Crash during qemu-img rebase: qemu-img.c:4105: img_rebase: Assertion `written + pnum <= IO_BUF_SIZE' failed

I can reproduce this on master (3a2d5612):

$ qemu-img rebase -F qcow2 -b base.qcow2 img.qcow2
qemu-img: qemu-img.c:4105: img_rebase: Assertion `written + pnum <= IO_BUF_SIZE' failed.

The backing chain looks like this:

root <- base <- int <- img

root has data.
base is empty.
int has data and is the only image with extended_l2 = true
img is empty.

Running gdb I see that here pnum is larger than IO_BUF_SIZE (2MB)

Thread 1 "qemu-img" hit Breakpoint 4, img_rebase (ccmd=0x5555557ae820 <img_cmds+288>, argc=7, argv=0x7fffffffd9c0) at ../qemu-img.c:4102
1: offset = 12735021056
2: written = 0
3: pnum = 2162688

And from a quick look it seems that the reason why pnum exceeds IO_BUF_SIZE is because of this:

https://gitlab.com/qemu-project/qemu/-/blob/3c0b42c68f98fb276fa248012642be8cbf2cab70/qemu-img.c#L4055

(see line 4005 for context)

That code was added in commit 12df580b.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information