From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:54295) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwdNd-0003ph-SJ for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RwdNc-0004aU-MN for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:29 -0500 Received: from mail-tul01m020-f173.google.com ([209.85.214.173]:46783) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwdNc-0004aN-JF for qemu-devel@nongnu.org; Sun, 12 Feb 2012 12:38:28 -0500 Received: by obbup16 with SMTP id up16so7208689obb.4 for ; Sun, 12 Feb 2012 09:38:27 -0800 (PST) Message-ID: <4F37F910.5030400@codemonkey.ws> Date: Sun, 12 Feb 2012 11:38:24 -0600 From: Anthony Liguori MIME-Version: 1.0 References: <20120212170743.GA3375@redhat.com> <20120212173140.GB3375@redhat.com> In-Reply-To: <20120212173140.GB3375@redhat.com> Content-Type: multipart/mixed; boundary="------------090306070303070607010201" Subject: Re: [Qemu-devel] weird qdev error List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" Cc: qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------090306070303070607010201 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 02/12/2012 11:31 AM, Michael S. Tsirkin wrote: > On Sun, Feb 12, 2012 at 07:07:43PM +0200, Michael S. Tsirkin wrote: >> I got this assert when working on qemu: pci hotplug >> callback failed so qdev_free was called. >> >> (gdb) where >> #0 0x00007ffff5fa1905 in raise () from /lib64/libc.so.6 >> #1 0x00007ffff5fa30e5 in abort () from /lib64/libc.so.6 >> #2 0x00007ffff7413a7f in g_assertion_message () from >> /lib64/libglib-2.0.so.0 >> #3 0x00007ffff7414020 in g_assertion_message_expr () from >> /lib64/libglib-2.0.so.0 >> #4 0x00007ffff7e452a9 in object_delete (obj=0x7ffff9124e60) at >> qom/object.c:375 >> #5 0x00007ffff7e2f5d4 in qdev_free (dev=0x7ffff9124e60) >> at /home/mst/scm/qemu/hw/qdev.c:250 >> #6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149 >> #7 0x00007ffff7e2a7fe in qdev_device_add (opts=0x7ffff8b0d3a0) >> at /home/mst/scm/qemu/hw/qdev-monitor.c:473 >> #8 0x00007ffff7e06da9 in device_init_func (opts=, >> opaque=) at /home/mst/scm/qemu/vl.c:1754 >> #9 0x00007ffff7e3737a in qemu_opts_foreach (list=, >> func= >> 0x7ffff7e06d90, opaque=0x0, >> abort_on_failure=) at qemu-option.c:1048 >> #10 0x00007ffff7e09cdb in main (argc=, argv=> optimized out>, >> envp=) at /home/mst/scm/qemu/vl.c:3407 >> (gdb) frame 6 >> #6 qdev_init (dev=0x7ffff9124e60) at /home/mst/scm/qemu/hw/qdev.c:149 >> 149 qdev_free(dev); >> >> The problems seems to be that >> pci_qdev_init calls do_pci_unregister_device on >> hotplug error which will free the device twice? > > Here's a reproducer to a similar error in property parsing: > > qemu-system-x86_64 -enable-kvm -m 1G -drive file=/home/mst/rhel6.qcow2 > -netdev user,id=bar -net > nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57 -redir > tcp:8022::22 -device virtio-net-pci,netdev=foo,mac=5854:00:12:34:56 > -netdev > tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on > -vnc :1 -monitor stdio Here's the fix. I need to do some regression testing and then I'll post as a proper top-level patch. Thanks for the report. Regards, Anthony Liguori > > > >> -- >> MST --------------090306070303070607010201 Content-Type: text/x-patch; name="0001-device_add-don-t-add-a-peripheral-link-until-init-is.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-device_add-don-t-add-a-peripheral-link-until-init-is.pa"; filename*1="tch" >>From b7fc6f1eb7c5e041eac7d610061a1be950707e5b Mon Sep 17 00:00:00 2001 From: Anthony Liguori Date: Sun, 12 Feb 2012 11:36:24 -0600 Subject: [PATCH] device_add: don't add a /peripheral link until init is complete Otherwise we end up with a dangling reference which causes qdev_free() to fail. Reported-by: Michael Tsirkin Signed-off-by: Anthony Liguori --- hw/qdev-monitor.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hw/qdev-monitor.c b/hw/qdev-monitor.c index 49f13ca..a310cc7 100644 --- a/hw/qdev-monitor.c +++ b/hw/qdev-monitor.c @@ -457,6 +457,16 @@ DeviceState *qdev_device_add(QemuOpts *opts) id = qemu_opts_id(opts); if (id) { qdev->id = id; + } + if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) { + qdev_free(qdev); + return NULL; + } + if (qdev_init(qdev) < 0) { + qerror_report(QERR_DEVICE_INIT_FAILED, driver); + return NULL; + } + if (qdev->id) { object_property_add_child(qdev_get_peripheral(), qdev->id, OBJECT(qdev), NULL); } else { @@ -466,14 +476,6 @@ DeviceState *qdev_device_add(QemuOpts *opts) OBJECT(qdev), NULL); g_free(name); } - if (qemu_opt_foreach(opts, set_property, qdev, 1) != 0) { - qdev_free(qdev); - return NULL; - } - if (qdev_init(qdev) < 0) { - qerror_report(QERR_DEVICE_INIT_FAILED, driver); - return NULL; - } qdev->opts = opts; return qdev; } -- 1.7.4.1 --------------090306070303070607010201--