Opened 15 years ago
Closed 14 years ago
#6443 closed defect (fixed)
VM crash when attempting to force shutdown (not ACPI shutdown) the VM -> Fixed in SVN
Reported by: | Mihai Hanor | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox 3.2.10 |
Keywords: | Cc: | ||
Guest type: | Windows | Host type: | Windows |
Description
VB 3.1.6 crashes when trying to force a shutdown (not an ACPI shutdown) on the active VM, by accessing the close (X) button of the VM window
I've tested Windows XP SP3 32 bit and Windows 7 32 bit as guests, by closing them during the boot process or even at the boot menu countdown. VT-X is enabled.
The host is running XP SP3 32 bit.
Attachments (12)
Change History (47)
by , 15 years ago
by , 15 years ago
comment:1 by , 15 years ago
comment:2 by , 15 years ago
enabling DEP is not required
VT-x is also not required, although it seems I can't easily reproduce the issue without it
PAE/NX and 2D+3D acceleration are enabled... I haven't been able to crash the VM without them... maybe I'm not being patient enough
comment:4 by , 15 years ago
VB 3.2.0 beta2 respin does the same
You don't even need to boot an OS, just bring up the VM boot menu (F12) or don't set up any boot disk/drive (let the VM display "FATAL: No bootable medium found"). Then click the close (X) button of the VM window, the Close Virtual Machine window appears, select Power off the machine, click OK. It's not 100% reproducible.
by , 15 years ago
Attachment: | app_verifier_cases.zip added |
---|
virtualbox 3.2.0 beta2 (r61317) tested with ms application verifier
comment:5 by , 15 years ago
I've tried to follow the same steps with MS Application Verifier enabled for Virtualbox.exe and starting the VM under Windbg.
Sometimes I get the "some crash" case (check the zip file). I think it has the same frequency of appearance as the crash first described in this ticket (without app verifier). In every other attempt to power off the VM, Windbg stops the execution of the VM, revealing that the verifier complains about a dll being unloaded, despite having a critical section active (check the zip file, also). I hope it helps, I'm not knowledgeable enough.
comment:6 by , 15 years ago
Summary: | VM crash when attempting to force shutdown (not ACPI shutdown) the VM → VM crash when attempting to force shutdown (not ACPI shutdown) the VM -> Fixed in SVN. |
---|
comment:7 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:8 by , 15 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
I'm sorry, but I have to reopen it... 3.2.2 crashes in the same manner
comment:12 by , 15 years ago
What I haven't mentioned here is that the crash always points to Unloaded_VBoxOGLrenderspu.dll, which has been reported before
I have enabled some flags and then tried to reproduce the crash. Sometimes, windbg breaks in, complaining about a heap block being modified after it was freed. This can be reproduced with 2D/3D acceleration disabled. Of course, I don't know if this is leading to the crash at Unloaded_VBoxOGLrenderspu.dll. At that moment, the stack looks like this (win32 OSE svn 30908):
ChildEBP RetAddr 03d2f99c 7c96e139 ntdll!DbgBreakPoint 03d2f9a4 7c96e9fe ntdll!RtlpBreakPointHeap+0x28 03d2f9d4 7c96f740 ntdll!RtlpValidateHeap+0x43f 03d2fa44 7c94bc4c ntdll!RtlDebugFreeHeap+0x79 03d2fb2c 7c927573 ntdll!RtlFreeHeapSlowly+0x37 03d2fbfc 78ab016a ntdll!RtlFreeHeap+0xf9 03d2fc10 01b03ff6 MSVCR100!free( void * pBlock = 0x02e93008)+0x1c [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 51] 03d2fc20 01b03b9c VBoxRT!RTMemFree( void * pv = 0x02e93008)+0x16 [d:\vbox\src\vbox\runtime\r3\alloc.cpp @ 246] 03d2fc2c 01adc152 VBoxRT!RTMemTmpFree( void * pv = 0x02e93008)+0xc [d:\vbox\src\vbox\runtime\r3\alloc.cpp @ 102] 03d2fc38 03a141ec VBoxRT!RTStrFree( char * pszString = 0x02e93008 "VBoxGuestPropSvc")+0x12 [d:\vbox\src\vbox\runtime\common\string\stringalloc.cpp @ 96] 03d2fc80 03a157e8 VBoxC!HGCMService::instanceDestroy(void)+0x1ac [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 809] 03d2fcd4 03a150de VBoxC!HGCMService::ReleaseService(void)+0x2a8 [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 1054] 03d2fd18 03a15107 VBoxC!HGCMService::UnloadService(void)+0x2ee [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 969] 03d2fd20 03a1b863 VBoxC!HGCMService::UnloadAll(void)+0x17 [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 980] 03d2fee0 03a0fcbd VBoxC!hgcmThread( unsigned int ThreadHandle = 0x80000001, void * pvUser = 0x00000000)+0xdb3 [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 1763] 03d2ff18 01acbc15 VBoxC!hgcmWorkerThreadFunc( struct RTTHREADINT * ThreadSelf = 0x02dbb008, void * pvUser = 0x0003f760)+0x1cd [d:\vbox\src\vbox\main\hgcm\hgcmthread.cpp @ 195] 03d2ff4c 01b3fa97 VBoxRT!rtThreadMain( struct RTTHREADINT * pThread = 0x02dbb008, unsigned int NativeThread = 0xfe8, char * pszThreadName = 0x02dbb584 "MainHGCMthread")+0x185 [d:\vbox\src\vbox\runtime\common\misc\thread.cpp @ 679] 03d2ff70 78afc6de VBoxRT!rtThreadNativeMain( void * pvArgs = 0x02dbb008)+0xb7 [d:\vbox\src\vbox\runtime\r3\win\thread-win.cpp @ 102] 03d2ffa8 78afc788 MSVCR100!_callthreadstartex(void)+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 314] 03d2ffb4 7c80b729 MSVCR100!_threadstartex( void * ptd = 0x0003fbe8)+0x64 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 292] 03d2ffec 00000000 kernel32!BaseThreadStart+0x37
comment:13 by , 15 years ago
other examples of stacks, where the debugger breaked in for the same thing
ChildEBP RetAddr 0461f918 7c96e139 ntdll!DbgBreakPoint 0461f920 7c96e9fe ntdll!RtlpBreakPointHeap+0x28 0461f950 7c96f86d ntdll!RtlpValidateHeap+0x43f 0461f9c0 7c94bc4c ntdll!RtlDebugFreeHeap+0x1a6 0461faa8 7c927573 ntdll!RtlFreeHeapSlowly+0x37 0461fb78 78ab016a ntdll!RtlFreeHeap+0xf9 0461fb8c 04629cb0 msvcr100!free( void * pBlock = 0x02d77348)+0x1c [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 51] 0461fbac 04629d96 VBoxGuestControlSvc!_CRT_INIT( void * hDllHandle = <Value unavailable error>, unsigned long dwReason = <Value unavailable error>, void * lpreserved = <Value unavailable error>)+0x1db [f:\dd\vctools\crt_bld\self_x86\crt\src\crtdll.c @ 431] 0461fbf0 04629e13 VBoxGuestControlSvc!__DllMainCRTStartup( void * hDllHandle = 0x04620000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0xb7 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtdll.c @ 526] 0461fbfc 7c90118a VBoxGuestControlSvc!_DllMainCRTStartup( void * hDllHandle = 0x04620000, unsigned long dwReason = 0, void * lpreserved = 0x00000000)+0x1e [f:\dd\vctools\crt_bld\self_x86\crt\src\crtdll.c @ 476] 0461fc1c 7c91e044 ntdll!LdrpCallInitRoutine+0x14 0461fd14 7c80ac97 ntdll!LdrUnloadDll+0x41c 0461fd28 01b319b1 kernel32!FreeLibrary+0x3f 0461fd3c 01aa2737 VBoxRT!rtldrNativeClose( struct RTLDRMODINTERNAL * pMod = 0x02d75fc8)+0x21 [d:\vbox\src\vbox\runtime\r3\win\ldrnative-win.cpp @ 90] 0461fd70 039b2507 VBoxRT!RTLdrClose( struct RTLDRMODINTERNAL * hLdrMod = 0x02d75fc8)+0x117 [d:\vbox\src\vbox\runtime\common\ldr\ldr.cpp @ 155] 0461fd84 039b2907 VBoxC!HGCMService::unloadServiceDLL(void)+0x27 [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 326] 0461fee0 039afcbd VBoxC!hgcmServiceThread( unsigned int ThreadHandle = 0x80000012, void * pvUser = 0x02d76978)+0x3b7 [d:\vbox\src\vbox\main\hgcm\hgcm.cpp @ 500] 0461ff18 01acbc15 VBoxC!hgcmWorkerThreadFunc( struct RTTHREADINT * ThreadSelf = 0x02d76bf8, void * pvUser = 0x02d76a00)+0x1cd [d:\vbox\src\vbox\main\hgcm\hgcmthread.cpp @ 195] 0461ff4c 01b3fa97 VBoxRT!rtThreadMain( struct RTTHREADINT * pThread = 0x02d76bf8, unsigned int NativeThread = 0xd98, char * pszThreadName = 0x02d77174 "VBoxGuestContro")+0x185 [d:\vbox\src\vbox\runtime\common\misc\thread.cpp @ 679] 0461ff70 78afc6de VBoxRT!rtThreadNativeMain( void * pvArgs = 0x02d76bf8)+0xb7 [d:\vbox\src\vbox\runtime\r3\win\thread-win.cpp @ 102] 0461ffa8 78afc788 msvcr100!_callthreadstartex(void)+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 314] 0461ffb4 7c80b729 msvcr100!_threadstartex( void * ptd = 0x02d77290)+0x64 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 292] 0461ffec 00000000 kernel32!BaseThreadStart+0x37
comment:14 by , 15 years ago
ChildEBP RetAddr 00138820 7c96e139 ntdll!DbgBreakPoint 00138828 7c96e9fe ntdll!RtlpBreakPointHeap+0x28 00138858 7c96ee96 ntdll!RtlpValidateHeap+0x43f 001388d8 7c94b394 ntdll!RtlDebugAllocateHeap+0xa5 00138b08 7c918f21 ntdll!RtlAllocateHeapSlowly+0x44 00138d3c 7c9551b5 ntdll!RtlAllocateHeap+0xe64 00138d50 7c9551f1 ntdll!LdrpTagAllocateHeap+0x25 00138d68 78ab0269 ntdll!LdrpTagAllocateHeap1+0x15 00138d88 78ab02d1 msvcr100!malloc( unsigned int size = 0x30050)+0x4b [f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.c @ 89] 00138da4 03a328f9 msvcr100!operator new( unsigned int size = 0x30)+0x1f [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 59] 00138dd4 0392939a VBoxC!util::AutoLockBase::AutoLockBase( unsigned int cHandles = 1, class util::LockHandle * pHandle = 0x0003b9f8, char * pszFile = 0x03a5e584 "D:\vbox\src\VBox\Main\VirtualBoxBase.cpp", unsigned int iLine = 0x103, char * pszFunction = 0x03a5e6fc "VirtualBoxBase::releaseCaller")+0x99 [d:\vbox\src\vbox\main\glue\autolock.cpp @ 359] 00138df4 03929327 VBoxC!util::AutoWriteLockBase::AutoWriteLockBase( unsigned int cHandles = 1, class util::LockHandle * pHandle = 0x0003b9f8, char * pszFile = 0x03a5e584 "D:\vbox\src\VBox\Main\VirtualBoxBase.cpp", unsigned int iLine = 0x103, char * pszFunction = 0x03a5e6fc "VirtualBoxBase::releaseCaller")+0x2a [d:\vbox\include\vbox\com\autolock.h @ 421] 00138e24 0392692b VBoxC!util::AutoWriteLock::AutoWriteLock( class util::LockHandle * aHandle = 0x0003b9f8, char * pszFile = 0x03a5e584 "D:\vbox\src\VBox\Main\VirtualBoxBase.cpp", unsigned int iLine = 0x103, char * pszFunction = 0x03a5e6fc "VirtualBoxBase::releaseCaller")+0x47 [d:\vbox\include\vbox\com\autolock.h @ 493] 00138e64 039244a3 VBoxC!VirtualBoxBase::releaseCaller(void)+0x5b [d:\vbox\src\vbox\main\virtualboxbase.cpp @ 259] 00138e74 0393bf5e VBoxC!AutoCallerBase<0>::~AutoCallerBase<0>(void)+0x33 [d:\vbox\src\vbox\main\include\autocaller.h @ 77] 00138eb4 0069b71f VBoxC!Session::get_Machine( struct IMachine ** aMachine = 0x00138f1c)+0x22e [d:\vbox\src\vbox\main\sessionimpl.cpp @ 199] 00138f38 0060f397 VirtualBox!CSession::GetMachine(void)+0xef [d:\vbox\out\win.x86\debug\obj\virtualbox\include\comwrappers.cpp @ 10324] 0013909c 0061b083 VirtualBox!UIMachineWindow::updateAppearanceOf( int iElement = 0n1)+0x57 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\uimachinewindow.cpp @ 491] 001390cc 0060f8e0 VirtualBox!UIMachineWindowNormal::updateAppearanceOf( int iElement = 0n1)+0x33 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\normal\uimachinewindownormal.cpp @ 274] 001390e0 0061a397 VirtualBox!UIMachineWindow::sltMachineStateChanged(void)+0x20 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\uimachinewindow.cpp @ 528] 001390f0 006e183e VirtualBox!UIMachineWindowNormal::sltMachineStateChanged(void)+0x17 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\normal\uimachinewindownormal.cpp @ 114] 00139104 671c4411 VirtualBox!UIMachineWindowNormal::qt_metacall( QMetaObject::Call _c = InvokeMetaMethod (0n0), int _id = 0n0, void ** _a = 0x001391ac)+0x7e [d:\vbox\out\win.x86\debug\obj\virtualbox\qtmoc\uimachinewindownormal.cpp @ 96] 00139124 671db2f6 QtCored4!QMetaObject::metacall( class QObject * object = 0x02dbdaf8, QMetaObject::Call cl = InvokeMetaMethod (0n0), int idx = 0n31, void ** argv = 0x001391ac)+0x71 [d:\qt\4.7.0\src\corelib\kernel\qmetaobject.cpp @ 238] 001391d4 006df664 QtCored4!QMetaObject::activate( class QObject * sender = 0x02dbc508, struct QMetaObject * m = 0x00a05ab4, int local_signal_index = 0n3, void ** argv = 0x00000000)+0x306 [d:\qt\4.7.0\src\corelib\kernel\qobject.cpp @ 3272] 001391f4 005d57fa VirtualBox!UISession::sigMachineStateChange(void)+0x24 [d:\vbox\out\win.x86\debug\obj\virtualbox\qtmoc\uisession.cpp @ 161] 00139200 006df507 VirtualBox!UISession::sltStateChange( KMachineState state = KMachineState_Stopping (0n11))+0x2a [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\uisession.cpp @ 556] 00139220 671c4411 VirtualBox!UISession::qt_metacall( QMetaObject::Call _c = InvokeMetaMethod (0n0), int _id = 0n17, void ** _a = 0x00139310)+0x217 [d:\vbox\out\win.x86\debug\obj\virtualbox\qtmoc\uisession.cpp @ 131] 00139240 671db2f6 QtCored4!QMetaObject::metacall( class QObject * object = 0x02dbc508, QMetaObject::Call cl = InvokeMetaMethod (0n0), int idx = 0n21, void ** argv = 0x00139310)+0x71 [d:\qt\4.7.0\src\corelib\kernel\qmetaobject.cpp @ 238] 001392f0 006e0f82 QtCored4!QMetaObject::activate( class QObject * sender = 0x0003fc10, struct QMetaObject * m = 0x00a05b54, int local_signal_index = 0n3, void ** argv = 0x00139310)+0x306 [d:\qt\4.7.0\src\corelib\kernel\qobject.cpp @ 3272] 00139320 006e0b55 VirtualBox!UIConsoleEventHandler::sigStateChange( KMachineState _t1 = KMachineState_Stopping (0n11))+0x42 [d:\vbox\out\win.x86\debug\obj\virtualbox\qtmoc\uiconsoleeventhandler.cpp @ 148] 0013938c 671c4411 VirtualBox!UIConsoleEventHandler::qt_metacall( QMetaObject::Call _c = InvokeMetaMethod (0n0), int _id = 0n3, void ** _a = 0x02fdc700)+0x145 [d:\vbox\out\win.x86\debug\obj\virtualbox\qtmoc\uiconsoleeventhandler.cpp @ 106] 001393ac 671d71a0 QtCored4!QMetaObject::metacall( class QObject * object = 0x0003fc10, QMetaObject::Call cl = InvokeMetaMethod (0n0), int idx = 0n7, void ** argv = 0x02fdc700)+0x71 [d:\qt\4.7.0\src\corelib\kernel\qmetaobject.cpp @ 238] 001393c8 671d7dfd QtCored4!QMetaCallEvent::placeMetaCall( class QObject * object = 0x0003fc10)+0x20 [d:\qt\4.7.0\src\corelib\kernel\qobject.cpp @ 534] 0013948c 6506afbe QtCored4!QObject::event( class QEvent * e = 0x03e348b8)+0x13d [d:\qt\4.7.0\src\corelib\kernel\qobject.cpp @ 1211] 001394ac 65068ce7 QtGuid4!QApplicationPrivate::notify_helper( class QObject * receiver = 0x0003fc10, class QEvent * e = 0x03e348b8)+0xfe [d:\qt\4.7.0\src\gui\kernel\qapplication.cpp @ 4389] 001398f4 671bad91 QtGuid4!QApplication::notify( class QObject * receiver = 0x0003fc10, class QEvent * e = 0x03e348b8)+0x2c7 [d:\qt\4.7.0\src\gui\kernel\qapplication.cpp @ 3791] 00139948 671bfc69 QtCored4!QCoreApplication::notifyInternal( class QObject * receiver = 0x0003fc10, class QEvent * event = 0x03e348b8)+0xa1 [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.cpp @ 732] 0013995c 671bbc75 QtCored4!QCoreApplication::sendEvent( class QObject * receiver = 0x0003fc10, class QEvent * event = 0x03e348b8)+0x39 [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.h @ 215] 001399e8 671fd5a9 QtCored4!QCoreApplicationPrivate::sendPostedEvents( class QObject * receiver = 0x00000000, int event_type = 0n0, class QThreadData * data = 0x0266e498)+0x2e5 [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.cpp @ 1373] 00139a74 7e418734 QtCored4!qt_internal_proc( struct HWND__ * hwnd = 0x004b03a4, unsigned int message = 0x401, unsigned int wp = 0, long lp = 0n0)+0x289 [d:\qt\4.7.0\src\corelib\kernel\qeventdispatcher_win.cpp @ 503] 00139aa0 7e418816 user32!InternalCallWinProc+0x28 00139b08 7e4189cd user32!UserCallWinProcCheckWow+0x150 00139b68 7e418a10 user32!DispatchMessageWorker+0x306 00139b78 671fe526 user32!DispatchMessageW+0xf 0013b97c 6511dafe QtCored4!QEventDispatcherWin32::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x546 [d:\qt\4.7.0\src\corelib\kernel\qeventdispatcher_win.cpp @ 802] 0013b990 671b889e QtGuid4!QGuiEventDispatcherWin32::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x1e [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 1170] 0013b9ac 671b89d0 QtCored4!QEventLoop::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x6e [d:\qt\4.7.0\src\corelib\kernel\qeventloop.cpp @ 150] 0013ba08 004ae44b QtCored4!QEventLoop::exec( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x120 [d:\qt\4.7.0\src\corelib\kernel\qeventloop.cpp @ 201] 0013ba74 0059d739 VirtualBox!QIDialog::exec( bool aShow = false)+0x14b [d:\vbox\src\vbox\frontends\virtualbox\src\extensions\qidialog.cpp @ 100] 0013baa8 004845af VirtualBox!VBoxProgressDialog::run( int aRefreshInterval = 0n350)+0xc9 [d:\vbox\src\vbox\frontends\virtualbox\src\widgets\vboxprogressdialog.cpp @ 134] 0013bb20 0060e548 VirtualBox!VBoxProblemReporter::showModalProgressDialog( class CProgress * aProgress = 0x0013bd14, class QString * aTitle = 0x0013bbf8, class QWidget * aParent = 0x00000000, int aMinDuration = 0n2000)+0x7f [d:\vbox\src\vbox\frontends\virtualbox\src\globals\vboxproblemreporter.cpp @ 273] 0013c004 0061b38d VirtualBox!UIMachineWindow::closeEvent( class QCloseEvent * pEvent = 0x0013c78c)+0xe68 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\uimachinewindow.cpp @ 354] 0013c014 650e70fc VirtualBox!UIMachineWindowNormal::closeEvent( class QCloseEvent * pEvent = 0x0013c78c)+0x1d [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\normal\uimachinewindownormal.cpp @ 336] 0013c1ec 655f7ac4 QtGuid4!QWidget::event( class QEvent * event = 0x0013c78c)+0x75c [d:\qt\4.7.0\src\gui\kernel\qwidget.cpp @ 8316] 0013c26c 0061b350 QtGuid4!QMainWindow::event( class QEvent * event = 0x0013c78c)+0x364 [d:\qt\4.7.0\src\gui\widgets\qmainwindow.cpp @ 1418] 0013c28c 6506afbe VirtualBox!UIMachineWindowNormal::event( class QEvent * pEvent = 0x0013c78c)+0x100 [d:\vbox\src\vbox\frontends\virtualbox\src\runtime\normal\uimachinewindownormal.cpp @ 323] 0013c2ac 6506ac78 QtGuid4!QApplicationPrivate::notify_helper( class QObject * receiver = 0x02dbdaf8, class QEvent * e = 0x0013c78c)+0xfe [d:\qt\4.7.0\src\gui\kernel\qapplication.cpp @ 4389] 0013c6f4 671bad91 QtGuid4!QApplication::notify( class QObject * receiver = 0x02dbdaf8, class QEvent * e = 0x0013c78c)+0x2258 [d:\qt\4.7.0\src\gui\kernel\qapplication.cpp @ 4354] 0013c748 67261c98 QtCored4!QCoreApplication::notifyInternal( class QObject * receiver = 0x02dbdaf8, class QEvent * event = 0x0013c78c)+0xa1 [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.cpp @ 732] 0013c75c 650e6191 QtCored4!QCoreApplication::sendSpontaneousEvent( class QObject * receiver = 0x02dbdaf8, class QEvent * event = 0x0013c78c)+0x38 [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.h @ 218] 0013c7b4 65124f98 QtGuid4!QWidgetPrivate::close_helper( QWidgetPrivate::CloseMode mode = CloseWithSpontaneousEvent (0n2))+0xc1 [d:\qt\4.7.0\src\gui\kernel\qwidget.cpp @ 7721] 0013c7c4 651201c7 QtGuid4!QETWidget::translateCloseEvent( struct tagMSG * __formal = 0x0013cd7c)+0x18 [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 3839] 0013cde4 7e418734 QtGuid4!QtWndProc( struct HWND__ * hwnd = 0x005203ce, unsigned int message = 0x10, unsigned int wParam = 0, long lParam = 0n0)+0x1d67 [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 2152] 0013ce10 7e418816 user32!InternalCallWinProc+0x28 0013ce78 7e428ea0 user32!UserCallWinProcCheckWow+0x150 0013cecc 7e428eec user32!DispatchClientMessage+0xa3 0013cef4 7c90e473 user32!__fnDWORD+0x24 0013cf18 7e4194be ntdll!KiUserCallbackDispatcher+0x13 0013cf6c 7e428dd9 user32!NtUserMessageCall+0xc 0013cf88 7e428d77 user32!RealDefWindowProcW+0x47 0013cfd0 65818f72 user32!DefWindowProcW+0x72 0013cfec 65121570 QtGuid4!QWinInputContext::DefWindowProcW( struct HWND__ * hwnd = 0x005203ce, unsigned int msg = 0x112, unsigned int wParam = 0xf060, long lParam = 0n4391836)+0x52 [d:\qt\4.7.0\src\gui\inputmethod\qwininputcontext_win.cpp @ 365] 0013d618 7e418734 QtGuid4!QtWndProc( struct HWND__ * hwnd = 0x005203ce, unsigned int message = 0x112, unsigned int wParam = 0xf060, long lParam = 0n4391836)+0x3110 [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 2632] 0013d644 7e418816 user32!InternalCallWinProc+0x28 0013d6ac 7e428ea0 user32!UserCallWinProcCheckWow+0x150 0013d700 7e428eec user32!DispatchClientMessage+0xa3 0013d728 7c90e473 user32!__fnDWORD+0x24 0013d74c 7e4194be ntdll!KiUserCallbackDispatcher+0x13 0013d7a0 7e428dd9 user32!NtUserMessageCall+0xc 0013d7bc 7e428d77 user32!RealDefWindowProcW+0x47 0013d804 65818f72 user32!DefWindowProcW+0x72 0013d820 65121570 QtGuid4!QWinInputContext::DefWindowProcW( struct HWND__ * hwnd = 0x005203ce, unsigned int msg = 0xa1, unsigned int wParam = 0x14, long lParam = 0n4391836)+0x52 [d:\qt\4.7.0\src\gui\inputmethod\qwininputcontext_win.cpp @ 365] 0013de4c 7e418734 QtGuid4!QtWndProc( struct HWND__ * hwnd = 0x005203ce, unsigned int message = 0xa1, unsigned int wParam = 0x14, long lParam = 0n4391836)+0x3110 [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 2632] 0013de78 7e418816 user32!InternalCallWinProc+0x28 0013dee0 7e4189cd user32!UserCallWinProcCheckWow+0x150 0013df40 7e418a10 user32!DispatchMessageWorker+0x306 0013df50 671fe526 user32!DispatchMessageW+0xf 0013fd54 6511dafe QtCored4!QEventDispatcherWin32::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x546 [d:\qt\4.7.0\src\corelib\kernel\qeventdispatcher_win.cpp @ 802] 0013fd68 671b889e QtGuid4!QGuiEventDispatcherWin32::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x1e [d:\qt\4.7.0\src\gui\kernel\qapplication_win.cpp @ 1170] 0013fd84 671b89d0 QtCored4!QEventLoop::processEvents( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x6e [d:\qt\4.7.0\src\corelib\kernel\qeventloop.cpp @ 150] 0013fde0 671bb2cd QtCored4!QEventLoop::exec( class QFlags<enum QEventLoop::ProcessEventsFlag> flags = class QFlags<enum QEventLoop::ProcessEventsFlag>)+0x120 [d:\qt\4.7.0\src\corelib\kernel\qeventloop.cpp @ 201] 0013fe14 65068a19 QtCored4!QCoreApplication::exec(void)+0xfd [d:\qt\4.7.0\src\corelib\kernel\qcoreapplication.cpp @ 1009] 0013fe1c 0040157f QtGuid4!QApplication::exec(void)+0x9 [d:\qt\4.7.0\src\gui\kernel\qapplication.cpp @ 3666] 0013fedc 00402110 VirtualBox!TrustedMain( int argc = 0n6, char ** argv = 0x000360f0, char ** __formal = 0x000337a0)+0x48f [d:\vbox\src\vbox\frontends\virtualbox\src\main.cpp @ 500] 0013ff7c 006e4464 VirtualBox!main( int argc = 0n6, char ** argv = 0x000360f0, char ** envp = 0x000337a0)+0x3b0 [d:\vbox\src\vbox\frontends\virtualbox\src\main.cpp @ 651] 0013ffc0 7c817077 VirtualBox!__tmainCRTStartup(void)+0x122 [f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c @ 555] 0013fff0 00000000 kernel32!BaseProcessStart+0x23
comment:15 by , 15 years ago
Each occured in different threads of the VirtualBox.exe process, using the same "Power off the machine" option, at the Close Virtual Machine window
I've seen that Huihong Luo (huisinro) reported something similar on the vbox-dev mailing list
comment:17 by , 14 years ago
Summary: | VM crash when attempting to force shutdown (not ACPI shutdown) the VM -> Fixed in SVN. → VM crash when attempting to force shutdown (not ACPI shutdown) the VM |
---|---|
Version: | VirtualBox 3.1.6 → VirtualBox 3.2.10 |
comment:19 by , 14 years ago
http://vbox.innotek.de/pipermail/vbox-dev/2010-July/003009.html
having full pageheap enabled, disabled heap coalesce on free,
the SVN 35302, non-debug, build always crashes in:
\vbox\src\vbox\main\hgcm\hgcmthread.cpp line 205,
which is the function static DECLCALLBACK(int) hgcmWorkerThreadFunc (RTTHREAD ThreadSelf, void *pvUser), when it should return the exit value
with the same gflags enabled, the full crash minidump for the official 4.0 final build:
http://www.sendspace.com/file/h5vukm
comment:20 by , 14 years ago
I think I have found the cause, at least the tip of it, why a HGCMThread object gets released before it should.
Two threads running concurently, a parent thread and its child thread, while the VM closing process has begun. While the child is running hgcmObjDeleteHandle, the handle belongs to the object passed by the parent (HGCMThread *pThread = (HGCMThread *)pvUser;), the object's current refCnt is 2. If they're properly syncronised, the parent thread gets a chance to execute HGCMObject::Dereference() on the same object, right before the child gets to execute Dereference() on it. Now refCnt has reached 0, while Dereference in the child calls the destructor of the HGCMThread object, with "delete this".
Because I haven't managed to understand how to use and activate the LogFlow() functions, already found in place, I've inserted RTPrintf functions of my own. With all my RTPrintf functions in place, it's seems that the delaying induced by I can trigger the issue at every attempt to close the VM. I've used a VM with no OS install, with all the features disabled, including no IDE/SCSI controller, VT-x, NX, etc. Note that if 2D/3D are disabled, VirtualBox doesn't crash and the operating system doesn't detect anything unusual, so you'll have to activate full page heap to catch the memory access violation in the parent thread (pThread->m_thread = NIL_RTTHREAD;). Also, I see that it's possible to catch the issue while still in the child thread, with an Assert(m_thread == NIL_RTTHREAD) at the begginging of the HGCMThread::~HGCMThread() destructor. I've used Notepad++ to indent the text and to better observe different objects and threads, because it's able to highlight the multiple occurences of a text selection.
(lenghty pasted content removed, see next attachment)
comment:22 by , 14 years ago
Thanks for the investigation but next time please attach a file to keep this ticket readable!
comment:23 by , 14 years ago
Sorry about that. I have attached a file so you can edit my post, if you wish.
comment:24 by , 14 years ago
mhanor, thank you very much for debugging this issue. This is indeed a reference counting bug. The following patch for src\VBox\Main\src-client\HGCMThread.cpp should fix the crash. Could you please try this fix?
Index: HGCMThread.cpp =================================================================== --- HGCMThread.cpp (revision 69750) +++ HGCMThread.cpp (working copy) @@ -195,8 +195,6 @@ pThread->m_fu32ThreadFlags |= HGCMMSG_TF_TERMINATED; - hgcmObjDeleteHandle (pThread->Handle ()); - pThread->m_thread = NIL_RTTHREAD; LogFlow(("MAIN::hgcmWorkerThreadFunc: completed HGCM thread %p\n", pThread)); @@ -689,6 +687,8 @@ hgcmObjDereference (pThread); } + hgcmObjDeleteHandle (hThread); + LogFlowFunc(("rc = %Rrc\n", rc)); return rc; }
comment:25 by , 14 years ago
after applying the patch, I can't reproduce it anymore, or so it seems, even with my delay-inducing RTPrintf functions
comment:26 by , 14 years ago
Summary: | VM crash when attempting to force shutdown (not ACPI shutdown) the VM → VM crash when attempting to force shutdown (not ACPI shutdown) the VM -> Fixed in SVN |
---|
Thanks for testing.
comment:27 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
comment:28 by , 14 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
I know it's dissapointing, but the Unloaded_VBoxOGLrenderspu.dll crash is still there. I can reproduce the crash when 3D is enabled. An installed OS is not needed. I can't seem to reproduce it while some gflags are enabled for the virtualbox.exe process (including full page heap). That's why it seemed safe after the HGCMThread counting fix. But I crashed 4.0.4 in the same day it was released.
Again, Huihong Luo may have been onto something here:
http://vbox.innotek.de/pipermail/vbox-dev/2010-July/003043.html[[br]]
The call stack looks the same as it did in the past. The crash occurs in the RenderSPU Window thread, while its parent thread (if I can call it that) is not listed in the threads window list. See the attached log, the last line is manually added by me.
comment:29 by , 14 years ago
Sometimes, the RenderSPU Window thread has already exited, at the moment VBoxOGLrenderspu.dll is being unloaded (see case1.txt). Sometimes it's about to exit, still running some OS thread-exit functions (see case2.txt), which is still safe.
But when it's about to crash (see case3.txt), at the moment the dll is being unloaded, the RenderSPU Window thread is still executing the last bit of code, before "return 0":
f:\vbox\src\VBox\hostservices\sharedopengl\render\renderspu_init.c, inside renderSPUWindowThreadProc, line 128:
SetEvent(render_spu.hWinThreadReadyEvent);
by , 14 years ago
by , 14 years ago
by , 14 years ago
comment:30 by , 14 years ago
I always thought it's stack corruption, but I don't think that anymore. When windbg breaks at the moment VBoxOGLrenderspu.dll is being unloading, it takes only a single instruction to be executed. After that, the debugger will refresh the call stack of the RenderSPU Window thread, considering the VBoxOGLrenderspu.dll as unloaded. The thread crashes at the moment when it returns from kernel32SetEvent back to VBoxOGLrenderspu!renderSPUWindowThreadProc code (return address 03474cb8 for my build). The NX/DEP feature catches this. I don't think there's anything else I can say about this problem, to help you.
by , 14 years ago
Attachment: | case3extra.txt added |
---|
comment:31 by , 14 years ago
Thanks for your info, I can't reproduce it here but the issue you described should be fixed in SVN now.
comment:32 by , 14 years ago
mhanor, here is a VirtualBox 4.0 build which should fix the VBoxOGLrenderspu.dll_unloaded problem:
http://www.virtualbox.org/download/testcase/VirtualBox-win-4.0-rel-4.0.5-r70174-MultiArch.exe
comment:34 by , 14 years ago
4.0.6 seems fine, I can't reproduce the bug. You can close this ticket.
it's not 100% reproducible, but it's pretty easy for me to reproduce it