[vbox-dev] vhd format not stable?
Huihong Luo
huisinro at yahoo.com
Fri Jun 19 17:25:34 GMT 2009
Alexander,
I tested it again, but it still crashed.
I think I now found the cause, it's quite delicate, but you should be able to fix it right away.
a8bd6ffd ff ff ff ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
The above is the bitmap when crashed. You can see the beginnig there are only 3 bytes are valid, the 4th byte will cause crash.
But when you call
ASMBitTest(const volatile void *pvBitmap, int32_t iBit)
it will the 1st 4-byte int, thus caused the crash.
The easiest fix is to allocate 8 byte length more for the bitmap, and zero fill them, that will definitely solve the issue. You can also change ASMBitTest method impl.
- Huihong
--- On Thu, 6/18/09, Alexander Eichner <Alexander.Eichner at Sun.COM> wrote:
From: Alexander Eichner <Alexander.Eichner at Sun.COM>
Subject: Re: [vbox-dev] vhd format not stable?
To: "Huihong Luo" <huisinro at yahoo.com>
Cc: vbox-dev at virtualbox.org
Date: Thursday, June 18, 2009, 10:55 AM
Hi Huihong,
quite strange that it still happens for you.
Before the fix the code was clearly reading/writing
beyond the block bitmap and I could reproduce the issue though it didn't
crashed here but some assertions triggered after I added them.
With the patch applied I'm unable to reproduce this issue any longer.
Another strange thing is that it doesn't occurs immediately but that it
needs quite a lot of tries to reproduce it.
Will investigate this further. I committed the patch nevertheless
because it fixes the bug for me at least.
Kind regards,
Alexander Eichner
Am Montag, den 15.06.2009, 12:57 -0700 schrieb Huihong Luo:
> Hi Alex,
>
> The problem seems to be array boundary issue. The bitmap array is
> 0x200 in size, but that routine goes to read 0x204. Something wrong
> with bitmap array len calculation?
>
> The vhd is created from Windows XP SP3.
>
> I am using the code to do a virtual disk driver, so the function is
> invoked from kernel mode, which caused the whole system crash. On user
> mode, even if it goes out of array boundary, it won't probably crash.
>
> I need to mount/dismount the vhd about 200 times to get this error.
>
> VDI format has no issues even after 1000 times.
>
> Huihong
>
> --- On Mon, 6/15/09, Alexander Eichner <Alexander.Eichner at Sun.COM>
> wrote:
>
>
> From: Alexander Eichner <Alexander.Eichner at Sun.COM>
> Subject: Re: [vbox-dev] vhd format not stable?
> To: huisinro at yahoo.com
> Cc: vbox-dev at virtualbox.org
> Date: Monday, June 15, 2009, 12:46 PM
>
> Hmm same offset again.
> Is it possible to get the image somehow and instructions what
> you did to
> reproduce it?
>
> Regards,
> Alexander Eichner
>
> Am Montag, den 15.06.2009, 12:41 -0700 schrieb
> huisinro at yahoo.com:
> > Alex,
> >
> > After longer testing, the crash still occured, same values
> for those
> > params from the debugger.
> >
> > vmlitediskmp!vhdRead(void * pBackendData = 0x86f80350,
> unsigned int64
> > uOffset = 0xf`df9fce00, void * pvBuf = 0xd06a6000, unsigned
> int cbRead
> > = 0x1000, unsigned int * pcbActuallyRead = 0x8e22299c)+0x292
> (FPO:
> > [Non-Fpo]) (CONV: cdecl)
> >
> >
> >
> > --- On Mon, 6/15/09, Alexander Eichner
> <Alexander.Eichner at Sun.COM>
> > wrote:
> >
> >
> > From: Alexander Eichner <Alexander.Eichner at Sun.COM>
> > Subject: Re: [vbox-dev] vhd format not stable?
> > To: "Huihong Luo" <huisinro at yahoo.com>
> > Cc: vbox-dev at virtualbox.org
> > Date: Monday, June 15, 2009, 12:05 PM
> >
> > Great I will commit the fix if your tests are
> successful.
> >
> > The fix for the other crash you reported is already
> committed
> > and
> > visible in the public svn.
> >
> > Regards,
> > Alexander Eichner
> >
> > Am Montag, den 15.06.2009, 11:55 -0700 schrieb
> Huihong Luo:
> > > Alex,
> > >
> > > Thanks for your immediate response and fixes. I am
> running
> > the tests
> > > now, so far so good.
> > >
> > > By the way, does the latest svn contain the fix to
> the bug
> > (crash on
> > > vhd snapshot discarding) I reported a few days
> ago?
> > >
> > > - Huihong
> > >
> > > --- On Mon, 6/15/09, Alexander Eichner
> > <Alexander.Eichner at Sun.COM>
> > > wrote:
> > >
> > >
> > > From: Alexander Eichner
> <Alexander.Eichner at Sun.COM>
> > > Subject: Re: [vbox-dev] vhd format not
> stable?
> > > To: "Huihong Luo" <huisinro at yahoo.com>
> > > Cc: vbox-dev at virtualbox.org
> > > Date: Monday, June 15, 2009, 11:09 AM
> > >
> > > Hi Huihong,
> > >
> > > I attached a patch which I think fixes the
> crash.
> > > If it is possible please apply it and
> verify that
> > this fixes
> > > the crash.
> > > Thanks a lot!
> > >
> > > Kind regards,
> > > Alexander Eichner
> > >
> > > Am Donnerstag, den 11.06.2009, 08:05 -0700
> schrieb
> > Huihong
> > > Luo:
> > > > Alex,
> > > >
> > > > No problem, and thanks for the quick
> fix.
> > > >
> > > > There might be more bugs, I will keep
> testing.
> > > >
> > > > Some times, the error occurs some other
> places, an
> > error
> > > message
> > > > something like "there are 5993 child
> disks", the
> > number is
> > > kind of
> > > > random. When this error occurs, the
> whole disk
> > become
> > > inaccessible,
> > > > and I have to recreate the whole vm.
> > > >
> > > > Huihong
> > > >
> > > > --- On Thu, 6/11/09, Alexander Eichner
> > > <Alexander.Eichner at Sun.COM>
> > > > wrote:
> > > >
> > > >
> > > > From: Alexander Eichner
> > <Alexander.Eichner at Sun.COM>
> > > > Subject: Re: [vbox-dev] vhd
> format not
> > stable?
> > > > To: vbox-dev at virtualbox.org
> > > > Date: Thursday, June 11, 2009,
> 1:52 AM
> > > >
> > > > Hi Huihong,
> > > >
> > > > thanks for the report. This bug
> is fixed
> > now and
> > > should appear
> > > > soon in
> > > > the public svn.
> > > >
> > > > Kind regards,
> > > > Alexander Eichner
> > > >
> > > > Am Donnerstag, den 11.06.2009,
> 09:55 +0200
> > schrieb
> > > Frank
> > > > Mehnert:
> > > > > Actually the .vhd format is
> less tested
> > than
> > > the .vdi
> > > > format. Which
> > > > > VBox version are you using?
> > > > >
> > > > > On Thursday 11 June 2009,
> Huihong Luo
> > wrote:
> > > > > > It seems VHD format is not
> stable as
> > VDI.
> > > VBoxSVC.exe
> > > > pretty much always
> > > > > > crashes when a snapshot is
> being
> > discarded. I am
> > > running
> > > > an XP guest on
> > > > > > Vista host. The VHD's
> capacity is over
> > 100G.
> > > > > > If you look at the following
> stack,
> > the crash
> > > was caused
> > > > by
> > > > > > pImage->pszParentFilename is
> NULL
> > inside
> > > > > > static int
> > vhdDynamicHeaderUpdate(PVHDIMAGE
> > > pImage) in
> > > > VHDHDDCore.cpp
> > > > > >
> > > > > > I used the very recent SVN
> source.
> > > > > >
> > > > > > //////////
> > > > > > vboxsvc.exe crash stack:
> > > > > >
> > > > > > VBoxRT.dll!
> RTPathFilename(const char *
> > > pszPath=0x00000000)
> > > > Line 240 C++
> > > > > > VBoxDDU.dll!
> > vhdDynamicHeaderUpdate(VHDIMAGE *
> > > > pImage=0x00000000) Line
> > > > > > 362 + 0x12 bytes C++
> VBoxDDU.dll!
> > vhdFlush(void *
> > > > pBackendData=0x01c2caf0)
> > > > > > Line 1157 C++ VBoxDDU.dll!
> > vhdClose(void *
> > > > pBackendData=0x01c2caf0, bool
> > > > > > fDelete=false) Line 880 +
> 0x6 bytes C
> > ++
> > > VBoxDDU.dll!
> > > > VDClose(VBOXHDD *
> > > > > > pDisk=0x01e0e218, bool
> fDelete=false)
> > Line 2268
> > > C++
> > > > > > VBoxSVC.exe!
> > HardDisk::taskThread(RTTHREADINT *
> > > > thread=0x00000000, void *
> > > > > > pvUser=0x00e0e2b8) Line
> 4063 + 0xb
> > bytes C++
> > > > > > VBoxSVC.exe!
> HardDisk::Task::runNow()
> > Line 220 C
> > > ++
> > > > > > VBoxSVC.exe!
> > > HardDisk::mergeTo(HardDisk::MergeChain *
> > > > aChain=0x01c2cfe0,
> > > > > >
> ComObjPtr<Progress,ComStrongRef> *
> > > aProgress=0x01e06fe8,
> > > > bool aWait=true)
> > > > > > Line 2844 + 0x9 bytes C++
> > > > > > VBoxSVC.exe!
> > > >
> >
> HardDisk::discard(ComObjPtr<Progress,ComStrongRef> &
> > > > > > aProgress={...},
> HardDisk::MergeChain
> > *
> > > aChain=0x01c2cfe0)
> > > > Line 2248 + 0xe
> > > > > > bytes C++
> > > > > > VBoxSVC.exe!
> > > >
> > >
> >
> SessionMachine::discardSnapshotHandler(SessionMachine::DiscardS
> > > > > >napshotTask & aTask={...})
> Line 10584
> > C++
> > > > > > VBoxSVC.exe!
> > >
> SessionMachine::DiscardSnapshotTask::handler()
> > > > Line 8251 + 0x9
> > > > > > bytes C++ VBoxSVC.exe!
> > > >
> SessionMachine::taskHandler(RTTHREADINT *
> > > > > > __formal=0x01c32108, void *
> > pvUser=0x01e06fe0)
> > > Line 11412
> > > > C++
> > > > > > VBoxRT.dll!
> rtThreadMain(RTTHREADINT *
> > > pThread=0x01c32108,
> > > > unsigned int
> > > > > > NativeThread=4312, const
> char *
> > > pszThreadName=0x01c32170)
> > > > Line 635 + 0xa
> > > > > > bytes C++ VBoxRT.dll!
> > rtThreadNativeMain(void *
> > > > pvArgs=0x01c32108) Line 106
> > > > > > + 0xb bytes C++ msvcr80.dll!
> > __endthreadex() +
> > > 0x3b bytes
> > > > > > msvcr80.dll!
> __endthreadex() + 0xc7
> > bytes
> > > > > > kernel32.dll!
> > @BaseThreadInitThunk at 12() + 0x12
> > > bytes
> > > > > > ntdll.dll!
> ___RtlUserThreadStart at 8()
> > + 0x27
> > > bytes
> > > > > > ntdll.dll!
> __RtlUserThreadStart at 8()
> > + 0x1b
> > > bytes
> > > > >
> > > > >
> > > > >
> > > > >
> > _______________________________________________
> > > > > vbox-dev mailing list
> > > > > vbox-dev at virtualbox.org
> > > > >
> > http://vbox.innotek.de/mailman/listinfo/vbox-dev
> > > >
> > > >
> > > >
> > _______________________________________________
> > > > vbox-dev mailing list
> > > > vbox-dev at virtualbox.org
> > > >
> > http://vbox.innotek.de/mailman/listinfo/vbox-dev
> > > >
> > > >
> _______________________________________________
> > > > vbox-dev mailing list
> > > > vbox-dev at virtualbox.org
> > > >
> http://vbox.innotek.de/mailman/listinfo/vbox-dev
> > >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20090619/e2a832cf/attachment.html>
More information about the vbox-dev
mailing list