If we complete a request with a failure we need to remove it from the list of requests that are in flight. If we don't do it, the next time the same AIOCB is used for a cluster allocation it will create a loop in the list and qemu will hang in an endless loop.
Signed-off-by: Kevin Wolf <kw...@redhat.com> --- block/qcow2-cluster.c | 1 + block/qcow2.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index ace3b85..639e05e 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -832,6 +832,7 @@ int qcow2_alloc_cluster_offset(BlockDriverState *bs, uint64_t offset, cluster_offset = qcow2_alloc_clusters(bs, nb_clusters * s->cluster_size); if (cluster_offset < 0) { + QLIST_REMOVE(m, next_in_flight); return cluster_offset; } diff --git a/block/qcow2.c b/block/qcow2.c index 2f34eec..11ce8d1 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -628,11 +628,15 @@ static void qcow_aio_write_cb(void *opaque, int ret) qcow_aio_write_cb, acb); if (acb->hd_aiocb == NULL) { ret = -EIO; - goto done; + goto fail; } return; +fail: + if (acb->l2meta.nb_clusters != 0) { + QLIST_REMOVE(&acb->l2meta, next_in_flight); + } done: if (acb->qiov->niov > 1) qemu_vfree(acb->orig_buf); -- 1.6.6.1