QEMU

qcow2-refcount: qemu-io crashes on 'discard' command

Bug #1349972 reported by Maria Kustova on 2014-07-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

qemu-io is killed by SIGIOT at the 'discard' command on the image having no refcount information.

Sequence:
1. Unpack test.img and backing_img.qed in the same directory (see the attached archives for images)
2. Make a copy of test.img to copy.img (qemu-io modifies the image before being kill, therefore the image backup is necessary)
3. Run the command

qemu-io copy.img -c 'discard 2210816 2856448'

Result: qemu-io is killed by SIGIOT with the reason:

qemu-io: block/qcow2-refcount.c:468: update_refcount_discard: Assertion `d->bytes + length == new_end - new_start' failed.

The image was generated by the image fuzzer.

qemu.git HEAD: 1d80eb7a680d

Revision history for this message

Maria Kustova (maria-k-o) wrote on 2014-07-29:

images.n.traces.tar.gz Edit (2.8 MiB, application/x-tar)

Revision history for this message

Sam Azer (samazer) wrote on 2015-05-05:

FWIW:

While trying to restore (apply) a snapshot on a Windows VM (ie: qemu-img snapshot -a snapshotname windows.qcow2 where the image file is 150gb in size,) I got the above error:

qemu-img: /build/buildd/qemu-2.0.0+dfsg/block/qcow2-refcount.c:467: update_refcount_discard: Assertion `d->bytes + length == new_end - new_start' failed.

(My VM is now broken.)

This is the only reference that I found using Google.

HTH

Revision history for this message

Kevin Wolf (kwolf-redhat) wrote on 2015-05-08:

I sent a patch that fixes the original problem that Maria reported. It's hard to say whether this is the same problem as you saw, Sam, but it's quite possible.