[UNRESOLVED] Win2008SP2 x86: explorer.exe crashes in shell32!CChangeNotify::_MessagePump+0x45

Status: Unresolved

Update 111128: The customer decided to stop troubleshooting efforts on this issue, and first bring their environment up-to-date with various updates of various vendors. If the issue then reoccurs, we will continue where we left off.

Update 111117: This is still ongoing... in various dumps I see the stack is corrupted. We are in the process of excluding various components to figure out any possible relationship, then focus on that. Ongoing...

Update 110828: We are now working on v3 of the private, as the previous ones still gave us explorer crashes. Engineering and I are currently looking into this.

Update 110811: We now have a private that I have sent off to the customer for testing and approval. As soon as this is approved, we can start working on releasing the public hotfix as part of HTP11-10, under KB2577926.

Recently I received two explorer.exe dumps that both were crashed in shell32!CChangeNotify::_MessagePump+0x45 with this stack:

0:002> knL
  *** Stack trace for last set context - .thread/.cxr resets it
 # ChildEBP RetAddr 
00 02c6f91c 7666e39b ntdll!NtWaitForMultipleObjects+0x15
01 02c6f9b8 75728f86 kernel32!WaitForMultipleObjectsEx+0x11d
02 02c6fa0c 758555b2 user32!RealMsgWaitForMultipleObjectsEx+0x14d
03 02c6fb34 757e466b shell32!CChangeNotify::_MessagePump+0x45
04 02c6fb40 7660c2c9 shell32!CChangeNotify::ThreadProc+0x21
05 02c6fbc4 766deccb shlwapi!WrapperThreadProc+0x11c
06 02c6fbd0 774dd80d kernel32!BaseThreadInitThunk+0xe
07 02c6fc10 774dda1f ntdll!__RtlUserThreadStart+0x23
08 02c6fc28 00000000 ntdll!_RtlUserThreadStart+0x1b

I am in the process of filing a hotfix request. As soon as this is done and I know whether it will be accepted or rejected I will update this post.

In the meantime, mail me when you have this issue!