1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
qemu-io: block/qcow2-cluster.c:1109: handle_copied: Assertion failed
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached file test.img to a directory
2. And customize the following command to point to the above directory and run the same.
# mv test.img copy.img
# qemu-io <path to>/copy.img -c "write 4105728 2791936"
from gdb:
(gdb) bt
#0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fffb17f136c in abort () from /lib64/libc.so.6
#2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
at block/qcow2-cluster.c:1108
#5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60)
at block/qcow2-cluster.c:1498
#6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
#7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
#8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16)
at block/io.c:1440
#9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fffb17f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
at block/qcow2-cluster.c:1108
s = 0x42bb5d80
l2_index = 0
cluster_offset = 4210688
l2_table = 0x0
nb_clusters = 1119575424
keep_clusters = 0
ret = 0
__PRETTY_FUNCTION__ = "handle_copied"
#5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60)
at block/qcow2-cluster.c:1498
s = 0x42bb5d80
start = 4210688
remaining = 2686976
cluster_offset = 4294983168
cur_bytes = 2686976
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
s = 0x42bb5d80
offset_in_cluster = 0
ret = 0
cur_bytes = 2703360
cluster_offset = 4294950912
hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384}
bytes_done = 88576
cluster_data = 0x0
l2meta = 0x42bb5d20
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 1119538320
nb_sectors = 2841469356
ret = 2116577536
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16)
at block/io.c:1440
bs = 0x42ba9ad0
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
---Type <return> to continue, or q <return> to quit---
end_sector = 13472
bytes_remaining = 2791936
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x42ba9ad0
req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728,
overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
tail_buf = 0x0
local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 16383, size = 4105728}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x42ba9ad0
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110
rwco = 0x3fffc7cc9ef8
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x42bb50b0, i = {1119572144, 0}}
self = 0x42bb50b0
co = 0x42bb50b0
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#14 0x0000000000000000 in ?? ()
No symbol table info available.
will attach images_fuzzer image.
|