<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Alexander,</DIV>
<DIV> </DIV>
<DIV>I tested it again, but it still crashed.</DIV>
<DIV> </DIV>
<DIV>I think I now found the cause, it's quite delicate, but you should be able to fix it right away.</DIV>
<DIV> </DIV>
<DIV>a8bd6ffd ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? </DIV>
<DIV> </DIV>
<DIV>The above is the bitmap when crashed. You can see the beginnig there are only 3 bytes are valid, the 4th byte will cause crash.</DIV>
<DIV> </DIV>
<DIV>But when you call <FONT size=2></DIV>
<DIV>ASMBitTest(</FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>const</FONT></FONT><FONT size=2> </FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>volatile</FONT></FONT><FONT size=2> </FONT><FONT color=#0000ff size=2><FONT color=#0000ff size=2>void</FONT></FONT><FONT size=2> *pvBitmap, int32_t iBit)</DIV>
<DIV> </DIV>
<DIV>it will the 1st 4-byte int, thus caused the crash.</DIV>
<DIV> </DIV>
<DIV>The easiest fix is to allocate 8 byte length more for the bitmap, and zero fill them, that will definitely solve the issue. You can also change ASMBitTest method impl.</DIV>
<DIV> </DIV>
<DIV>- Huihong</FONT></DIV>
<DIV><BR><BR>--- On <B>Thu, 6/18/09, Alexander Eichner <I><Alexander.Eichner@Sun.COM></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>From: Alexander Eichner <Alexander.Eichner@Sun.COM><BR>Subject: Re: [vbox-dev] vhd format not stable?<BR>To: "Huihong Luo" <huisinro@yahoo.com><BR>Cc: vbox-dev@virtualbox.org<BR>Date: Thursday, June 18, 2009, 10:55 AM<BR><BR>
<DIV class=plainMail>Hi Huihong,<BR><BR>quite strange that it still happens for you.<BR>Before the fix the code was clearly reading/writing<BR>beyond the block bitmap and I could reproduce the issue though it didn't<BR>crashed here but some assertions triggered after I added them.<BR>With the patch applied I'm unable to reproduce this issue any longer.<BR>Another strange thing is that it doesn't occurs immediately but that it<BR>needs quite a lot of tries to reproduce it.<BR>Will investigate this further. I committed the patch nevertheless<BR>because it fixes the bug for me at least.<BR><BR>Kind regards,<BR>Alexander Eichner<BR><BR>Am Montag, den 15.06.2009, 12:57 -0700 schrieb Huihong Luo:<BR>> Hi Alex,<BR>> <BR>> The problem seems to be array boundary issue. The bitmap array is<BR>> 0x200 in size, but that routine goes to read 0x204. Something wrong<BR>> with bitmap array len calculation?<BR>> <BR>> The vhd is created
from Windows XP SP3.<BR>> <BR>> I am using the code to do a virtual disk driver, so the function is<BR>> invoked from kernel mode, which caused the whole system crash. On user<BR>> mode, even if it goes out of array boundary, it won't probably crash.<BR>> <BR>> I need to mount/dismount the vhd about 200 times to get this error.<BR>> <BR>> VDI format has no issues even after 1000 times.<BR>> <BR>> Huihong<BR>> <BR>> --- On Mon, 6/15/09, Alexander Eichner <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> wrote:<BR>> <BR>> <BR>> From: Alexander Eichner <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM"
ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> Subject: Re: [vbox-dev] vhd format not stable?<BR>> To: <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com" ymailto="mailto:huisinro@yahoo.com">huisinro@yahoo.com</A><BR>> Cc: <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> Date: Monday, June 15, 2009, 12:46 PM<BR>> <BR>> Hmm same offset again.<BR>> Is it possible to get the image somehow and instructions what<BR>> you did to<BR>>
reproduce it?<BR>> <BR>> Regards,<BR>> Alexander Eichner<BR>> <BR>> Am Montag, den 15.06.2009, 12:41 -0700 schrieb<BR>> <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com" ymailto="mailto:huisinro@yahoo.com">huisinro@yahoo.com</A>:<BR>> > Alex,<BR>> > <BR>> > After longer testing, the crash still occured, same values<BR>> for those<BR>> > params from the debugger.<BR>> > <BR>>
> vmlitediskmp!vhdRead(void * pBackendData = 0x86f80350,<BR>> unsigned int64<BR>> > uOffset = 0xf`df9fce00, void * pvBuf = 0xd06a6000, unsigned<BR>> int cbRead<BR>> > = 0x1000, unsigned int * pcbActuallyRead = 0x8e22299c)+0x292<BR>> (FPO:<BR>> > [Non-Fpo]) (CONV: cdecl)<BR>> > <BR>> > <BR>> > <BR>> > --- On Mon, 6/15/09, Alexander Eichner<BR>> <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM"
ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > wrote:<BR>> > <BR>> > <BR>> > From: Alexander Eichner <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > Subject: Re: [vbox-dev] vhd format not stable?<BR>> > To: "Huihong Luo" <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com" ymailto="mailto:huisinro@yahoo.com">huisinro@yahoo.com</A>><BR>>
> Cc: <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > Date: Monday, June 15, 2009, 12:05 PM<BR>> > <BR>> > Great I will commit the fix if your tests are<BR>> successful.<BR>> > <BR>> > The fix for the other crash you reported is already<BR>> committed<BR>> >
and<BR>> > visible in the public svn.<BR>> > <BR>> > Regards,<BR>> > Alexander Eichner<BR>> > <BR>> > Am Montag, den 15.06.2009, 11:55 -0700 schrieb<BR>> Huihong Luo:<BR>> > > Alex,<BR>> > > <BR>>
> > Thanks for your immediate response and fixes. I am<BR>> running<BR>> > the tests<BR>> > > now, so far so good. <BR>> > > <BR>> > > By the way, does the latest svn contain the fix to<BR>> the bug<BR>> > (crash on<BR>> > > vhd snapshot discarding) I reported a few days<BR>>
ago?<BR>> > > <BR>> > > - Huihong<BR>> > > <BR>> > > --- On Mon, 6/15/09, Alexander Eichner<BR>> > <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > > wrote:<BR>> > > <BR>> >
> <BR>> > > From: Alexander Eichner<BR>> <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > > Subject: Re: [vbox-dev] vhd format not<BR>> stable?<BR>> > > To: "Huihong Luo" <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=huisinro@yahoo.com" ymailto="mailto:huisinro@yahoo.com">huisinro@yahoo.com</A>><BR>>
> > Cc: <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > > Date: Monday, June 15, 2009, 11:09 AM<BR>> > > <BR>> > > Hi Huihong,<BR>> > > <BR>> > >
I attached a patch which I think fixes the<BR>> crash.<BR>> > > If it is possible please apply it and<BR>> verify that<BR>> > this fixes<BR>> > > the crash.<BR>> > > Thanks a lot!<BR>> > > <BR>> > >
Kind regards,<BR>> > > Alexander Eichner<BR>> > > <BR>> > > Am Donnerstag, den 11.06.2009, 08:05 -0700<BR>> schrieb<BR>> > Huihong<BR>> > > Luo:<BR>> > > > Alex,<BR>>
> > > <BR>> > > > No problem, and thanks for the quick<BR>> fix.<BR>> > > > <BR>> > > > There might be more bugs, I will keep<BR>> testing.<BR>> > > > <BR>> > >
> Some times, the error occurs some other<BR>> places, an<BR>> > error<BR>> > > message<BR>> > > > something like "there are 5993 child<BR>> disks", the<BR>> > number is<BR>> > > kind of<BR>> > >
> random. When this error occurs, the<BR>> whole disk<BR>> > become<BR>> > > inaccessible,<BR>> > > > and I have to recreate the whole vm.<BR>> > > > <BR>> > > > Huihong<BR>> > > >
<BR>> > > > --- On Thu, 6/11/09, Alexander Eichner<BR>> > > <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > > > wrote:<BR>> > > > <BR>> > > > <BR>>
> > > From: Alexander Eichner<BR>> > <<A href="http://us.mc343.mail.yahoo.com/mc/compose?to=Alexander.Eichner@Sun.COM" ymailto="mailto:Alexander.Eichner@Sun.COM">Alexander.Eichner@Sun.COM</A>><BR>> > > > Subject: Re: [vbox-dev] vhd<BR>> format not<BR>> > stable?<BR>> > > > To: <A
href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > > > Date: Thursday, June 11, 2009,<BR>> 1:52 AM<BR>> > > > <BR>> > > > Hi Huihong,<BR>> > > > <BR>>
> > > thanks for the report. This bug<BR>> is fixed<BR>> > now and<BR>> > > should appear<BR>> > > > soon in<BR>> > > > the public svn.<BR>> > >
> <BR>> > > > Kind regards,<BR>> > > > Alexander Eichner<BR>> > > > <BR>> > > > Am Donnerstag, den 11.06.2009,<BR>> 09:55 +0200<BR>> >
schrieb<BR>> > > Frank<BR>> > > > Mehnert:<BR>> > > > > Actually the .vhd format is<BR>> less tested<BR>> > than<BR>> > > the .vdi<BR>> > >
> format. Which<BR>> > > > > VBox version are you using?<BR>> > > > > <BR>> > > > > On Thursday 11 June 2009,<BR>> Huihong Luo<BR>> > wrote:<BR>> > > >
> > It seems VHD format is not<BR>> stable as<BR>> > VDI.<BR>> > > VBoxSVC.exe<BR>> > > > pretty much always<BR>> > > > > > crashes when a snapshot is<BR>> being<BR>> > discarded. I am<BR>>
> > running<BR>> > > > an XP guest on<BR>> > > > > > Vista host. The VHD's<BR>> capacity is over<BR>> > 100G. <BR>> > > > > > If you look at the following<BR>> stack,<BR>>
> the crash<BR>> > > was caused<BR>> > > > by<BR>> > > > > > pImage->pszParentFilename is<BR>> NULL<BR>> > inside<BR>> > > > > > static int<BR>>
> vhdDynamicHeaderUpdate(PVHDIMAGE<BR>> > > pImage) in<BR>> > > > VHDHDDCore.cpp<BR>> > > > > > <BR>> > > > > > I used the very recent SVN<BR>> source.<BR>> >
> > > > <BR>> > > > > > //////////<BR>> > > > > > vboxsvc.exe crash stack:<BR>> > > > > > <BR>> > > > > > VBoxRT.dll!<BR>>
RTPathFilename(const char *<BR>> > > pszPath=0x00000000)<BR>> > > > Line 240 C++<BR>> > > > > > VBoxDDU.dll!<BR>> > vhdDynamicHeaderUpdate(VHDIMAGE *<BR>> > > > pImage=0x00000000) Line<BR>>
> > > > > 362 + 0x12 bytes C++<BR>> VBoxDDU.dll!<BR>> > vhdFlush(void *<BR>> > > > pBackendData=0x01c2caf0) <BR>> > > > > > Line 1157 C++ VBoxDDU.dll!<BR>> > vhdClose(void *<BR>> > >
> pBackendData=0x01c2caf0, bool<BR>> > > > > > fDelete=false) Line 880 +<BR>> 0x6 bytes C<BR>> > ++<BR>> > > VBoxDDU.dll!<BR>> > > > VDClose(VBOXHDD *<BR>> > > >
> > pDisk=0x01e0e218, bool<BR>> fDelete=false)<BR>> > Line 2268<BR>> > > C++<BR>> > > > > > VBoxSVC.exe!<BR>> > HardDisk::taskThread(RTTHREADINT *<BR>> > > > thread=0x00000000, void *<BR>> >
> > > > pvUser=0x00e0e2b8) Line<BR>> 4063 + 0xb<BR>> > bytes C++<BR>> > > > > > VBoxSVC.exe!<BR>> HardDisk::Task::runNow()<BR>> > Line 220 C<BR>> > > ++<BR>> > > >
> > VBoxSVC.exe!<BR>> > > HardDisk::mergeTo(HardDisk::MergeChain *<BR>> > > > aChain=0x01c2cfe0,<BR>> > > > > ><BR>> ComObjPtr<Progress,ComStrongRef> *<BR>> > > aProgress=0x01e06fe8,<BR>> > >
> bool aWait=true) <BR>> > > > > > Line 2844 + 0x9 bytes C++<BR>> > > > > > VBoxSVC.exe!<BR>> > > ><BR>> ><BR>> HardDisk::discard(ComObjPtr<Progress,ComStrongRef> &<BR>> > > > >
> aProgress={...},<BR>> HardDisk::MergeChain<BR>> > *<BR>> > > aChain=0x01c2cfe0)<BR>> > > > Line 2248 + 0xe<BR>> > > > > > bytes C++<BR>> > > > > > VBoxSVC.exe!<BR>>
> > ><BR>> > ><BR>> ><BR>> SessionMachine::discardSnapshotHandler(SessionMachine::DiscardS<BR>> > > > > >napshotTask & aTask={...})<BR>> Line 10584<BR>> > C++<BR>> > > > > > VBoxSVC.exe!<BR>>
> ><BR>> SessionMachine::DiscardSnapshotTask::handler()<BR>> > > > Line 8251 + 0x9<BR>> > > > > > bytes C++ VBoxSVC.exe!<BR>> > > ><BR>> SessionMachine::taskHandler(RTTHREADINT *<BR>> > > >
> > __formal=0x01c32108, void *<BR>> > pvUser=0x01e06fe0)<BR>> > > Line 11412<BR>> > > > C++<BR>> > > > > > VBoxRT.dll!<BR>> rtThreadMain(RTTHREADINT *<BR>> > > pThread=0x01c32108,<BR>> >
> > unsigned int<BR>> > > > > > NativeThread=4312, const<BR>> char *<BR>> > > pszThreadName=0x01c32170)<BR>> > > > Line 635 + 0xa<BR>> > > > > > bytes C++ VBoxRT.dll!<BR>>
> rtThreadNativeMain(void *<BR>> > > > pvArgs=0x01c32108) Line 106<BR>> > > > > > + 0xb bytes C++ msvcr80.dll!<BR>> > __endthreadex() +<BR>> > > 0x3b bytes<BR>> > > > >
> msvcr80.dll!<BR>> __endthreadex() + 0xc7<BR>> > bytes <BR>> > > > > > kernel32.dll!<BR>> > @BaseThreadInitThunk@12() + 0x12<BR>> > > bytes <BR>> > > > > > ntdll.dll!<BR>>
___RtlUserThreadStart@8()<BR>> > + 0x27<BR>> > > bytes <BR>> > > > > > ntdll.dll!<BR>> __RtlUserThreadStart@8()<BR>> > + 0x1b<BR>> > > bytes <BR>> > > >
> <BR>> > > > > <BR>> > > > > <BR>> > > > ><BR>> > _______________________________________________<BR>> > > > > vbox-dev mailing list<BR>> >
> > > <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > > > ><BR>> > <A href="http://vbox.innotek.de/mailman/listinfo/vbox-dev" target=_blank>http://vbox.innotek.de/mailman/listinfo/vbox-dev</A><BR>> > > > <BR>> > >
> <BR>> > > ><BR>> > _______________________________________________<BR>> > > > vbox-dev mailing list<BR>> > > > <A href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > >
><BR>> > <A href="http://vbox.innotek.de/mailman/listinfo/vbox-dev" target=_blank>http://vbox.innotek.de/mailman/listinfo/vbox-dev</A><BR>> > > > <BR>> > > ><BR>> _______________________________________________<BR>> > > > vbox-dev mailing list<BR>> > > > <A
href="http://us.mc343.mail.yahoo.com/mc/compose?to=vbox-dev@virtualbox.org" ymailto="mailto:vbox-dev@virtualbox.org">vbox-dev@virtualbox.org</A><BR>> > > ><BR>> <A href="http://vbox.innotek.de/mailman/listinfo/vbox-dev" target=_blank>http://vbox.innotek.de/mailman/listinfo/vbox-dev</A><BR>> > > <BR>> > <BR>> > <BR>> <BR>> <BR><BR></DIV></BLOCKQUOTE></td></tr></table>