[vbox-dev] vhd format not stable?
Huihong Luo
huisinro at yahoo.com
Mon Jun 15 19:57:09 GMT 2009
Hi Alex,
The problem seems to be array boundary issue. The bitmap array is 0x200 in size, but that routine goes to read 0x204. Something wrong with bitmap array len calculation?
The vhd is created from Windows XP SP3.
I am using the code to do a virtual disk driver, so the function is invoked from kernel mode, which caused the whole system crash. On user mode, even if it goes out of array boundary, it won't probably crash.
I need to mount/dismount the vhd about 200 times to get this error.
VDI format has no issues even after 1000 times.
Huihong
--- On Mon, 6/15/09, Alexander Eichner <Alexander.Eichner at Sun.COM> wrote:
From: Alexander Eichner <Alexander.Eichner at Sun.COM>
Subject: Re: [vbox-dev] vhd format not stable?
To: huisinro at yahoo.com
Cc: vbox-dev at virtualbox.org
Date: Monday, June 15, 2009, 12:46 PM
Hmm same offset again.
Is it possible to get the image somehow and instructions what you did to
reproduce it?
Regards,
Alexander Eichner
Am Montag, den 15.06.2009, 12:41 -0700 schrieb huisinro at yahoo.com:
> Alex,
>
> After longer testing, the crash still occured, same values for those
> params from the debugger.
>
> vmlitediskmp!vhdRead(void * pBackendData = 0x86f80350, unsigned int64
> uOffset = 0xf`df9fce00, void * pvBuf = 0xd06a6000, unsigned int cbRead
> = 0x1000, unsigned int * pcbActuallyRead = 0x8e22299c)+0x292 (FPO:
> [Non-Fpo]) (CONV: cdecl)
>
>
>
> --- On Mon, 6/15/09, Alexander Eichner <Alexander.Eichner at Sun.COM>
> wrote:
>
>
> From: Alexander Eichner <Alexander.Eichner at Sun.COM>
> Subject: Re: [vbox-dev] vhd format not stable?
> To: "Huihong Luo" <huisinro at yahoo.com>
> Cc: vbox-dev at virtualbox.org
> Date: Monday, June 15, 2009, 12:05 PM
>
> Great I will commit the fix if your tests are successful.
>
> The fix for the other crash you reported is already committed
> and
> visible in the public svn.
>
> Regards,
> Alexander Eichner
>
> Am Montag, den 15.06.2009, 11:55 -0700 schrieb Huihong Luo:
> > Alex,
> >
> > Thanks for your immediate response and fixes. I am running
> the tests
> > now, so far so good.
> >
> > By the way, does the latest svn contain the fix to the bug
> (crash on
> > vhd snapshot discarding) I reported a few days ago?
> >
> > - Huihong
> >
> > --- On Mon, 6/15/09, Alexander Eichner
> <Alexander.Eichner at Sun.COM>
> > wrote:
> >
> >
> > From: Alexander Eichner <Alexander.Eichner at Sun.COM>
> > Subject: Re: [vbox-dev] vhd format not stable?
> > To: "Huihong Luo" <huisinro at yahoo.com>
> > Cc: vbox-dev at virtualbox.org
> > Date: Monday, June 15, 2009, 11:09 AM
> >
> > Hi Huihong,
> >
> > I attached a patch which I think fixes the crash.
> > If it is possible please apply it and verify that
> this fixes
> > the crash.
> > Thanks a lot!
> >
> > Kind regards,
> > Alexander Eichner
> >
> > Am Donnerstag, den 11.06.2009, 08:05 -0700 schrieb
> Huihong
> > Luo:
> > > Alex,
> > >
> > > No problem, and thanks for the quick fix.
> > >
> > > There might be more bugs, I will keep testing.
> > >
> > > Some times, the error occurs some other places, an
> error
> > message
> > > something like "there are 5993 child disks", the
> number is
> > kind of
> > > random. When this error occurs, the whole disk
> become
> > inaccessible,
> > > and I have to recreate the whole vm.
> > >
> > > Huihong
> > >
> > > --- On Thu, 6/11/09, Alexander Eichner
> > <Alexander.Eichner at Sun.COM>
> > > wrote:
> > >
> > >
> > > From: Alexander Eichner
> <Alexander.Eichner at Sun.COM>
> > > Subject: Re: [vbox-dev] vhd format not
> stable?
> > > To: vbox-dev at virtualbox.org
> > > Date: Thursday, June 11, 2009, 1:52 AM
> > >
> > > Hi Huihong,
> > >
> > > thanks for the report. This bug is fixed
> now and
> > should appear
> > > soon in
> > > the public svn.
> > >
> > > Kind regards,
> > > Alexander Eichner
> > >
> > > Am Donnerstag, den 11.06.2009, 09:55 +0200
> schrieb
> > Frank
> > > Mehnert:
> > > > Actually the .vhd format is less tested
> than
> > the .vdi
> > > format. Which
> > > > VBox version are you using?
> > > >
> > > > On Thursday 11 June 2009, Huihong Luo
> wrote:
> > > > > It seems VHD format is not stable as
> VDI.
> > VBoxSVC.exe
> > > pretty much always
> > > > > crashes when a snapshot is being
> discarded. I am
> > running
> > > an XP guest on
> > > > > Vista host. The VHD's capacity is over
> 100G.
> > > > > If you look at the following stack,
> the crash
> > was caused
> > > by
> > > > > pImage->pszParentFilename is NULL
> inside
> > > > > static int
> vhdDynamicHeaderUpdate(PVHDIMAGE
> > pImage) in
> > > VHDHDDCore.cpp
> > > > >
> > > > > I used the very recent SVN source.
> > > > >
> > > > > //////////
> > > > > vboxsvc.exe crash stack:
> > > > >
> > > > > VBoxRT.dll!RTPathFilename(const char *
> > pszPath=0x00000000)
> > > Line 240 C++
> > > > > VBoxDDU.dll!
> vhdDynamicHeaderUpdate(VHDIMAGE *
> > > pImage=0x00000000) Line
> > > > > 362 + 0x12 bytes C++ VBoxDDU.dll!
> vhdFlush(void *
> > > pBackendData=0x01c2caf0)
> > > > > Line 1157 C++ VBoxDDU.dll!
> vhdClose(void *
> > > pBackendData=0x01c2caf0, bool
> > > > > fDelete=false) Line 880 + 0x6 bytes C
> ++
> > VBoxDDU.dll!
> > > VDClose(VBOXHDD *
> > > > > pDisk=0x01e0e218, bool fDelete=false)
> Line 2268
> > C++
> > > > > VBoxSVC.exe!
> HardDisk::taskThread(RTTHREADINT *
> > > thread=0x00000000, void *
> > > > > pvUser=0x00e0e2b8) Line 4063 + 0xb
> bytes C++
> > > > > VBoxSVC.exe!HardDisk::Task::runNow()
> Line 220 C
> > ++
> > > > > VBoxSVC.exe!
> > HardDisk::mergeTo(HardDisk::MergeChain *
> > > aChain=0x01c2cfe0,
> > > > > ComObjPtr<Progress,ComStrongRef> *
> > aProgress=0x01e06fe8,
> > > bool aWait=true)
> > > > > Line 2844 + 0x9 bytes C++
> > > > > VBoxSVC.exe!
> > >
> HardDisk::discard(ComObjPtr<Progress,ComStrongRef> &
> > > > > aProgress={...}, HardDisk::MergeChain
> *
> > aChain=0x01c2cfe0)
> > > Line 2248 + 0xe
> > > > > bytes C++
> > > > > VBoxSVC.exe!
> > >
> >
> SessionMachine::discardSnapshotHandler(SessionMachine::DiscardS
> > > > >napshotTask & aTask={...}) Line 10584
> C++
> > > > > VBoxSVC.exe!
> > SessionMachine::DiscardSnapshotTask::handler()
> > > Line 8251 + 0x9
> > > > > bytes C++ VBoxSVC.exe!
> > > SessionMachine::taskHandler(RTTHREADINT *
> > > > > __formal=0x01c32108, void *
> pvUser=0x01e06fe0)
> > Line 11412
> > > C++
> > > > > VBoxRT.dll!rtThreadMain(RTTHREADINT *
> > pThread=0x01c32108,
> > > unsigned int
> > > > > NativeThread=4312, const char *
> > pszThreadName=0x01c32170)
> > > Line 635 + 0xa
> > > > > bytes C++ VBoxRT.dll!
> rtThreadNativeMain(void *
> > > pvArgs=0x01c32108) Line 106
> > > > > + 0xb bytes C++ msvcr80.dll!
> __endthreadex() +
> > 0x3b bytes
> > > > > msvcr80.dll!__endthreadex() + 0xc7
> bytes
> > > > > kernel32.dll!
> @BaseThreadInitThunk at 12() + 0x12
> > bytes
> > > > > ntdll.dll!___RtlUserThreadStart at 8()
> + 0x27
> > bytes
> > > > > ntdll.dll!__RtlUserThreadStart at 8()
> + 0x1b
> > bytes
> > > >
> > > >
> > > >
> > > >
> _______________________________________________
> > > > vbox-dev mailing list
> > > > vbox-dev at virtualbox.org
> > > >
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
> > >
> > >
> > >
> _______________________________________________
> > > vbox-dev mailing list
> > > vbox-dev at virtualbox.org
> > >
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
> > >
> > > _______________________________________________
> > > vbox-dev mailing list
> > > vbox-dev at virtualbox.org
> > > http://vbox.innotek.de/mailman/listinfo/vbox-dev
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20090615/c2d7f9c3/attachment.html>
More information about the vbox-dev
mailing list