1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
other: 0.958
permissions: 0.937
graphic: 0.926
semantic: 0.924
performance: 0.907
debug: 0.883
PID: 0.879
boot: 0.856
files: 0.847
socket: 0.844
network: 0.839
device: 0.835
KVM: 0.820
vnc: 0.819
qemu-io fails with Assertion `*host_offset != 0' failed
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named test.img to a directory
2. And customize the following command to point to the above directory and run the same.
# cp test.img copy.img
# qemu-io <path to>/copy.img -c "write 884736 34816"
from gdb:
(gdb) bt
#0 0x00003fffad63eff0 in raise () from /lib64/libc.so.6
#1 0x00003fffad64136c in abort () from /lib64/libc.so.6
#2 0x00003fffad634c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fffad634d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006426c in qcow2_alloc_cluster_offset (bs=0x391e9ad0, offset=884736, bytes=0x3fffaa89fb4c, host_offset=0x3fffaa89fb58, m=0x3fffaa89fb60)
at block/qcow2-cluster.c:1524
#5 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x391e9ad0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=0) at block/qcow2.c:1919
#6 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x391e9ad0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=16) at block/io.c:898
#7 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x391f51a0, req=0x3fffaa89fdd8, offset=884736, bytes=34816, align=1, qiov=0x3fffce0e2940, flags=16)
at block/io.c:1440
#8 0x00000000100ac4ac in bdrv_co_pwritev (child=0x391f51a0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=BDRV_REQ_FUA) at block/io.c:1691
#9 0x000000001008da0c in blk_co_pwritev (blk=0x391d9410, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#10 0x000000001008db68 in blk_write_entry (opaque=0x3fffce0e2958) at block/block-backend.c:1110
#11 0x00000000101aa444 in coroutine_trampoline (i0=958427472, i1=0) at util/coroutine-ucontext.c:79
#12 0x00003fffad652b9c in makecontext () from /lib64/libc.so.6
#13 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fffad63eff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fffad64136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fffad634c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fffad634d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006426c in qcow2_alloc_cluster_offset (bs=0x391e9ad0, offset=884736, bytes=0x3fffaa89fb4c, host_offset=0x3fffaa89fb58, m=0x3fffaa89fb60)
at block/qcow2-cluster.c:1524
s = 0x391f5d80
start = 919552
remaining = 0
cluster_offset = 399360
cur_bytes = 34816
ret = 1
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#5 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x391e9ad0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=0) at block/qcow2.c:1919
s = 0x391f5d80
offset_in_cluster = 360448
ret = 0
cur_bytes = 34816
cluster_offset = 0
hd_qiov = {iov = 0x391b85a0, niov = 0, nalloc = 1, size = 0}
bytes_done = 0
cluster_data = 0x0
l2meta = 0x392074c0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#6 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x391e9ad0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 958319760
nb_sectors = 2340082071
ret = 743104256
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#7 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x391f51a0, req=0x3fffaa89fdd8, offset=884736, bytes=34816, align=1, qiov=0x3fffce0e2940, flags=16)
at block/io.c:1440
bs = 0x391e9ad0
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 1796
bytes_remaining = 34816
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#8 0x00000000100ac4ac in bdrv_co_pwritev (child=0x391f51a0, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x391e9ad0
req = {bs = 0x391e9ad0, offset = 884736, bytes = 34816, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 884736,
overlap_bytes = 34816, list = {le_next = 0x0, le_prev = 0x391ecd48}, co = 0x39207150, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fffaa89fe20}}, waiting_for = 0x0}
align = 1
---Type <return> to continue, or q <return> to quit---
head_buf = 0x0
tail_buf = 0x0
local_qiov = {iov = 0x3fffaa89fdb0, niov = -1433797136, nalloc = 16383, size = 884736}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#9 0x000000001008da0c in blk_co_pwritev (blk=0x391d9410, offset=884736, bytes=34816, qiov=0x3fffce0e2940, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x391e9ad0
#10 0x000000001008db68 in blk_write_entry (opaque=0x3fffce0e2958) at block/block-backend.c:1110
rwco = 0x3fffce0e2958
#11 0x00000000101aa444 in coroutine_trampoline (i0=958427472, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x39207150, i = {958427472, 0}}
self = 0x39207150
co = 0x39207150
#12 0x00003fffad652b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#13 0x0000000000000000 in ?? ()
No symbol table info available.
Will be attaching image_fuzzer images.
Hi,
Once more, thanks a lot for reporting this bug! I've found a fix and I'll send a patch once I've written a test case.
Max
Fix has been released with QEMU 2.11:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=93bbaf03ff7fd490e82
|