#13577 closed defect (obsolete)

virtualbox with 4.3.18 crashes by NULL pointer issue with the EHCI enabled in the guest system

Reported by:	swarron	Owned by:
Component:	USB	Version:	VirtualBox 4.3.18
Keywords:	crash null-pointer	Cc:
Guest type:	all	Host type:	Linux

Description (last modified by Frank Mehnert) ¶

When the guest system is configured with EHCI enabled, the virtualbox will crash due to NULL pointer access. The issue occurs in 4.3.18 while 4.3.14 works very well with the same configuration. So this issue seems an new bug introduced in 4.3.18. Following is the backtrace.

(gdb) c
Continuing.
[Switching to Thread 0x7f0272ffb700 (LWP 6133)]

Catchpoint 1 (signal SIGSEGV), 0x00007f024af5fc41 in ?? () from /usr/lib/virtualbox/VBoxDD.so
(gdb) bt
#0  0x00007f024af5fc41 in ?? () from /usr/lib/virtualbox/VBoxDD.so
#1  0x00007f024a94cc42 in VUSBIRhReapAsyncUrbs (cMillies=<optimized out>, pInterface=0x7f025d374420) at /mnt/tinderbox/extpacks-4.3/include/VBox/vusb.h:600
#2  ehciR3FrameBoundaryTimer (pDevIns=<optimized out>, pTimer=<optimized out>, pvUser=0x7f02722f3980) at /mnt/tinderbox/extpacks-4.3/src/VBox/Devices/USB/DevEHCI.cpp:3376
#3  0x00007f028ca081c3 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#4  0x00007f028ca0b7b6 in TMR3TimerQueuesDo () from /usr/lib/virtualbox/VBoxVMM.so
#5  0x00007f028c9a9537 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#6  0x00007f028c9ad4f9 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#7  0x00007f028c9aa43f in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#8  0x00007f028ca149a3 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#9  0x00007f029e0363ac in ?? () from /usr/lib/virtualbox/VBoxRT.so
#10 0x00007f029e0ad01c in ?? () from /usr/lib/virtualbox/VBoxRT.so
#11 0x00007f029e92f0a4 in start_thread (arg=0x7f0272ffb700) at pthread_create.c:309
#12 0x00007f029e45fcbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) info reg
rax            0x7f025d374420	139648130565152
rbx            0x7f02722f3980	139648482359680
rcx            0x7f02722d7770	139648482244464
rdx            0x7f02722f3980	139648482359680
rsi            0x0	0
rdi            0x7f025d374420	139648130565152
rbp            0x7f0272ffacc0	0x7f0272ffacc0
rsp            0x7f0272ffaca0	0x7f0272ffaca0
r8             0xb7d740	12048192
r9             0x7f02722f4f20	139648482365216
r10            0x7f029e379a00	139649221106176
r11            0x0	0
r12            0x7f028cb49800	139648927307776
r13            0x7f02722f4e30	139648482364976
r14            0x7f02722f4f00	139648482365184
r15            0x7f02840a4000	139648781926400
rip            0x7f024af5fc41	0x7f024af5fc41
eflags         0x10202	[ IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb) x/i $rip
=> 0x7f024af5fc41:	cmpq   $0x0,0x618(%rsi)
(gdb) p $rsi
$1 = 0

Attachments (9)

FreeBSD64-2014-10-31-16-41-08.log (55.4 KB ) - added by swarron 11 years ago.: VBox-with-FreeBSD-Windows-guests.log
freebsd-9.3-console_ehci.log (2.6 KB ) - added by ckujau 10 years ago.
VBox_ehci.log (56.3 KB ) - added by ckujau 10 years ago.
freebsd-9.3-console_no-ehci.log (8.1 KB ) - added by ckujau 10 years ago.
VBox_no-ehci.log (83.9 KB ) - added by ckujau 10 years ago.
freebsd-9.3-gdb_ehci.log (30.9 KB ) - added by ckujau 10 years ago.
VirtualBoxVM_2017-08-02-003958_iMacHome.crash (82.5 KB ) - added by erben.fr 8 years ago.
VBox.log.1 (78.0 KB ) - added by erben.fr 8 years ago.
VBox.log.2 (93.3 KB ) - added by erben.fr 8 years ago.

Download all attachments as: .zip

Change History (19)

by swarron, 11 years ago

Attachment:	FreeBSD64-2014-10-31-16-41-08.log added

VBox-with-FreeBSD-Windows-guests.log

comment:1 by swarron, 11 years ago

reformat the backtrace dump for it better to read.

(gdb) c
Continuing.
[Switching to Thread 0x7f0272ffb700 (LWP 6133)]

Catchpoint 1 (signal SIGSEGV), 0x00007f024af5fc41 in ?? () from /usr/lib/virtualbox/VBoxDD.so
(gdb) bt
#0  0x00007f024af5fc41 in ?? () from /usr/lib/virtualbox/VBoxDD.so
#1  0x00007f024a94cc42 in VUSBIRhReapAsyncUrbs (cMillies=<optimized out>, pInterface=0x7f025d374420) at /mnt/tinderbox/extpacks-4.3/include/VBox/vusb.h:600
#2  ehciR3FrameBoundaryTimer (pDevIns=<optimized out>, pTimer=<optimized out>, pvUser=0x7f02722f3980) at /mnt/tinderbox/extpacks-4.3/src/VBox/Devices/USB/DevEHCI.cpp:3376
#3  0x00007f028ca081c3 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#4  0x00007f028ca0b7b6 in TMR3TimerQueuesDo () from /usr/lib/virtualbox/VBoxVMM.so
#5  0x00007f028c9a9537 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#6  0x00007f028c9ad4f9 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#7  0x00007f028c9aa43f in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#8  0x00007f028ca149a3 in ?? () from /usr/lib/virtualbox/VBoxVMM.so
#9  0x00007f029e0363ac in ?? () from /usr/lib/virtualbox/VBoxRT.so
#10 0x00007f029e0ad01c in ?? () from /usr/lib/virtualbox/VBoxRT.so
#11 0x00007f029e92f0a4 in start_thread (arg=0x7f0272ffb700) at pthread_create.c:309
#12 0x00007f029e45fcbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) info reg
rax            0x7f025d374420   139648130565152
rbx            0x7f02722f3980   139648482359680
rcx            0x7f02722d7770   139648482244464
rdx            0x7f02722f3980   139648482359680
rsi            0x0  0
rdi            0x7f025d374420   139648130565152
rbp            0x7f0272ffacc0   0x7f0272ffacc0
rsp            0x7f0272ffaca0   0x7f0272ffaca0
r8             0xb7d740 12048192
r9             0x7f02722f4f20   139648482365216
r10            0x7f029e379a00   139649221106176
r11            0x0  0
r12            0x7f028cb49800   139648927307776
r13            0x7f02722f4e30   139648482364976
r14            0x7f02722f4f00   139648482365184
r15            0x7f02840a4000   139648781926400
rip            0x7f024af5fc41   0x7f024af5fc41
eflags         0x10202  [ IF RF ]
cs             0x33 51
ss             0x2b 43
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0
(gdb) x/i $rip
=> 0x7f024af5fc41:  cmpq   $0x0,0x618(%rsi)
(gdb) p $rsi
$1 = 0

by ckujau, 10 years ago

Attachment:	freebsd-9.3-console_ehci.log added

by ckujau, 10 years ago

Attachment:	VBox_ehci.log added

by ckujau, 10 years ago

Attachment:	freebsd-9.3-console_no-ehci.log added

by ckujau, 10 years ago

Attachment:	VBox_no-ehci.log added

comment:2 by ckujau, 10 years ago

Same here, host OS is Debian/Testing (x86-64), guest is FreeBSD-9.3 or 10.1 (i386). As soon as I enable EHCI, the guest crashes during boot, leaving this in the host's syslog:

EMT[30933]: segfault at 618 ip 00007fc882dd8561 sp 00007fc88ab5dcb0 error 4 in VBoxDD.so[7fc882d20000+264000]

Tested with stock Oracle VirtualBox (4.3.20-96996~Debian~wheezy) and the VirtualBox package from the Debian pool (4.3.18-dfsg-1).

by ckujau, 10 years ago

Attachment:	freebsd-9.3-gdb_ehci.log added

comment:3 by Frank Mehnert, 10 years ago

Description:	modified (diff)

comment:4 by Frank Mehnert, 10 years ago

ckujau, please could you provide a core dump? If so, please contact me via frank _dot_ mehnert _at_ oracle _dot_ com. Thank you!

comment:5 by ckujau, 10 years ago

(Un)fortunately, I can't reproduce this any more. I don't really know what happened there, it was definitely reproducible yesterday and then I added a few bits to this report. Then I uninstalled the stock Oracle version of VirtualBox 4.3.20 (from the Debian repo) and installed the Debian version 4.3.18 again, disabled EHCI and continued with this FreeBSD guest install. Looking at my other VMs I noticed that I never enabled USB or EHCI on any of these VMs, so that's why I never ran into that error before.

Now that I can't reproduce it, I removed the Debian version again and installed stock Oracle Virtualbox 4.3.20 again - no luck, the VM boots just fine, with USB/EHCI enabled or not.

Sorry for the noise then, and thanks for the hint with the core dump - I wondered why it would segfault but not write a core dump. If it happens again I'll send a core dump.

comment:6 by Frank Mehnert, 10 years ago

priority:	blocker → major

comment:7 by aeichner, 9 years ago

Resolution:	→ obsolete
Status:	new → closed

Please reopen if still relevant with a recent VirtualBox release.

by erben.fr, 8 years ago

Attachment:	VirtualBoxVM_2017-08-02-003958_iMacHome.crash added

by erben.fr, 8 years ago

Attachment:	VBox.log.1 added

by erben.fr, 8 years ago

Attachment:	VBox.log.2 added

comment:8 by erben.fr, 8 years ago

Resolution:	obsolete
Status:	closed → reopened

VBox 5.1.26, macOS 10.12 Host, Win10/32b guest. Crash VM while work/restart. See included crahslog and logs from VM.

comment:9 by ckujau, 8 years ago

@erben.fr: so, this only happens when EHCI is enabled in the guest - and when EHCI is disabled, it doesn't crash? Also, could you try to get a core dump when this happens?

comment:10 by Michael Thayer, 8 years ago

Resolution:	→ obsolete
Status:	reopened → closed

@erben.fr Unless you are sure that this is an EHCI issue please create a new ticket for it.

Note: See TracTickets for help on using tickets.

Download in other formats: