Tried the same with current git master and it segfaults. This segfault
was introduced in af12ac98 (lsi: have lsi_request for the whole life
time of the request):
#0 0x000000000052e2d3 in lsi_command_complete (bus=0xca22f8, reason=1,
tag=0, arg=512) at /home/kwolf/source/qemu/hw/lsi53c895a.c:690
#1 0x00000000004416e7 in qcow_aio_read_cb (opaque=0xc813f0, ret=0) at
block/qcow2.c:480
#2 0x0000000000433028 in posix_aio_process_queue (opaque=<value
optimized out>) at posix-aio-compat.c:459
#3 0x00000000004330cc in posix_aio_read (opaque=0xc4bb60) at
posix-aio-compat.c:489
#4 0x000000000040ac60 in main_loop_wait (timeout=0) at
/home/kwolf/source/qemu/vl.c:3949
#5 0x000000000040ce85 in main_loop (argc=<value optimized out>,
argv=<value optimized out>, envp=<value optimized out>)
at /home/kwolf/source/qemu/vl.c:4172
#6 main (argc=<value optimized out>, argv=<value optimized out>,
envp=<value optimized out>) at /home/kwolf/source/qemu/vl.c:6147
s->current is set to NULL by lsi_queue_command. I don't know the code
well enough to say if lsi_queue_command is wrong in setting it to NULL
or if lsi_command_complete shouldn't even try to access it (maybe it
should search in the queue for the right tag?)