[RESOLVED] Win2008R2SP1: STOP 0x44 in srv2!Smb2FreeResponseBufferForAsyncCall+0x1c

  • Article

Status: Resolved

Final Update 110823: The hotfix will be released in the October timeframe (HTP11-10).

Update 110815: We will now proceed with building a private hotfix package. As soon as that gets approved, we will release a public hotfix under KB2552033. Stay tuned!

Update 110810: Another customer came in with this issue. Other customers confirmed that with the latest instrumented binary they are not seeing the issue anymore.

Update 110808: Sorry for having gone silent on this for too long... :$ Two more customers contacted me with this error. We are working very hard on a hotfix to address this. This is currently committed for HTP11-10. In the meantime, if you have this issue, please do contact me and create a case with us, so I can track the impact this problem has! Many thanks to all of you who contacted me on this.

Update 110721: We now have three additional customers running into this. We received dumps with tracing and instrumentation. Stay tuned for updates! :)

Update 110715: Yesterday, another customer came in through the SCCM TAP program. I've also provided the instrumentation and tracing instructions for this case. Fingers crossed! :)

Update 110713: Instrumentation of srv2.sys brought us closer to the root cause of the problem. We are now working on a new instrumented binary to follow-up on these findings. Updates will follow shortly!

Sonny has been working on another STOP 0x44 (MULTIPLE_IRP_COMPLETE_REQUESTS), this time in srv2. The stack shows:

BugCheck 44, {fffffa80192c5af0, 1d7b, 0, 0}

3: kd> knL
# Child-SP RetAddr Call Site
00 fffff880`01fa7b08 fffff800`0167101c nt!KeBugCheckEx
01 fffff880`01fa7b10 fffff880`03c120cc nt! ?? ::FNODOBFM::`string'+0x32c7c
02 fffff880`01fa7b50 fffff880`03c158bc srv2!Smb2FreeResponseBufferForAsyncCall+0x1c
03 fffff880`01fa7b80 fffff880`03c15c07 srv2!Smb2LeaseFree+0x9c
04 fffff880`01fa7bb0 fffff880`03c0e5d4 srv2!Smb2DereferenceLease+0xa7
05 fffff880`01fa7c30 fffff800`016d4021 srv2! ?? ::FNODOBFM::`string'+0x4192
06 fffff880`01fa7cb0 fffff800`0196632e nt!ExpWorkerThread+0x111
07 fffff880`01fa7d40 fffff800`016bb666 nt!PspSystemThreadStartup+0x5a
08 fffff880`01fa7d80 00000000`00000000 nt!KiStartSystemThread+0x16

Currently, it seems that Configuration Manager is the catalyst to this problem. Keep watching this space for more info when it becomes available, and mail me when you encounter this issue.