[vbox-dev] null pointer in macGuestSize

Ribhi Kamal rbhkamal at gmail.com
Thu Mar 28 00:30:51 GMT 2013 

It seems that UIMachineView::maxGuestSize() continues to execute while some
other thread/process destroys the UIMachineView object. To test this out, I
put in a hack in UIMachineView to basically SpinLock until any existing
maxGuestSize exits. Then it sets a flag using a static variable to prevent
maxGuestSize from using any member variables after the view has been
destroyed. When the view is recreated, the flag is reset.

I've attached is my hack (based on 4.2.10), it works pretty well and seems
to stop the crash. I hope this will help you put in a better fix in the
future.

Just one question, Which process/thread executes maxGuestSize? An EMT
thread?

Cheers!

fyi, There are cases where this hack will not work (in theory) so please
don't use it.


On Sat, Mar 16, 2013 at 4:09 PM, Ribhi Kamal <rbhkamal at gmail.com> wrote:

> Just happened while switching from full screen back to normal view. This
> is something new, only in 4.2, because the virtual machine used to crash
> only while closing it so it wasn't a big deal. I'll open a bug once I
> reproduce it with the released binaries... don't wait.
>
> Meanwhile, please let me know if you need any additional
> information/testing.
>
> Thanks,
> Ribhi
>
>
>
> On Fri, Mar 15, 2013 at 8:26 PM, Ribhi Kamal <rbhkamal at gmail.com> wrote:
>
>> "Unfortunately, I can't find the log files"
>>
>> Obviously that is not true, I uploaded the logs to my dropbox
>>
>>
>> On Fri, Mar 15, 2013 at 8:25 PM, Ribhi Kamal <rbhkamal at gmail.com> wrote:
>>
>>> I've been seeing a crash when closing VirtualBox.exe that is almost
>>> never reproducible. Few days ago I managed to get a crash dump and ran the
>>> analysis, see below. At the time of the crash, I was closing the virtual
>>> machine after it had been running for ~24 hours. Unfortunately, I can't
>>> find the log files
>>>
>>> I'm using the following:
>>> VirtualBox 4.2.8 (Cross compiled with VS2010-SP1 on windows 7 64bit,
>>> Target Host = x86)
>>> Host Win7 32bit
>>> Guest Linux 2.6 32bit
>>> Build Type: Release
>>>
>>> Please let me know if you have any questions.
>>>
>>> Thanks,
>>> Ribhi
>>>
>>> Log files:
>>> Successful: https://www.dropbox.com/s/xrvcr8sud4z63ia/Success.log
>>> Crash: https://www.dropbox.com/s/p5pslbt3sl9cpeo/Crash.log
>>>
>>>
>>> 0:000> !analyze -v -f
>>> *******************************************************************************
>>>
>>> *
>>> *
>>> *                        Exception
>>> Analysis                                   *
>>> *
>>> *
>>> *******************************************************************************
>>>
>>>
>>> GetPageUrlData failed, server returned HTTP status 404
>>> URL requested:
>>> http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>>>
>>> FAULTING_IP:
>>> VirtualBox!UIMachineView::maxGuestSize+18
>>> [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
>>> @ 702]
>>> *0145ed68 f00fc70f        lock cmpxchg8b qword ptr [edi] *
>>>
>>> EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
>>> ExceptionAddress: 00000000
>>>    ExceptionCode: 80000003 (Break instruction exception)
>>>   ExceptionFlags: 00000000
>>> NumberParameters: 0
>>>
>>> FAULTING_THREAD:  00000ef4
>>>
>>> DEFAULT_BUCKET_ID:  STATUS_BREAKPOINT
>>>
>>> PROCESS_NAME:  VirtualBox.exe
>>>
>>> ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A
>>> breakpoint has been reached.
>>>
>>> EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more
>>> arguments are invalid
>>>
>>> MOD_LIST: <ANALYSIS/>
>>>
>>> NTGLOBALFLAG:  0
>>>
>>> APPLICATION_VERIFIER_FLAGS:  0
>>>
>>> ADDITIONAL_DEBUG_TEXT:  Followup set based on attribute
>>> [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
>>>
>>> LAST_CONTROL_TRANSFER:  from 0143bea0 to 0145ed68
>>>
>>> PRIMARY_PROBLEM_CLASS:  STATUS_BREAKPOINT
>>>
>>> BUGCHECK_STR:  APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ
>>>
>>> STACK_TEXT:
>>> 03a3ca98 0145ed68 virtualbox!UIMachineView::maxGuestSize+0x18
>>> 03a3cab0 0143bea0 virtualbox!UIFrameBuffer::VideoModeSupported+0x30
>>> 03a3cac8 6927c724 vboxc!vmmdevVideoModeSupported+0x74
>>> 03a3caec 690b4edc vboxdd!vmmdevRequestHandler+0xecc
>>> 03a3fb5c 72f198d1 vboxvmm!IOMIOPortWrite+0x91
>>> 03a3fb84 72f0891f vboxvmm!HWACCMR3RestartPendingIOInstr+0xcf
>>> 03a3fba4 72ea303c vboxvmm!emR3ExecuteIOInstruction+0x1c
>>> 03a3fc78 72ea3589 vboxvmm!emR3HwaccmHandleRC+0x189
>>> 03a3fc8c 72ea3788 vboxvmm!emR3HwAccExecute+0x168
>>> 03a3fcb0 72ea0d84 vboxvmm!EMR3ExecuteVM+0x274
>>> 03a3fcd8 72efb2aa vboxvmm!vmR3EmulationThreadWithId+0x45a
>>> 03a3fcf8 72efb2f4 vboxvmm!vmR3EmulationThread+0x14
>>> 03a3fd0c 69ca1523 vboxrt!rtThreadMain+0x33
>>> 03a3fd38 69ce539b vboxrt!rtThreadNativeMain+0x6b
>>> 03a3fd58 6bb6c556 msvcr100!_endthreadex+0x3f
>>> 03a3fd90 6bb6c600 msvcr100!_endthreadex+0xce
>>> 03a3fd9c 76b4ed6c kernel32!BaseThreadInitThunk+0xe
>>> 03a3fda8 7722377b ntdll!__RtlUserThreadStart+0x70
>>> 03a3fde8 7722374e ntdll!_RtlUserThreadStart+0x1b
>>>
>>>
>>> STACK_COMMAND:  .cxr 0000000003A3C7B4 ; kb ; dds 3a3ca98 ; kb
>>>
>>> FOLLOWUP_IP:
>>> VirtualBox!UIMachineView::maxGuestSize+0
>>> [c:\vboxbuild\virtualbox\4.2.8\src\src\vbox\frontends\virtualbox\src\runtime\uimachineview.cpp
>>> @ 701]
>>> 0145ed50 83ec0c          sub     esp,0Ch
>>>
>>> FAULTING_SOURCE_CODE:
>>>    697:                       RT_MAKE_U64(maxSize.height(),
>>> maxSize.width()));
>>>    698: }
>>>    699:
>>>    700: QSize UIMachineView::maxGuestSize()
>>> >  701: {
>>>    702:     uint64_t u64Size = ASMAtomicReadU64(&m_u64MaxGuestSize);
>>>    703:     return QSize(int(RT_HI_U32(u64Size)),
>>> int(RT_LO_U32(u64Size)));
>>>    704: }
>>>    705:
>>>    706: QSize UIMachineView::guestSizeHint()
>>>
>>>
>>> SYMBOL_NAME:  virtualbox!UIMachineView::maxGuestSize+0
>>>
>>> FOLLOWUP_NAME:  MachineOwner
>>>
>>> MODULE_NAME: VirtualBox
>>>
>>> IMAGE_NAME:  VirtualBox.exe
>>>
>>> DEBUG_FLR_IMAGE_TIMESTAMP:  51420e3b
>>>
>>> FAILURE_BUCKET_ID:
>>> STATUS_BREAKPOINT_80000003_VirtualBox.exe!UIMachineView::maxGuestSize
>>>
>>> BUCKET_ID:
>>> APPLICATION_FAULT_STATUS_BREAKPOINT_NULL_POINTER_READ_virtualbox!UIMachineView::maxGuestSize+0
>>>
>>>
>>> WATSON_STAGEONE_URL:
>>> http://watson.microsoft.com/StageOne/VirtualBox_exe/4_2_8_0/51420e3b/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
>>>
>>> Followup: MachineOwner
>>> ---------
>>>
>>> --
>>> -- Ribhi
>>>
>>
>>
>>
>> --
>> -- Ribhi
>>
>
>
>
> --
> -- Ribhi
>



-- 
-- Ribhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20130327/f7402a50/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fixed-crash-when-entering-leaving-fullscreen.patch
Type: application/octet-stream
Size: 3070 bytes
Desc: not available
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20130327/f7402a50/attachment.obj>

More information about the vbox-dev mailing list