add new classifier result

1 files changed, 538 insertions, 0 deletions

diff --git a/results/classifier/105/KVM/1728615 b/results/classifier/105/KVM/1728615
new file mode 100644
index 00000000..fd219c83
--- /dev/null
+++ b/results/classifier/105/KVM/1728615
@@ -0,0 +1,538 @@
+KVM: 0.810
+vnc: 0.784
+other: 0.757
+mistranslation: 0.709
+graphic: 0.662
+boot: 0.618
+instruction: 0.588
+device: 0.575
+assembly: 0.534
+semantic: 0.530
+socket: 0.480
+network: 0.468
+
+qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
+
+git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
+This is on ppc64le architecture.
+
+Re-production steps:
+
+1. Copy the attached files named backing_img.file and test.img to a directory
+2. And customize the following command to point to the above directory and run the same.
+/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
+
+3.Output of the above command.
+qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
+Aborted (core dumped)
+
+from gdb:
+(gdb) bt
+#0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+#1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+#2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+#3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+#4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+#5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+#6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+    at block/qcow2-refcount.c:834
+#7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+#8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+    at block/qcow2-cluster.c:1221
+#9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+    at block/qcow2-cluster.c:1324
+#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+    at block/qcow2-cluster.c:1511
+#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+    at block/io.c:1440
+#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+#19 0x0000000000000000 in ?? ()
+(gdb) bt full
+#0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+No symbol table info available.
+#1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+No symbol table info available.
+#2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+No symbol table info available.
+#3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+No symbol table info available.
+#4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+        i = 0
+        __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
+#5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+        s = 0x2e893210
+        refcount_table_index = 0
+        ret = 0
+        new_block = 0
+        blocks_used = 72057594818669408
+        meta_offset = 1572863
+#6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+    at block/qcow2-refcount.c:834
+        block_index = 268870408
+        refcount = 780741808
+        cluster_index = 2
+        table_index = 0
+        s = 0x2e893210
+        start = 1048576
+        last = 1048576
+        cluster_offset = 1048576
+        refcount_block = 0x3fff81200000
+        old_table_index = -1
+        ret = 16383
+#7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+        s = 0x2e893210
+        cluster_index = 3
+        refcount = 0
+        i = 1
+        ret = 0
+        __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
+#8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+    at block/qcow2-cluster.c:1221
+        ret = 780743184
+        s = 0x2e893210
+#9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+    at block/qcow2-cluster.c:1324
+        s = 0x2e893210
+        l2_index = 4
+        l2_table = 0x0
+        entry = 0
+        nb_clusters = 1
+        ret = 0
+---Type <return> to continue, or q <return> to quit---
+        keep_old_clusters = false
+        alloc_cluster_offset = 1048576
+        __PRETTY_FUNCTION__ = "handle_alloc"
+        requested_bytes = 17960562528
+        avail_bytes = -2133853344
+        nb_bytes = 16383
+        old_m = 0x100000000
+#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+    at block/qcow2-cluster.c:1511
+        s = 0x2e893210
+        start = 2097152
+        remaining = 962560
+        cluster_offset = 1048576
+        cur_bytes = 962560
+        ret = 0
+        __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
+#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+        s = 0x2e893210
+        offset_in_cluster = 0
+        ret = 0
+        cur_bytes = 1486848
+        cluster_offset = 524288
+        hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
+        bytes_done = 220672
+        cluster_data = 0x0
+        l2meta = 0x0
+        __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
+#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+        drv = 0x102036f0 <bdrv_qcow2>
+        sector_num = 780706080
+        nb_sectors = 3069122264
+        ret = -203160320
+        __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
+#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+    at block/io.c:1440
+        bs = 0x2e886f60
+        drv = 0x102036f0 <bdrv_qcow2>
+        waited = false
+        ret = 0
+        end_sector = 5976
+        bytes_remaining = 1707520
+        max_transfer = 2147483647
+        __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
+#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+        bs = 0x2e886f60
+        req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
+          overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
+              sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
+        align = 1
+        head_buf = 0x0
+---Type <return> to continue, or q <return> to quit---
+        tail_buf = 0x0
+        local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
+        use_local_qiov = false
+        ret = 0
+        __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
+#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+        ret = 0
+        bs = 0x2e886f60
+#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+        rwco = 0x3fffc85f0c08
+#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+        arg = {p = 0x2e895a90, i = {780753552, 0}}
+        self = 0x2e895a90
+        co = 0x2e895a90
+#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+No symbol table info available.
+#19 0x0000000000000000 in ?? ()
+No symbol table info available.
+
+Will attach the 'image_fuzzer' images.
+
+
+
+On Wed 01 Nov 2017 07:13:08 AM CET, Thomas Huth wrote:
+> On 30.10.2017 15:43, R.Nageswara Sastry wrote:
+>> Public bug reported:
+>> 
+>> git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
+>> This is on ppc64le architecture.
+>> 
+>> Re-production steps:
+>> 
+>> 1. Copy the attached files named backing_img.file and test.img to a directory
+>> 2. And customize the following command to point to the above directory and run the same.
+>> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
+>> 
+>> 3.Output of the above command.
+>> qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
+>> Aborted (core dumped)
+>> 
+>> from gdb:
+>> (gdb) bt
+>> #0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+>> #1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+>> #2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+>> #3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+>> #4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+>> #5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+>> #6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+>>     at block/qcow2-refcount.c:834
+>> #7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+>> #8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+>>     at block/qcow2-cluster.c:1221
+>> #9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+>>     at block/qcow2-cluster.c:1324
+>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+>>     at block/qcow2-cluster.c:1511
+>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+>>     at block/io.c:1440
+>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+>> #19 0x0000000000000000 in ?? ()
+>> (gdb) bt full
+>> #0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+>> No symbol table info available.
+>> #1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+>> No symbol table info available.
+>> #2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+>> No symbol table info available.
+>> #3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+>> No symbol table info available.
+>> #4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+>>         i = 0
+>>         __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
+>> #5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+>>         s = 0x2e893210
+>>         refcount_table_index = 0
+>>         ret = 0
+>>         new_block = 0
+>>         blocks_used = 72057594818669408
+>>         meta_offset = 1572863
+>> #6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+>>     at block/qcow2-refcount.c:834
+>>         block_index = 268870408
+>>         refcount = 780741808
+>>         cluster_index = 2
+>>         table_index = 0
+>>         s = 0x2e893210
+>>         start = 1048576
+>>         last = 1048576
+>>         cluster_offset = 1048576
+>>         refcount_block = 0x3fff81200000
+>>         old_table_index = -1
+>>         ret = 16383
+>> #7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+>>         s = 0x2e893210
+>>         cluster_index = 3
+>>         refcount = 0
+>>         i = 1
+>>         ret = 0
+>>         __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
+>> #8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+>>     at block/qcow2-cluster.c:1221
+>>         ret = 780743184
+>>         s = 0x2e893210
+>> #9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+>>     at block/qcow2-cluster.c:1324
+>>         s = 0x2e893210
+>>         l2_index = 4
+>>         l2_table = 0x0
+>>         entry = 0
+>>         nb_clusters = 1
+>>         ret = 0
+>> ---Type <return> to continue, or q <return> to quit---
+>>         keep_old_clusters = false
+>>         alloc_cluster_offset = 1048576
+>>         __PRETTY_FUNCTION__ = "handle_alloc"
+>>         requested_bytes = 17960562528
+>>         avail_bytes = -2133853344
+>>         nb_bytes = 16383
+>>         old_m = 0x100000000
+>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+>>     at block/qcow2-cluster.c:1511
+>>         s = 0x2e893210
+>>         start = 2097152
+>>         remaining = 962560
+>>         cluster_offset = 1048576
+>>         cur_bytes = 962560
+>>         ret = 0
+>>         __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
+>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+>>         s = 0x2e893210
+>>         offset_in_cluster = 0
+>>         ret = 0
+>>         cur_bytes = 1486848
+>>         cluster_offset = 524288
+>>         hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
+>>         bytes_done = 220672
+>>         cluster_data = 0x0
+>>         l2meta = 0x0
+>>         __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
+>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+>>         drv = 0x102036f0 <bdrv_qcow2>
+>>         sector_num = 780706080
+>>         nb_sectors = 3069122264
+>>         ret = -203160320
+>>         __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
+>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+>>     at block/io.c:1440
+>>         bs = 0x2e886f60
+>>         drv = 0x102036f0 <bdrv_qcow2>
+>>         waited = false
+>>         ret = 0
+>>         end_sector = 5976
+>>         bytes_remaining = 1707520
+>>         max_transfer = 2147483647
+>>         __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
+>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+>>         bs = 0x2e886f60
+>>         req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
+>>           overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
+>>               sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
+>>         align = 1
+>>         head_buf = 0x0
+>> ---Type <return> to continue, or q <return> to quit---
+>>         tail_buf = 0x0
+>>         local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
+>>         use_local_qiov = false
+>>         ret = 0
+>>         __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
+>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+>>         ret = 0
+>>         bs = 0x2e886f60
+>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+>>         rwco = 0x3fffc85f0c08
+>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+>>         arg = {p = 0x2e895a90, i = {780753552, 0}}
+>>         self = 0x2e895a90
+>>         co = 0x2e895a90
+>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+>> No symbol table info available.
+>> #19 0x0000000000000000 in ?? ()
+>> No symbol table info available.
+>
+> Can you also reproduce this on x86, or is it specific to ppc64?
+
+I can actually reproduce it myself, I'll take a look.
+
+Berto
+
+
+On Wed 01 Nov 2017 09:55:21 AM CET, Alberto Garcia wrote:
+> On Wed 01 Nov 2017 07:13:08 AM CET, Thomas Huth wrote:
+>> On 30.10.2017 15:43, R.Nageswara Sastry wrote:
+>>> Public bug reported:
+>>> 
+>>> git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
+>>> This is on ppc64le architecture.
+>>> 
+>>> Re-production steps:
+>>> 
+>>> 1. Copy the attached files named backing_img.file and test.img to a directory
+>>> 2. And customize the following command to point to the above directory and run the same.
+>>> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
+>>> 
+>>> 3.Output of the above command.
+>>> qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
+>>> Aborted (core dumped)
+>>> 
+>>> from gdb:
+>>> (gdb) bt
+>>> #0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+>>> #1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+>>> #2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+>>> #3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+>>> #4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+>>> #5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+>>> #6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+>>>     at block/qcow2-refcount.c:834
+>>> #7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+>>> #8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+>>>     at block/qcow2-cluster.c:1221
+>>> #9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+>>>     at block/qcow2-cluster.c:1324
+>>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+>>>     at block/qcow2-cluster.c:1511
+>>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+>>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+>>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+>>>     at block/io.c:1440
+>>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+>>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+>>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+>>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+>>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+>>> #19 0x0000000000000000 in ?? ()
+>>> (gdb) bt full
+>>> #0  0x00003fff833eeff0 in raise () from /lib64/libc.so.6
+>>> No symbol table info available.
+>>> #1  0x00003fff833f136c in abort () from /lib64/libc.so.6
+>>> No symbol table info available.
+>>> #2  0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
+>>> No symbol table info available.
+>>> #3  0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
+>>> No symbol table info available.
+>>> #4  0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
+>>>         i = 0
+>>>         __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
+>>> #5  0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
+>>>         s = 0x2e893210
+>>>         refcount_table_index = 0
+>>>         ret = 0
+>>>         new_block = 0
+>>>         blocks_used = 72057594818669408
+>>>         meta_offset = 1572863
+>>> #6  0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
+>>>     at block/qcow2-refcount.c:834
+>>>         block_index = 268870408
+>>>         refcount = 780741808
+>>>         cluster_index = 2
+>>>         table_index = 0
+>>>         s = 0x2e893210
+>>>         start = 1048576
+>>>         last = 1048576
+>>>         cluster_offset = 1048576
+>>>         refcount_block = 0x3fff81200000
+>>>         old_table_index = -1
+>>>         ret = 16383
+>>> #7  0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
+>>>         s = 0x2e893210
+>>>         cluster_index = 3
+>>>         refcount = 0
+>>>         i = 1
+>>>         ret = 0
+>>>         __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
+>>> #8  0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
+>>>     at block/qcow2-cluster.c:1221
+>>>         ret = 780743184
+>>>         s = 0x2e893210
+>>> #9  0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
+>>>     at block/qcow2-cluster.c:1324
+>>>         s = 0x2e893210
+>>>         l2_index = 4
+>>>         l2_table = 0x0
+>>>         entry = 0
+>>>         nb_clusters = 1
+>>>         ret = 0
+>>> ---Type <return> to continue, or q <return> to quit---
+>>>         keep_old_clusters = false
+>>>         alloc_cluster_offset = 1048576
+>>>         __PRETTY_FUNCTION__ = "handle_alloc"
+>>>         requested_bytes = 17960562528
+>>>         avail_bytes = -2133853344
+>>>         nb_bytes = 16383
+>>>         old_m = 0x100000000
+>>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
+>>>     at block/qcow2-cluster.c:1511
+>>>         s = 0x2e893210
+>>>         start = 2097152
+>>>         remaining = 962560
+>>>         cluster_offset = 1048576
+>>>         cur_bytes = 962560
+>>>         ret = 0
+>>>         __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
+>>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
+>>>         s = 0x2e893210
+>>>         offset_in_cluster = 0
+>>>         ret = 0
+>>>         cur_bytes = 1486848
+>>>         cluster_offset = 524288
+>>>         hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
+>>>         bytes_done = 220672
+>>>         cluster_data = 0x0
+>>>         l2meta = 0x0
+>>>         __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
+>>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
+>>>         drv = 0x102036f0 <bdrv_qcow2>
+>>>         sector_num = 780706080
+>>>         nb_sectors = 3069122264
+>>>         ret = -203160320
+>>>         __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
+>>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
+>>>     at block/io.c:1440
+>>>         bs = 0x2e886f60
+>>>         drv = 0x102036f0 <bdrv_qcow2>
+>>>         waited = false
+>>>         ret = 0
+>>>         end_sector = 5976
+>>>         bytes_remaining = 1707520
+>>>         max_transfer = 2147483647
+>>>         __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
+>>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
+>>>         bs = 0x2e886f60
+>>>         req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
+>>>           overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
+>>>               sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
+>>>         align = 1
+>>>         head_buf = 0x0
+>>> ---Type <return> to continue, or q <return> to quit---
+>>>         tail_buf = 0x0
+>>>         local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
+>>>         use_local_qiov = false
+>>>         ret = 0
+>>>         __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
+>>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
+>>>         ret = 0
+>>>         bs = 0x2e886f60
+>>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
+>>>         rwco = 0x3fffc85f0c08
+>>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
+>>>         arg = {p = 0x2e895a90, i = {780753552, 0}}
+>>>         self = 0x2e895a90
+>>>         co = 0x2e895a90
+>>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
+>>> No symbol table info available.
+>>> #19 0x0000000000000000 in ?? ()
+>>> No symbol table info available.
+>>
+>> Can you also reproduce this on x86, or is it specific to ppc64?
+
+I'm working on a fix, I'll send the patch later today.
+
+Berto
+
+
+The attached image is corrupted and QEMU doesn't handle it correctly.
+
+Here are the fixes for this and other related problems:
+
+   https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00010.html
+
+
+Fix has been merged here:
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf45d59f98c898b7d79
+