#12928 closed defect (fixed)

Crash Host OS when trying to boot on special ISO => Fixed in SVN

Reported by:	Mattias Ryrlén	Owned by:
Component:	other	Version:	VirtualBox 4.3.10
Keywords:	Crash, Kernel OPS	Cc:
Guest type:	Linux	Host type:	all

Description

We have created a ISO containing CentOS 6.5 and custom rpm:s for our product. Trying to boot on the following OS:es and it just crash the OS

Tested with old versions of VirtualBox and Latest (4.3.10)

The ISO we tested with can be downloaded from: http://repos.op5.com/ISO/public_beta/op5-System-6.5-public_beta-20140408-2329.iso

OS:

OSX Mavericks = Crash, automatic reboot of OS
OSX Mountain Lion = Crash, automatic reboot of OS
Windows 7 = Bluescreen
ArchLinux = Kernel OPS
Fedora 20 = Kernel OPS

Logs: ArchLinux:

Apr 09 08:42:41 anton-t430s kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
Apr 09 08:42:41 anton-t430s kernel: IP: [<          (null)>]           (null)
Apr 09 08:42:41 anton-t430s kernel: PGD 1e1daa067 PUD 209989067 PMD 0 
Apr 09 08:42:41 anton-t430s kernel: Oops: 0010 [#1] PREEMPT SMP 
Apr 09 08:42:41 anton-t430s kernel: Modules linked in: iptable_filter ip_tables x_tables nfsd auth_rpcgss oid_registry nfs_acl hid_logitech_dj usbhid hid iTCO
Apr 09 08:42:41 anton-t430s kernel:  soundcore e1000e evdev mei_me ptp shpchp mei pps_core processor vboxnetflt(O) vboxnetadp(O) vboxdrv(O) nfs lockd sunrpc f
Apr 09 08:42:41 anton-t430s kernel: CPU: 2 PID: 14987 Comm: EMT Tainted: G           O 3.13.8-1-ARCH #1
Apr 09 08:42:41 anton-t430s kernel: Hardware name: LENOVO 2356LNG/2356LNG, BIOS G7ET60WW (2.02 ) 09/11/2012
Apr 09 08:42:41 anton-t430s kernel: task: ffff8800a490ec00 ti: ffff8801bbf02000 task.ti: ffff8801bbf02000
Apr 09 08:42:41 anton-t430s kernel: RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
Apr 09 08:42:41 anton-t430s kernel: RSP: 0018:ffff8801bbf03cb8  EFLAGS: 00010292
Apr 09 08:42:41 anton-t430s kernel: RAX: 00000000fffff99a RBX: 0000000000000000 RCX: 0000000000000000
Apr 09 08:42:41 anton-t430s kernel: RDX: 0000000000000000 RSI: 00000000fffffe98 RDI: ffffc9001a799000
Apr 09 08:42:41 anton-t430s kernel: RBP: 0000000000000000 R08: ffff8801bbf03b88 R09: ffff8801bbf03c70
Apr 09 08:42:41 anton-t430s kernel: R10: 00007f46e819aa80 R11: 0000000000000000 R12: 0000000000000000
Apr 09 08:42:41 anton-t430s kernel: R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Apr 09 08:42:41 anton-t430s kernel: FS:  00007f46f0af8700(0000) GS:ffff88023e280000(0000) knlGS:0000000000000000
Apr 09 08:42:41 anton-t430s kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 09 08:42:41 anton-t430s kernel: CR2: 0000000000000000 CR3: 0000000126c02000 CR4: 00000000001427e0
Apr 09 08:42:41 anton-t430s kernel: Stack:
Apr 09 08:42:41 anton-t430s kernel:  0000000000000000 0000000000000000 0000000000000000 0000000000000000
Apr 09 08:42:41 anton-t430s kernel:  0000000000000000 0000000000000000 0000000000000000 0000000000000000
Apr 09 08:42:41 anton-t430s kernel:  0000000000000000 0000000000000000 0000000000000000 0000000000000000
Apr 09 08:42:41 anton-t430s kernel: Call Trace:
Apr 09 08:42:41 anton-t430s kernel: Code:  Bad RIP value.
Apr 09 08:42:41 anton-t430s kernel: RIP  [<          (null)>]           (null)
Apr 09 08:42:41 anton-t430s kernel:  RSP <ffff8801bbf03cb8>
Apr 09 08:42:41 anton-t430s kernel: CR2: 0000000000000000
Apr 09 08:42:41 anton-t430s kernel: ---[ end trace db12f6dbbe8f5757 ]---

Windows:

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.256.48
  Locale ID:	1053

Additional information about the problem:
  BCCode:	d1
  BCP1:	FFFFF88007DF4000
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF88009A576DA
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	256_1

OSX: See attached log

Attachments (3)

VBox.log (56.4 KB ) - added by Mattias Ryrlén 11 years ago.
WER-49265-0.sysdata.xml (227.0 KB ) - added by Mikael Falkvidd 11 years ago.: sysdata from a windows 7 machine
040914-29140-01.dmp (275.1 KB ) - added by Mikael Falkvidd 11 years ago.: Windows 7 minidump

Download all attachments as: .zip

Change History (17)

by Mattias Ryrlén, 11 years ago

Attachment:	VBox.log added

by Mikael Falkvidd, 11 years ago

Attachment:	WER-49265-0.sysdata.xml added

sysdata from a windows 7 machine

by Mikael Falkvidd, 11 years ago

Attachment:	040914-29140-01.dmp added

Windows 7 minidump

comment:1 by Mattias Ryrlén, 11 years ago

It seems that all the files in isolinux/ was 404 html pages, yes, this is not correct but it shouldn't crash the Host OS.

comment:2 by Mattias Ryrlén, 11 years ago

I would like to bump this to blocker, but can't find out how to do it.

follow-up: 7 comment:3 by Frank Mehnert, 11 years ago

To me it looks like the ISO image is invalid. I've downloaded the image (md5sum: a04a0fbd024e02dfd5ee3f71b404cf49) and saw that several vital files have bogus content, for example grub.conf (some HTML "not found"), same for vmlinuz. So this ISO image will not boot. And I was also not able to reproduce the problem. However, another developer was able to reproduce the host crash and we are trying to find out the different between our both configs.

comment:4 by VVP, 11 years ago

I have reproduced the crash. It was on my Ubuntu 13.04 machine. I am trying to dig into and debug it.

follow-up: 6 comment:5 by VVP, 11 years ago

Now I can't reproduce the crash anymore. VM hangs but the host doesn't crash (Ubuntu 13, Windows 7). May be my crash wasn't provoked by this broken ISO. Would you provide some actual information about your current state of this issue?

in reply to: 5 comment:6 by Mikael Falkvidd, 11 years ago

Replying to VVP:

Would you provide some actual information about your current state of this issue?

What state is required besides the kernel stack traces, the windows dump and sysdata files and the vbox log file?

in reply to: 3 comment:7 by Mikael Falkvidd, 11 years ago

Replying to frank:

To me it looks like the ISO image is invalid. I've downloaded the image (md5sum: a04a0fbd024e02dfd5ee3f71b404cf49) and saw that several vital files have bogus content, for example grub.conf (some HTML "not found"), same for vmlinuz. So this ISO image will not boot. And I was also not able to reproduce the problem. However, another developer was able to reproduce the host crash and we are trying to find out the different between our both configs.

Yes, the ISO is invalid. But no matter how broken an ISO is, it shouldn't be possible to crash the host OS.

comment:8 by Mikael Falkvidd, 11 years ago

A smaller iso (20MB) which is sufficient to reproduce the problem is available at http://www.mjo.se/tmp/broken.iso md5sum 3f02e378f22e532a31c7bf0fdf3c4ca3

comment:9 by Mattias Ryrlén, 11 years ago

I'm not sure what more info me and mfalkvidd can provide, could you please specify?

The problem still exist.

comment:10 by Mihai Hanor, 11 years ago

To reproduce the issue at will, just start any VM with the --debug command line parameter. The VM loads in paused state. Execute the following commands in the VBoxDbg console:

stop

Now unpause the VM. Execute some more VBoxDbg commands:

eb fe05b 6f
r si = ffff
t
t

The host crash stack (Windows 8.1 x64), on an AMD test machine (4.3.14 sources):

VMMR0!memcpy [C:\work_x64\vbox\src\VBox\Runtime\common\string\memcpy.asm @ 36]
VMMR0!PGMPhysRead(
			struct VM * pVM = 0xffffe000`c4bdb000, 
			unsigned int64 GCPhys = 0xffff, 
			void * pvBuf = 0xffffd001`d79b75b0, 
			unsigned int64 cbRead = 1)+0x2c1 [c:\work_x64\vbox\src\vbox\vmm\vmmall\pgmallphys.cpp @ 2267]
VMMR0!PGMPhysReadGCPtr(
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			void * pvDst = 0xffffd001`d79b75b0, 
			unsigned int64 GCPtrSrc = 0xffff, 
			unsigned int64 cb = 2)+0x27c [c:\work_x64\vbox\src\vbox\vmm\vmmall\pgmallphys.cpp @ 3314]
VMMR0!iomRamRead(
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			void * pDest = 0xffffd001`d79b75b0, 
			unsigned int64 GCSrc = 0xffff, 
			unsigned int cb = 2)+0x33 [c:\work_x64\vbox\src\vbox\vmm\vmmall\iomallmmio.cpp @ 680]
VMMR0!IOMInterpretOUTSEx(
			struct VM * pVM = 0xffffe000`c4bdb000, 
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			struct CPUMCTXCORE * pRegFrame = 0xffffe000`c4bf6b40, 
			unsigned int uPort = 0x600, 
			unsigned int uPrefix = 0, 
			DISCPUMODE enmAddrMode = DISCPUMODE_16BIT (0n1), 
			unsigned int cbTransfer = 2)+0x355 [c:\work_x64\vbox\src\vbox\vmm\vmmall\iomallmmio.cpp @ 2347]
VMMR0!hmR0SvmExitIOInstr(
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			struct CPUMCTX * pCtx = 0xffffe000`c4bf6940, 
			struct SVMTRANSIENT * pSvmTransient = 0xffffd001`d79b7708)+0x274 [c:\work_x64\vbox\src\vbox\vmm\vmmr0\hmsvmr0.cpp @ 4459]
VMMR0!hmR0SvmHandleExit(
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			struct CPUMCTX * pCtx = 0xffffe000`c4bf6940, 
			struct SVMTRANSIENT * pSvmTransient = 0xffffd001`d79b7708)+0xb0 [c:\work_x64\vbox\src\vbox\vmm\vmmr0\hmsvmr0.cpp @ 3242]
VMMR0!SVMR0RunGuestCode(
			struct VM * pVM = 0xffffe000`c4bdb000, 
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000, 
			struct CPUMCTX * pCtx = 0xffffe000`c4bf6940)+0x45e [c:\work_x64\vbox\src\vbox\vmm\vmmr0\hmsvmr0.cpp @ 3193]
VMMR0!HMR0RunGuestCode(
			struct VM * pVM = 0xffffe000`c4bdb000, 
			struct VMCPU * pVCpu = 0xffffe000`c4bf6000)+0x2b [c:\work_x64\vbox\src\vbox\vmm\vmmr0\hmr0.cpp @ 1532]
VMMR0!vmmR0CallRing3SetJmpEx+0xb2 [C:\work_x64\vbox\src\VBox\VMM\VMMR0\VMMR0JmpA-amd64.asm @ 132]
...

Last edited 11 years ago by Mihai Hanor (previous) (diff)

comment:11 by Frank Mehnert, 11 years ago

We think we found and fixed this problem. Could you install this test build to verify? Thank you!

comment:12 by Mikael Falkvidd, 11 years ago

Tested with VirtualBox-4.3.15-95634-Win.exe on Windows 7 Pro (Version 6.1 Build 7601: Service Pack 1). The host does not crash anymore.

comment:13 by Ramshankar Venkataraman, 11 years ago

Summary:	Crash Host OS when trying to boot on special ISO → Crash Host OS when trying to boot on special ISO => Fixed in SVN

comment:14 by Frank Mehnert, 11 years ago

Resolution:	→ fixed
Status:	new → closed

Fix is part of VBox 4.3.16.

Note: See TracTickets for help on using tickets.

Download in other formats: