Virtualbox crash in QtGuiVBox4!QWidget::repaint+0x5dcb

[Mihai Hanor]

I can reproduce the crash every time I attempt to do it.

Host OS: Windows XP SP3 32 bit
Guest OS: Windows XP SP3 32 bit, GA installed, 2D/3D disabled, (VT-x enabled or disabled, it doesn't matter)

I've first encountered the crash by mistake (switching between 2 VM windows at the right moment) while playing with VB 3.2.6 beta.
VB 3.2.4 and VB 3.2.6.r63112 are also affected.

Steps:

1. Start the guest OS, let it load
2. Shutdown the XP guest (ACPI shutdown). While it does that, switch back and forth between the VM window and some other window covering the first (of another program or it can be another VM window, it's your choice). Or you can continuously minimize and maximize the VM window (click the VM window's taskbar button).

Approximately 2 cycles of minimize/maximize (or 4-6 window switching) per second are enough, just click the VM window's taskbar button to do that, while the guest is shutting down.

[Mihai Hanor]

VB 3.2.6.r63112

[Mihai Hanor]

please, can someone put the missing tags/spaces

[Technologov]

+1. I also experience such crashes.

Host: Windows XP + VBox 3.2.6-BETA2 (also tried VBox 3.2.0).

-Technologov

[Dsen]

Should be fixed. Please tell me if not.

[Frank Mehnert]

Please reopen if still relevant with VBox 3.2.8.

[Mihai Hanor]

Are you sure that old 3.2.8.r64453 contains the fix? I can still crash it.

[Technologov]

mhanor: Sometimes they fix a related bug and hope that this one was fixed "along the way".

However in this case it still crashes (after 3rd try, which makes this bug a "sometimes reproducible".)

Reopened.

-Technologov

[Technologov]

Host: Windows XP + VBox 3.2.8

[Technologov]

VBox Log of WinXP guest, after crashed-on-close

[Mihai Hanor]

it requires more aggressive window switching

[Mihai Hanor]

that is, if you want to reproduce it

[Mihai Hanor]

no change from 3.2.8 to 3.2.10

[Mihai Hanor]

apparently, the guest additions have nothing to do with this crash... VB 4.0 beta1 crashes without having GA installed, same setup

[Mihai Hanor]

VB crashes when it tries to write to the guest video memory, address 0x103e0000 and size 08000000 (128*2²⁰) in my examples. Usually, the address is the same at every VB run (that helped me). I've only set guest vram to 128MB to better identify it, it's the same thing with 16/22MB. You'll have to ignore the weird parameters windbg displays for qt_blend_rgb32_on_rgb32. I've compared the top of the crash raw call stack with other call stacks (taken during normal operation), and they are similar. It always happens when it enters MSVCR100 memcpy code (maybe the dll was compiled with FPO enabled). I've also attached a call stack backtrace, for qt_blend_rgb32_on_rgb32, during normal operation, running with similar parameters. I have yet to find out how to catch the release of 0x103e0000 memory segment, to show you what thread 0 is doing in the VirtualBox.exe process, while I try to crash it.

Again, no guest additions are not involved. Only a fresh installed XP SP3 32 bit is required.

[Mihai Hanor]

svn 36094

[Mihai Hanor]

the call stack backtraces are taked in different VB run sessions

[Mihai Hanor]

The first line from "103e0000 becomes available to the user process.txt" is manually pasted there, it was displayed by the QtGui4 after 103e0000 became available, it was displayed by a qt_blend_rgb32_on_rgb32 call.

[Mihai Hanor]

crash2.txt contains the proper interpretation of the call stack backtrace, right before it crashes (the crash is imminent), caught it with an assert on the content of the first byte of 0x103e0000.

[Mihai Hanor]

EMT thread give command to the driver, to release 103e0000, while thread 0 is still processing events, redraws the windows, etc.

[Mihai Hanor]

103e0000 gets freed

[Mihai Hanor]

VB 4.0.6 still crashes. Duplicates: #8397 #8400

[Frank Mehnert]

Still relevant with VBox 4.1.6?

[Mihai Hanor]

Unfortunately, yes...

[Mihai Hanor]

You can close this ticket. I can't reproduce the issue, anymore.

[Frank Mehnert]

Thanks!