From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57280)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1V8UxG-0004Jc-Oy
	for qemu-devel@nongnu.org; Sun, 11 Aug 2013 08:41:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1V8UxA-00085i-PW
	for qemu-devel@nongnu.org; Sun, 11 Aug 2013 08:41:06 -0400
Received: from indium.canonical.com ([91.189.90.7]:35553)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1V8UxA-00085b-HC
	for qemu-devel@nongnu.org; Sun, 11 Aug 2013 08:41:00 -0400
Received: from loganberry.canonical.com ([91.189.90.37])
	by indium.canonical.com with esmtp (Exim 4.71 #1 (Debian))
	id 1V8Ux9-0005hh-A2
	for <qemu-devel@nongnu.org>; Sun, 11 Aug 2013 12:40:59 +0000
Received: from loganberry.canonical.com (localhost [127.0.0.1])
	by loganberry.canonical.com (Postfix) with ESMTP id 481582E807B
	for <qemu-devel@nongnu.org>; Sun, 11 Aug 2013 12:40:59 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 11 Aug 2013 12:30:32 -0000
From: =?utf-8?q?Rainer_M=C3=BCller?= <raimue@codingfarm.de>
Sender: bounces@canonical.com
References: <20121206040257.27322.8930.malonedeb@gac.canonical.com>
Message-Id: <20130811123032.2158.66130.malone@soybean.canonical.com>
Errors-To: bounces@canonical.com
Subject: [Qemu-devel] [Bug 1087114] Re: assertion
	"QLIST_EMPTY(&bs->tracked_requests)"	failed
Reply-To: Bug 1087114 <1087114@bugs.launchpad.net>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I was unable to reproduce the original issue on Mac OS X 10.8.4 using
the current master. However, I was also unable to reproduce the original
issue on the stable-1.5 branch which does not have the fix by Izumi
Tsutsui linked above. As this second fix is only for a problem that
appears in certain load situations, of course I might not be able to
reproduce it.

I also reviewed the code on master I am confident that the solution is
correct now.

-- =

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1087114

Title:
  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed

Status in QEMU:
  New

Bug description:
  QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the
  command line params do not seem to matter.

  assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c",
  line 1220, function "bdrv_drain_all"

  #1  0x0000030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70
          p =3D (struct atexit *) 0x30d11897000
          mask =3D 4294967263
          cleanup_called =3D 1
  #2  0x0000030d1bc5ff44 in __assert2 (file=3DVariable "file" is not availa=
ble.
  ) at /usr/src/lib/libc/gen/assert.c:52
  No locals.
  #3  0x0000030b0d383a03 in bdrv_drain_all () at block.c:1220
          bs =3D (BlockDriverState *) 0x30d13f3b630
          busy =3D false
          __func__ =3D "bdrv_drain_all"
  #4  0x0000030b0d43acfc in bmdma_cmd_writeb (bm=3D0x30d0f5f56a8, val=3D8) =
at hw/ide/pci.c:312
          __func__ =3D "bmdma_cmd_writeb"
  #5  0x0000030b0d43b450 in bmdma_write (opaque=3D0x30d0f5f56a8, addr=3D0, =
val=3D8, size=3D1) at hw/ide/piix.c:76
          bm =3D (BMDMAState *) 0x30d0f5f56a8
  #6  0x0000030b0d5c2ce6 in memory_region_write_accessor (opaque=3D0x30d0f5=
f57d0, addr=3D0, value=3D0x30d18c288f0, size=3D1, shift=3D0, mask=3D255)
      at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334
          mr =3D (MemoryRegion *) 0x30d0f5f57d0
          tmp =3D 8
  #7  0x0000030b0d5c2dc5 in access_with_adjusted_size (addr=3D0, value=3D0x=
30d18c288f0, size=3D1, access_size_min=3D1, access_size_max=3D4, =

      access=3D0x30b0d5c2c6b <memory_region_write_accessor>, opaque=3D0x30d=
0f5f57d0) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364
          access_mask =3D 255
          access_size =3D 1
          i =3D 0
  #8  0x0000030b0d5c3222 in memory_region_iorange_write (iorange=3D0x30d1d5=
e7400, offset=3D0, width=3D1, data=3D8)
      at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439
          mrio =3D (MemoryRegionIORange *) 0x30d1d5e7400
          mr =3D (MemoryRegion *) 0x30d0f5f57d0
          __func__ =3D "memory_region_iorange_write"
  #9  0x0000030b0d5c019a in ioport_writeb_thunk (opaque=3D0x30d1d5e7400, ad=
dr=3D49216, data=3D8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/iopor=
t.c:212
          ioport =3D (IORange *) 0x30d1d5e7400
  #10 0x0000030b0d5bfb65 in ioport_write (index=3D0, address=3D49216, data=
=3D8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83
          func =3D (IOPortWriteFunc *) 0x30b0d5c0148 <ioport_writeb_thunk>
          default_func =3D {0x30b0d5bfbbc <default_ioport_writeb>, 0x30b0d5=
bfc61 <default_ioport_writew>, 0x30b0d5bfd0c <default_ioport_writel>}
  #11 0x0000030b0d5c0704 in cpu_outb (addr=3D49216, val=3D8 '\b') at /home/=
ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289
  No locals.
  #12 0x0000030b0d6067dd in helper_outb (port=3D49216, data=3D8) at /home/p=
orts/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72
  No locals.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1087114/+subscriptions