* [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
@ 2017-10-30 14:43 R.Nageswara Sastry
2017-10-30 14:57 ` [Qemu-devel] [Bug 1728615] " R.Nageswara Sastry
` (4 more replies)
0 siblings, 5 replies; 8+ messages in thread
From: R.Nageswara Sastry @ 2017-10-30 14:43 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728615
Title:
qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0'
failed
Status in QEMU:
New
Bug description:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728615/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [Bug 1728615] Re: qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
@ 2017-10-30 14:57 ` R.Nageswara Sastry
2017-11-01 6:13 ` [Qemu-devel] [Bug 1728615] [NEW] " Thomas Huth
` (3 subsequent siblings)
4 siblings, 0 replies; 8+ messages in thread
From: R.Nageswara Sastry @ 2017-10-30 14:57 UTC (permalink / raw)
To: qemu-devel
** Attachment added: "images tar file"
https://bugs.launchpad.net/qemu/+bug/1728615/+attachment/5000141/+files/images.tar.gz
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728615
Title:
qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0'
failed
Status in QEMU:
New
Bug description:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728615/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
2017-10-30 14:57 ` [Qemu-devel] [Bug 1728615] " R.Nageswara Sastry
@ 2017-11-01 6:13 ` Thomas Huth
2017-11-01 8:55 ` Alberto Garcia
2017-11-01 15:54 ` [Qemu-devel] [Bug 1728615] " Alberto Garcia
` (2 subsequent siblings)
4 siblings, 1 reply; 8+ messages in thread
From: Thomas Huth @ 2017-11-01 6:13 UTC (permalink / raw)
To: Bug 1728615, qemu-devel, qemu-block; +Cc: Alberto Garcia, Kevin Wolf
On 30.10.2017 15:43, R.Nageswara Sastry wrote:
> Public bug reported:
>
> git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
> This is on ppc64le architecture.
>
> Re-production steps:
>
> 1. Copy the attached files named backing_img.file and test.img to a directory
> 2. And customize the following command to point to the above directory and run the same.
> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
>
> 3.Output of the above command.
> qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
> Aborted (core dumped)
>
> from gdb:
> (gdb) bt
> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
> at block/qcow2-refcount.c:834
> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
> at block/qcow2-cluster.c:1221
> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
> at block/qcow2-cluster.c:1324
> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
> at block/qcow2-cluster.c:1511
> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
> at block/io.c:1440
> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
> #19 0x0000000000000000 in ?? ()
> (gdb) bt full
> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
> No symbol table info available.
> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
> No symbol table info available.
> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
> i = 0
> __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
> s = 0x2e893210
> refcount_table_index = 0
> ret = 0
> new_block = 0
> blocks_used = 72057594818669408
> meta_offset = 1572863
> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
> at block/qcow2-refcount.c:834
> block_index = 268870408
> refcount = 780741808
> cluster_index = 2
> table_index = 0
> s = 0x2e893210
> start = 1048576
> last = 1048576
> cluster_offset = 1048576
> refcount_block = 0x3fff81200000
> old_table_index = -1
> ret = 16383
> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
> s = 0x2e893210
> cluster_index = 3
> refcount = 0
> i = 1
> ret = 0
> __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
> at block/qcow2-cluster.c:1221
> ret = 780743184
> s = 0x2e893210
> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
> at block/qcow2-cluster.c:1324
> s = 0x2e893210
> l2_index = 4
> l2_table = 0x0
> entry = 0
> nb_clusters = 1
> ret = 0
> ---Type <return> to continue, or q <return> to quit---
> keep_old_clusters = false
> alloc_cluster_offset = 1048576
> __PRETTY_FUNCTION__ = "handle_alloc"
> requested_bytes = 17960562528
> avail_bytes = -2133853344
> nb_bytes = 16383
> old_m = 0x100000000
> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
> at block/qcow2-cluster.c:1511
> s = 0x2e893210
> start = 2097152
> remaining = 962560
> cluster_offset = 1048576
> cur_bytes = 962560
> ret = 0
> __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
> s = 0x2e893210
> offset_in_cluster = 0
> ret = 0
> cur_bytes = 1486848
> cluster_offset = 524288
> hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
> bytes_done = 220672
> cluster_data = 0x0
> l2meta = 0x0
> __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
> drv = 0x102036f0 <bdrv_qcow2>
> sector_num = 780706080
> nb_sectors = 3069122264
> ret = -203160320
> __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
> at block/io.c:1440
> bs = 0x2e886f60
> drv = 0x102036f0 <bdrv_qcow2>
> waited = false
> ret = 0
> end_sector = 5976
> bytes_remaining = 1707520
> max_transfer = 2147483647
> __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
> bs = 0x2e886f60
> req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
> overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
> sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
> align = 1
> head_buf = 0x0
> ---Type <return> to continue, or q <return> to quit---
> tail_buf = 0x0
> local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
> use_local_qiov = false
> ret = 0
> __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
> ret = 0
> bs = 0x2e886f60
> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
> rwco = 0x3fffc85f0c08
> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
> arg = {p = 0x2e895a90, i = {780753552, 0}}
> self = 0x2e895a90
> co = 0x2e895a90
> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
> No symbol table info available.
> #19 0x0000000000000000 in ?? ()
> No symbol table info available.
Can you also reproduce this on x86, or is it specific to ppc64?
Thomas
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-11-01 6:13 ` [Qemu-devel] [Bug 1728615] [NEW] " Thomas Huth
@ 2017-11-01 8:55 ` Alberto Garcia
2017-11-01 11:30 ` Alberto Garcia
0 siblings, 1 reply; 8+ messages in thread
From: Alberto Garcia @ 2017-11-01 8:55 UTC (permalink / raw)
To: Thomas Huth, Bug 1728615, qemu-devel, qemu-block; +Cc: Kevin Wolf
On Wed 01 Nov 2017 07:13:08 AM CET, Thomas Huth wrote:
> On 30.10.2017 15:43, R.Nageswara Sastry wrote:
>> Public bug reported:
>>
>> git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
>> This is on ppc64le architecture.
>>
>> Re-production steps:
>>
>> 1. Copy the attached files named backing_img.file and test.img to a directory
>> 2. And customize the following command to point to the above directory and run the same.
>> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
>>
>> 3.Output of the above command.
>> qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
>> Aborted (core dumped)
>>
>> from gdb:
>> (gdb) bt
>> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
>> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
>> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
>> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
>> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
>> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
>> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
>> at block/qcow2-refcount.c:834
>> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
>> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
>> at block/qcow2-cluster.c:1221
>> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
>> at block/qcow2-cluster.c:1324
>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
>> at block/qcow2-cluster.c:1511
>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
>> at block/io.c:1440
>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
>> #19 0x0000000000000000 in ?? ()
>> (gdb) bt full
>> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
>> No symbol table info available.
>> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
>> No symbol table info available.
>> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
>> No symbol table info available.
>> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
>> No symbol table info available.
>> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
>> i = 0
>> __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
>> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
>> s = 0x2e893210
>> refcount_table_index = 0
>> ret = 0
>> new_block = 0
>> blocks_used = 72057594818669408
>> meta_offset = 1572863
>> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
>> at block/qcow2-refcount.c:834
>> block_index = 268870408
>> refcount = 780741808
>> cluster_index = 2
>> table_index = 0
>> s = 0x2e893210
>> start = 1048576
>> last = 1048576
>> cluster_offset = 1048576
>> refcount_block = 0x3fff81200000
>> old_table_index = -1
>> ret = 16383
>> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
>> s = 0x2e893210
>> cluster_index = 3
>> refcount = 0
>> i = 1
>> ret = 0
>> __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
>> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
>> at block/qcow2-cluster.c:1221
>> ret = 780743184
>> s = 0x2e893210
>> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
>> at block/qcow2-cluster.c:1324
>> s = 0x2e893210
>> l2_index = 4
>> l2_table = 0x0
>> entry = 0
>> nb_clusters = 1
>> ret = 0
>> ---Type <return> to continue, or q <return> to quit---
>> keep_old_clusters = false
>> alloc_cluster_offset = 1048576
>> __PRETTY_FUNCTION__ = "handle_alloc"
>> requested_bytes = 17960562528
>> avail_bytes = -2133853344
>> nb_bytes = 16383
>> old_m = 0x100000000
>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
>> at block/qcow2-cluster.c:1511
>> s = 0x2e893210
>> start = 2097152
>> remaining = 962560
>> cluster_offset = 1048576
>> cur_bytes = 962560
>> ret = 0
>> __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
>> s = 0x2e893210
>> offset_in_cluster = 0
>> ret = 0
>> cur_bytes = 1486848
>> cluster_offset = 524288
>> hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
>> bytes_done = 220672
>> cluster_data = 0x0
>> l2meta = 0x0
>> __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
>> drv = 0x102036f0 <bdrv_qcow2>
>> sector_num = 780706080
>> nb_sectors = 3069122264
>> ret = -203160320
>> __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
>> at block/io.c:1440
>> bs = 0x2e886f60
>> drv = 0x102036f0 <bdrv_qcow2>
>> waited = false
>> ret = 0
>> end_sector = 5976
>> bytes_remaining = 1707520
>> max_transfer = 2147483647
>> __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
>> bs = 0x2e886f60
>> req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
>> overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
>> sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
>> align = 1
>> head_buf = 0x0
>> ---Type <return> to continue, or q <return> to quit---
>> tail_buf = 0x0
>> local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
>> use_local_qiov = false
>> ret = 0
>> __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
>> ret = 0
>> bs = 0x2e886f60
>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
>> rwco = 0x3fffc85f0c08
>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
>> arg = {p = 0x2e895a90, i = {780753552, 0}}
>> self = 0x2e895a90
>> co = 0x2e895a90
>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
>> No symbol table info available.
>> #19 0x0000000000000000 in ?? ()
>> No symbol table info available.
>
> Can you also reproduce this on x86, or is it specific to ppc64?
I can actually reproduce it myself, I'll take a look.
Berto
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-11-01 8:55 ` Alberto Garcia
@ 2017-11-01 11:30 ` Alberto Garcia
0 siblings, 0 replies; 8+ messages in thread
From: Alberto Garcia @ 2017-11-01 11:30 UTC (permalink / raw)
To: Thomas Huth, Bug 1728615, qemu-devel, qemu-block; +Cc: Kevin Wolf
On Wed 01 Nov 2017 09:55:21 AM CET, Alberto Garcia wrote:
> On Wed 01 Nov 2017 07:13:08 AM CET, Thomas Huth wrote:
>> On 30.10.2017 15:43, R.Nageswara Sastry wrote:
>>> Public bug reported:
>>>
>>> git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
>>> This is on ppc64le architecture.
>>>
>>> Re-production steps:
>>>
>>> 1. Copy the attached files named backing_img.file and test.img to a directory
>>> 2. And customize the following command to point to the above directory and run the same.
>>> /usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
>>>
>>> 3.Output of the above command.
>>> qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
>>> Aborted (core dumped)
>>>
>>> from gdb:
>>> (gdb) bt
>>> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
>>> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
>>> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
>>> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
>>> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
>>> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
>>> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
>>> at block/qcow2-refcount.c:834
>>> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
>>> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
>>> at block/qcow2-cluster.c:1221
>>> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
>>> at block/qcow2-cluster.c:1324
>>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
>>> at block/qcow2-cluster.c:1511
>>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
>>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
>>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
>>> at block/io.c:1440
>>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
>>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
>>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
>>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
>>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
>>> #19 0x0000000000000000 in ?? ()
>>> (gdb) bt full
>>> #0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #1 0x00003fff833f136c in abort () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
>>> i = 0
>>> __PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
>>> #5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
>>> s = 0x2e893210
>>> refcount_table_index = 0
>>> ret = 0
>>> new_block = 0
>>> blocks_used = 72057594818669408
>>> meta_offset = 1572863
>>> #6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
>>> at block/qcow2-refcount.c:834
>>> block_index = 268870408
>>> refcount = 780741808
>>> cluster_index = 2
>>> table_index = 0
>>> s = 0x2e893210
>>> start = 1048576
>>> last = 1048576
>>> cluster_offset = 1048576
>>> refcount_block = 0x3fff81200000
>>> old_table_index = -1
>>> ret = 16383
>>> #7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
>>> s = 0x2e893210
>>> cluster_index = 3
>>> refcount = 0
>>> i = 1
>>> ret = 0
>>> __PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
>>> #8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
>>> at block/qcow2-cluster.c:1221
>>> ret = 780743184
>>> s = 0x2e893210
>>> #9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
>>> at block/qcow2-cluster.c:1324
>>> s = 0x2e893210
>>> l2_index = 4
>>> l2_table = 0x0
>>> entry = 0
>>> nb_clusters = 1
>>> ret = 0
>>> ---Type <return> to continue, or q <return> to quit---
>>> keep_old_clusters = false
>>> alloc_cluster_offset = 1048576
>>> __PRETTY_FUNCTION__ = "handle_alloc"
>>> requested_bytes = 17960562528
>>> avail_bytes = -2133853344
>>> nb_bytes = 16383
>>> old_m = 0x100000000
>>> #10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
>>> at block/qcow2-cluster.c:1511
>>> s = 0x2e893210
>>> start = 2097152
>>> remaining = 962560
>>> cluster_offset = 1048576
>>> cur_bytes = 962560
>>> ret = 0
>>> __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
>>> #11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
>>> s = 0x2e893210
>>> offset_in_cluster = 0
>>> ret = 0
>>> cur_bytes = 1486848
>>> cluster_offset = 524288
>>> hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
>>> bytes_done = 220672
>>> cluster_data = 0x0
>>> l2meta = 0x0
>>> __PRETTY_FUNCTION__ = "qcow2_co_pwritev"
>>> #12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
>>> drv = 0x102036f0 <bdrv_qcow2>
>>> sector_num = 780706080
>>> nb_sectors = 3069122264
>>> ret = -203160320
>>> __PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
>>> #13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
>>> at block/io.c:1440
>>> bs = 0x2e886f60
>>> drv = 0x102036f0 <bdrv_qcow2>
>>> waited = false
>>> ret = 0
>>> end_sector = 5976
>>> bytes_remaining = 1707520
>>> max_transfer = 2147483647
>>> __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
>>> #14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
>>> bs = 0x2e886f60
>>> req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
>>> overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
>>> sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
>>> align = 1
>>> head_buf = 0x0
>>> ---Type <return> to continue, or q <return> to quit---
>>> tail_buf = 0x0
>>> local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
>>> use_local_qiov = false
>>> ret = 0
>>> __PRETTY_FUNCTION__ = "bdrv_co_pwritev"
>>> #15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
>>> ret = 0
>>> bs = 0x2e886f60
>>> #16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
>>> rwco = 0x3fffc85f0c08
>>> #17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
>>> arg = {p = 0x2e895a90, i = {780753552, 0}}
>>> self = 0x2e895a90
>>> co = 0x2e895a90
>>> #18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
>>> No symbol table info available.
>>> #19 0x0000000000000000 in ?? ()
>>> No symbol table info available.
>>
>> Can you also reproduce this on x86, or is it specific to ppc64?
I'm working on a fix, I'll send the patch later today.
Berto
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [Bug 1728615] Re: qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
2017-10-30 14:57 ` [Qemu-devel] [Bug 1728615] " R.Nageswara Sastry
2017-11-01 6:13 ` [Qemu-devel] [Bug 1728615] [NEW] " Thomas Huth
@ 2017-11-01 15:54 ` Alberto Garcia
2017-11-27 13:39 ` Thomas Huth
2017-12-15 15:51 ` Thomas Huth
4 siblings, 0 replies; 8+ messages in thread
From: Alberto Garcia @ 2017-11-01 15:54 UTC (permalink / raw)
To: qemu-devel
The attached image is corrupted and QEMU doesn't handle it correctly.
Here are the fixes for this and other related problems:
https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00010.html
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728615
Title:
qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0'
failed
Status in QEMU:
New
Bug description:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728615/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [Bug 1728615] Re: qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
` (2 preceding siblings ...)
2017-11-01 15:54 ` [Qemu-devel] [Bug 1728615] " Alberto Garcia
@ 2017-11-27 13:39 ` Thomas Huth
2017-12-15 15:51 ` Thomas Huth
4 siblings, 0 replies; 8+ messages in thread
From: Thomas Huth @ 2017-11-27 13:39 UTC (permalink / raw)
To: qemu-devel
Fix has been merged here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf45d59f98c898b7d79
** Changed in: qemu
Status: New => Fix Committed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728615
Title:
qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0'
failed
Status in QEMU:
Fix Committed
Bug description:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728615/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Qemu-devel] [Bug 1728615] Re: qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
` (3 preceding siblings ...)
2017-11-27 13:39 ` Thomas Huth
@ 2017-12-15 15:51 ` Thomas Huth
4 siblings, 0 replies; 8+ messages in thread
From: Thomas Huth @ 2017-12-15 15:51 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1728615
Title:
qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0'
failed
Status in QEMU:
Fix Released
Bug description:
git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4
This is on ppc64le architecture.
Re-production steps:
1. Copy the attached files named backing_img.file and test.img to a directory
2. And customize the following command to point to the above directory and run the same.
/usr/bin/qemu-io <path to>/test.img -c "write 1352192 1707520"
3.Output of the above command.
qemu-io: block/qcow2-cache.c:411: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed.
Aborted (core dumped)
from gdb:
(gdb) bt
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00003fff833eeff0 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00003fff833f136c in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00003fff833e4c44 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3 0x00003fff833e4d34 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000001006a594 in qcow2_cache_entry_mark_dirty (bs=0x2e886f60, c=0x2e879700, table=0x3fff81200000) at block/qcow2-cache.c:411
i = 0
__PRETTY_FUNCTION__ = "qcow2_cache_entry_mark_dirty"
#5 0x0000000010056154 in alloc_refcount_block (bs=0x2e886f60, cluster_index=2, refcount_block=0x3fff80cff808) at block/qcow2-refcount.c:417
s = 0x2e893210
refcount_table_index = 0
ret = 0
new_block = 0
blocks_used = 72057594818669408
meta_offset = 1572863
#6 0x0000000010057520 in update_refcount (bs=0x2e886f60, offset=1048576, length=524288, addend=1, decrease=false, type=QCOW2_DISCARD_NEVER)
at block/qcow2-refcount.c:834
block_index = 268870408
refcount = 780741808
cluster_index = 2
table_index = 0
s = 0x2e893210
start = 1048576
last = 1048576
cluster_offset = 1048576
refcount_block = 0x3fff81200000
old_table_index = -1
ret = 16383
#7 0x0000000010057dc8 in qcow2_alloc_clusters_at (bs=0x2e886f60, offset=1048576, nb_clusters=1) at block/qcow2-refcount.c:1032
s = 0x2e893210
cluster_index = 3
refcount = 0
i = 1
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_clusters_at"
#8 0x00000000100636d8 in do_alloc_cluster_offset (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cff9e0, nb_clusters=0x3fff80cff9d8)
at block/qcow2-cluster.c:1221
ret = 780743184
s = 0x2e893210
#9 0x0000000010063afc in handle_alloc (bs=0x2e886f60, guest_offset=2097152, host_offset=0x3fff80cffab0, bytes=0x3fff80cffab8, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1324
s = 0x2e893210
l2_index = 4
l2_table = 0x0
entry = 0
nb_clusters = 1
ret = 0
---Type <return> to continue, or q <return> to quit---
keep_old_clusters = false
alloc_cluster_offset = 1048576
__PRETTY_FUNCTION__ = "handle_alloc"
requested_bytes = 17960562528
avail_bytes = -2133853344
nb_bytes = 16383
old_m = 0x100000000
#10 0x0000000010064178 in qcow2_alloc_cluster_offset (bs=0x2e886f60, offset=1572864, bytes=0x3fff80cffb4c, host_offset=0x3fff80cffb58, m=0x3fff80cffb60)
at block/qcow2-cluster.c:1511
s = 0x2e893210
start = 2097152
remaining = 962560
cluster_offset = 1048576
cur_bytes = 962560
ret = 0
__PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset"
#11 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x2e886f60, offset=1572864, bytes=1486848, qiov=0x3fffc85f0bf0, flags=0) at block/qcow2.c:1919
s = 0x2e893210
offset_in_cluster = 0
ret = 0
cur_bytes = 1486848
cluster_offset = 524288
hd_qiov = {iov = 0x2e858660, niov = 1, nalloc = 1, size = 220672}
bytes_done = 220672
cluster_data = 0x0
l2meta = 0x0
__PRETTY_FUNCTION__ = "qcow2_co_pwritev"
#12 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x2e886f60, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=16) at block/io.c:898
drv = 0x102036f0 <bdrv_qcow2>
sector_num = 780706080
nb_sectors = 3069122264
ret = -203160320
__PRETTY_FUNCTION__ = "bdrv_driver_pwritev"
#13 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x2e8927f0, req=0x3fff80cffdd8, offset=1352192, bytes=1707520, align=1, qiov=0x3fffc85f0bf0, flags=16)
at block/io.c:1440
bs = 0x2e886f60
drv = 0x102036f0 <bdrv_qcow2>
waited = false
ret = 0
end_sector = 5976
bytes_remaining = 1707520
max_transfer = 2147483647
__PRETTY_FUNCTION__ = "bdrv_aligned_pwritev"
#14 0x00000000100ac4ac in bdrv_co_pwritev (child=0x2e8927f0, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/io.c:1691
bs = 0x2e886f60
req = {bs = 0x2e886f60, offset = 1352192, bytes = 1707520, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 1352192,
overlap_bytes = 1707520, list = {le_next = 0x0, le_prev = 0x2e88a1d8}, co = 0x2e895a90, wait_queue = {entries = {sqh_first = 0x0,
sqh_last = 0x3fff80cffe20}}, waiting_for = 0x0}
align = 1
head_buf = 0x0
---Type <return> to continue, or q <return> to quit---
tail_buf = 0x0
local_qiov = {iov = 0x3fff80cffdb0, niov = -2133852688, nalloc = 16383, size = 1352192}
use_local_qiov = false
ret = 0
__PRETTY_FUNCTION__ = "bdrv_co_pwritev"
#15 0x000000001008da0c in blk_co_pwritev (blk=0x2e879410, offset=1352192, bytes=1707520, qiov=0x3fffc85f0bf0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085
ret = 0
bs = 0x2e886f60
#16 0x000000001008db68 in blk_write_entry (opaque=0x3fffc85f0c08) at block/block-backend.c:1110
rwco = 0x3fffc85f0c08
#17 0x00000000101aa444 in coroutine_trampoline (i0=780753552, i1=0) at util/coroutine-ucontext.c:79
arg = {p = 0x2e895a90, i = {780753552, 0}}
self = 0x2e895a90
co = 0x2e895a90
#18 0x00003fff83402b9c in makecontext () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Will attach the 'image_fuzzer' images.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1728615/+subscriptions
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-12-15 16:01 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-30 14:43 [Qemu-devel] [Bug 1728615] [NEW] qemu-io crashes with SIGABRT and Assertion `c->entries[i].offset != 0' failed R.Nageswara Sastry
2017-10-30 14:57 ` [Qemu-devel] [Bug 1728615] " R.Nageswara Sastry
2017-11-01 6:13 ` [Qemu-devel] [Bug 1728615] [NEW] " Thomas Huth
2017-11-01 8:55 ` Alberto Garcia
2017-11-01 11:30 ` Alberto Garcia
2017-11-01 15:54 ` [Qemu-devel] [Bug 1728615] " Alberto Garcia
2017-11-27 13:39 ` Thomas Huth
2017-12-15 15:51 ` Thomas Huth
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.