* [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor
@ 2012-07-02 17:28 Peter Maydell
2012-07-04 13:51 ` Peter Maydell
0 siblings, 1 reply; 4+ messages in thread
From: Peter Maydell @ 2012-07-02 17:28 UTC (permalink / raw)
To: QEMU Developers; +Cc: Gerd Hoffmann
If you create a usb-storage device on the qemu command line
and then try to delete it via the monitor, QEMU asserts:
$ dd if=/dev/zero bs=4096 count=1024 of=usb.img
$ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
-drive if=none,file=usb.img,id=myusb -device
usb-storage,id=myusb,drive=myusb,removable=on
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) device_del myusb
**
ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
Aborted
Backtrace:
#0 0xb7fe1422 in __kernel_vsyscall ()
#1 0xb7a36941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb7a39e42 in abort () at abort.c:92
#3 0xb7f5c4af in g_assertion_message () from /lib/libglib-2.0.so.0
#4 0xb7f5caed in g_assertion_message_expr () from /lib/libglib-2.0.so.0
#5 0x00294386 in object_delete (obj=0xb0a550) at qom/object.c:408
#6 0x001a29aa in qdev_free (dev=0xb0a550) at hw/qdev.c:272
#7 0x001a3c42 in qbus_finalize (obj=0xb0a1c4) at hw/qdev.c:777
#8 0x00294182 in object_deinit (obj=0xb0a1c4, type=0xae01f8) at
qom/object.c:357
#9 0x002941ee in object_deinit (obj=0xb0a1c4, type=0xadfe38) at
qom/object.c:367
#10 0x00294233 in object_finalize (data=0xb0a1c4) at qom/object.c:378
#11 0x001a316d in qbus_free (bus=0xb0a1c4) at hw/qdev.c:480
#12 0x001a3a5f in device_finalize (obj=0xb08d78) at hw/qdev.c:705
#13 0x00294182 in object_deinit (obj=0xb08d78, type=0xae03d8) at
qom/object.c:357
#14 0x002941ee in object_deinit (obj=0xb08d78, type=0xadef18) at
qom/object.c:367
#15 0x002941ee in object_deinit (obj=0xb08d78, type=0xadda10) at
qom/object.c:367
#16 0x00294233 in object_finalize (data=0xb08d78) at qom/object.c:378
#17 0x0029492a in object_unref (obj=0xb08d78) at qom/object.c:652
#18 0x0029434a in object_delete (obj=0xb08d78) at qom/object.c:407
#19 0x001a29aa in qdev_free (dev=0xb08d78) at hw/qdev.c:272
#20 0x001a292c in qdev_simple_unplug_cb (dev=0xb08d78) at hw/qdev.c:247
#21 0x001a27f1 in qdev_unplug (dev=0xb08d78, errp=0xbfffe588) at hw/qdev.c:209
#22 0x0019f563 in qmp_device_del (id=0xaf55b8 "myusb",
errp=0xbfffe588) at hw/qdev-monitor.c:609
#23 0x0018e7ba in hmp_device_del (mon=0xae65b0, qdict=0xbeb158) at hmp.c:950
#24 0x0032fe05 in handle_user_command (mon=0xae65b0, cmdline=0xae69f8
"device_del myusb")
at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:3975
#25 0x0033154b in monitor_command_cb (mon=0xae65b0, cmdline=0xae69f8
"device_del myusb", opaque=0x0)
at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:4594
#26 0x00296fdd in readline_handle_byte (rs=0xae69f8, ch=13) at readline.c:373
#27 0x003314c0 in monitor_read (opaque=0xae65b0, buf=0xbfffe6ac
"\r8\277\267\210\223\263", size=1)
at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:4580
#28 0x0027ed70 in qemu_chr_be_write (s=0xae0e08, buf=0xbfffe6ac
"\r8\277\267\210\223\263", len=1) at qemu-char.c:164
#29 0x0027fcc2 in fd_chr_read (opaque=0xae0e08) at qemu-char.c:588
#30 0x001be40b in qemu_iohandler_poll (readfds=0x880e00,
writefds=0x880e80, xfds=0x880f00, ret=2) at iohandler.c:121
#31 0x00263018 in main_loop_wait (nonblocking=0) at main-loop.c:497
#32 0x0025b374 in main_loop () at
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:1560
#33 0x00262491 in main (argc=10, argv=0xbffffaa4, envp=0xbffffad0) at
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:3657
This is with master as of commit 7a0bac4da9c. It's not
specific to the PC model (it was originally reported to me as a problem
with qemu-linaro's beagle model).
-- PMM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor
2012-07-02 17:28 [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor Peter Maydell
@ 2012-07-04 13:51 ` Peter Maydell
2012-11-22 17:05 ` Peter Maydell
0 siblings, 1 reply; 4+ messages in thread
From: Peter Maydell @ 2012-07-04 13:51 UTC (permalink / raw)
To: QEMU Developers; +Cc: Paolo Bonzini, Anthony Liguori, Gerd Hoffmann
On 2 July 2012 18:28, Peter Maydell <peter.maydell@linaro.org> wrote:
> If you create a usb-storage device on the qemu command line
> and then try to delete it via the monitor, QEMU asserts:
>
> $ dd if=/dev/zero bs=4096 count=1024 of=usb.img
> $ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
> -drive if=none,file=usb.img,id=myusb -device
> usb-storage,id=myusb,drive=myusb,removable=on
> QEMU 1.1.50 monitor - type 'help' for more information
> (qemu) device_del myusb
> **
> ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
> Aborted
Further investigation shows that this is happening because
device_finalize (at #19 in this backtrace) tries to free the
'usb-storage' device; it handles child buses (which in this
case is the SCSI bus the usb-storage module's disk is hanging
off) by (via qbus_finalize()) freeing all the devices on the
bus. Unfortunately the "scsi-disk" object still has a nonzero
refcount, and so we assert.
The stray reference to the object is coming from qdev_init():
object_property_add_child(container_get(qdev_get_machine(),
"/unattached"),
name, OBJECT(dev), NULL);
...what should be unreffing this reference when the qdev object
is deleted?
-- PMM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor
2012-07-04 13:51 ` Peter Maydell
@ 2012-11-22 17:05 ` Peter Maydell
2012-11-22 18:09 ` Paolo Bonzini
0 siblings, 1 reply; 4+ messages in thread
From: Peter Maydell @ 2012-11-22 17:05 UTC (permalink / raw)
To: QEMU Developers; +Cc: Paolo Bonzini, Anthony Liguori, Gerd Hoffmann
On 4 July 2012 14:51, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 2 July 2012 18:28, Peter Maydell <peter.maydell@linaro.org> wrote:
>> If you create a usb-storage device on the qemu command line
>> and then try to delete it via the monitor, QEMU asserts:
>>
>> $ dd if=/dev/zero bs=4096 count=1024 of=usb.img
>> $ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
>> -drive if=none,file=usb.img,id=myusb -device
>> usb-storage,id=myusb,drive=myusb,removable=on
>> QEMU 1.1.50 monitor - type 'help' for more information
>> (qemu) device_del myusb
>> **
>> ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
>> Aborted
>
> Further investigation shows that this is happening because
> device_finalize (at #19 in this backtrace) tries to free the
> 'usb-storage' device; it handles child buses (which in this
> case is the SCSI bus the usb-storage module's disk is hanging
> off) by (via qbus_finalize()) freeing all the devices on the
> bus. Unfortunately the "scsi-disk" object still has a nonzero
> refcount, and so we assert.
>
> The stray reference to the object is coming from qdev_init():
> object_property_add_child(container_get(qdev_get_machine(),
> "/unattached"),
> name, OBJECT(dev), NULL);
>
> ...what should be unreffing this reference when the qdev object
> is deleted?
Just a note that this assert() still happens in current
git master...
-- PMM
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor
2012-11-22 17:05 ` Peter Maydell
@ 2012-11-22 18:09 ` Paolo Bonzini
0 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2012-11-22 18:09 UTC (permalink / raw)
To: Peter Maydell; +Cc: Anthony Liguori, QEMU Developers, Gerd Hoffmann
Il 22/11/2012 18:05, Peter Maydell ha scritto:
> On 4 July 2012 14:51, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 2 July 2012 18:28, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> If you create a usb-storage device on the qemu command line
>>> and then try to delete it via the monitor, QEMU asserts:
>>>
>>> $ dd if=/dev/zero bs=4096 count=1024 of=usb.img
>>> $ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
>>> -drive if=none,file=usb.img,id=myusb -device
>>> usb-storage,id=myusb,drive=myusb,removable=on
>>> QEMU 1.1.50 monitor - type 'help' for more information
>>> (qemu) device_del myusb
>>> **
>>> ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
>>> Aborted
>>
>> Further investigation shows that this is happening because
>> device_finalize (at #19 in this backtrace) tries to free the
>> 'usb-storage' device; it handles child buses (which in this
>> case is the SCSI bus the usb-storage module's disk is hanging
>> off) by (via qbus_finalize()) freeing all the devices on the
>> bus. Unfortunately the "scsi-disk" object still has a nonzero
>> refcount, and so we assert.
>>
>> The stray reference to the object is coming from qdev_init():
>> object_property_add_child(container_get(qdev_get_machine(),
>> "/unattached"),
>> name, OBJECT(dev), NULL);
>>
>> ...what should be unreffing this reference when the qdev object
>> is deleted?
>
> Just a note that this assert() still happens in current
> git master...
I looked at it, and it's like 4 bugs, all-in-one. I'll post a patch
tomorrow, it's somewhat scary.
Paolo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-11-22 18:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-07-02 17:28 [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)" deleting usb-storage from monitor Peter Maydell
2012-07-04 13:51 ` Peter Maydell
2012-11-22 17:05 ` Peter Maydell
2012-11-22 18:09 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).