Comment 1 for bug 1587039

the bug was introduced upstream by commit c2e50e3d11a0bf4c973cc30478c1af0f2d5f8e81 (thread-pool: avoid per-thread-pool EventNotifier). Until that commit, the code in async.c was safe because bottom halves are never used across threads.

It was fixed by upstream commit e8d3b1a25f284cdf9705b7cf0412281cc9ee3a36 released in QEMU 2.3.0
http://git.qemu.org/?p=qemu.git;a=commit;h=e8d3b1a25f284cdf9705b7cf0412281cc9ee3a36

QEMU 2.2 in cloud archive has this bug