Status: Resolved, external.
Update 121122: Shame on me for not updating this yet... Citrix eventually resolved this issue, please contact them when you encounter the issue below.
At the moment we are working together with Citrix on an issue where the Terminal Service svchost.exe process crashes in wsxica!GetAutologonCredentials3+ab1. This looks to be caused by heap corruption.
!analyze -v will show you "X64APPLICATION_FAULT_INVALID_POINTER_READ_wsxica!GetAutologonCredentials3+ab1" and in the current dump I have, which unfortunately is only a user mini dump, the stack of the crashing thread looks like:
0:044> knL # Child-SP RetAddr Call Site00 00000000`20d6e8f0 00000000`00000040 wsxica!GetAutologonCredentials3+0xab101 00000000`20d6e8f8 00000000`20d6f250 0x4002 00000000`20d6e900 00000000`00000001 0x20d6f25003 00000000`20d6e908 00000000`00000001 0x104 00000000`20d6e910 00000000`00000000 0x1
To get to this stack you will also need to add the Citrix Symbol Server (http://ctxsym.citrix.com/symbols) to your symbol path, using .sympath+. When dumping the raw stack this gives a bit more information:
0:044> dps 00000000`20d6e8f0-8 00000000`20d6f94800000000`20d6e8e8 000007fe`f3677ebb wsxica!GetAutologonCredentials3+0x97b00000000`20d6e918 000007fe`ff0610c0 msvcrt!free+0x1c00000000`20d6e948 000007fe`fd15157d winsta!CSmartPublicBinding::~CSmartPublicBinding+0x6000000000`20d6e988 00000000`76e59635 ntdll!RtlAllocateHeap+0x15100000000`20d6ea38 00000000`76e58d95 ntdll!RtlFreeHeap+0x1a200000000`20d6ea48 00000000`76e36801 ntdll!RtlQueryInformationActivationContext+0x12500000000`20d6ea88 00000000`76cfced6 kernel32!LocalAlloc+0x6200000000`20d6eab8 00000000`76cfc192 kernel32!LocalFree+0x2e
Using gflags.exe we enabled pageheap, and we are currently awaiting further data to analyze. If you experience this issue, please drop me an e-mail.