Before the patch in question was commited running QEMU 1.3.0 hosted on OpenBSD I was able to cause QEMU to crash reproducibly by just booting OpenBSD within QEMU and upon the kernel accessing the virtual disk to read the disklabel or during an install writing the disklabel. After the patch was applied I was not able to cause any crashes and went through a handful of installs without any issues.
Are you able to build QEMU with debug symbols and get a backtrace once it has crashed on your OS X system? -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1087114 Title: assertion "QLIST_EMPTY(&bs->tracked_requests)" failed Status in QEMU: New Bug description: QEMU 1.3.0 on OpenBSD now crashes with an error as shown below and the command line params do not seem to matter. assertion "QLIST_EMPTY(&bs->tracked_requests)" failed: file "block.c", line 1220, function "bdrv_drain_all" #1 0x0000030d1bce24aa in abort () at /usr/src/lib/libc/stdlib/abort.c:70 p = (struct atexit *) 0x30d11897000 mask = 4294967263 cleanup_called = 1 #2 0x0000030d1bc5ff44 in __assert2 (file=Variable "file" is not available. ) at /usr/src/lib/libc/gen/assert.c:52 No locals. #3 0x0000030b0d383a03 in bdrv_drain_all () at block.c:1220 bs = (BlockDriverState *) 0x30d13f3b630 busy = false __func__ = "bdrv_drain_all" #4 0x0000030b0d43acfc in bmdma_cmd_writeb (bm=0x30d0f5f56a8, val=8) at hw/ide/pci.c:312 __func__ = "bmdma_cmd_writeb" #5 0x0000030b0d43b450 in bmdma_write (opaque=0x30d0f5f56a8, addr=0, val=8, size=1) at hw/ide/piix.c:76 bm = (BMDMAState *) 0x30d0f5f56a8 #6 0x0000030b0d5c2ce6 in memory_region_write_accessor (opaque=0x30d0f5f57d0, addr=0, value=0x30d18c288f0, size=1, shift=0, mask=255) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:334 mr = (MemoryRegion *) 0x30d0f5f57d0 tmp = 8 #7 0x0000030b0d5c2dc5 in access_with_adjusted_size (addr=0, value=0x30d18c288f0, size=1, access_size_min=1, access_size_max=4, access=0x30b0d5c2c6b <memory_region_write_accessor>, opaque=0x30d0f5f57d0) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:364 access_mask = 255 access_size = 1 i = 0 #8 0x0000030b0d5c3222 in memory_region_iorange_write (iorange=0x30d1d5e7400, offset=0, width=1, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/memory.c:439 mrio = (MemoryRegionIORange *) 0x30d1d5e7400 mr = (MemoryRegion *) 0x30d0f5f57d0 __func__ = "memory_region_iorange_write" #9 0x0000030b0d5c019a in ioport_writeb_thunk (opaque=0x30d1d5e7400, addr=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:212 ioport = (IORange *) 0x30d1d5e7400 #10 0x0000030b0d5bfb65 in ioport_write (index=0, address=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:83 func = (IOPortWriteFunc *) 0x30b0d5c0148 <ioport_writeb_thunk> default_func = {0x30b0d5bfbbc <default_ioport_writeb>, 0x30b0d5bfc61 <default_ioport_writew>, 0x30b0d5bfd0c <default_ioport_writel>} #11 0x0000030b0d5c0704 in cpu_outb (addr=49216, val=8 '\b') at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/ioport.c:289 No locals. #12 0x0000030b0d6067dd in helper_outb (port=49216, data=8) at /home/ports/pobj/qemu-1.3.0-debug/qemu-1.3.0/target-i386/misc_helper.c:72 No locals. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1087114/+subscriptions
