qcow2-refcount: qemu-io crashes on 'discard' command

qemu-io is killed by SIGIOT at the 'discard' command on the image having no refcount information.

Sequence:
1. Unpack test.img and backing_img.qed in the same directory (see the attached archives for images)
2. Make a copy of test.img to copy.img (qemu-io modifies the image before being kill, therefore the image backup is necessary)
3. Run the command

qemu-io copy.img -c 'discard 2210816 2856448'

Result: qemu-io is killed by SIGIOT with the reason:

qemu-io: block/qcow2-refcount.c:468: update_refcount_discard: Assertion `d->bytes + length == new_end - new_start' failed.


The image was generated by the image fuzzer.

qemu.git HEAD: 1d80eb7a680d



FWIW:

While trying to restore (apply) a snapshot on a Windows VM (ie: qemu-img snapshot -a snapshotname windows.qcow2 where the image file is 150gb in size,) I got the above error:

qemu-img: /build/buildd/qemu-2.0.0+dfsg/block/qcow2-refcount.c:467: update_refcount_discard: Assertion `d->bytes + length == new_end - new_start' failed.

(My VM is now broken.) 

This is the only reference that I found using Google.

HTH

I sent a patch that fixes the original problem that Maria reported. It's hard to say whether this is the same problem as you saw, Sam, but it's quite possible.

Fix has been included here:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ecbda7a22576591a84
... so I think it should be OK now to mark this ticket as fixed.