Am 05.02.2026 um 09:59 hat Fiona Ebner geschrieben: > Hi, > > Am 03.02.26 um 3:24 PM schrieb Jean-Louis Dupond: > > Hi, > > > > Since some months we were observing disk corruption within the VM when > > enabling backups (which triggers snapshots). > > After a lot of troubleshooting, we were able to track down the commit > > that caused it: > > https://gitlab.com/qemu-project/qemu/-/ > > commit/058cfca5645a9ed7cb2bdb77d15f2eacaf343694 > > > > More info in the issue: > > https://gitlab.com/qemu-project/qemu/-/issues/3273 > > > > Now this seems to be caused by a race between disabling the > > dirty_bitmaps and the tracking implemented in the mirror top layer. > > Kevin shared me a possible solution: > > > > diff --git a/block/mirror.c b/block/mirror.c > > index b344182c747..f76e43f22c1 100644 > > --- a/block/mirror.c > > +++ b/block/mirror.c > > @@ -1122,6 +1122,9 @@ static int coroutine_fn mirror_run(Job *job, Error > > **errp) > > * accessing it. > > */ > > mirror_top_opaque->job = s; > > + if (s->copy_mode != MIRROR_COPY_MODE_WRITE_BLOCKING) { > > + bdrv_disable_dirty_bitmap(s->dirty_bitmap); > > + } > > > > assert(!s->dbi); > > s->dbi = bdrv_dirty_iter_new(s->dirty_bitmap); > > @@ -2018,7 +2021,9 @@ static BlockJob *mirror_start_job( > > * The dirty bitmap is set by bdrv_mirror_top_do_write() when not in > > active > > * mode. > > */ > > - bdrv_disable_dirty_bitmap(s->dirty_bitmap); > > + if (s->copy_mode == MIRROR_COPY_MODE_WRITE_BLOCKING) { > > + bdrv_disable_dirty_bitmap(s->dirty_bitmap); > > + } > > > > bdrv_graph_wrlock_drained(); > > ret = block_job_add_bdrv(&s->common, "source", bs, 0, > > > > > > Running this for some hours already, and it seems to fix the issue. > > > > Let's open up the discussion if this is the proper way to fix it, or if > > there are better alternatives :) > > Yes, I do think this is the proper solution. I ended up with essentially > the same yesterday (see the Gitlab issue). I moved the disabling > unconditionally, but there should be no need to delay the disabling if > using write-blocking mode. I would suggest moving the comment on top of > the changed hunk in mirror_start_job() along to the new hunk in > mirror_run().
I didn't actually write this as a proper patch, but just as a quick thing Jean-Louis could test, so yes, all of the details are up for discussion. You're right that there is no need to delay disabling the bitmap in active mode, but it probably also doesn't hurt to keep it enabled for a little while? Maybe we should do it like you did just to keep the code a little simpler. There is another approach I had in mind, but wasn't as sure about, so I didn't suggest it for the testing to see if this race is even the problem we're seeing in practice: Is there a reason why populating the initial dirty bitmap (i.e. the second part of mirror_dirty_init()) can't just come after setting 'mirror_top_opaque->job'? Then we could simply leave the bitmap disabled all the time and rely solely on the mirror job's own tracking. That would feel a little more consistent than using the block layer just to plug a small race window during startup. Kevin
