Public bug reported: git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4 This is on ppc64le architecture.
Re-production steps: 1. Copy the attached file test.img to a directory 2. And customize the following command to point to the above directory and run the same. # mv test.img copy.img # qemu-io <path to>/copy.img -c "write 4105728 2791936" from gdb: (gdb) bt #0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6 #1 0x00003fffb17f136c in abort () from /lib64/libc.so.6 #2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6 #4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1108 #5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1498 #6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919 #7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898 #8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:1440 #9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691 #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085 #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110 #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79 #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6 #14 0x0000000000000000 in ?? () (gdb) bt full #0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00003fffb17f136c in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6 No symbol table info available. #3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6 No symbol table info available. #4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1108 s = 0x42bb5d80 l2_index = 0 cluster_offset = 4210688 l2_table = 0x0 nb_clusters = 1119575424 keep_clusters = 0 ret = 0 __PRETTY_FUNCTION__ = "handle_copied" #5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1498 s = 0x42bb5d80 start = 4210688 remaining = 2686976 cluster_offset = 4294983168 cur_bytes = 2686976 ret = 0 __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset" #6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919 s = 0x42bb5d80 offset_in_cluster = 0 ret = 0 cur_bytes = 2703360 cluster_offset = 4294950912 hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384} bytes_done = 88576 cluster_data = 0x0 l2meta = 0x42bb5d20 __PRETTY_FUNCTION__ = "qcow2_co_pwritev" #7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898 drv = 0x102036f0 <bdrv_qcow2> sector_num = 1119538320 nb_sectors = 2841469356 ret = 2116577536 __PRETTY_FUNCTION__ = "bdrv_driver_pwritev" #8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:1440 bs = 0x42ba9ad0 drv = 0x102036f0 <bdrv_qcow2> waited = false ret = 0 ---Type <return> to continue, or q <return> to quit--- end_sector = 13472 bytes_remaining = 2791936 max_transfer = 2147483647 __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev" #9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691 bs = 0x42ba9ad0 req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728, overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0, sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0} align = 1 head_buf = 0x0 tail_buf = 0x0 local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 16383, size = 4105728} use_local_qiov = false ret = 0 __PRETTY_FUNCTION__ = "bdrv_co_pwritev" #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085 ret = 0 bs = 0x42ba9ad0 #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110 rwco = 0x3fffc7cc9ef8 #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79 arg = {p = 0x42bb50b0, i = {1119572144, 0}} self = 0x42bb50b0 co = 0x42bb50b0 #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6 No symbol table info available. #14 0x0000000000000000 in ?? () No symbol table info available. will attach images_fuzzer image. ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1728657 Title: qemu-io: block/qcow2-cluster.c:1109: handle_copied: Assertion failed Status in QEMU: New Bug description: git is at HEAD a93ece47fd9edbd4558db24300056c9a57d3bcd4 This is on ppc64le architecture. Re-production steps: 1. Copy the attached file test.img to a directory 2. And customize the following command to point to the above directory and run the same. # mv test.img copy.img # qemu-io <path to>/copy.img -c "write 4105728 2791936" from gdb: (gdb) bt #0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6 #1 0x00003fffb17f136c in abort () from /lib64/libc.so.6 #2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6 #4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1108 #5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1498 #6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919 #7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898 #8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:1440 #9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691 #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085 #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110 #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79 #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6 #14 0x0000000000000000 in ?? () (gdb) bt full #0 0x00003fffb17eeff0 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00003fffb17f136c in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00003fffb17e4c44 in __assert_fail_base () from /lib64/libc.so.6 No symbol table info available. #3 0x00003fffb17e4d34 in __assert_fail () from /lib64/libc.so.6 No symbol table info available. #4 0x00000000100631fc in handle_copied (bs=0x42ba9ad0, guest_offset=4210688, host_offset=0x3fffaf4bfab0, bytes=0x3fffaf4bfab8, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1108 s = 0x42bb5d80 l2_index = 0 cluster_offset = 4210688 l2_table = 0x0 nb_clusters = 1119575424 keep_clusters = 0 ret = 0 __PRETTY_FUNCTION__ = "handle_copied" #5 0x0000000010064118 in qcow2_alloc_cluster_offset (bs=0x42ba9ad0, offset=4194304, bytes=0x3fffaf4bfb4c, host_offset=0x3fffaf4bfb58, m=0x3fffaf4bfb60) at block/qcow2-cluster.c:1498 s = 0x42bb5d80 start = 4210688 remaining = 2686976 cluster_offset = 4294983168 cur_bytes = 2686976 ret = 0 __PRETTY_FUNCTION__ = "qcow2_alloc_cluster_offset" #6 0x000000001004d3f4 in qcow2_co_pwritev (bs=0x42ba9ad0, offset=4194304, bytes=2703360, qiov=0x3fffc7cc9ee0, flags=0) at block/qcow2.c:1919 s = 0x42bb5d80 offset_in_cluster = 0 ret = 0 cur_bytes = 2703360 cluster_offset = 4294950912 hd_qiov = {iov = 0x42b74fb0, niov = 1, nalloc = 1, size = 16384} bytes_done = 88576 cluster_data = 0x0 l2meta = 0x42bb5d20 __PRETTY_FUNCTION__ = "qcow2_co_pwritev" #7 0x00000000100a9648 in bdrv_driver_pwritev (bs=0x42ba9ad0, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:898 drv = 0x102036f0 <bdrv_qcow2> sector_num = 1119538320 nb_sectors = 2841469356 ret = 2116577536 __PRETTY_FUNCTION__ = "bdrv_driver_pwritev" #8 0x00000000100ab630 in bdrv_aligned_pwritev (child=0x42bb8250, req=0x3fffaf4bfdd8, offset=4105728, bytes=2791936, align=1, qiov=0x3fffc7cc9ee0, flags=16) at block/io.c:1440 bs = 0x42ba9ad0 drv = 0x102036f0 <bdrv_qcow2> waited = false ret = 0 ---Type <return> to continue, or q <return> to quit--- end_sector = 13472 bytes_remaining = 2791936 max_transfer = 2147483647 __PRETTY_FUNCTION__ = "bdrv_aligned_pwritev" #9 0x00000000100ac4ac in bdrv_co_pwritev (child=0x42bb8250, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/io.c:1691 bs = 0x42ba9ad0 req = {bs = 0x42ba9ad0, offset = 4105728, bytes = 2791936, type = BDRV_TRACKED_WRITE, serialising = false, overlap_offset = 4105728, overlap_bytes = 2791936, list = {le_next = 0x0, le_prev = 0x42bacd48}, co = 0x42bb50b0, wait_queue = {entries = {sqh_first = 0x0, sqh_last = 0x3fffaf4bfe20}}, waiting_for = 0x0} align = 1 head_buf = 0x0 tail_buf = 0x0 local_qiov = {iov = 0x3fffaf4bfdb0, niov = -1353974288, nalloc = 16383, size = 4105728} use_local_qiov = false ret = 0 __PRETTY_FUNCTION__ = "bdrv_co_pwritev" #10 0x000000001008da0c in blk_co_pwritev (blk=0x42b99410, offset=4105728, bytes=2791936, qiov=0x3fffc7cc9ee0, flags=BDRV_REQ_FUA) at block/block-backend.c:1085 ret = 0 bs = 0x42ba9ad0 #11 0x000000001008db68 in blk_write_entry (opaque=0x3fffc7cc9ef8) at block/block-backend.c:1110 rwco = 0x3fffc7cc9ef8 #12 0x00000000101aa444 in coroutine_trampoline (i0=1119572144, i1=0) at util/coroutine-ucontext.c:79 arg = {p = 0x42bb50b0, i = {1119572144, 0}} self = 0x42bb50b0 co = 0x42bb50b0 #13 0x00003fffb1802b9c in makecontext () from /lib64/libc.so.6 No symbol table info available. #14 0x0000000000000000 in ?? () No symbol table info available. will attach images_fuzzer image. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1728657/+subscriptions