Here's a qtest reproducer cat << EOF | ./i386-softmmu/qemu-system-i386 \ -M pc,accel=qtest -qtest null -nographic -vga qxl -qtest stdio -nodefaults \ -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \ -drive if=none,id=drive1,file=null-co://,file.read-zeroes=on,format=raw \ -device ide-cd,drive=drive0 -device ide-hd,drive=drive1 writel 0x0 0xffffffff outw 0x171 0x32a outw 0x176 0x3570 outl 0xcf8 0x80000903 outl 0xcfc 0x4e002700 outl 0xcf8 0x80000920 outb 0xcfc 0x5e outb 0x58 0xe1 outw 0x57 0x0 EOF
With -trace ide\*: [I 1594492439.431181] OPENED 8666@1594492439.441003:ide_reset IDEstate 0x557f44953598 8666@1594492439.441084:ide_reset IDEstate 0x557f44953968 8666@1594492439.441407:ide_reset IDEstate 0x557f44953e88 8666@1594492439.441484:ide_reset IDEstate 0x557f44954258 8666@1594492439.442483:ide_reset IDEstate 0x557f44953e88 8666@1594492439.442548:ide_reset IDEstate 0x557f44954258 8666@1594492439.444817:ide_reset IDEstate 0x557f44953598 8666@1594492439.444822:ide_reset IDEstate 0x557f44953968 8666@1594492439.444824:ide_reset IDEstate 0x557f44953e88 8666@1594492439.444825:ide_reset IDEstate 0x557f44954258 [R +0.015229] writel 0x0 0xffffffff OK [S +0.015321] OK [R +0.015328] outw 0x171 0x32a 8666@1594492439.446534:ide_ioport_write IDE PIO wr @ 0x171 (Features); val 0x2a; bus 0x557f44953e00 IDEState 0x557f44953e88 8666@1594492439.446537:ide_ioport_write IDE PIO wr @ 0x172 (Sector Count); val 0x03; bus 0x557f44953e00 IDEState 0x557f44953e88 OK [S +0.015360] OK [R +0.015377] outw 0x176 0x3570 8666@1594492439.446561:ide_ioport_write IDE PIO wr @ 0x176 (Device/Head); val 0x70; bus 0x557f44953e00 IDEState 0x557f44953e88 8666@1594492439.446564:ide_ioport_write IDE PIO wr @ 0x177 (Command); val 0x35; bus 0x557f44953e00 IDEState 0x557f44954258 8666@1594492439.446581:ide_exec_cmd IDE exec cmd: bus 0x557f44953e00; state 0x557f44954258; cmd 0x35 OK [S +0.015404] OK [R +0.015410] outl 0xcf8 0x80000903 OK [S +0.015413] OK [R +0.015429] outl 0xcfc 0x4e002700 OK [S +0.015555] OK [R +0.015559] outl 0xcf8 0x80000920 OK [S +0.015561] OK [R +0.015563] outb 0xcfc 0x5e OK [S +0.015663] OK [R +0.015667] outb 0x58 0xe1 8666@1594492439.446896:ide_dma_cb IDEState 0x557f44954258; sector_num=1 n=259 cmd=DMA WRITE OK [S +0.015801] OK [R +0.015806] outw 0x57 0x0 8666@1594492439.447006:ide_cancel_dma_sync_remaining draining all remaining requests qemu-system-i386: /home/alxndr/Development/qemu/hw/ide/core.c:724: void ide_cancel_dma_sync(IDEState *): Assertion `s->bus->dma->aiocb == NULL' failed. Aborted -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1681439 Title: qemu-system-x86_64: hw/ide/core.c:685: ide_cancel_dma_sync: Assertion `s->bus->dma->aiocb == NULL' failed. Status in QEMU: New Bug description: Since upgrading to QEMU 2.8.0, my Windows 7 64-bit virtual machines started crashing due to the assertion quoted in the summary failing. The assertion in question was added by commit 9972354856 ("block: add BDS field to count in-flight requests"). My tests show that setting discard=unmap is needed to reproduce the issue. Speaking of reproduction, it is a bit flaky, because I have been unable to come up with specific instructions that would allow the issue to be triggered outside of my environment, but I do have a semi-sane way of testing that appears to depend on a specific initial state of data on the underlying storage volume, actions taken within the VM and waiting for about 20 minutes. Here is the shortest QEMU command line that I managed to reproduce the bug with: qemu-system-x86_64 \ -machine pc-i440fx-2.7,accel=kvm \ -m 3072 \ -drive file=/dev/lvm/qemu,format=raw,if=ide,discard=unmap \ -netdev tap,id=hostnet0,ifname=tap0,script=no,downscript=no,vhost=on \ -device virtio-net-pci,netdev=hostnet0 \ -vnc :0 The underlying storage (/dev/lvm/qemu) is a thin LVM snapshot. QEMU was compiled using: ./configure --python=/usr/bin/python2.7 --target-list=x86_64-softmmu make -j3 My virtualization environment is not really a critical one and reproduction is not that much of a hassle, so if you need me to gather further diagnostic information or test patches, I will be happy to help. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1681439/+subscriptions
