Opened 10 years ago
Closed 10 years ago
#13190 closed defect (fixed)
VBoxManage showvminfo crash
| Reported by: | enodata | Owned by: | |
|---|---|---|---|
| Component: | VM control | Version: | VirtualBox 4.3.14 |
| Keywords: | vboxmanage | Cc: | |
| Guest type: | all | Host type: | Windows |
Description
VirtualBox 4.3.14, Windows 8.1 x64
When vm has saved state, "VBoxManage showvminfo" crashes when listing Shared Folders.
Here's event log report:
Faulting application name: VBoxManage.exe, version: 0.0.0.0, time stamp: 0x53c537ed Faulting module name: VBoxC.dll, version: 4.3.14.0, time stamp: 0x53c537cc Exception code: 0x80000003 Fault offset: 0x000000000014cfb9 Faulting process id: 0x1c68 Faulting application start time: 0x01cfa14c0731a17c Faulting application path: C:\Program Files\Oracle\VirtualBox\VBoxManage.exe Faulting module path: C:\Program Files\Oracle\VirtualBox\VBoxC.dll Report Id: 44f46752-0d3f-11e4-8267-2089843fea36 Faulting package full name: Faulting package-relative application ID:
Attachments (2)
Change History (16)
comment:1 by , 10 years ago
by , 10 years ago
comment:2 by , 10 years ago
Log attached.
Perhaps I was not clear enough how to reproduce this, sorry.
The VM in question does not have any shared folders. The crash happens when VM is suspended (stopped) with saved state. VBoxManage showvminfo works fine when VM is running or has been shut down.
Please let me know if there is any other info I can provide.
comment:3 by , 10 years ago
Unfortunately still no success. Tried several combinations, also without any shared folder and with the VM having a saved state. I assume it has something to do with snapshot as your VBox.log shows that your VM has a snapshot.
I would appreciate if you could provide a reproduction scenario, perhaps with a dummy VM (no hard disk attached, guest will not boot but stop after showing the BIOS logo). Having instructions like 1. create VM without a shared folder, 2. start the VM, 3. create a snapshot, 4. terminate the VM with saving the state, 5. VBoxManage showvminfo foo would help greatly because I'm not able to reproduce the problem
comment:4 by , 10 years ago
I am having the same problem on Win7 x64. Unfortunately, this bug is very hard to reproduce. In my case the problem occurs at line 2253 in file http://www.virtualbox.org/svn/vbox/trunk/src/VBox/Frontends/VBoxManage/VBoxManageInfo.cpp
CHECK_ERROR_RET(console, COMGETTER(SharedFolders)ComSafeArrayAsOutParam(folders)), rc);
in the /* transient mappings */ section. The problem does not occur on 4.2.26 and 4.3.12, and only happens on 4.3.14 (I did not try the current svn version of the sources). In my case the crash also occurs when VM is suspended.
comment:5 by , 10 years ago
Ok, so I was able to get a dummy VM to reproduce the bug (Test vm.vbox). 1) Start vm 2) create a snapshot 3) save machine state 4) execute VBoxManage.exe showvminfo "Test vm"
comment:6 by , 10 years ago
I can reproduce the issue with an Oracle test build (4.3.15), and an optimized hardened OSE build, but not with a debug (unoptimized) build and not with an optimised no-hardening OSE build. From what I can see, stack corruption occurs before or after the com::Utf8Str::copyFrom method is called. Here's the stack (4.3.14 sources):
00000000`002bc1a0 000007fe`e2a7c9e9 VBoxC!com::Utf8Str::copyFrom( wchar_t * a_pbstr = 0x00000000`002bc2b8 "㲘O")+0x10 [c:\work_x64\vbox\src\vbox\main\glue\string.cpp @ 167] 00000000`002bc230 000007fe`e2a7cbc0 VBoxC!Console::loadDataFromSavedState(void)+0xa9 [c:\work_x64\vbox\src\vbox\main\src-client\consoleimpl.cpp @ 1537] 00000000`002bc2b0 00000001`3f96bf61 VBoxC!Console::get_SharedFolders( struct tagSAFEARRAY ** aSharedFolders = 0x00000000`00000000)+0xd0 [c:\work_x64\vbox\src\vbox\main\src-client\consoleimpl.cpp @ 2041] 00000000`002bc340 00000001`3f9706fc VBoxManage!showVMInfo( class ComPtr<IVirtualBox> * virtualBox = 0x00000000`002bf740, class ComPtr<IMachine> * machine = 0x00000000`002bf738, VMINFO_DETAILS details = VMINFO_STANDARD (0n1), class ComPtr<IConsole> * console = 0x00000000`002bf708)+0x102c1 [c:\work_x64\vbox\src\vbox\frontends\vboxmanage\vboxmanageinfo.cpp @ 2186] 00000000`002bf6c0 00000001`3f905fc8 VBoxManage!handleShowVMInfo( struct HandlerArg * a = 0x00000000`004d9230)+0x52c [c:\work_x64\vbox\src\vbox\frontends\vboxmanage\vboxmanageinfo.cpp @ 2677] 00000000`002bf810 00000001`3f9ae2a6 VBoxManage!main( int argc = 0n1, char ** argv = 0x00000063`a6fb7aa5)+0x6f8 [c:\work_x64\vbox\src\vbox\frontends\vboxmanage\vboxmanage.cpp @ 561] 00000000`002bf990 00000000`779759ed VBoxManage!__tmainCRTStartup(void)+0x11a [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crtexe.c @ 555] 00000000`002bf9c0 00000000`77bac541 kernel32!BaseThreadInitThunk+0xd 00000000`002bf9f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
The com::Utf8Str::copyFrom parameters get scrambled. I do not understand why it happens, but you must hit this piece of code. To reproduce, terminate the existing COM service process and overwrite the existing .vbox VM file with the previous copy (that contains the snapshot and saved state references).
With the official build, you hit the "int 3" instruction, in VBoxCLazyLoading, the "badload" jump (..\obj\VMMR3LazyImp\VMMR3LazyLoad.asm)
comment:7 by , 10 years ago
Actually, I was wrong about the stack corruption. The debugger is not able to track the variables, with all the code optimizations.
comment:8 by , 10 years ago
This is what it logs:
main SUPR3HardenedLdrLoadAppPriv: pszFilename=000007fee25a5d54:{VBoxVMM} phLdrMod=000007fee2704e90 fFlags=00000000 pErrInfo=0000000000000000
main AssertLogRel C:\work_x64\vbox\src\VBox\HostDrivers\Support\SUPR3HardenedIPRT.cpp(141) int __cdecl supR3HardenedErrorV(int,bool,const char *,char *): <NULL>
main supR3HardenedVerifyFileInternal: 'C:\work_x64\vbox\out\win.amd64\debug\bin/VBoxVMM.dll': Image verify error rc=VERR_WRONG_ORDER: supHardenedWinVerifyImageByHandle: supHardenedWinInitImageVerifier was not called.
main supR3HardenedLdrLoadIt: Verification of "C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxVMM.DLL" failed, rc=VERR_WRONG_ORDER
main SUPR3HardenedLdrLoadAppPriv: returns VERR_WRONG_ORDER
The RTCrX509Certificate_IsPresent check fails, in supHardenedWinVerifyImageByHandle() - 4.3.14 sources:
VBoxRT!supHardenedWinVerifyImageByHandle( void * hFile = 0x00000000`00000210, unsigned short * pwszName = 0x00000000`00307c80, unsigned int fFlags = 1, bool * pfCacheable = 0x00000000`00000000, struct RTERRINFO * pErrInfo = 0x00000000`003093b8)+0x5c [c:\work_x64\vbox\src\vbox\hostdrivers\support\win\suphardenedverifyimage-win.cpp @ 906] VBoxRT!supHardenedWinVerifyImageByHandleNoName( void * hFile = 0x00000000`00000210, unsigned int fFlags = 1, struct RTERRINFO * pErrInfo = 0x00000000`003093b8)+0xcd [c:\work_x64\vbox\src\vbox\hostdrivers\support\win\suphardenedverifyimage-win.cpp @ 1070] VBoxRT!supR3HardenedVerifyFileInternal( int iFile = 0n7, bool fFatal = false, bool fLeaveFileOpen = false)+0x256 [c:\work_x64\vbox\src\vbox\hostdrivers\support\supr3hardenedverify.cpp @ 555] VBoxRT!supR3HardenedVerifyFixedFile( char * pszFilename = 0x00000000`003095f0 "C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxVMM.DLL", bool fFatal = false)+0xb8 [c:\work_x64\vbox\src\vbox\hostdrivers\support\supr3hardenedverify.cpp @ 738] VBoxRT!supR3HardenedLdrLoadIt( char * pszFilename = 0x00000000`003095f0 "C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxVMM.DLL", struct RTLDRMODINTERNAL ** phLdrMod = 0x000007fe`dfbb4e90, unsigned int fFlags = 0, struct RTERRINFO * pErrInfo = 0x00000000`00000000)+0x39 [c:\work_x64\vbox\src\vbox\hostdrivers\support\suplib.cpp @ 2192] VBoxRT!SUPR3HardenedLdrLoad( char * pszFilename = 0x00000000`003095f0 "C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxVMM.DLL", struct RTLDRMODINTERNAL ** phLdrMod = 0x000007fe`dfbb4e90, unsigned int fFlags = 0, struct RTERRINFO * pErrInfo = 0x00000000`00000000)+0x220 [c:\work_x64\vbox\src\vbox\hostdrivers\support\suplib.cpp @ 2237] VBoxRT!SUPR3HardenedLdrLoadAppPriv( char * pszFilename = 0x000007fe`dfa55d54 "VBoxVMM", struct RTLDRMODINTERNAL ** phLdrMod = 0x000007fe`dfbb4e90, unsigned int fFlags = 0, struct RTERRINFO * pErrInfo = 0x00000000`00000000)+0x3b2 [c:\work_x64\vbox\src\vbox\hostdrivers\support\suplib.cpp @ 2289] VBoxC!LazyLoading+0x2a [C:\work_x64\vbox\out\win.amd64\debug\obj\VMMR3LazyImp\VMMR3LazyLoad.asm @ 8731] VBoxC!LazyLoading+0x3d [C:\work_x64\vbox\out\win.amd64\debug\obj\VMMR3LazyImp\VMMR3LazyLoad.asm @ 8753] ............
comment:9 by , 10 years ago
Ticket 13583 might be the same issue. On that ticket I uploaded a script that reliably reproduces the issue for me. If you have a MINGW environment with bash and curl the script should work as-is, otherwise you should be able to make the equivalent .bat or just do the steps manually, there's not much to it.
comment:10 by , 10 years ago
I'm seeing the same problem, here some information on my host:
- Windows 7 SP1 x86-64
- VirtualBox 4.3.18
When I run the command, the last output I received before it crashed was:
... Shared folders: Name: 'vagrant', Host path: 'C:/Users/Matt/Work/project' (machine mapping), writable <Crash>
This was initially an issue with Vagrant, some debugging of the issue I had leads me here. I can reproduce this all time. Save sate of VM in VirtualBox UI and then run the VBoxManage showvminfo command.
Regards, Matt
comment:11 by , 10 years ago
We think we found and fixed this problem. Could you install this test build and confirm that the problem is gone? Thank you!
comment:12 by , 10 years ago
I can crash 4.3.18-96516 every time, but I can't seem to crash your test build. Host OS: Win8.1 x64
comment:14 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Thanks for the feedback. VBox 4.3.20 contains the fix.
I cannot reproduce this with VBox 4.3.14 on Windows 7 and I don't believe that there is really a difference in this regards between Windows 7 and Windows 8.1. Could you attach a VBox.log file of a VM session when you run this VM? Perhaps the name of the shared folders is relevant?