Here refcount of cluster at @cluster_offset reached 0, so we "free" that cluster. Not a cluster at @offset. The thing that save us from the bug is that L2 tables and refblocks are discarded one by one. Still, let's be precise.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com> --- block/qcow2-refcount.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 8e649b008e..543fcf289c 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -887,14 +887,15 @@ static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, void *table; table = qcow2_cache_is_table_offset(s->refcount_block_cache, - offset); + cluster_offset); if (table != NULL) { qcow2_cache_put(s->refcount_block_cache, &refcount_block); old_table_index = -1; qcow2_cache_discard(s->refcount_block_cache, table); } - table = qcow2_cache_is_table_offset(s->l2_table_cache, offset); + table = qcow2_cache_is_table_offset(s->l2_table_cache, + cluster_offset); if (table != NULL) { qcow2_cache_discard(s->l2_table_cache, table); } -- 2.29.2