summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/105/KVM/1728657
blob: ae454afe82a2becdeaafcd2659176fdde89f47cd (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

KVM: 0.252
other: 0.233
vnc: 0.182
device: 0.174
instruction: 0.153
graphic: 0.147
mistranslation: 0.138
assembly: 0.133
semantic: 0.126
boot: 0.121
socket: 0.109
network: 0.098

qemu-io: block/qcow2-cluster.c:1109: handle_copied: Assertion failed

git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.

Re-production steps:

1. Copy the attached file test.img to a directory
2. And customize the following command to point to the above directory and run the same.
# mv test.img copy.img
# qemu-io <path to>/copy.img -c "write 4105728 2791936"

from gdb:
(gdb) bt
#0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
#1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
#2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
#4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1108
#5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1498
#6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
#7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
#8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16)
    at block/io.c:1440
#9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1108
        s = 0x42bb5d80
        l2_index = 0
        cluster_offset = 4210688
        l2_table = 0x0
        nb_clusters = 1119575424
        keep_clusters = 0
        ret = 0
        __PRETTY_FUNCTION__ = "handle_copied"
#5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1498
        s = 0x42bb5d80
        start = 4210688
        remaining = 2686976
        cluster_offset = 4294983168
        cur_bytes = 2686976
        ret = 0
        __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
        s = 0x42bb5d80
        offset_in_cluster = 0
        ret = 0
        cur_bytes = 2703360
        cluster_offset = 4294950912
        hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384}
        bytes_done = 88576
        cluster_data = 0x0
        l2meta = 0x42bb5d20
        __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
        drv = 0x102036f0 <bdrv_qcow2>
        sector_num = 1119538320
        nb_sectors = 2841469356
        ret = 2116577536
        __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16)
    at block/io.c:1440
        bs = 0x42ba9ad0
        drv = 0x102036f0 <bdrv_qcow2>
        waited = false
        ret = 0
---Type <return> to continue, or q <return> to quit---
        end_sector = 13472
        bytes_remaining = 2791936
        max_transfer = 2147483647
        __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
        bs = 0x42ba9ad0
        req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728,
          overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0,
              sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0}
        align = 1
        head_buf = 0x0
        tail_buf = 0x0
        local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 16383, size = 4105728}
        use_local_qiov = false
        ret = 0
        __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
        ret = 0
        bs = 0x42ba9ad0
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110
        rwco = 0x3fffc7cc9ef8
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79
        arg = {p = 0x42bb50b0, i = {1119572144, 0}}
        self = 0x42bb50b0
        co = 0x42bb50b0
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#14 0x0000000000000000 in ?? ()
No symbol table info available.

will attach images_fuzzer image.



Fix has been released with QEMU 2.11:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=93bbaf03ff7fd490e82