[RESOLVED] Win2008R2 SP1: dfsrs.exe crashes in dfsrs!JPrintfFormatValue_unsigned_short,FrsStringImpl_unsigned_short,char___+e

Status: Resolved.

Update 120301: Private is approved, Public is scheduled for REL12-04, to be released mid-April.

Update 120217: The private is ready!

Update 120215: other customer came in hitting this, private is in the works. This should be available shortly. :)

Update 120208: we have two more customers hitting this. Currently discussing the issue with Engineering.

This morning Erik of our Domains team asked me to take a look at this dfsrs.exe dump. It resembles an issue we've come across in the past, but which was never resolved. Those are the issues I like best! ;) So, we don't have too much info on this yet, but I just wanted to get an idea if there are more people hitting this. If so, please send me a message and create a case with Support!

Some info:

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_dfsrs.exe!JPrintf::FormatValue_unsigned_short,FrsStringImpl_unsigned_short,char___

 # Child-SP RetAddr Call Site
00 00000000`46fec420 00000001`0001129f dfsrs!JPrintf::FormatValue<unsigned short,FrsStringImpl<unsigned short,char> >+0xe
01 00000000`46fec450 00000000`fffc3294 dfsrs!JPrintf::ParsePrintf<unsigned short>+0x1ab
02 00000000`46fec4f0 00000000`fffc8fab dfsrs!dbgobj::dbgprint_body<unsigned short,8>+0x160
03 00000000`46fecec0 00000000`fffc6878 dfsrs!VssWriter::AddContentSet+0x1bf
04 00000000`46fed130 000007fe`f85ab6f6 dfsrs!VssWriter::OnIdentify+0x1e8
05 00000000`46fed200 000007fe`f859c188 vssapi!CVssWriterImpl::OnIdentifyGuard+0x22
06 00000000`46fed240 000007fe`f859b30b vssapi!CVssWriterImpl::RequestWriterInfoInternal+0xe38
07 00000000`46fee850 000007fe`ffd423d5 vssapi!CVssWriterImpl::RequestWriterInfo+0x5b
08 00000000`46fee8b0 000007fe`ffd369b2 rpcrt4!Invoke+0x65
09 00000000`46fee920 000007fe`feb0f16e rpcrt4!NdrStubCall2+0x32a
0a 00000000`46feef40 000007fe`fe4d10c4 ole32!CStdStubBuffer_Invoke+0x8b
0b 00000000`46feef70 000007fe`feb10ccd oleaut32!CUnivStubWrapper::Invoke+0xe4
0c 00000000`46feefc0 000007fe`feb10c43 ole32!SyncStubInvoke+0x5d
0d 00000000`46fef030 000007fe`fe9ca4f0 ole32!StubInvoke+0xdb
0e 00000000`46fef0e0 000007fe`feb114d6 ole32!CCtxComChnl::ContextInvoke+0x190
0f 00000000`46fef270 000007fe`feb1122b ole32!AppInvoke+0xc2
10 00000000`46fef2e0 000007fe`feb0fd6d ole32!ComInvokeWithLockAndIPID+0x52b
11 00000000`46fef470 000007fe`ffd350f4 ole32!ThreadInvoke+0x30d
12 00000000`46fef510 000007fe`ffd34f56 rpcrt4!DispatchToStubInCNoAvrf+0x14
13 00000000`46fef540 000007fe`ffd3775b rpcrt4!RPC_INTERFACE::DispatchToStubWorker+0x146
14 00000000`46fef660 000007fe`ffd3769b rpcrt4!RPC_INTERFACE::DispatchToStub+0x9b
15 00000000`46fef6a0 000007fe`ffd37632 rpcrt4!RPC_INTERFACE::DispatchToStubWithObject+0x5b
16 00000000`46fef720 000007fe`ffd3532d rpcrt4!LRPC_SCALL::DispatchRequest+0x422
17 00000000`46fef800 000007fe`ffd52e7f rpcrt4!LRPC_SCALL::HandleRequest+0x20d
18 00000000`46fef930 000007fe`ffd52a35 rpcrt4!LRPC_ADDRESS::ProcessIO+0x3bf
19 00000000`46fefa70 00000000`77b5b68b rpcrt4!LrpcIoComplete+0xa5
1a 00000000`46fefb00 00000000`77b5feff ntdll!TppAlpcpExecuteCallback+0x26b
1b 00000000`46fefb90 00000000`7793652d ntdll!TppWorkerThread+0x3f8
1c 00000000`46fefe90 00000000`77b6c521 kernel32!BaseThreadInitThunk+0xd
1d 00000000`46fefec0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d

It looks like this is related to some backup, based on the DFSR Writer being involved. Stay tuned for more info!