Created attachment 1025310 [details] afl9.img Description of problem: The attached disk image demonstrates a bug in the VMDK driver where it returns a bogus negative value from bdrv_getlength. Apparently negative values should be -errno, but in this case it returns a very large negative value. Demonstration: $ qemu-img info afl9.img qemu-img: Can't get size of device 'image': Unknown error -512 Using gdb at the point where the error message is displayed we can see that size has a bogus value: $ gdb --args ./qemu-img info /mnt/scratch/afl9.img (gdb) list block/qapi.c:209 204 Error *err = NULL; 205 ImageInfo *info; 206 207 size = bdrv_getlength(bs); 208 if (size < 0) { 209 error_setg_errno(errp, -size, "Can't get size of device '%s'", 210 bdrv_get_device_name(bs)); 211 return; 212 } 213 (gdb) break block/qapi.c:209 Breakpoint 1 at 0x51708: file block/qapi.c, line 209. (gdb) run # gdb breaks at the breakpoint set above (gdb) print size $1 = -8564164787712 (gdb) print/x size $2 = 0xfffff83600000200 Apparently when -size is passed to error_setg_errno, it is truncated to 0x200 (512), thus causing the bogus error message to be printed: qemu-img: Can't get size of device 'image': Unknown error -512 Version-Release number of selected component (if applicable): qemu from git How reproducible: 100% Steps to Reproduce: 1. See above.
The image has virtual size "2233785398448881665" in sector, whose byte size is going to overflow int64_t. An image of this size is unrealistic, but we can fix the error info anyway. It's not fixable in VMDK, it should be fixed in bdrv_getlength. Fam
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
This was fixed by: commit 4a9c9ea0d318bec2f67848c5ceaf4ad5bcb91d09 Author: Fam Zheng <famz> Date: Fri May 15 16:36:05 2015 +0800 block: Detect multiplication overflow in bdrv_getlength In 2.4.0