RDBSS crashes on Win 10 Anniversary Update

NTFSD
1

I hope somebody from Microsoft monitors this list.

Win 10 Anniversary Update introduces major problems with RDBSS.sys, particularly with RDP redirector. These include BSODs and hanging on requests processing. I found that some of the problems have been already reported to MS.

Below is one of the scenarios that results in BSOD. The system was newly installed Windows 10.0.10240.9 amd64fre , i.e. this is a prerelease but the release exhibits the same behavior as far as I know.

  1. Install FAR Manager in Win 10 ( it has nothing to do with FAR, it crashes w/o FAR, FAR just helps to reproduce the problem ). Notice FAR doesn’t contain any kernel mode components.
  2. Connect to Win 10 by RDP with local disks mapped to a remote session.
  3. Navigate to a remote drive by entering “cd \tsclient\G” ( G is a drive letter, yours might be different )
  4. Browser folders on the drive.
  5. Systems crashes while folders are opened for browsing.

The crash is always with the code 00000000fcb0027c so it is FCB management related.

RDR_FILE_SYSTEM (27)

Arg1: 00000000fcb0027c
Arg2: ffffc907379bb5f8
Arg3: ffffc907379bb230
Arg4: 0000000000000000

STACK_TEXT:
ffffdf018debba88 fffff8009a9e1582 : 00000000fcb0027c 0000000000000027 ffffdf018debbbf0 fffff8009a864654 : nt!DbgBreakPointWithStatus
ffffdf018debba90 fffff8009a9e0ed5 : 0000000000000003 ffffdf018debbbf0 fffff8009a96ba30 0000000000000027 : nt!KiBugCheckDebugBreak+0x12
ffffdf018debbaf0 fffff8009a95e774 : fffff80000000000 ffffb705979e5080 ffffc907379bb230 ffffb705979e5080 : nt!KeBugCheck2+0x8a5
ffffdf018debc200 fffff804ce1afcc9 : 0000000000000027 00000000fcb0027c ffffc907379bb5f8 ffffc907379bb230 : nt!KeBugCheckEx+0x104
ffffdf018debc240 fffff804ce1e3376 : ffffc90700000000 0000000000000000 ffffb70596775001 ffffb70596775010 : rdbss! ?? ::FNODOBFM::string'+0x1ef9 ffffdf018debc390 fffff804ce1a29ab : ffffb70596775010 ffffc907379bb230 ffffc907379bb5f8 000000000076a000 : rdbss!RxCommonClose+0x126 ffffdf018debc430 fffff804ce1de5f6 : ffffffffffffffff ffffb705977b7b80 0000000000000000 fffff804cd1b5548 : rdbss!RxFsdCommonDispatch+0x55b ffffdf018debc5b0 fffff804cef21203 : ffffb7059678f040 ffffb7059596669c ffffb7059596669c ffffb705977b7b80 : rdbss!RxFsdDispatch+0x86 ffffdf018debc600 fffff804cdaadc0c : ffffb7059534b950 ffffb7059534b950 0000000000000000 ffffb70597419e28 : rdpdr!DrPeekDispatch+0x203 ffffdf018debc680 fffff804cdaac5ec : ffffc9072f0d4ee0 ffffb705977b7b80 ffffb70597419c80 ffffb7059534b950 : mup!MupStateMachine+0x1dc ffffdf018debc6f0 fffff804cd187b85 : ffffb70597738600 0000000000000000 ffffb70594682210 ffffb705957288b0 : mup!MupClose+0x8c ffffdf018debc750 fffff804cd185616 : ffffb70595549c40 ffffb705957288b0 0000000000000001 ffffb70595644c40 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x1a5 ffffdf018debc7e0 fffff8009acc732d : ffffb705977b7b80 0000000000000001 ffffb70597419c80 0000000000000000 : FLTMGR!FltpDispatch+0xb6 ffffdf018debc840 fffff8009acc77c8 : 0000000000000001 0000000000000000 ffffb705944fdb00 ffffb705954ef800 : nt!IopDeleteFile+0x12d ffffdf018debc8c0 fffff8009a886eb6 : 0000000000000000 0000000000000000 0000000000000001 ffffb705977b7b80 : nt!ObpRemoveObjectRoutine+0x78 ffffdf018debc920 fffff8009acb391d : 0000000000000000 ffffb705977b7b00 0000000000000001 ffffb705977b7b60 : nt!ObfDereferenceObjectWithTag+0xc6 ffffdf018debc960 fffff8009acb174b : 0000000000000000 ffffffffffffffff 00000000011385c7 00000000036913f0 : nt!ObCloseHandleTableEntry+0x86d ffffdf018debcaa0 fffff8009a969393 : 0000000000000000 ffffb70596fdd060 ffffb705979e5080 000000000076a000 : nt!NtClose+0xcb ffffdf018debcb00 0000000067f1222c : 0000000067f121ef 0000002376fde84c 0000000067e30023 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13 00000000005ae9a8 0000000067f121ef : 0000002376fde84c 0000000067e30023 0000000000000000 00000000008fa694 : wow64cpu!CpupSyscallStub+0xc 00000000005ae9b0 0000000067e4cfbd : 0000000000769000 00000000005f2290 0000000000000000 00000000005af210 : wow64cpu!Thunk0Arg+0x5 00000000005aea60 0000000067e3d570 : 0000000000000000 00000000005aeac0 00000000005f1e78 0000000000000000 : wow64!Wow64KiUserCallbackDispatcher+0x471d 00000000005aea90 00007ff9ed2413e1 : 0000000000e80108 0000000000000000 0000000000000003 0000000000768000 : wow64!Wow64LdrpInitialize+0x120 00000000005aed40 00007ff9ed27803c : 0000000000000000 00007ff9ed237e1d 0000000000000000 0000000000000001 : ntdll!LdrpInitializeProcess+0x1551 00000000005af140 00007ff9ed22896e : 00000000005af210 0000000000000000 0000000000000000 0000000000768000 : ntdll!_LdrpInitialize+0x4f678 00000000005af1c0 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe