qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1728657] [NEW] qemu-io: block/qcow2-cluster.c:1109: ha


From: R.Nageswara Sastry
Subject: [Qemu-devel] [Bug 1728657] [NEW] qemu-io: block/qcow2-cluster.c:1109: handle_copied: Assertion failed
Date: Mon, 30 Oct 2017 16:56:27 -0000

Public bug reported:

git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.

Re-production steps:

1. Copy the attached file test.img to a directory
2. And customize the following command to point to the above directory and run 
the same.
# mv test.img copy.img
# qemu-io <path to>/copy.img -c "write 4105728 2791936"

from gdb:
(gdb) bt
#0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
#1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
#2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
#4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, 
host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1108
#5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, 
offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, 
m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1498
#6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, 
bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
#7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
#8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, 
req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, 
qiov=0x3fffc7cc9ee0, flags=16)
    at block/io.c:1440
#9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at 
block/block-backend.c:1085
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at 
block/block-backend.c:1110
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at 
util/coroutine-ucontext.c:79
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, 
host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1108
        s = 0x42bb5d80
        l2_index = 0
        cluster_offset = 4210688
        l2_table = 0x0
        nb_clusters = 1119575424
        keep_clusters = 0
        ret = 0
        __PRETTY_FUNCTION__ = "handle_copied"
#5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, 
offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, 
m=0x3fffaf4bfb60)
    at block/qcow2-cluster.c:1498
        s = 0x42bb5d80
        start = 4210688
        remaining = 2686976
        cluster_offset = 4294983168
        cur_bytes = 2686976
        ret = 0
        __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, 
bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
        s = 0x42bb5d80
        offset_in_cluster = 0
        ret = 0
        cur_bytes = 2703360
        cluster_offset = 4294950912
        hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384}
        bytes_done = 88576
        cluster_data = 0x0
        l2meta = 0x42bb5d20
        __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
        drv = 0x102036f0 <bdrv_qcow2>
        sector_num = 1119538320
        nb_sectors = 2841469356
        ret = 2116577536
        __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, 
req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, 
qiov=0x3fffc7cc9ee0, flags=16)
    at block/io.c:1440
        bs = 0x42ba9ad0
        drv = 0x102036f0 <bdrv_qcow2>
        waited = false
        ret = 0
---Type <return> to continue, or q <return> to quit---
        end_sector = 13472
        bytes_remaining = 2791936
        max_transfer = 2147483647
        __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
        bs = 0x42ba9ad0
        req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = 
BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728,
          overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 
0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0,
              sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0}
        align = 1
        head_buf = 0x0
        tail_buf = 0x0
        local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 16383, 
size = 4105728}
        use_local_qiov = false
        ret = 0
        __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at 
block/block-backend.c:1085
        ret = 0
        bs = 0x42ba9ad0
#11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at 
block/block-backend.c:1110
        rwco = 0x3fffc7cc9ef8
#12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at 
util/coroutine-ucontext.c:79
        arg = {p = 0x42bb50b0, i = {1119572144, 0}}
        self = 0x42bb50b0
        co = 0x42bb50b0
#13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#14 0x0000000000000000 in ?? ()
No symbol table info available.

will attach images_fuzzer image.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728657

Title:
  qemu-io: block/qcow2-cluster.c:1109: handle_copied: Assertion failed

Status in QEMU:
  New

Bug description:
  git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
  This is on ppc64le architecture.

  Re-production steps:

  1. Copy the attached file test.img to a directory
  2. And customize the following command to point to the above directory and 
run the same.
  # mv test.img copy.img
  # qemu-io <path to>/copy.img -c "write 4105728 2791936"

  from gdb:
  (gdb) bt
  #0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
  #1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
  #2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
  #3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
  #4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, 
host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
      at block/qcow2-cluster.c:1108
  #5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, 
offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, 
m=0x3fffaf4bfb60)
      at block/qcow2-cluster.c:1498
  #6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, 
bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
  #7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
  #8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, 
req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, 
qiov=0x3fffc7cc9ee0, flags=16)
      at block/io.c:1440
  #9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
  #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at 
block/block-backend.c:1085
  #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at 
block/block-backend.c:1110
  #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at 
util/coroutine-ucontext.c:79
  #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
  #14 0x0000000000000000 in ?? ()
  (gdb) bt full
  #0  0x00003fffb17eeff0 in raise () from /lib64/libc.so.6
  No symbol table info available.
  #1  0x00003fffb17f136c in abort () from /lib64/libc.so.6
  No symbol table info available.
  #2  0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6
  No symbol table info available.
  #3  0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6
  No symbol table info available.
  #4  0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, 
host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60)
      at block/qcow2-cluster.c:1108
          s = 0x42bb5d80
          l2_index = 0
          cluster_offset = 4210688
          l2_table = 0x0
          nb_clusters = 1119575424
          keep_clusters = 0
          ret = 0
          __PRETTY_FUNCTION__ = "handle_copied"
  #5  0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, 
offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, 
m=0x3fffaf4bfb60)
      at block/qcow2-cluster.c:1498
          s = 0x42bb5d80
          start = 4210688
          remaining = 2686976
          cluster_offset = 4294983168
          cur_bytes = 2686976
          ret = 0
          __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
  #6  0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, 
bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919
          s = 0x42bb5d80
          offset_in_cluster = 0
          ret = 0
          cur_bytes = 2703360
          cluster_offset = 4294950912
          hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384}
          bytes_done = 88576
          cluster_data = 0x0
          l2meta = 0x42bb5d20
          __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
  #7  0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898
          drv = 0x102036f0 <bdrv_qcow2>
          sector_num = 1119538320
          nb_sectors = 2841469356
          ret = 2116577536
          __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
  #8  0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, 
req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, 
qiov=0x3fffc7cc9ee0, flags=16)
      at block/io.c:1440
          bs = 0x42ba9ad0
          drv = 0x102036f0 <bdrv_qcow2>
          waited = false
          ret = 0
  ---Type <return> to continue, or q <return> to quit---
          end_sector = 13472
          bytes_remaining = 2791936
          max_transfer = 2147483647
          __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
  #9  0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691
          bs = 0x42ba9ad0
          req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = 
BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728,
            overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 
0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0,
                sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0}
          align = 1
          head_buf = 0x0
          tail_buf = 0x0
          local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 
16383, size = 4105728}
          use_local_qiov = false
          ret = 0
          __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
  #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, 
bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at 
block/block-backend.c:1085
          ret = 0
          bs = 0x42ba9ad0
  #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at 
block/block-backend.c:1110
          rwco = 0x3fffc7cc9ef8
  #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at 
util/coroutine-ucontext.c:79
          arg = {p = 0x42bb50b0, i = {1119572144, 0}}
          self = 0x42bb50b0
          co = 0x42bb50b0
  #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6
  No symbol table info available.
  #14 0x0000000000000000 in ?? ()
  No symbol table info available.

  will attach images_fuzzer image.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728657/+subscriptions



reply via email to

[Prev in Thread] Current Thread [Next in Thread]