From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:53519)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TiN52-0000hU-BC
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 05:28:59 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TiN4w-0007wr-Bk
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 05:28:52 -0500
Received: from mail-qa0-f45.google.com ([209.85.216.45]:64205)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TiN4w-0007wn-40
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 05:28:46 -0500
Received: by mail-qa0-f45.google.com with SMTP id j15so2688708qaq.4
	for <qemu-devel@nongnu.org>; Tue, 11 Dec 2012 02:28:45 -0800 (PST)
Date: Tue, 11 Dec 2012 11:28:40 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20121211102840.GF796@stefanha-thinkpad.muc.redhat.com>
References: <20121206040257.27322.8930.malonedeb@gac.canonical.com>
	<20121206040257.27322.8930.malonedeb@gac.canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20121206040257.27322.8930.malonedeb@gac.canonical.com>
Subject: Re: [Qemu-devel] [Bug 1087114] [NEW] assertion
 "QLIST_EMPTY(&bs->tracked_requests)"	failed
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Brad Smith <1087114@bugs.launchpad.net>
Cc: qemu-devel@nongnu.org

On Thu, Dec 06, 2012 at 04:02:57AM -0000, Brad Smith wrote:
> QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the
> command line params do not seem to matter.

Please use git-bisect(1) to identify the commit that caused the
regression.

I was unable to hit this code path with qemu-system-i386 with an IDE
disk.  Please do share your command-line.

> assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c",
> line 1220, function "bdrv_drain_all"

bdrv_drain_all() waits until in-flight requests have completed.  The
assertion verifies that all I/O requests are really done.  Something is
wrong here.

> #1  0x0000030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70
>         p = (struct atexit *) 0x30d11897000
>         mask = 4294967263
>         cleanup_called = 1
> #2  0x0000030d1bc5ff44 in __assert2 (file=Variable "file" is not available.
> ) at /usr/src/lib/libc/gen/assert.c:52
> No locals.
> #3  0x0000030b0d383a03 in bdrv_drain_all () at block.c:1220
>         bs = (BlockDriverState *) 0x30d13f3b630
>         busy = false
>         __func__ = "bdrv_drain_all"
> #4  0x0000030b0d43acfc in bmdma_cmd_writeb (bm=0x30d0f5f56a8, val=8) at hw/ide/pci.c:312
>         __func__ = "bmdma_cmd_writeb"
> #5  0x0000030b0d43b450 in bmdma_write (opaque=0x30d0f5f56a8, addr=0, val=8, size=1) at hw/ide/piix.c:76
>         bm = (BMDMAState *) 0x30d0f5f56a8

The device is an IDE disk.

> #6  0x0000030b0d5c2ce6 in memory_region_write_accessor (opaque=0x30d0f5f57d0, addr=0, value=0x30d18c288f0, size=1, shift=0, mask=255)
>     at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334
>         mr = (MemoryRegion *) 0x30d0f5f57d0
>         tmp = 8
> #7  0x0000030b0d5c2dc5 in access_with_adjusted_size (addr=0, value=0x30d18c288f0, size=1, access_size_min=1, access_size_max=4, 
>     access=0x30b0d5c2c6b <memory_region_write_accessor>, opaque=0x30d0f5f57d0) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364
>         access_mask = 255
>         access_size = 1
>         i = 0
> #8  0x0000030b0d5c3222 in memory_region_iorange_write (iorange=0x30d1d5e7400, offset=0, width=1, data=8)
>     at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439
>         mrio = (MemoryRegionIORange *) 0x30d1d5e7400
>         mr = (MemoryRegion *) 0x30d0f5f57d0
>         __func__ = "memory_region_iorange_write"
> #9  0x0000030b0d5c019a in ioport_writeb_thunk (opaque=0x30d1d5e7400, addr=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:212
>         ioport = (IORange *) 0x30d1d5e7400
> #10 0x0000030b0d5bfb65 in ioport_write (index=0, address=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83
>         func = (IOPortWriteFunc *) 0x30b0d5c0148 <ioport_writeb_thunk>
>         default_func = {0x30b0d5bfbbc <default_ioport_writeb>, 0x30b0d5bfc61 <default_ioport_writew>, 0x30b0d5bfd0c <default_ioport_writel>}
> #11 0x0000030b0d5c0704 in cpu_outb (addr=49216, val=8 '\b') at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289
> No locals.
> #12 0x0000030b0d6067dd in helper_outb (port=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72
> No locals.