Public bug reported: git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4 This is on ppc64le architecture.
Re-production steps: 1. Copy the attached files named test.img to a directory 2. And customize the following command to point to the above directory and run the same. # mv test.img copy.img # qemu-io <path to>/copy.img -c "truncate 320000" from gdb: Program terminated with signal 11, Segmentation fault. #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 723 if (drv->bdrv_getlength) { Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-21.el7.ppc64le glib2-2.50.3-3.el7.ppc64le glibc-2.17-196.el7.ppc64le gmp-6.0.0-15.el7.ppc64le gnutls-3.3.26-9.el7.ppc64le keyutils-libs-1.5.8-3.el7.ppc64le krb5-libs-1.15.1-8.el7.ppc64le libaio-0.3.109-13.el7.ppc64le libcom_err-1.42.9-10.el7.ppc64le libcurl-7.29.0-42.el7.ppc64le libffi-3.0.13-18.el7.ppc64le libgcc-4.8.5-16.el7_4.1.ppc64le libidn-1.28-4.el7.ppc64le libselinux-2.5-11.el7.ppc64le libssh2-1.4.3-10.el7_2.1.ppc64le libstdc++-4.8.5-16.el7_4.1.ppc64le libtasn1-4.10-1.el7.ppc64le nettle-2.7.1-8.el7.ppc64le nspr-4.13.1-1.0.el7_3.ppc64le nss-3.28.4-15.el7_4.ppc64le nss-softokn-freebl-3.28.3-8.el7_4.ppc64le nss-util-3.28.4-3.el7.ppc64le openldap-2.4.44-5.el7.ppc64le openssl-libs-1.0.2k-8.el7.ppc64le p11-kit-0.23.5-3.el7.ppc64le pcre-8.32-17.el7.ppc64le zlib-1.2.7-17.el7.ppc64le (gdb) bt #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 #1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578, errp=0x3fffea0fc920) at block.c:1153 #2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0fc920) at block.c:1395 #3 0x0000000010013ac8 in bdrv_open_inherit (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x1fe8c240, flags=24578, parent=0x0, child_role=0x0, errp=0x3fffea0fcae0) at block.c:2616 #4 0x0000000010013e8c in bdrv_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block.c:2698 #5 0x000000001008b6d4 in blk_new_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block/block-backend.c:321 #6 0x000000001000a6ec in openfile (name=0x3fffea0ff661 "copy.img", flags=16386, writethrough=true, force_share=false, opts=0x0) at qemu-io.c:81 #7 0x000000001000c040 in main (argc=4, argv=0x3fffea0fd208) at qemu-io.c:624 (gdb) bt full #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 drv = 0x0 #1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578, errp=0x3fffea0fc920) at block.c:1153 local_err = 0x0 ret = 0 __PRETTY_FUNCTION__ = "bdrv_open_driver" __func__ = "bdrv_open_driver" #2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0fc920) at block.c:1395 ret = 16383 open_flags = 24578 filename = 0x1fe8e2b1 "copy.img" driver_name = 0x1fe54810 "qcow2" node_name = 0x0 discard = 0x0 detect_zeroes = 0x0 opts = 0x1fe93100 drv = 0x102036f0 <bdrv_qcow2> local_err = 0x0 __PRETTY_FUNCTION__ = "bdrv_open_common" __func__ = "bdrv_open_common" #3 0x0000000010013ac8 in bdrv_open_inherit (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x1fe8c240, flags=24578, parent=0x0, child_role=0x0, errp=0x3fffea0fcae0) at block.c:2616 ret = 512 file = 0x1fe92540 bs = 0x1fe86f60 drv = 0x102036f0 <bdrv_qcow2> drvname = 0x0 backing = 0x0 local_err = 0x0 snapshot_options = 0x0 snapshot_flags = 0 __PRETTY_FUNCTION__ = "bdrv_open_inherit" __func__ = "bdrv_open_inherit" #4 0x0000000010013e8c in bdrv_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block.c:2698 No locals. #5 0x000000001008b6d4 in blk_new_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block/block-backend.c:321 blk = 0x1fe79410 bs = 0x0 perm = 3 #6 0x000000001000a6ec in openfile (name=0x3fffea0ff661 "copy.img", flags=16386, writethrough=true, force_share=false, opts=0x0) at qemu-io.c:81 local_err = 0x0 #7 0x000000001000c040 in main (argc=4, argv=0x3fffea0fd208) at qemu-io.c:624 readonly = 0 sopt = 0x101b2608 "hVc:d:f:rsnCmkt:T:U" lopt = {{name = 0x101b26d0 "driver", has_arg = 0, flag = 0x0, val = 104}, {name = 0x101b26d8 "help", has_arg = 0, flag = 0x0, val = 86}, { name = 0x101b26e0 "version", has_arg = 1, flag = 0x0, val = 99}, {name = 0x101b26e8 "cmd", has_arg = 1, flag = 0x0, val = 102}, { name = 0x101b26f0 "format", has_arg = 0, flag = 0x0, val = 114}, {name = 0x101b2700 "y", has_arg = 0, flag = 0x0, val = 115}, { name = 0x101b2710 "", has_arg = 0, flag = 0x0, val = 110}, {name = 0x101b2718 "nocache", has_arg = 0, flag = 0x0, val = 67}, { ---Type <return> to continue, or q <return> to quit--- name = 0x101b2728 "read", has_arg = 0, flag = 0x0, val = 109}, {name = 0x101b2738 "", has_arg = 0, flag = 0x0, val = 107}, { name = 0x101b2748 "io", has_arg = 1, flag = 0x0, val = 100}, {name = 0x101b2750 "discard", has_arg = 1, flag = 0x0, val = 116}, { name = 0x101b2758 "cache", has_arg = 1, flag = 0x0, val = 84}, {name = 0x101b25e8 "object", has_arg = 1, flag = 0x0, val = 256}, { name = 0x101b2760 "trace", has_arg = 0, flag = 0x0, val = 257}, {name = 0x101b1c48 "force-share", has_arg = 0, flag = 0x0, val = 85}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} c = -1 opt_index = 0 flags = 16386 writethrough = true local_error = 0x0 opts = 0x0 format = 0x0 trace_file = 0x0 force_share = false (gdb) (gdb) quit Will attach image_fuzzer image. ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1728639 Title: qemu-io crashes with SIGSEGV when did -c truncate 320000 on a image_fuzzer image Status in QEMU: New Bug description: git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4 This is on ppc64le architecture. Re-production steps: 1. Copy the attached files named test.img to a directory 2. And customize the following command to point to the above directory and run the same. # mv test.img copy.img # qemu-io <path to>/copy.img -c "truncate 320000" from gdb: Program terminated with signal 11, Segmentation fault. #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 723 if (drv->bdrv_getlength) { Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-21.el7.ppc64le glib2-2.50.3-3.el7.ppc64le glibc-2.17-196.el7.ppc64le gmp-6.0.0-15.el7.ppc64le gnutls-3.3.26-9.el7.ppc64le keyutils-libs-1.5.8-3.el7.ppc64le krb5-libs-1.15.1-8.el7.ppc64le libaio-0.3.109-13.el7.ppc64le libcom_err-1.42.9-10.el7.ppc64le libcurl-7.29.0-42.el7.ppc64le libffi-3.0.13-18.el7.ppc64le libgcc-4.8.5-16.el7_4.1.ppc64le libidn-1.28-4.el7.ppc64le libselinux-2.5-11.el7.ppc64le libssh2-1.4.3-10.el7_2.1.ppc64le libstdc++-4.8.5-16.el7_4.1.ppc64le libtasn1-4.10-1.el7.ppc64le nettle-2.7.1-8.el7.ppc64le nspr-4.13.1-1.0.el7_3.ppc64le nss-3.28.4-15.el7_4.ppc64le nss-softokn-freebl-3.28.3-8.el7_4.ppc64le nss-util-3.28.4-3.el7.ppc64le openldap-2.4.44-5.el7.ppc64le openssl-libs-1.0.2k-8.el7.ppc64le p11-kit-0.23.5-3.el7.ppc64le pcre-8.32-17.el7.ppc64le zlib-1.2.7-17.el7.ppc64le (gdb) bt #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 #1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578, errp=0x3fffea0fc920) at block.c:1153 #2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0fc920) at block.c:1395 #3 0x0000000010013ac8 in bdrv_open_inherit (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x1fe8c240, flags=24578, parent=0x0, child_role=0x0, errp=0x3fffea0fcae0) at block.c:2616 #4 0x0000000010013e8c in bdrv_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block.c:2698 #5 0x000000001008b6d4 in blk_new_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block/block-backend.c:321 #6 0x000000001000a6ec in openfile (name=0x3fffea0ff661 "copy.img", flags=16386, writethrough=true, force_share=false, opts=0x0) at qemu-io.c:81 #7 0x000000001000c040 in main (argc=4, argv=0x3fffea0fd208) at qemu-io.c:624 (gdb) bt full #0 0x000000001000e444 in refresh_total_sectors (bs=0x1fe86f60, hint=11648) at block.c:723 drv = 0x0 #1 0x000000001000fa10 in bdrv_open_driver (bs=0x1fe86f60, drv=0x102036f0 <bdrv_qcow2>, node_name=0x0, options=0x1fe8c240, open_flags=24578, errp=0x3fffea0fc920) at block.c:1153 local_err = 0x0 ret = 0 __PRETTY_FUNCTION__ = "bdrv_open_driver" __func__ = "bdrv_open_driver" #2 0x0000000010010480 in bdrv_open_common (bs=0x1fe86f60, file=0x1fe92540, options=0x1fe8c240, errp=0x3fffea0fc920) at block.c:1395 ret = 16383 open_flags = 24578 filename = 0x1fe8e2b1 "copy.img" driver_name = 0x1fe54810 "qcow2" node_name = 0x0 discard = 0x0 detect_zeroes = 0x0 opts = 0x1fe93100 drv = 0x102036f0 <bdrv_qcow2> local_err = 0x0 __PRETTY_FUNCTION__ = "bdrv_open_common" __func__ = "bdrv_open_common" #3 0x0000000010013ac8 in bdrv_open_inherit (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x1fe8c240, flags=24578, parent=0x0, child_role=0x0, errp=0x3fffea0fcae0) at block.c:2616 ret = 512 file = 0x1fe92540 bs = 0x1fe86f60 drv = 0x102036f0 <bdrv_qcow2> drvname = 0x0 backing = 0x0 local_err = 0x0 snapshot_options = 0x0 snapshot_flags = 0 __PRETTY_FUNCTION__ = "bdrv_open_inherit" __func__ = "bdrv_open_inherit" #4 0x0000000010013e8c in bdrv_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block.c:2698 No locals. #5 0x000000001008b6d4 in blk_new_open (filename=0x3fffea0ff661 "copy.img", reference=0x0, options=0x0, flags=16386, errp=0x3fffea0fcae0) at block/block-backend.c:321 blk = 0x1fe79410 bs = 0x0 perm = 3 #6 0x000000001000a6ec in openfile (name=0x3fffea0ff661 "copy.img", flags=16386, writethrough=true, force_share=false, opts=0x0) at qemu-io.c:81 local_err = 0x0 #7 0x000000001000c040 in main (argc=4, argv=0x3fffea0fd208) at qemu-io.c:624 readonly = 0 sopt = 0x101b2608 "hVc:d:f:rsnCmkt:T:U" lopt = {{name = 0x101b26d0 "driver", has_arg = 0, flag = 0x0, val = 104}, {name = 0x101b26d8 "help", has_arg = 0, flag = 0x0, val = 86}, { name = 0x101b26e0 "version", has_arg = 1, flag = 0x0, val = 99}, {name = 0x101b26e8 "cmd", has_arg = 1, flag = 0x0, val = 102}, { name = 0x101b26f0 "format", has_arg = 0, flag = 0x0, val = 114}, {name = 0x101b2700 "y", has_arg = 0, flag = 0x0, val = 115}, { name = 0x101b2710 "", has_arg = 0, flag = 0x0, val = 110}, {name = 0x101b2718 "nocache", has_arg = 0, flag = 0x0, val = 67}, { ---Type <return> to continue, or q <return> to quit--- name = 0x101b2728 "read", has_arg = 0, flag = 0x0, val = 109}, {name = 0x101b2738 "", has_arg = 0, flag = 0x0, val = 107}, { name = 0x101b2748 "io", has_arg = 1, flag = 0x0, val = 100}, {name = 0x101b2750 "discard", has_arg = 1, flag = 0x0, val = 116}, { name = 0x101b2758 "cache", has_arg = 1, flag = 0x0, val = 84}, {name = 0x101b25e8 "object", has_arg = 1, flag = 0x0, val = 256}, { name = 0x101b2760 "trace", has_arg = 0, flag = 0x0, val = 257}, {name = 0x101b1c48 "force-share", has_arg = 0, flag = 0x0, val = 85}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} c = -1 opt_index = 0 flags = 16386 writethrough = true local_error = 0x0 opts = 0x0 format = 0x0 trace_file = 0x0 force_share = false (gdb) (gdb) quit Will attach image_fuzzer image. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1728639/+subscriptions