VirtualBox

Opened 11 years ago

Closed 8 years ago

#11680 closed defect (obsolete)

WDDM driver corrupts the heap, causes D3D-using applications to crash

Reported by: quotemstr Owned by:
Component: 3D support Version: VirtualBox 4.2.10
Keywords: Cc:
Guest type: Windows Host type: Mac OS X

Description

I have a Windows 7 guest running in an OS X 10.6 host. 2D and 3D acceleration are enabled, and I'd just installed the WDDM driver in safe mode and rebooted the guest. Any program that tries to use D3D (including the display control panel) crashes as below.

I have a full process dump from WER. It's a little large to attach to the bug, but I can send it on request. Debugger output is below. Disabling 3D acceleration makes the problem disappear. 

0:000> kp
ChildEBP RetAddr  
0006ea08 77906a24 ntdll!zzz_AsmCodeRange_End(<HRESULT 0x80004005>) [d:\win7sp1_gdr\minkernel\ntos\rtl\i386\userdisp.asm @ 721]
0006ea0c 77965ef1 ntdll!ZwWaitForSingleObject(void)+0xc [e:\obj.x86fre\minkernel\ntdll\daytona\objfre\i386\usrstubs.asm @ 3251]
0006ea90 7796601f ntdll!RtlReportExceptionEx(struct _EXCEPTION_RECORD * ExceptionRecord = 0x0006ec30, struct _CONTEXT * ContextRecord = 0x0006ec48, long Flags = 0n0, union _LARGE_INTEGER * Timeout = 0x00000000)+0x14b [d:\win7sp1_gdr\minkernel\ntdll\wer.c @ 796]
0006eae8 7798379e ntdll!RtlReportException(struct _EXCEPTION_RECORD * ExceptionRecord = 0x0006ec30, struct _CONTEXT * ContextRecord = 0x0006ec48, unsigned long Flags = 0)+0x86 [d:\win7sp1_gdr\minkernel\ntdll\wer.c @ 934]
0006eafc 7798381b ntdll!RtlpTerminateFailureFilter(long ExceptionCode = 0n-1073740940, struct _EXCEPTION_POINTERS * ExceptionPointers = 0x0006eb30)+0x14 [d:\win7sp1_gdr\minkernel\ntos\rtl\rtlutil.c @ 120]
0006eb08 778de324 ntdll!RtlReportCriticalFailure(long StatusCode = 0n-1073740940, void * FailureInfo = 0x7799cdd8)+0x67 [d:\win7sp1_gdr\minkernel\ntos\rtl\rtlutil.c @ 180]
0006eb1c 778de1b4 ntdll!_EH4_CallFilterFunc(void)+0x12 [d:\win7sp1_gdr\minkernel\crts\crtw32\misc\i386\exsup4.asm @ 421]
0006eb44 77907199 ntdll!_except_handler4(struct _EXCEPTION_RECORD * ExceptionRecord = 0xfffffffe, struct _EXCEPTION_REGISTRATION_RECORD * EstablisherFrame = 0x0006ef94, struct _CONTEXT * ContextRecord = 0x0006ec48, void * DispatcherContext = 0x0006ec04)+0x8e [d:\win7sp1_gdr\minkernel\crts\crtw32\misc\i386\chandler4.c @ 356]
0006eb68 7790716b ntdll!ExecuteHandler2(void)+0x26 [d:\win7sp1_gdr\minkernel\ntos\rtl\i386\xcptmisc.asm @ 233]
0006eb8c 778df98f ntdll!ExecuteHandler(void)+0x24 [d:\win7sp1_gdr\minkernel\ntos\rtl\i386\xcptmisc.asm @ 192]
0006ec18 77906ff7 ntdll!RtlDispatchException(struct _EXCEPTION_RECORD * ExceptionRecord = 0x0006ec30, struct _CONTEXT * ContextRecord = 0x0006ec48)+0x127 [d:\win7sp1_gdr\minkernel\ntos\rtl\i386\exdsptch.c @ 560]
0006ec18 7798380b ntdll!KiUserExceptionDispatcher(void)+0xf [d:\win7sp1_gdr\minkernel\ntos\rtl\i386\userdisp.asm @ 503]
0006efa4 7798473b ntdll!RtlReportCriticalFailure(long StatusCode = 0n-1073740940, void * FailureInfo = 0x7799cdd8)+0x57 [d:\win7sp1_gdr\minkernel\ntos\rtl\rtlutil.c @ 178]
0006efb4 7798481b ntdll!RtlpReportHeapFailure(long ErrorLevel = 0n2)+0x21 [d:\win7sp1_gdr\minkernel\ntos\rtl\heaplog.c @ 159]
0006efe8 77984a84 ntdll!RtlpLogHeapFailure(_HEAP_FAILURE_TYPE FailureType = heap_failure_entry_corruption (0n3), void * HeapAddress = 0x02ba0000, void * Address = 0x02ba65c8, void * Param1 = 0x00000000, void * Param2 = 0x00000000, void * Param3 = 0x00000000)+0xa1 [d:\win7sp1_gdr\minkernel\ntos\rtl\heaplog.c @ 679]
0006f040 7794a0fb ntdll!RtlpAnalyzeHeapFailure(struct _HEAP * Heap = 0x02ba0000, struct _HEAP_ENTRY * HeapEntry = 0x02ba65c8, unsigned char EncodedEntry = 0x00 '')+0x25b [d:\win7sp1_gdr\minkernel\ntos\rtl\heaplog.c @ 913]
0006f134 77916536 ntdll!RtlpFreeHeap(struct _HEAP * Heap = 0x7fffffff, unsigned long Flags = 0, struct _HEAP_ENTRY * BusyBlock = 0x02ba65c8, void * BaseAddress = 0x02ba65d0)+0xc6 [d:\win7sp1_gdr\minkernel\ntos\rtl\heap.c @ 6326]
0006f154 75ecc3d4 ntdll!RtlFreeHeap(void * HeapHandle = 0x02ba0000, unsigned long Flags = 0, void * BaseAddress = 0x02ba65d0)+0x142 [d:\win7sp1_gdr\minkernel\ntos\rtl\heap.c @ 1918]
0006f168 6d8a4c1a kernel32!HeapFree(void * hHeap = 0x02ba0000, unsigned long dwFlags = 0, void * lpMem = 0x02ba65d0)+0x14 [d:\win7sp1_gdr\base\win32\client\lmem.c @ 316]
0006f17c 6d8b9e7e d3d9!MemFree(void * lptr = 0x02ba65d0)+0x1b [d:\w7rtm\windows\directx\dxg\inactive\d3d9\d3d\fw\memalloc.c @ 354]
0006f198 73d0496d d3d9!CEnum::Release(void)+0xe6 [d:\w7rtm\windows\directx\dxg\inactive\d3d9\d3d\fw\enum.cpp @ 395]
0006f1a0 73d032e2 dxdiagn!CleanupD3D9(void)+0xf [d:\w7rtm\windows\directx\dxdiag\dll\dispinfo8.cpp @ 129]
0006f1bc 73d0ab54 dxdiagn!GetExtraDisplayInfo(int bAllowWHQLChecks = 0n1, class DisplayInfo * pDisplayInfoFirst = 0x01708f58)+0x78 [d:\w7rtm\windows\directx\dxdiag\dll\dispinfo.cpp @ 1185]
0006f280 00ac06de dxdiagn!CDxDiagProvider::ExecMethod(wchar_t * wstrName = 0x00ab3f98 "GetDisplayInfo", struct tagVARIANT * pArg = 0x0006f2a4)+0x375 [d:\w7rtm\windows\directx\dxdiag\dll\dxdiagprovider.cpp @ 2088]
0006f2cc 00ac5afb dxdiag!CDxDiagInfo::GetDisplayInfo(unsigned long dwStage = 2)+0x4a [d:\w7rtm\windows\directx\dxdiag\exe\dxdiaginfo.cpp @ 534]
0006f2e0 00ac813e dxdiag!ScanTab(TAB_TYPE dwTabTypeToProcess = 0n454460 (No matching enumerant))+0x2fe [d:\w7rtm\windows\directx\dxdiag\exe\main.cpp @ 2426]
0006f698 00ace9f3 dxdiag!WinMain(struct HINSTANCE__ * hinstance = 0x00ab0000, struct HINSTANCE__ * hPrevInstance = 0x00000000, char * lpCmdLine = 0x00121d66 "", int nCmdShow = 0n10)+0xd3b [d:\w7rtm\windows\directx\dxdiag\exe\main.cpp @ 776]
0006f7c0 75eced6c dxdiag!__tmainCRTStartup(void)+0x15a [d:\winmain\minkernel\crts\crtw32\startup\crt0.c @ 475]
0006f7cc 7792377b kernel32!BaseThreadInitThunk(unsigned long RunProcessInit = 0x7fffffff, <function> * StartAddress = 0x00000000, void * Argument = 0x7ffd5000)+0xe [d:\win7sp1_gdr\base\win32\client\thread.c @ 65]
0006f80c 7792374e ntdll!__RtlUserThreadStart(<function> * StartAddress = 0x00acea76, void * Argument = 0x7ffd5000)+0x70 [d:\win7sp1_gdr\minkernel\ntos\rtl\rtlexec.c @ 3188]
0006f824 00000000 ntdll!_RtlUserThreadStart(<function> * StartAddress = 0x00acea76, void * Argument = 0x7ffd5000)+0x1b [d:\win7sp1_gdr\minkernel\ntos\rtl\rtlexec.c @ 3116]

Attachments (1)

VBox.log (86.2 KB ) - added by quotemstr 11 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 by misha, 11 years ago

Could you attach a VM log here? I'd like to see if there is something obvious could be found from it for the start.

by quotemstr, 11 years ago

Attachment: VBox.log added

comment:2 by quotemstr, 11 years ago

Log added.

comment:3 by aeichner, 8 years ago

Resolution: obsolete
Status: newclosed

Please reopen if still relevant with a recent VirtualBox release.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use