953822 – Assertion `r->req.aiocb != ((void *)0)' failed when attach with a PCIe virtio-scsi disk to guest which use PCI bridge

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 953822 - Assertion `r->req.aiocb != ((void *)0)' failed when attach with a PCIe virtio-scsi disk to guest which use PCI bridge

Summary: Assertion `r->req.aiocb != ((void *)0)' failed when attach with a PCIe virtio...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Vadim Rozenfeld
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	985830 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-19 09:15 UTC by Sibiao Luo
Modified:	2014-01-05 09:57 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-05 09:57:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	985830	0	medium	CLOSED	qemu-kvm core dump when formatting scsi disk in win2k3-64 guest on rhel7 host	2021-02-22 00:41:40 UTC

Internal Links: 985830

Description Sibiao Luo 2013-04-19 09:15:51 UTC

Description of problem:
boot up a win7-64bit guest using pci bridge and attached with a PCIe virtio-blk/virtio-scsi data disk, after a while qemu will core dump.

Version-Release number of selected component (if applicable):
host info:
host info:
kernel-3.9.0-0.rc6.51.el7.x86_64
qemu-kvm-1.4.0-2.el7.x86_64
seabios-1.7.2-0.2.gita810e4e7.el7.x86_64
guest info:
win7-64bit

How reproducible:
only met once

Steps to Reproduce:
1.boot up a win7-64bit guest using pci bridge and attached with a PCIe virtio-blk/virtio-scsi data disk.
e.g:# /usr/libexec/qemu-kvm -S -M q35 -cpu Opteron_G2 -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -name sluo-test -uuid 389d06a7-ed31-4fae-baf4-87bdb9b5594e -rtc base=localtime,clock=host,driftfix=slew -readconfig /home/ich9-ehci-uhci.cfg -device usb-tablet,id=tablet0 -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=bridge1,addr=0x4 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,id=port2 -drive file=/home/win7-64.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK1 -device ide-hd,bus=ide.0,unit=0,drive=drive-system-disk,id=system-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device e1000,netdev=hostnet0,id=e1000-net-pci0,mac=00:22:19:27:54:3a,bus=bridge1,addr=0x5,bootindex=2 -device virtio-balloon-pci,id=ballooning,bus=bridge1,addr=0x6 -drive file=/home/my-data-disk1.raw,if=none,id=drive-data-disk1,format=raw,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK2 -device virtio-blk-pci,drive=drive-data-disk1,bus=pcie.0,addr=0x7,id=data-disk1 -drive file=/home/my-data-disk2.raw,if=none,id=drive-data-disk2,format=raw,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK3 -device virtio-scsi-pci,id=scsi0,bus=pcie.0,addr=0x8 -device scsi-hd,bus=scsi0.0,drive=drive-data-disk2,id=data-disk2 -qmp tcp:0:4444,server,nowait -k en-us -boot menu=on -vnc :1 -spice disable-ticketing,port=5931 -vga cirrus -monitor stdio -serial unix:/tmp/ttyS0,server,nowait
2.press cont in HMP monitor.
(qemu) cont
3.check the info qtree.
(qemu) info qtree
  
Actual results:
after the guest boot a while, qemu core dump occured, i will attach the bt log later.
(qemu) qemu-kvm: hw/scsi-disk.c:241: scsi_dma_complete: Assertion `r->req.aiocb != ((void *)0)' failed.
Aborted (core dumped)

Expected results:
it should have no any problem.

Additional info:

Comment 1 Sibiao Luo 2013-04-19 09:16:35 UTC

(qemu) qemu-kvm: hw/scsi-disk.c:241: scsi_dma_complete: Assertion `r->req.aiocb != ((void *)0)' failed.
Aborted (core dumped)

(gdb) bt
#0  0x00007fb937fccba5 in raise () from /lib64/libc.so.6
#1  0x00007fb937fce358 in abort () from /lib64/libc.so.6
#2  0x00007fb937fc5972 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007fb937fc5a22 in __assert_fail () from /lib64/libc.so.6
#4  0x00007fb93d896059 in scsi_dma_complete (opaque=0x7fb93ea6b920, ret=<optimized out>) at hw/scsi-disk.c:241
#5  0x00007fb93d800852 in dma_complete (dbs=0x7fb920003110, ret=0) at dma-helpers.c:124
#6  0x00007fb93d800ac2 in dma_bdrv_cb (opaque=opaque@entry=0x7fb920003110, ret=ret@entry=0) at dma-helpers.c:152
#7  0x00007fb93d800be9 in dma_bdrv_io (bs=0x7fb93e9167a0, sg=0x7fb93ee42290, sector_num=2384, io_func=
    0x7fb93d7c9330 <bdrv_aio_readv>, cb=cb@entry=0x7fb93d895f40 <scsi_dma_complete>, opaque=opaque@entry=0x7fb93ea6b920, 
    dir=dir@entry=DMA_DIRECTION_FROM_DEVICE) at dma-helpers.c:222
#8  0x00007fb93d800c3d in dma_bdrv_read (bs=<optimized out>, sg=<optimized out>, sector=<optimized out>, cb=cb@entry=
    0x7fb93d895f40 <scsi_dma_complete>, opaque=opaque@entry=0x7fb93ea6b920) at dma-helpers.c:231
#9  0x00007fb93d89558b in scsi_do_read (opaque=0x7fb93ea6b920, ret=0) at hw/scsi-disk.c:323
#10 0x00007fb93d7c4a72 in bdrv_co_em_bh (opaque=0x7fb9240329c0) at block.c:3820
#11 0x00007fb93d7b373a in aio_bh_poll (ctx=ctx@entry=0x7fb93e786650) at async.c:69
#12 0x00007fb93d7b3194 in aio_poll (ctx=0x7fb93e786650, blocking=blocking@entry=false) at aio-posix.c:148
#13 0x00007fb93d7b3630 in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at async.c:166
#14 0x00007fb93ce31a55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#15 0x00007fb93d8d13e2 in glib_select_poll (rfds=0x7fb93e25bb00 <rfds>, wfds=0x7fb93e25ba80 <wfds>, xfds=
    0x7fb93e25ba00 <xfds>, err=false) at main-loop.c:209
#16 os_host_main_loop_wait (timeout=1048078288) at main-loop.c:236
#17 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:416
#18 0x00007fb93d7ae745 in main_loop () at vl.c:2001
#19 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4326
(gdb) 
(gdb) bt full
#0  0x00007fb937fccba5 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fb937fce358 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fb937fc5972 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007fb937fc5a22 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007fb93d896059 in scsi_dma_complete (opaque=0x7fb93ea6b920, ret=<optimized out>) at hw/scsi-disk.c:241
        opaque = 0x7fb93ea6b920
        ret = <optimized out>
        r = 0x7fb93ea6b920
        s = <optimized out>
#5  0x00007fb93d800852 in dma_complete (dbs=0x7fb920003110, ret=0) at dma-helpers.c:124
No locals.
#6  0x00007fb93d800ac2 in dma_bdrv_cb (opaque=opaque@entry=0x7fb920003110, ret=ret@entry=0) at dma-helpers.c:152
        dbs = 0x7fb920003110
        cur_addr = <optimized out>
        cur_len = 140433577253295
        mem = <optimized out>
        __PRETTY_FUNCTION__ = "dma_bdrv_cb"
#7  0x00007fb93d800be9 in dma_bdrv_io (bs=0x7fb93e9167a0, sg=0x7fb93ee42290, sector_num=2384, io_func=
    0x7fb93d7c9330 <bdrv_aio_readv>, cb=cb@entry=0x7fb93d895f40 <scsi_dma_complete>, opaque=opaque@entry=0x7fb93ea6b920, 
    dir=dir@entry=DMA_DIRECTION_FROM_DEVICE) at dma-helpers.c:222
        dbs = 0x7fb920003110
#8  0x00007fb93d800c3d in dma_bdrv_read (bs=<optimized out>, sg=<optimized out>, sector=<optimized out>, cb=cb@entry=
    0x7fb93d895f40 <scsi_dma_complete>, opaque=opaque@entry=0x7fb93ea6b920) at dma-helpers.c:231
No locals.
#9  0x00007fb93d89558b in scsi_do_read (opaque=0x7fb93ea6b920, ret=0) at hw/scsi-disk.c:323
        r = 0x7fb93ea6b920
        s = 0x7fb93ea37800
        n = <optimized out>
#10 0x00007fb93d7c4a72 in bdrv_co_em_bh (opaque=0x7fb9240329c0) at block.c:3820
No locals.
#11 0x00007fb93d7b373a in aio_bh_poll (ctx=ctx@entry=0x7fb93e786650) at async.c:69
        bh = <optimized out>
        bhp = <optimized out>
        next = 0x7fb93e9857a0
        ret = 1
#12 0x00007fb93d7b3194 in aio_poll (ctx=0x7fb93e786650, blocking=blocking@entry=false) at aio-posix.c:148
        tv0 = {tv_sec = 0, tv_usec = 0}
        node = <optimized out>
        rdfds = {fds_bits = {336, 95885984, 0, 140433600766576, 47, 140433545679065, 0, 140433579944304, 769, 
    140433545679161, 0, 140433578331725, 14, 140433593734016, 0, 140433588337408}}
        wrfds = {fds_bits = {140433588337152, 140433588320784, 140433584042944, 140433593733968, 0, 32, 140433593755360, 
    140433567445321, 1, 140433567303633, 140433593756352, 32, 1, 140433567445321, 140433588337280, 140433567305316}}
        max_fd = -1
        ret = <optimized out>
        busy = <optimized out>
        progress = false
#13 0x00007fb93d7b3630 in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at async.c:166
        ctx = <optimized out>
#14 0x00007fb93ce31a55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
No symbol table info available.
#15 0x00007fb93d8d13e2 in glib_select_poll (rfds=0x7fb93e25bb00 <rfds>, wfds=0x7fb93e25ba80 <wfds>, xfds=
    0x7fb93e25ba00 <xfds>, err=false) at main-loop.c:209
        context = 0x7fb93e7867d0
#16 os_host_main_loop_wait (timeout=1048078288) at main-loop.c:236
        tv = {tv_sec = 0, tv_usec = 0}
        tvarg = <optimized out>
        ret = 2
#17 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:416
        ret = 2
        timeout = 4294967295
#18 0x00007fb93d7ae745 in main_loop () at vl.c:2001
        nonblocking = <optimized out>
        last_io = 1
#19 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4326
        i = <optimized out>
        snapshot = 0
        linux_boot = <optimized out>
        icount_option = 0x0
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_devices = '\000' <repeats 32 times>
        ds = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 74
        optarg = 0x7fff773d77d0 "ide-cd,drive=drive-cdrom,id=data"
        loadvm = 0x0
        machine = 0x7fb93de49be0 <pc_q35_machine>
        cpu_model = 0x7fff773d70c0 "Opteron_G2"
        vga_model = 0x7fff773d774e "cirrus"
        pid_file = 0x0
        incoming = 0x0
        defconfig = <optimized out>
        userconfig = 52
        log_mask = 0x0
        log_file = 0x0
        mem_trace = {malloc = 0x7fb93d937ba0 <malloc_and_trace>, realloc = 0x7fb93d937b60 <realloc_and_trace>, free = 
    0x7fb93d937b20 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
        trace_events = 0x0
        trace_file = 0x0
        args = {ram_size = 4294967296, boot_device = 0x7fb93da81929 "cad", kernel_filename = 0x0, kernel_cmdline = 
    0x7fb93dab9d10 "", initrd_filename = 0x0, cpu_model = 0x7fff773d70c0 "Opteron_G2"}
(gdb)

Comment 2 Sibiao Luo 2013-04-19 09:18:18 UTC

QEMU 1.4.0 monitor - type 'help' for more information
(qemu) info qtree
bus: main-system-bus
  type System
  dev: hpet, id ""
    gpio-in 2
    gpio-out 1
    timers = 3
    msi = off
    irq 32
    mmio 00000000fed00000/0000000000000400
  dev: kvm-ioapic, id ""
    gpio-in 24
    gsi_base = 0
    irq 0
    mmio 00000000fec00000/0000000000001000
  dev: q35-pcihost, id ""
    MCFG = -1
    irq 0
    bus: pcie.0
      type PCI
      dev: virtio-scsi-pci, id "scsi0"
        ioeventfd = on
        vectors = 4
        indirect_desc = on
        event_idx = on
        num_queues = 1
        max_sectors = 65535
        cmd_per_lun = 128
        hotplug = on
        param_change = on
        addr = 08.0
        romfile = <null>
        rombar = 1
        multifunction = off
        command_serr_enable = on
        class SCSI controller, addr 00:08.0, pci id 1af4:1004 (sub 1af4:0008)
        bar 0: i/o at 0xffffffffffffffff [0x3e]
        bar 1: mem at 0xffffffffffffffff [0xffe]
        bus: scsi0.0
          type SCSI
          dev: scsi-hd, id "data-disk2"
            drive = drive-data-disk2
            logical_block_size = 512
            physical_block_size = 512
            min_io_size = 0
            opt_io_size = 0
            bootindex = -1
            discard_granularity = 0
            ver = "1.4.0"
            serial = "QEMU-DISK3"
            vendor = "QEMU"
            product = "QEMU HARDDISK"
            removable = off
            dpofua = off
            wwn = 0x0
            cyls = 16383
            heads = 16
            secs = 63
            channel = 0
            scsi-id = 0
            lun = 0
      dev: virtio-blk-pci, id "data-disk1"
        class = 0x100
        drive = drive-data-disk1
        logical_block_size = 512
        physical_block_size = 512
        min_io_size = 0
        opt_io_size = 0
        bootindex = -1
        discard_granularity = 0
        cyls = 16383
        heads = 16
        secs = 63
        serial = "QEMU-DISK2"
        scsi = on
        config-wce = on
        ioeventfd = on
        x-data-plane = off
        vectors = 2
        indirect_desc = on
        event_idx = on
        addr = 07.0
        romfile = <null>
        rombar = 1
        multifunction = off
        command_serr_enable = on
        class SCSI controller, addr 00:07.0, pci id 1af4:1001 (sub 1af4:0002)
        bar 0: i/o at 0xffffffffffffffff [0x3e]
        bar 1: mem at 0xffffffffffffffff [0xffe]
      dev: pci-bridge, id "bridge1"
        chassis_nr = 1
        msi = on
        addr = 03.0
        romfile = <null>
        rombar = 1
        multifunction = off
        command_serr_enable = on
        class PCI bridge, addr 00:03.0, pci id 1b36:0001 (sub 0000:0000)
        bar 0: mem at 0xffffffffffffffff [0xfe]
        bus: bridge1
          type PCI
          dev: virtio-balloon-pci, id "ballooning"
            indirect_desc = on
            event_idx = on
            class = 0xff
            addr = 06.0
            romfile = <null>
            rombar = 1
            multifunction = off
            command_serr_enable = on
            class Class 00ff, addr 00:06.0, pci id 1af4:1002 (sub 1af4:0005)
            bar 0: i/o at 0xffffffffffffffff [0x1e]
          dev: e1000, id "e1000-net-pci0"
            mac = 00:22:19:27:54:3a
            vlan = <null>
            netdev = hostnet0
            bootindex = 2
            addr = 05.0
            romfile = "pxe-e1000.rom"
            rombar = 1
            multifunction = off
            command_serr_enable = on
            class Ethernet controller, addr 00:05.0, pci id 8086:100e (sub 1af4:1100)
            bar 0: mem at 0xffffffffffffffff [0x1fffe]
            bar 1: i/o at 0xffffffffffffffff [0x3e]
            bar 6: mem at 0xffffffffffffffff [0x1fffe]
          dev: virtio-serial-pci, id "virtio-serial0"
            ioeventfd = on
            vectors = 0
            class = 0x780
            indirect_desc = on
            event_idx = on
            max_ports = 16
            addr = 04.0
            romfile = <null>
            rombar = 1
            multifunction = off
            command_serr_enable = on
            class Class 0780, addr 00:04.0, pci id 1af4:1003 (sub 1af4:0003)
            bar 0: i/o at 0xffffffffffffffff [0x1e]
            bus: virtio-serial0.0
              type virtio-serial-bus
              dev: virtserialport, id "port2"
                chardev = channel2
                nr = 2
                name = "com.redhat.rhevm.vdsm"
                port 2, guest off, host off, throttle off
              dev: virtserialport, id "port1"
                chardev = channel1
                nr = 1
                name = "com.redhat.rhevm.vdsm"
                port 1, guest off, host off, throttle off
      dev: ich9-usb-uhci3, id "uhci-3"
        masterbus = "ehci.0"
        firstport = 4
        bandwidth = 1280
        maxframes = 128
        addr = 1d.2
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class USB controller, addr 00:1d.2, pci id 8086:2936 (sub 1af4:1100)
        bar 4: i/o at 0xffffffffffffffff [0x1e]
      dev: ich9-usb-uhci2, id "uhci-2"
        masterbus = "ehci.0"
        firstport = 2
        bandwidth = 1280
        maxframes = 128
        addr = 1d.1
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class USB controller, addr 00:1d.1, pci id 8086:2935 (sub 1af4:1100)
        bar 4: i/o at 0xffffffffffffffff [0x1e]
      dev: ich9-usb-uhci1, id "uhci-1"
        masterbus = "ehci.0"
        firstport = 0
        bandwidth = 1280
        maxframes = 128
        addr = 1d.0
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class USB controller, addr 00:1d.0, pci id 8086:2934 (sub 1af4:1100)
        bar 4: i/o at 0xffffffffffffffff [0x1e]
      dev: ich9-usb-ehci1, id "ehci"
        maxframes = 128
        addr = 1d.7
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class USB controller, addr 00:1d.7, pci id 8086:293a (sub 1af4:1100)
        bar 0: mem at 0xffffffffffffffff [0xffe]
        bus: ehci.0
          type usb-bus
          dev: usb-tablet, id "tablet0"
            usb_version = 2
            port = <null>
            full-path = on
            addr 0.0, port 1, speed 480, name QEMU USB Tablet, attached
      dev: cirrus-vga, id ""
        vgamem_mb = 8
        addr = 01.0
        romfile = "vgabios-cirrus.bin"
        rombar = 1
        multifunction = off
        command_serr_enable = on
        class VGA controller, addr 00:01.0, pci id 1013:00b8 (sub 1af4:1100)
        bar 0: mem at 0xffffffffffffffff [0x1fffffe]
        bar 1: mem at 0xffffffffffffffff [0xffe]
        bar 6: mem at 0xffffffffffffffff [0xfffe]
      dev: ICH9 SMB, id ""
        addr = 1f.3
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class SMBus, addr 00:1f.3, pci id 8086:2930 (sub 1af4:1100)
        bar 4: i/o at 0xffffffffffffffff [0x3e]
        bus: i2c
          type i2c-bus
          dev: smbus-eeprom, id ""
            address = 87
          dev: smbus-eeprom, id ""
            address = 86
          dev: smbus-eeprom, id ""
            address = 85
          dev: smbus-eeprom, id ""
            address = 84
          dev: smbus-eeprom, id ""
            address = 83
          dev: smbus-eeprom, id ""
            address = 82
          dev: smbus-eeprom, id ""
            address = 81
          dev: smbus-eeprom, id ""
            address = 80
      dev: ich9-ahci, id ""
        addr = 1f.2
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class SATA controller, addr 00:1f.2, pci id 8086:2922 (sub 1af4:1100)
        bar 4: i/o at 0xffffffffffffffff [0x1e]
        bar 5: mem at 0xffffffffffffffff [0xffe]
        bus: ide.5
          type IDE
        bus: ide.4
          type IDE
        bus: ide.3
          type IDE
        bus: ide.2
          type IDE
        bus: ide.1
          type IDE
        bus: ide.0
          type IDE
          dev: ide-hd, id "system-disk"
            drive = drive-system-disk
            logical_block_size = 512
            physical_block_size = 512
            min_io_size = 0
            opt_io_size = 0
            bootindex = 1
            discard_granularity = 0
            ver = "1.4.0"
            wwn = 0x0
            serial = "QEMU-DISK1"
            model = <null>
            cyls = 16383
            heads = 16
            secs = 63
            bios-chs-trans = lba
            unit = 0
      dev: ICH9 LPC, id ""
        addr = 1f.0
        romfile = <null>
        rombar = 1
        multifunction = on
        command_serr_enable = on
        class ISA bridge, addr 00:1f.0, pci id 8086:2918 (sub 1af4:1100)
        bus: isa.0
          type ISA
          dev: isa-fdc, id ""
            iobase = 0x3f0
            irq = 6
            dma = 2
            driveA = floppy0
            driveB = <null>
            bootindexA = -1
            bootindexB = -1
            check_media_rate = on
            isa irq 6
          dev: port92, id ""
          dev: vmmouse, id ""
          dev: vmport, id ""
          dev: i8042, id ""
            isa irqs 1,12
          dev: isa-parallel, id ""
            index = 0
            iobase = 0x378
            irq = 7
            chardev = parallel0
            isa irq 7
          dev: isa-serial, id ""
            index = 0
            iobase = 0x3f8
            irq = 4
            chardev = serial0
            wakeup = 0
            isa irq 4
          dev: isa-pcspk, id ""
            iobase = 0x61
          dev: kvm-pit, id ""
            gpio-in 1
            iobase = 0x40
            lost_tick_policy = discard
          dev: mc146818rtc, id ""
            base_year = 0
            lost_tick_policy = slew
          dev: kvm-i8259, id ""
            iobase = 0xa0
            elcr_addr = 0x4d1
            elcr_mask = 0xde
            master = off
          dev: kvm-i8259, id ""
            iobase = 0x20
            elcr_addr = 0x4d0
            elcr_mask = 0xf8
            master = on
      dev: mch, id ""
        addr = 00.0
        romfile = <null>
        rombar = 1
        multifunction = off
        command_serr_enable = on
        class Host bridge, addr 00:00.0, pci id 8086:29c0 (sub 1af4:1100)
  dev: fw_cfg, id ""
    ctl_iobase = 0x510
    data_iobase = 0x511
    irq 0
    mmio ffffffffffffffff/0000000000000002
    mmio ffffffffffffffff/0000000000000001
  dev: pc-sysfw, id ""
    rom_only = 1
    irq 0
  dev: kvmclock, id ""
    irq 0
  dev: kvm-apic, id ""
    id = 3
    vapic = on
    irq 0
    mmio ffffffffffffffff/0000000000100000
  dev: kvm-apic, id ""
    id = 2
    vapic = on
    irq 0
    mmio ffffffffffffffff/0000000000100000
  dev: kvm-apic, id ""
    id = 1
    vapic = on
    irq 0
    mmio ffffffffffffffff/0000000000100000
  dev: kvmvapic, id ""
    irq 0
  dev: kvm-apic, id ""
    id = 0
    vapic = on
    irq 0
    mmio 00000000fee00000/0000000000100000
(qemu) c
(qemu) qemu-kvm: hw/scsi-disk.c:241: scsi_dma_complete: Assertion `r->req.aiocb != ((void *)0)' failed.
Aborted (core dumped)

Comment 3 Sibiao Luo 2013-04-19 09:24:47 UTC

the virtio-win driver version is virtio-win-prewhql-0.1-55. I also tried the rhel7 guest, but did not met it. so i don't know whether is the virtio-win issue or the qemu-km issue.

Comment 4 Hai Huang 2013-04-19 14:14:54 UTC

Please feel free to re-assign if this is an issue with qemu.

Comment 7 Ronen Hod 2014-01-05 09:57:10 UTC

*** Bug 985830 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.