qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
git is at HEAD a93ece47fd9edbd
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_
#5 0x0000000010056154 in alloc_refcount_
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_
at block/qcow2-
#7 0x0000000010057dc8 in qcow2_alloc_
#8 0x00000000100636d8 in do_alloc_
at block/qcow2-
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=
at block/qcow2-
#10 0x0000000010064178 in qcow2_alloc_
at block/qcow2-
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f
#13 0x00000000100ab630 in bdrv_aligned_
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f
#16 0x000000001008db68 in blk_write_entry (opaque=
#17 0x00000000101aa444 in coroutine_
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_
i = 0
#5 0x0000000010056154 in alloc_refcount_
s = 0x2e893210
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_
at block/qcow2-
block_index = 268870408
refcount = 780741808
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_
s = 0x2e893210
refcount = 0
i = 1
ret = 0
#8 0x00000000100636d8 in do_alloc_
at block/qcow2-
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=
at block/qcow2-
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_
at block/qcow2-
s = 0x2e893210
start = 2097152
remaining = 962560
cur_bytes = 962560
ret = 0
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f
s = 0x2e893210
ret = 0
cur_bytes = 1486848
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
l2meta = 0x0
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
#13 0x00000000100ab630 in bdrv_aligned_
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
ret = 0
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
Changed in qemu: | |
status: | Fix Committed → Fix Released |
On Wed 01 Nov 2017 07:13:08 AM CET, Thomas Huth wrote: 4558db24300056c 9a57d3bcd4 cache.c: 411: qcow2_cache_ entry_mark_ dirty: Assertion `c->entries[ i].offset != 0' failed. entry_mark_ dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff812 00000) at block/qcow2- cache.c: 411 block (bs=0x2e886f60, cluster_index=2, refcount_ block=0x3fff80c ff808) at block/qcow2- refcount. c:417 DISCARD_ NEVER) refcount. c:834 clusters_ at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2- refcount. c:1032 cluster_ offset (bs=0x2e886f60, guest_offset= 2097152, host_offset= 0x3fff80cff9e0, nb_clusters= 0x3fff80cff9d8) cluster. c:1221 2097152, host_offset= 0x3fff80cffab0, bytes=0x3fff80c ffab8, m=0x3fff80cffb60) cluster. c:1324 cluster_ offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80c ffb4c, host_offset= 0x3fff80cffb58, m=0x3fff80cffb60) cluster. c:1511 0bf0, flags=0) at block/qcow2.c:1919 0bf0, flags=16) at block/io.c:898 pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f 0bf0, flags=16) 0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691 0bf0, flags=BDRV_REQ_FUA) at block/block- backend. c:1085 0x3fffc85f0c08) at block/block- backend. c:1110 trampoline (i0=780753552, i1=0) at util/coroutine- ucontext. c:79
> On 30.10.2017 15:43, R.Nageswara Sastry wrote:
>> Public bug reported:
>>
>> git is at HEAD a93ece47fd9edbd
>> This is on ppc64le architecture.
>>
>> Re-production steps:
>>
>> 1. Copy the attached files named backing_img.file and test.img to a directory
>> 2. And customize the following command to point to the above directory and run the same.
>> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
>>
>> 3.Output of the above command.
>> qemu-io: block/qcow2-
>> Aborted (core dumped)
>>
>> from gdb:
>> (gdb) bt
>> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
>> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
>> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
>> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
>> #4 0x000000001006a594 in qcow2_cache_
>> #5 0x0000000010056154 in alloc_refcount_
>> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_
>> at block/qcow2-
>> #7 0x0000000010057dc8 in qcow2_alloc_
>> #8 0x00000000100636d8 in do_alloc_
>> at block/qcow2-
>> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=
>> at block/qcow2-
>> #10 0x0000000010064178 in qcow2_alloc_
>> at block/qcow2-
>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f
>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f
>> #13 0x00000000100ab630 in bdrv_aligned_
>> at block/io.c:1440
>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f
>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f
>> #16 0x000000001008db68 in blk_write_entry (opaque=
>> #17 0x00000000101aa444 in coroutine_
>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
>> #19 0x0000000000...