[Bug 1147351] [NEW] qemu-img can crash during snapshot removal corrupting the image

Tue, 05 Mar 2013 09:45:31 -0800 

Public bug reported:

qemu-utils:
  Installed: 1.0+noroms-0ubuntu14.7

This has happened 5 times on my Ubuntu 12.04 VM host so far. This time I got 
the stack trace:
Program terminated with signal 11, Segmentation fault.
#0  0x00007f82189745f6 in alloc_refcount_block (refcount_block=0x7fff0bf935a0, 
cluster_index=4294967312, bs=0x7f8219882890)
    at block/qcow2-refcount.c:334
334         new_table[refcount_table_index] = new_block;
(gdb) bt
#0  0x00007f82189745f6 in alloc_refcount_block (refcount_block=0x7fff0bf935a0, 
cluster_index=4294967312, bs=0x7f8219882890)
    at block/qcow2-refcount.c:334
#1  update_refcount (bs=0x7f8219882890, offset=281474977759232, 
length=<optimized out>, addend=-1) at block/qcow2-refcount.c:459
#2  0x00007f82189750bb in qcow2_update_snapshot_refcount (bs=0x7f8219882890, 
l1_table_offset=38231343104, l1_size=90, addend=-1)
    at block/qcow2-refcount.c:747
#3  0x00007f82189760c2 in qcow2_snapshot_delete (bs=0x7f8219882890, 
snapshot_id=<optimized out>) at block/qcow2-snapshot.c:380
#4  0x00007f8218994045 in img_snapshot (argc=4, argv=<optimized out>) at 
qemu-img.c:1276
#5  0x00007f8216df476d in __libc_start_main () from 
/lib/x86_64-linux-gnu/libc.so.6
#6  0x00007f8218966719 in _start ()

We have the following table:
uint64_t *new_table = g_malloc0(table_size * sizeof(uint64_t));

(gdb) p table_size
$2 = 8192

However, the code tries to assign element index at

(gdb) p refcount_table_index 
$3 = 131072

And therefore segfaults. I was not able to find any other bug report
with qemu-img segfaulting but in my case every time this happened the
disk image became completely corrupted and could not be recovered.

** Affects: qemu-kvm (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1147351

Title:
  qemu-img can crash during snapshot removal corrupting the image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1147351/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to