******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Unknown bugcheck code (0) Unknown bugcheck description Arguments: Arg1: 00000000 Arg2: 00000000 Arg3: 00000000 Arg4: e8a9d358 Debugging Details: ------------------ (..\..\win32ss\gdi\gdi32\objects\bitmap.c:745) SetDIBitsToDevice fail to read BitMapInfo: 00132A58 or Bits: 01520020 & Size: 1638400 Assertion '(Vad->EndingVpn + 1) << 12L == (ULONG_PTR)MemoryArea->EndingAddress' failed at ..\..\ntoskrnl\mm\ARM3\virtual.c line 4699 Break instruction exception - code 80000003 (first chance) nt!DbgUserBreakPoint: 805194a2 cc int 3 PROCESS_NAME: GLTest.exe FAULTING_IP: nt!DbgUserBreakPoint+0 805194a2 cc int 3 EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 805194a2 (nt!DbgUserBreakPoint) ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 3 Parameter[0]: 00000000 Parameter[1]: 00000000 Parameter[2]: 00000000 ERROR_CODE: (NTSTATUS) 0x80000003 - {STATUS_BREAKPOINT} EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 EXCEPTION_PARAMETER3: 00000000 DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO BUGCHECK_STR: 0x0 CURRENT_IRQL: 0 ASSERT_DATA: (Vad->EndingVpn + 1) << 12L == (ULONG_PTR)MemoryArea->EndingAddress ASSERT_FILE_LOCATION: ..\..\ntoskrnl\mm\ARM3\virtual.c at Line 4699 LAST_CONTROL_TRANSFER: from 8050e326 to 805194a2 STACK_TEXT: f8257fec 804bffab 805aeec0 nt!DbgUserBreakPoint 805aeec0 805aee9c 0000125b nt!RtlAssert(void * FailedAssertion = 0x805aeec0, void * FileName = 0x805aee9c, unsigned long LineNumber = 0x125b, char * Message = 0x00000000 "")+0x46 [p:\trunk_slave\x86_msvc\build\lib\rtl\assert.c @ 119] ffffffff 0012f41c 0012f428 nt!NtFreeVirtualMemory(void * ProcessHandle = 0xffffffff, void ** UBaseAddress = 0x0012f41c, unsigned long * URegionSize = 0x0012f428, unsigned long FreeType = 0x8000)+0x7eb [p:\trunk_slave\x86_msvc\build\ntoskrnl\mm\arm3\virtual.c @ 4699] 804bf7c0 0012f380 00000010 nt!KiSystemCallTrampoline(void * Handler = 0x804bf7c0, void * Arguments = 0x0012f380, unsigned long StackBytes = 0x10)+0x19 [p:\trunk_slave\x86_msvc\build\ntoskrnl\include\internal\i386\ke.h @ 723] f8258064 0012f380 0012f380 nt!KiSystemCall(struct _KTRAP_FRAME * TrapFrame = 0xf8258064, void * Arguments = 0x0012f380)+0x213 [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 1630] 0012f434 77f0c393 badb0d00 nt!KiFastCallEntryHandler(struct _KTRAP_FRAME * TrapFrame = 0xf8258064, void * Arguments = 0x0012f380)+0x6d [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\i386\traphdlr.c @ 1676] 0012f434 77f0c393 badb0d00 nt!KiFastCallEntry+0x71 77f1005f ffffffff 0012f41c ntdll!KiFastSystemCallRet ffffffff 0012f41c 0012f428 ntdll!ZwFreeVirtualMemory+0xc 00130000 00000000 01520020 ntdll!RtlReAllocateHeap(void * HeapPtr = 0x00130000, unsigned long Flags = 0, void * Ptr = 0x01520020, unsigned long Size = 0xec8d0)+0x33f [p:\trunk_slave\x86_msvc\build\lib\rtl\heap.c @ 2727] 00000000 00000001 0114b008 OPENGL32!sw_call_window_proc(int nCode = 0n0, unsigned int wParam = 1, long lParam = 0n18133000)+0x13f [p:\trunk_slave\x86_msvc\build\dll\opengl\opengl32_new\swimpl.c @ 400] 0012f578 00000044 0012f958 user32!User32CallHookProcFromKernel(void * Arguments = 0x0012f578, unsigned long ArgumentLength = 0x44)+0x443 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\hook.c @ 686] 000a0162 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x2e 000a0162 0000f002 00000000 user32!DefWndDoSizeMove(struct HWND__ * hwnd = 0x000a0162, unsigned short wParam = 0xf002)+0xccb [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 690] 000a0162 0000f002 00f20285 user32!DefWndHandleSysCommand(struct HWND__ * hWnd = 0x000a0162, unsigned int wParam = 0xf002, long lParam = 0n15860357)+0xfe [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 764] 000a0162 00000112 0000f002 user32!User32DefWindowProc(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0x112, unsigned int wParam = 0xf002, long lParam = 0n15860357, int bUnicode = 0n0)+0x87c [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 1369] 000a0162 00000112 0000f002 user32!RealDefWindowProcA(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0x112, unsigned int wParam = 0xf002, long lParam = 0n15860357)+0x434 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 2043] 000a0162 00000112 0000f002 user32!DefWindowProcA(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0x112, unsigned int wParam = 0xf002, long lParam = 0n15860357)+0x83 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 2243] 00345648 000a0162 00000112 user32!IntCallWindowProcW(int IsAnsiProc = 0n1, * WndProc = 0x00405230, struct _WND * pWnd = 0x00345648, struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0x112, unsigned int wParam = 0xf002, long lParam = 0n15860357)+0x1c7 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1345] 0012fa78 00000020 0012fd2c user32!User32CallWindowProcFromKernel(void * Arguments = 0x0012fa78, unsigned long ArgumentLength = 0x20)+0xfa [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 2808] 000a0162 00000112 0000f002 ntdll!KiUserCallbackDispatcher+0x2e 000a0162 0000000b 00f20285 user32!DefWndNCLButtonDown(struct HWND__ * hWnd = 0x000a0162, unsigned int wParam = 0xb, long lParam = 0n15860357)+0x11f [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\nonclient.c @ 1044] 000a0162 000000a1 0000000b user32!User32DefWindowProc(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0xa1, unsigned int wParam = 0xb, long lParam = 0n15860357, int bUnicode = 0n0)+0x238 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 1082] 000a0162 000000a1 0000000b user32!RealDefWindowProcA(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0xa1, unsigned int wParam = 0xb, long lParam = 0n15860357)+0x434 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 2043] 000a0162 000000a1 0000000b user32!DefWindowProcA(struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0xa1, unsigned int wParam = 0xb, long lParam = 0n15860357)+0x83 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\defwnd.c @ 2243] 00345648 000a0162 000000a1 user32!IntCallWindowProcA(int IsAnsiProc = 0n1, * WndProc = 0x00405230, struct _WND * pWnd = 0x00345648, struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0xa1, unsigned int wParam = 0xb, long lParam = 0n15860357)+0x197 [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1487] 00345648 000a0162 000000a1 user32!IntCallMessageProc(struct _WND * Wnd = 0x00345648, struct HWND__ * hWnd = 0x000a0162, unsigned int Msg = 0xa1, unsigned int wParam = 0xb, long lParam = 0n15860357, int Ansi = 0n1)+0x1ac [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1631] 0012fe80 77d7a3a0 0012ffc0 user32!DispatchMessageA(struct tagMSG * lpmsg = 0x0012fe80)+0x1dc [p:\trunk_slave\x86_msvc\build\win32ss\user\user32\windows\message.c @ 1791] WARNING: Stack unwind information not available. Following frames may be wrong. 00400000 00000000 00130a4f GLTest+0x57d1 b0f1ae10 00000005 00000000 GLTest+0x11b6 00000001 00000001 00000001 nt!KiSuspendThread(void * NormalContext = 0x00000001, void * SystemArgument1 = 0x00000001, void * SystemArgument2 = 0x00000001)+0x1b [p:\trunk_slave\x86_msvc\build\ntoskrnl\ke\thrdobj.c @ 601] STACK_COMMAND: kb FOLLOWUP_IP: nt!NtFreeVirtualMemory+7eb [p:\trunk_slave\x86_msvc\build\ntoskrnl\mm\arm3\virtual.c @ 4699] 804bffab c7856cffffff00000000 mov dword ptr [ebp-94h],0 SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!NtFreeVirtualMemory+7eb FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntoskrnl.exe DEBUG_FLR_IMAGE_TIMESTAMP: 52364323 FAILURE_BUCKET_ID: 0x0_nt!NtFreeVirtualMemory+7eb BUCKET_ID: 0x0_nt!NtFreeVirtualMemory+7eb Followup: MachineOwner --------- kd> dt -r vad Local var @ 0xf8257fac Type _MMVAD* 0xb0eff840 +0x000 u1 : +0x000 Balance : 0y00 +0x000 Parent : 0xb0f1c100 _MMVAD +0x000 u1 : +0x004 LeftChild : 0xb0eff840 _MMVAD +0x008 RightChild : 0xb0f19690 _MMVAD +0x00c StartingVpn : 0x10001 +0x010 EndingVpn : 0x10018 +0x014 u : +0x018 ControlArea : (null) +0x01c FirstPrototypePte : (null) +0x020 LastContiguousPte : (null) +0x024 u2 : +0x004 LeftChild : 0xb0effa08 _MMVAD +0x000 u1 : +0x000 Balance : 0y00 +0x000 Parent : 0xb0eff840 _MMVAD +0x004 LeftChild : (null) +0x008 RightChild : (null) +0x00c StartingVpn : 0x1300 +0x010 EndingVpn : 0x150f +0x014 u : +0x000 LongFlags : 0x84800210 +0x000 VadFlags : _MMVAD_FLAGS +0x018 ControlArea : (null) +0x01c FirstPrototypePte : 0xb0eff9b0 _MMPTE +0x000 u : +0x020 LastContiguousPte : (null) +0x024 u2 : +0x000 LongFlags2 : 0 +0x000 VadFlags2 : _MMVAD_FLAGS2 +0x008 RightChild : 0xb0f1a1f0 _MMVAD +0x000 u1 : +0x000 Balance : 0y00 +0x000 Parent : 0xb0eff840 _MMVAD +0x004 LeftChild : (null) +0x008 RightChild : (null) +0x00c StartingVpn : 0x10000 +0x010 EndingVpn : 0x10000 +0x014 u : +0x000 LongFlags : 0xa1000000 +0x000 VadFlags : _MMVAD_FLAGS +0x018 ControlArea : (null) +0x01c FirstPrototypePte : (null) +0x020 LastContiguousPte : (null) +0x024 u2 : +0x000 LongFlags2 : 0 +0x000 VadFlags2 : _MMVAD_FLAGS2 +0x00c StartingVpn : 0x1520 +0x010 EndingVpn : 0x1627 +0x014 u : +0x000 LongFlags : 0x848000ed +0x000 VadFlags : _MMVAD_FLAGS +0x000 CommitCharge : 0y0000000000011101101 (0xed) +0x000 NoChange : 0y0 +0x000 VadType : 0y000 +0x000 MemCommit : 0y1 +0x000 Protection : 0y00100 (0x4) +0x000 Spare : 0y00 +0x000 PrivateMemory : 0y1 +0x018 ControlArea : (null) +0x01c FirstPrototypePte : 0xb0eff0a0 _MMPTE +0x000 u : +0x000 Long : 0x1520000 +0x000 Flush : _HARDWARE_PTE_X86 +0x000 Hard : _MMPTE_HARDWARE +0x000 Proto : _MMPTE_PROTOTYPE +0x000 Soft : _MMPTE_SOFTWARE +0x000 Trans : _MMPTE_TRANSITION +0x000 Subsect : _MMPTE_SUBSECTION +0x000 List : _MMPTE_LIST +0x020 LastContiguousPte : (null) +0x024 u2 : +0x000 LongFlags2 : 0 +0x000 VadFlags2 : _MMVAD_FLAGS2 +0x000 FileOffset : 0y000000000000000000000000 (0) +0x000 SecNoChange : 0y0 +0x000 OneSecured : 0y0 +0x000 MultipleSecured : 0y0 +0x000 ReadOnly : 0y0 +0x000 LongVad : 0y0 +0x000 ExtendableFile : 0y0 +0x000 Inherit : 0y0 +0x000 CopyOnWrite : 0y0 --------- kd> dt -r MemoryArea Local var @ 0xf8257f80 Type _MEMORY_AREA* 0xb0eff0a0 +0x000 StartingAddress : 0x01520000 Void +0x004 EndingAddress : 0x01627fff Void +0x008 Parent : 0xb0eff880 _MEMORY_AREA +0x000 StartingAddress : 0x01100000 Void +0x004 EndingAddress : 0x01300000 Void +0x008 Parent : 0xb0effa48 _MEMORY_AREA +0x000 StartingAddress : 0x00db0000 Void +0x004 EndingAddress : 0x00f2f000 Void +0x008 Parent : 0xb0effaf8 _MEMORY_AREA +0x00c LeftChild : (null) +0x010 RightChild : 0xb0eff880 _MEMORY_AREA +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x00c LeftChild : 0xb0eff0f8 _MEMORY_AREA +0x000 StartingAddress : 0x00f30000 Void +0x004 EndingAddress : 0x00fb4000 Void +0x008 Parent : 0xb0eff880 _MEMORY_AREA +0x00c LeftChild : (null) +0x010 RightChild : (null) +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x010 RightChild : 0xb0eff0a0 _MEMORY_AREA +0x000 StartingAddress : 0x01520000 Void +0x004 EndingAddress : 0x01627fff Void +0x008 Parent : 0xb0eff880 _MEMORY_AREA +0x00c LeftChild : 0xb0eff9b0 _MEMORY_AREA +0x010 RightChild : (null) +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x000 SectionData : +0x000 VirtualMemoryData : +0x00c LeftChild : 0xb0eff9b0 _MEMORY_AREA +0x000 StartingAddress : 0x01300000 Void +0x004 EndingAddress : 0x01510000 Void +0x008 Parent : 0xb0eff0a0 _MEMORY_AREA +0x000 StartingAddress : 0x01520000 Void +0x004 EndingAddress : 0x01627fff Void +0x008 Parent : 0xb0eff880 _MEMORY_AREA +0x00c LeftChild : 0xb0eff9b0 _MEMORY_AREA +0x010 RightChild : (null) +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x00c LeftChild : (null) +0x010 RightChild : (null) +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x000 SectionData : +0x000 VirtualMemoryData : +0x010 RightChild : (null) +0x014 Type : 0xf +0x018 Protect : 4 +0x01c Flags : 0 +0x020 DeleteInProgress : 0 '' +0x024 Magic : 0x6572414d +0x028 Vad : (null) +0x030 Data : +0x000 SectionData : +0x000 Section : (null) +0x008 ViewOffset : _LARGE_INTEGER 0x0 +0x010 Segment : (null) +0x014 RegionListHead : _LIST_ENTRY [ 0x0 - 0x0 ] +0x000 VirtualMemoryData : +0x000 RegionListHead : _LIST_ENTRY [ 0x0 - 0x0 ] --------- OPENGL32!sw_call_window_proc(int nCode = 0n0, unsigned int wParam = 1, long lParam = 0n18133000)+0x13f [p:\trunk_slave\x86_msvc\build\dll\opengl\opengl32_new\swimpl.c @ 400] /* Resize the buffer accordingly */ widthBytes = WIDTH_BYTES_ALIGN32(width, pixel_formats[fb->format_index].color_bits); --------> fb->bits = HeapReAlloc(GetProcessHeap(), 0, fb->bits, widthBytes * height); /* Update this */