Regression in 6.1.36 causes segfault in VBoxDD.so

[Larry Finger]

An openSUSE customer has reported a regression in version 6.1.36. When they try to shutdown a VM that has Sandisk USB 3.2gen1 flash drives attached to an xHCI port, the VM aborts rather than undergoing a normal shutdown. The problem in not seen with older USB devices, and it did not happen with 6.1.34. The customer did reproduce the problem with a Fedora 36 host, thus the problem is general.

Attached is a log file for the VM. It shows that the VM state goes from 'RUNNING' to 'RESETTING', rather than the expected 'RUNNING' to 'POWERING_OFF'. Otherwise, I saw nothing logged.

The dmesg log on the host shows the following:

[Tue Aug 30 11:38:22 2022] usb 6-1: reset SuperSpeed USB device number 2 using xhci_hcd [Tue Aug 30 11:38:22 2022] usb 6-1: reset SuperSpeed USB device number 2 using xhci_hcd [Tue Aug 30 11:38:51 2022] show_signal_msg: 47 callbacks suppressed [Tue Aug 30 11:38:51 2022] EMT-0[6148]: segfault at 0 ip 00007f447282f8df sp 00007f44b41fb630 error 4 in VBoxDD.so[7f447276f000+178000] [Tue Aug 30 11:38:51 2022] Code: c8 e8 15 1f 00 00 8b 45 c8 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 00 48 8b 04 25 00 00 00 00 0f 0b e8 f1 fb f3 ff <48> 8b 03 48 8b 55 c8 48 83 c4 18 41 0f b6 f4 4d 89 f8 4c 89 f1 48

Launching the debugger on VBoxDD.so, the code at offset 0x17800 is

(gdb) list *0x178000 0x178000 is in bootp_input (/usr/src/debug/virtualbox-6.1.36-2.1.x86_64/src/VBox/Devices/Network/slirp/bootp.c:624). Downloading 0.03 MB source file /usr/src/debug/virtualbox-6.1.36-2.1.x86_64/src/VBox/Devices/Network/slirp/bootp.c 618 if (!bc) 619 { 620 LogRel(("NAT: DHCP Inform was ignored no boot client was found\n")); 621 return -1; 622 } 623 624 LogRel(("NAT: DHCP offered IP address %RTnaipv4\n", bc->addr.s_addr)); 625 offReply = dhcp_send_ack(pData, bp, bc, m, /* fDhcpRequest=*/ 0); 626 return offReply; 627 }

From this, we know that bc is not zero, but it must not be a valid pointer. In addition, if I read the code correctly, this section is trying to get an IP address at bootup. If that is correct, the error happened somewhere else.

The openSUSE bug report is found at ​https://bugzilla.opensuse.org/show_bug.cgi?id=1202851.

[fth0]

I'll make an educated guess that this is a similar or the same USB3 related issue as in ​Issue connecting USB storage to Win10 guest and #21030. Read the forum thread first, because the real issue is well hidden in the Bugtracker ticket.

As a workaround, try disconnecting USB3 devices before (re-)starting the VM, and re-adding them when the VM is running.

Alternatively, in the VM configuration, disable the USB filters for USB3 devices, start the VM, and capture the devices using the VM window's menu Devices > USB > ....

[aeichner]

This should actually be fixed since 6.1.38 (make sure to have the matching extension pack), please reopen if not.