22 wmiprov!GetParsedPath+0x9f
16 00000000`2d5ddd40 00000000`ff8d4d9e wmiprov!CWMI_Prov::GetObjectAsync+0xae
17 00000000`2d5de660 00000000`ff8d4b3f WmiPrvSE!CInterceptor_IWbemSyncProvider::Helper_GetObjectAsync+0x1ca
18 00000000`2d5de6e0 000007fe`ff7623d5 WmiPrvSE!CInterceptor_IWbemSyncProvider::GetObjectAsync+0x184
19 00000000`2d5de790 000007fe`ff7569b2 rpcrt4!Invoke+0x65
1a 00000000`2d5de800 000007fe`ffcff16e rpcrt4!NdrStubCall2+0x32a
1b 00000000`2d5dee20 000007fe`eb05d36d ole32!CStdStubBuffer_Invoke+0x8b
1c 00000000`2d5dee50 000007fe`ffd00ccd fastprox!CBaseStublet::Invoke+0x19
1d 00000000`2d5dee80 000007fe`ffd00c43 ole32!SyncStubInvoke+0x5d
1e 00000000`2d5deef0 000007fe`ffbba4f0 ole32!StubInvoke+0xdb
1f 00000000`2d5defa0 000007fe`ffd014d6 ole32!CCtxComChnl::ContextInvoke+0x190

0:015> dt ntdll!_TEB 000007fffffa0000 NtTib.StackLimit
+0x000 NtTib :
+0x010 StackLimit : 0x00000000`2d5cc000 Void // crossing this in InternalVerifyStackAvailable

We have come across this before, but the root cause is not yet uncovered... If you also see this, please let me know!