search

open-power-host-os / qemu

OpenPOWER Host OS qemu repository
Other
2 stars 3 forks source link

qemu-io crashes with SIGSEGV when tried to 'truncate' #26

Closed nasastry closed 6 years ago

nasastry commented 6 years ago
Mirrored with LTC bug https://bugzilla.linux.ibm.com/show_bug.cgi?id=160751 Re-production steps: 1. Copy the attached files named test.img.txt to a directory 2. Rename it as ``` mv test.img.txt test.img ``` P.S. with filename extension as .img, it is not getting attached here to changed to .txt. 3. And customize the following command to point to the above directory and run the same. `/usr/bin/qemu-io /test.img -c "truncate 320000"` Output of the above command. ``` ERROR refcount block 2 is not cluster aligned; refcount table entry corrupted ERROR refcount block 5 is not cluster aligned; refcount table entry corrupted ERROR refcount block 6 refcount=2 ERROR refcount block 9 refcount=3 Leaked cluster 0 refcount=65535 reference=1 Leaked cluster 1 refcount=16383 reference=0 ... Leaked cluster 5824 refcount=1 reference=0 ERROR cluster 4194304 refcount=0 reference=1 Rebuilding refcount structure Repairing cluster 60 refcount=1 reference=0 Repairing cluster 1024 refcount=3 reference=0 Repairing cluster 1027 refcount=1 reference=0 Repairing cluster 1788 refcount=1 reference=0 Repairing cluster 3480 refcount=1 reference=0 Repairing cluster 4012 refcount=1 reference=0 Repairing cluster 4063 refcount=1 reference=0 Repairing cluster 4235 refcount=1 reference=0 Repairing cluster 4284 refcount=1 reference=0 Segmentation fault (core dumped) ``` from gdb: ``` (gdb) bt #0 refresh_total_sectors (bs=0x135d7e7a0, hint=11648) at block.c:726 #1 0x000000011d03a234 in bdrv_open_driver (bs=0x135d7e7a0, drv=0x11d1e2a10 , node_name=, options=0x135d83a80, open_flags=24578, errp=0x7ffff14a6520) at block.c:1128 #2 0x000000011d03b7bc in bdrv_open_common (errp=0x7ffff14a6520, options=0x135d83a80, file=0x135d89d80, bs=0x135d7e7a0) at block.c:1371 #3 bdrv_open_inherit (filename=, reference=, options=0x135d83a80, flags=24578, parent=, child_role=, errp=0x7ffff14a66a0) at block.c:2548 #4 0x000000011d089930 in blk_new_open (filename=0x7ffff14af687 "/tmp/test.img", reference=0x0, options=, flags=, errp=0x7ffff14a66a0) at block/block-backend.c:324 #5 0x000000011d0312ec in openfile (name=0x7ffff14af687 "/tmp/test.img", flags=, writethrough=, force_share=false, opts=0x0) at qemu-io.c:81 #6 0x000000011d02f610 in main (argc=, argv=0x7ffff14a6df8) at qemu-io.c:615 (gdb) bt full #0 refresh_total_sectors (bs=0x135d7e7a0, hint=11648) at block.c:726 drv = 0x0 #1 0x000000011d03a234 in bdrv_open_driver (bs=0x135d7e7a0, drv=0x11d1e2a10 , node_name=, options=0x135d83a80, open_flags=24578, errp=0x7ffff14a6520) at block.c:1128 local_err = 0x0 ret = __PRETTY_FUNCTION__ = "bdrv_open_driver" __func__ = "bdrv_open_driver" #2 0x000000011d03b7bc in bdrv_open_common (errp=0x7ffff14a6520, options=0x135d83a80, file=0x135d89d80, bs=0x135d7e7a0) at block.c:1371 discard = opts = 0x135d8a920 drv = 0x11d1e2a10 ret = open_flags = 24578 filename = detect_zeroes = driver_name = node_name = local_err = 0x0 #3 bdrv_open_inherit (filename=, reference=, options=0x135d83a80, flags=24578, parent=, child_role=, errp=0x7ffff14a66a0) at block.c:2548 ret = file = bs = 0x135d7e7a0 drv = 0x11d1e2a10 drvname = backing = local_err = 0x0 snapshot_options = 0x0 snapshot_flags = 0 __PRETTY_FUNCTION__ = "bdrv_open_inherit" __func__ = "bdrv_open_inherit" #4 0x000000011d089930 in blk_new_open (filename=0x7ffff14af687 "/tmp/test.img", reference=0x0, options=, flags=, errp=0x7ffff14a66a0) at block/block-backend.c:324 blk = 0x135d6e4a0 bs = perm = 3 #5 0x000000011d0312ec in openfile (name=0x7ffff14af687 "/tmp/test.img", flags=, writethrough=, force_share=false, opts=0x0) at qemu-io.c:81 local_err = 0x0 #6 0x000000011d02f610 in main (argc=, argv=0x7ffff14a6df8) at qemu-io.c:615 readonly = sopt = 0x11d161228 "hVc:d:f:rsnmkt:T:U" lopt = {{name = 0x11d161278 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x11d161280 "version", has_arg = 0, flag = 0x0, val = 86}, { name = 0x11d161288 "cmd", has_arg = 1, flag = 0x0, val = 99}, {name = 0x11d166170 "format", has_arg = 1, flag = 0x0, val = 102}, { name = 0x11d161290 "read-only", has_arg = 0, flag = 0x0, val = 114}, {name = 0x11d1612a0 "snapshot", has_arg = 0, flag = 0x0, val = 115}, { name = 0x11d1612b0 "nocache", has_arg = 0, flag = 0x0, val = 110}, {name = 0x11d1612b8 "misalign", has_arg = 0, flag = 0x0, val = 109}, { name = 0x11d1612c8 "native-aio", has_arg = 0, flag = 0x0, val = 107}, {name = 0x11d1612d8 "discard", has_arg = 1, flag = 0x0, val = 100}, { name = 0x11d1612e0 "cache", has_arg = 1, flag = 0x0, val = 116}, {name = 0x11d1612e8 "trace", has_arg = 1, flag = 0x0, val = 84}, { name = 0x11d1834b0 "object", has_arg = 1, flag = 0x0, val = 256}, {name = 0x11d1612f0 "image-opts", has_arg = 0, flag = 0x0, val = 257}, { ---Type to continue, or q to quit--- name = 0x11d160bd0 "force-share", has_arg = 0, flag = 0x0, val = 85}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} c = opt_index = 0 flags = 16386 writethrough = true local_error = 0x0 opts = 0x0 format = trace_file = 0x0 force_share = ``` Qemu version: `qemu-2.10.0-2.rel.gitc334a4e.el7.centos.ppc64le` Attaching the test.img file: [test.img.txt](https://github.com/open-power-host-os/qemu/files/1426960/test.img.txt) This image file created by `tests/image_fuzzer` code from `qemu source tree`. P.S.: After one round test.img is not useful, if you want to re-produce again - please take a copy of it before running `qemu-io` command.
cdeadmin commented 6 years ago

------- Comment From muriloo@br.ibm.com 2017-12-29 15:04:34 EDT------- This was reported upstream at https://bugs.launchpad.net/qemu/+bug/1728639

And fix was released in QEMU 2.11.0 commit 791fff504cad4d935dfaab6333ff9b7d95cbfe3f:

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=791fff504cad4d935df

commit 791fff504cad4d935dfaab6333ff9b7d95cbfe3f Author: Max Reitz <mreitz@redhat.com> Date: Fri Nov 10 21:31:07 2017 +0100

qcow2: check_errors are fatal
cdeadmin commented 6 years ago

------- Comment From nasastry@in.ibm.com 2018-01-01 01:12:43 EDT------- Tested with qemu-img-2.11.0-1.rel.gite7153e0.el7.centos.ppc64le reported segfault not seen. Output is too huge so truncated for convenience. This bugzilla can be closed.

/usr/bin/qemu-io /tmp/test.img -c "truncate 320000"

ERROR refcount block 2 is not cluster aligned; refcount table entry corrupted ERROR refcount block 5 is not cluster aligned; refcount table entry corrupted ERROR refcount block 6 refcount=2 ERROR refcount block 9 refcount=3 Leaked cluster 0 refcount=65535 reference=1 Leaked cluster 1 refcount=16383 reference=0 Leaked cluster 9 refcount=1 reference=0 Leaked cluster 10 refcount=1 reference=0 Leaked cluster 11 refcount=1 reference=0 ... ERROR cluster 4194304 refcount=0 reference=1 Rebuilding refcount structure Repairing cluster 60 refcount=1 reference=0 Repairing cluster 1024 refcount=3 reference=0 Repairing cluster 1027 refcount=1 reference=0 Repairing cluster 1788 refcount=1 reference=0 Repairing cluster 3480 refcount=1 reference=0 Repairing cluster 4012 refcount=1 reference=0 Repairing cluster 4063 refcount=1 reference=0 Repairing cluster 4235 refcount=1 reference=0 Repairing cluster 4284 refcount=1 reference=0 can't open device /tmp/test.img: Could not repair dirty image: Input/output error