[vbox-dev] null pointer in macGuestSize

Michael Thayer michael.thayer at oracle.com
Thu Apr 11 11:02:18 PDT 2013


Hello Ribhi,

Thank you for your patch and for the effort you spent tracking this down 
(and sorry for my slow answer).  I will indeed not apply your patch as 
it is though, as I would prefer to go slightly deeper and catch the 
problem at source (and I think that a couple of other places might be at 
risk too).

Regards,

Michael

On 28/03/13 01:30, Ribhi Kamal wrote:
> It seems that UIMachineView::maxGuestSize() continues to execute while
> some other thread/process destroys the UIMachineView object. To test
> this out, I put in a hack in UIMachineView to basically SpinLock until
> any existing maxGuestSize exits. Then it sets a flag using a static
> variable to prevent maxGuestSize from using any member variables after
> the view has been destroyed. When the view is recreated, the flag is reset.
>
> I've attached is my hack (based on 4.2.10), it works pretty well and
> seems to stop the crash. I hope this will help you put in a better fix
> in the future.
>
> Just one question, Which process/thread executes maxGuestSize? An EMT
> thread?
>
> Cheers!
>
> fyi, There are cases where this hack will not work (in theory) so please
> don't use it.
>
>
> On Sat, Mar 16, 2013 at 4:09 PM, Ribhi Kamal <rbhkamal at gmail.com
> <mailto:rbhkamal at gmail.com>> wrote:
>
>     Just happened while switching from full screen back to normal view.
>     This is something new, only in 4.2, because the virtual machine used
>     to crash only while closing it so it wasn't a big deal. I'll open a
>     bug once I reproduce it with the released binaries... don't wait.
>
>     Meanwhile, please let me know if you need any additional
>     information/testing.
>
>     Thanks,
>     Ribhi
>
>
>
>     On Fri, Mar 15, 2013 at 8:26 PM, Ribhi Kamal <rbhkamal at gmail.com
>     <mailto:rbhkamal at gmail.com>> wrote:
>
>         "Unfortunately, I can't find the log files"
>
>         Obviously that is not true, I uploaded the logs to my dropbox
>
>
>         On Fri, Mar 15, 2013 at 8:25 PM, Ribhi Kamal <rbhkamal at gmail.com
>         <mailto:rbhkamal at gmail.com>> wrote:
>
>             I've been seeing a crash when closing VirtualBox.exe that is
>             almost never reproducible. Few days ago I managed to get a
>             crash dump and ran the analysis, see below. At the time of
>             the crash, I was closing the virtual machine after it had
>             been running for ~24 hours. Unfortunately, I can't find the
>             log files
>
>             I'm using the following:
>             VirtualBox 4.2.8 (Cross compiled with VS2010-SP1 on windows
>             7 64bit, Target Host = x86)
>             Host Win7 32bit
>             Guest Linux 2.6 32bit
>             Build Type: Release
>
>             Please let me know if you have any questions.
>
>             Thanks,
>             Ribhi
>
>             Log files:
>             Successful:
>             https://www.dropbox.com/s/xrvcr8sud4z63ia/Success.log
>             Crash: https://www.dropbox.com/s/p5pslbt3sl9cpeo/Crash.log
>
>
>             0:000> !analyze -v -f
>             *******************************************************************************
>
>             *
>             *
>             *                        Exception
>             Analysis                                   *
>             *
>             *
>             *******************************************************************************
>
>
>             GetPageUrlData failed, server returned HTTP status 404
>             URL requested:
>             http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>
>
>             FAULTING_IP:
>             VirtualBox!UIMachineView::maxGuestSize+18
>             [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
>             @ 702]
>             *0145ed68 f00fc70f        lock cmpxchg8b qword ptr [edi] *
>
>             EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
>             ExceptionAddress: 00000000
>                 ExceptionCode: 80000003 (Break instruction exception)
>                ExceptionFlags: 00000000
>             NumberParameters: 0
>
>             FAULTING_THREAD:  00000ef4
>
>             DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT
>
>             PROCESS_NAME:  VirtualBox.exe
>
>             ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint
>             A breakpoint has been reached.
>
>             EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651
>             <tel:%282147483651>) - One or more arguments are invalid
>
>             MOD_LIST: <ANALYSIS/>
>
>             NTGLOBALFLAG:  0
>
>             APPLICATION_VERIFIER_FLAGS:  0
>
>             ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute
>             [Is_ChosenCrashFollowupThread] from Frame:[0] on
>             thread:[PSEUDO_THREAD]
>
>             LAST_CONTROL_TRANSFER:  from 0143bea0 to 0145ed68
>
>             PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT
>
>             BUGCHECK_STR:
>             APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ
>
>             STACK_TEXT:
>             03a3ca98 0145ed68 virtualbox!UIMachineView::maxGuestSize+0x18
>             03a3cab0 0143bea0
>             virtualbox!UIFrameBuffer::VideoModeSupported+0x30
>             03a3cac8 6927c724 vboxc!vmmdevVideoModeSupported+0x74
>             03a3caec 690b4edc vboxdd!vmmdevRequestHandler+0xecc
>             03a3fb5c 72f198d1 vboxvmm!IOMIOPortWrite+0x91
>             03a3fb84 72f0891f vboxvmm!HWACCMR3RestartPendingIOInstr+0xcf
>             03a3fba4 72ea303c vboxvmm!emR3ExecuteIOInstruction+0x1c
>             03a3fc78 72ea3589 vboxvmm!emR3HwaccmHandleRC+0x189
>             03a3fc8c 72ea3788 vboxvmm!emR3HwAccExecute+0x168
>             03a3fcb0 72ea0d84 vboxvmm!EMR3ExecuteVM+0x274
>             03a3fcd8 72efb2aa vboxvmm!vmR3EmulationThreadWithId+0x45a
>             03a3fcf8 72efb2f4 vboxvmm!vmR3EmulationThread+0x14
>             03a3fd0c 69ca1523 vboxrt!rtThreadMain+0x33
>             03a3fd38 69ce539b vboxrt!rtThreadNativeMain+0x6b
>             03a3fd58 6bb6c556 msvcr100!_endthreadex+0x3f
>             03a3fd90 6bb6c600 msvcr100!_endthreadex+0xce
>             03a3fd9c 76b4ed6c kernel32!BaseThreadInitThunk+0xe
>             03a3fda8 7722377b ntdll!__RtlUserThreadStart+0x70
>             03a3fde8 7722374e ntdll!_RtlUserThreadStart+0x1b
>
>
>             STACK_COMMAND:  .cxr 0000000003A3C7B4 ; kb ; dds 3a3ca98 ; kb
>
>             FOLLOWUP_IP:
>             VirtualBox!UIMachineView::maxGuestSize+0
>             [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
>             @ 701]
>             0145ed50 83ec0c          sub     esp,0Ch
>
>             FAULTING_SOURCE_CODE:
>                 697:                       RT_MAKE_U64(maxSize.height(),
>             maxSize.width()));
>                 698: }
>                 699:
>                 700: QSize UIMachineView::maxGuestSize()
>              >  701: {
>                 702:     uint64_t u64Size =
>             ASMAtomicReadU64(&m_u64MaxGuestSize);
>                 703:     return QSize(int(RT_HI_U32(u64Size)),
>             int(RT_LO_U32(u64Size)));
>                 704: }
>                 705:
>                 706: QSize UIMachineView::guestSizeHint()
>
>
>             SYMBOL_NAME:  virtualbox!UIMachineView::maxGuestSize+0
>
>             FOLLOWUP_NAME:  MachineOwner
>
>             MODULE_NAME: VirtualBox
>
>             IMAGE_NAME:  VirtualBox.exe
>
>             DEBUG_FLR_IMAGE_TIMESTAMP:  51420e3b
>
>             FAILURE_BUCKET_ID:
>             STATUS_BREAKPOINT_80000003_VirtualBox.exe!UIMachineView::maxGuestSize
>
>
>             BUCKET_ID:
>             APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ_virtualbox!UIMachineView::maxGuestSize+0
>
>
>             WATSON_STAGEONE_URL:
>             http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>
>
>             Followup: MachineOwner
>             ---------
>
>             --
>             -- Ribhi
>
>
>
>
>         --
>         -- Ribhi
>
>
>
>
>     --
>     -- Ribhi
>
>
>
>
> --
> -- Ribhi
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>


-- 
ORACLE Deutschland B.V. & Co. KG   Michael Thayer
Werkstrasse 24                     VirtualBox engineering
71384 Weinstadt, Germany           mailto:michael.thayer at oracle.com

Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Geschäftsführer: Jürgen Kunz

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher



More information about the vbox-dev mailing list