[Cc'ing qcow2 developers] On Thu, 11/05 02:05, Ivan Volosyuk wrote: > The image has some personal data and is pretty large 1T (140G allocated). I > recompiled qemu-img and run through gdb: > Program received signal SIGSEGV, Segmentation fault. > get_refcount_ro4 (refcount_array=0x7fffc0edc010, index=246458459629569) at > block/qcow2-refcount.c:179 > 179 return be16_to_cpu(((const uint16_t *)refcount_array)[index]); > (gdb) bt > #0 get_refcount_ro4 (refcount_array=0x7fffc0edc010, index=246458459629569) > at block/qcow2-refcount.c:179 > #1 0x0000555555595851 in inc_refcounts > (refcount_table=refcount_table@entry=0x7fffffffd690, > refcount_table_size=refcount_table_size@entry=0x7fffffffd688, > offset=offset@entry=-2294842463426117632, size=size@entry=2684354560, > res=0x7fffffffd730, res=0x7fffffffd730, bs=0x555555c76320) > at block/qcow2-refcount.c:1329 > #2 0x0000555555595a61 in check_refcounts_l1 (bs=bs@entry=0x555555c76320, > res=res@entry=0x7fffffffd730, refcount_table=refcount_table@entry > =0x7fffffffd690, > refcount_table_size=refcount_table_size@entry=0x7fffffffd688, > l1_table_offset=-2294842463426117632, l1_size=335544320, flags=flags@entry > =0)
To avoid this crash, we should probably validate l1_table_offset against refcount_table_size in check_refcounts_l1. Regarding the image, apparently the l1 table offset doesn't make sense here, the header may be corrupted. Can you hexdump the first 512 bytes? > at block/qcow2-refcount.c:1487 > #3 0x0000555555595fcd in calculate_refcounts (bs=bs@entry=0x555555c76320, > res=res@entry=0x7fffffffd730, fix=fix@entry=(unknown: 0), > rebuild=rebuild@entry=0x7fffffffd67f, > refcount_table=refcount_table@entry=0x7fffffffd690, > nb_clusters=nb_clusters@entry=0x7fffffffd688) > at block/qcow2-refcount.c:1811 > #4 0x000055555559893e in qcow2_check_refcounts (bs=bs@entry=0x555555c76320, > res=res@entry=0x7fffffffd730, fix=fix@entry=(unknown: 0)) > at block/qcow2-refcount.c:2199 > #5 0x0000555555592d15 in qcow2_check (bs=0x555555c76320, > result=0x7fffffffd730, fix=(unknown: 0)) at block/qcow2.c:336 > #6 0x0000555555568b2b in collect_image_check (bs=0x555555c76320, > check=0x555555ca8e40, > filename=0x7fffffffdc72 "/home/ivan/../vm-images/win81a.qcow2.broken", > fix=<optimized out>, fmt=<optimized out>) at qemu-img.c:444 > #7 0x000055555556a53e in img_check (argc=<optimized out>, argv=<optimized > out>) at qemu-img.c:570 > #8 0x000055555556559c in main (argc=3, argv=0x7fffffffd938) at > qemu-img.c:3087 > -- > Regards, > Ivan > > On Thu, Nov 5, 2015 at 12:29 PM Fam Zheng <f...@redhat.com> wrote: > > > On Thu, 11/05 01:09, Ivan Volosyuk wrote: > > > Yesterday, I did a few tweaks for my system which uses VGA passthrough. > > > - I moved virtual CPUs to dedicated CPUs (isolcpus=4-7 kernel boot > > argument) > > > - I instructed my windows guest to use MSI IRQ > > > > > > Sound crackles disappeared, but after a few minutes of playing Starcraft > > I > > > got first ever reboot of windows 8.1 in virtual machine. When I tried to > > > restart the virtual machine I got the message that qcow2 image is > > corrupted. > > > qemu-img check crashes with segfault now on the image. > > > > Is the convinient for you to provide the image? If not, can you post the > > backtrace of "qemu-img check" crash? > > > > Fam > >
