qemu-io crashes with SIGSEGV when did -c truncate 320000 on a image_fuzzer image
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
git is at HEAD a93ece47fd9edbd
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named test.img to a directory
2. And customize the following command to point to the above directory and run the same.
# mv test.img copy.img
# qemu-io <path to>/copy.img -c "truncate 320000"
from gdb:
Program terminated with signal 11, Segmentation fault.
#0 0x000000001000e444 in refresh_
723 if (drv->bdrv_
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-
(gdb) bt
#0 0x000000001000e444 in refresh_
#1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578,
errp=
#2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0f
#3 0x0000000010013ac8 in bdrv_open_inherit (filename=
errp=
#4 0x0000000010013e8c in bdrv_open (filename=
#5 0x000000001008b6d4 in blk_new_open (filename=
at block/block-
#6 0x000000001000a6ec in openfile (name=0x3fffea0
#7 0x000000001000c040 in main (argc=4, argv=0x3fffea0f
(gdb) bt full
#0 0x000000001000e444 in refresh_
drv = 0x0
#1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578,
errp=
local_err = 0x0
ret = 0
__func__ = "bdrv_open_driver"
#2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0f
ret = 16383
open_flags = 24578
filename = 0x1fe8e2b1 "copy.img"
driver_name = 0x1fe54810 "qcow2"
node_name = 0x0
discard = 0x0
opts = 0x1fe93100
drv = 0x102036f0 <bdrv_qcow2>
local_err = 0x0
__func__ = "bdrv_open_common"
#3 0x0000000010013ac8 in bdrv_open_inherit (filename=
errp=
ret = 512
file = 0x1fe92540
bs = 0x1fe86f60
drv = 0x102036f0 <bdrv_qcow2>
drvname = 0x0
backing = 0x0
local_err = 0x0
__func__ = "bdrv_open_inherit"
#4 0x0000000010013e8c in bdrv_open (filename=
No locals.
#5 0x000000001008b6d4 in blk_new_open (filename=
at block/block-
blk = 0x1fe79410
bs = 0x0
perm = 3
#6 0x000000001000a6ec in openfile (name=0x3fffea0
local_err = 0x0
#7 0x000000001000c040 in main (argc=4, argv=0x3fffea0f
readonly = 0
sopt = 0x101b2608 "hVc:d:
lopt = {{name = 0x101b26d0 "driver", has_arg = 0, flag = 0x0, val = 104}, {name = 0x101b26d8 "help", has_arg = 0, flag = 0x0, val = 86}, {
name = 0x101b26e0 "version", has_arg = 1, flag = 0x0, val = 99}, {name = 0x101b26e8 "cmd", has_arg = 1, flag = 0x0, val = 102}, {
name = 0x101b26f0 "format", has_arg = 0, flag = 0x0, val = 114}, {name = 0x101b2700 "y", has_arg = 0, flag = 0x0, val = 115}, {
name = 0x101b2710 "", has_arg = 0, flag = 0x0, val = 110}, {name = 0x101b2718 "nocache", has_arg = 0, flag = 0x0, val = 67}, {
---Type <return> to continue, or q <return> to quit---
name = 0x101b2728 "read", has_arg = 0, flag = 0x0, val = 109}, {name = 0x101b2738 "", has_arg = 0, flag = 0x0, val = 107}, {
name = 0x101b2748 "io", has_arg = 1, flag = 0x0, val = 100}, {name = 0x101b2750 "discard", has_arg = 1, flag = 0x0, val = 116}, {
name = 0x101b2758 "cache", has_arg = 1, flag = 0x0, val = 84}, {name = 0x101b25e8 "object", has_arg = 1, flag = 0x0, val = 256}, {
name = 0x101b2760 "trace", has_arg = 0, flag = 0x0, val = 257}, {name = 0x101b1c48 "force-share", has_arg = 0, flag = 0x0, val = 85}, {name = 0x0,
has_arg = 0, flag = 0x0, val = 0}}
c = -1
opt_index = 0
flags = 16386
local_error = 0x0
opts = 0x0
format = 0x0
trace_file = 0x0
force_share = false
(gdb)
(gdb) quit
Will attach image_fuzzer image.
Hi,
Thanks a lot for reporting this bug! I've found a fix and I'll send a patch once I've written a test case.
Max