All of lore.kernel.org
 help / color / mirror / Atom feed
From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: zhangckid@gmail.com, lizhijian@fujitsu.com, jasowang@redhat.com,
	arei.gonglei@huawei.com, zhenwei.pi@linux.dev,
	pbonzini@redhat.com, peterx@redhat.com, philmd@linaro.org,
	marcandre.lureau@redhat.com, berrange@redhat.com,
	elena.ufimtseva@oracle.com, jag.raman@oracle.com
Subject: Several QOM objects crash on introspection
Date: Wed, 22 Apr 2026 16:16:01 +0200	[thread overview]
Message-ID: <87a4uvw066.fsf@pond.sub.org> (raw)

QMP command qom-list-properties crashes for the following object types:

    colo-compare
    cryptodev-backend-lkcf
    memory-region-portio-list
    qemu-fixed-text-console
    qemu-graphic-console
    qio-net-listener
    x-remote-object

Testing gap: tests/qtest/device-introspect-test.c guards against such
bugs in devices, but not non-device objects.

Example crash:

(gdb) r
Starting program: /home/armbru/bin/qemu-system-x86_64 -S -display none -qmp stdio
[...]
{"QMP": {"version": {"qemu": {"micro": 94, "minor": 2, "major": 10}, "package": "v11.0.0-rc4-14-gcb2bd9a2e6-dirty"}, "capabilities": ["oob"]}}
[New Thread 0x7fff6b61d6c0 (LWP 2882851)]
{"execute": "qmp_capabilities", "arguments": {"enable": ["oob"]}}
{"return": {}}
{"execute": "qom-list-properties", "arguments": {"typename": "colo-compare"}}
upstream-qemu: ../util/qemu-thread-posix.c:96: qemu_mutex_destroy: Assertion `mutex->initialized' failed.

Thread 1 "upstream-qemu" received signal SIGABRT, Aborted.
0x00007ffff49c33cc in __pthread_kill_implementation () from /lib64/libc.so.6
[...]
(gdb) bt
#0  0x00007ffff49c33cc in __pthread_kill_implementation () at /lib64/libc.so.6
#1  0x00007ffff496915e in raise () at /lib64/libc.so.6
#2  0x00007ffff49506d0 in abort () at /lib64/libc.so.6
#3  0x00007ffff4950639 in __assert_fail_base.cold () at /lib64/libc.so.6
#4  0x0000555555ee3187 in qemu_mutex_destroy (mutex=0x55555761d4a0 <event_mtx>)
    at ../util/qemu-thread-posix.c:96
#5  0x0000555555a18c65 in colo_compare_finalize (obj=0x55555887e4f0)
    at ../net/colo-compare.c:1423
#6  0x0000555555c8bb31 in object_deinit
    (obj=0x55555887e4f0, type=0x555558053a90) at ../qom/object.c:715
#7  0x0000555555c8bbab in object_finalize (data=0x55555887e4f0)
    at ../qom/object.c:729
#8  0x0000555555c8ce2c in object_unref (objptr=0x55555887e4f0)
    at ../qom/object.c:1232
#9  0x0000555555de8d38 in qmp_qom_list_properties
    (typename=0x5555581ef450 "colo-compare", errp=0x7fffffffd8a8)
    at ../qom/qom-qmp-cmds.c:282
#10 0x0000555555e90311 in qmp_marshal_qom_list_properties
    (args=0x7fff64003150, ret=0x7fffeccccda8, errp=0x7fffeccccda0)
    at qapi/qapi-commands-qom.c:326
#11 0x0000555555ecdd9e in do_qmp_dispatch_bh (opaque=0x7fffecccce40)
    at ../qapi/qmp-dispatch.c:128
#12 0x0000555555eff09b in aio_bh_call (bh=0x555558bee700)
--Type <RET> for more, q to quit, c to continue without paging--
    at ../util/async.c:173
#13 0x0000555555eff1e3 in aio_bh_poll (ctx=0x55555807f180)
    at ../util/async.c:220
#14 0x0000555555ede0d0 in aio_dispatch (ctx=0x55555807f180)
    at ../util/aio-posix.c:390
#15 0x0000555555eff6f4 in aio_ctx_dispatch
    (source=0x55555807f180, callback=0x0, user_data=0x0) at ../util/async.c:365
#16 0x00007ffff6deb323 in g_main_context_dispatch_unlocked.lto_priv ()
    at /lib64/libglib-2.0.so.0
#17 0x00007ffff6deb5b5 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#18 0x0000555555f01202 in glib_pollfds_poll () at ../util/main-loop.c:290
#19 0x0000555555f01290 in os_host_main_loop_wait (timeout=0)
    at ../util/main-loop.c:313
#20 0x0000555555f013c1 in main_loop_wait (nonblocking=0)
    at ../util/main-loop.c:592
#21 0x0000555555993773 in qemu_main_loop () at ../system/runstate.c:945
#22 0x0000555555e0d468 in qemu_default_main (opaque=0x0) at ../system/main.c:50
#23 0x0000555555e0d522 in main (argc=6, argv=0x7fffffffdd58)
    at ../system/main.c:93



             reply	other threads:[~2026-04-22 14:17 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-22 14:16 Markus Armbruster [this message]
2026-04-22 20:24 ` Several QOM objects crash on introspection Marc-André Lureau
2026-04-23  4:55   ` Markus Armbruster
2026-04-23 16:18     ` Jagannathan Raman
2026-04-23 17:31       ` Markus Armbruster
2026-04-23 18:36 ` Peter Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87a4uvw066.fsf@pond.sub.org \
    --to=armbru@redhat.com \
    --cc=arei.gonglei@huawei.com \
    --cc=berrange@redhat.com \
    --cc=elena.ufimtseva@oracle.com \
    --cc=jag.raman@oracle.com \
    --cc=jasowang@redhat.com \
    --cc=lizhijian@fujitsu.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peterx@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=zhangckid@gmail.com \
    --cc=zhenwei.pi@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.