From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:54196)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TbbDV-0007DG-JT
	for qemu-devel@nongnu.org; Thu, 22 Nov 2012 13:09:41 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TbbDP-0004gp-MI
	for qemu-devel@nongnu.org; Thu, 22 Nov 2012 13:09:37 -0500
Received: from mail-wg0-f53.google.com ([74.125.82.53]:42661)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1TbbDP-0004fu-FO
	for qemu-devel@nongnu.org; Thu, 22 Nov 2012 13:09:31 -0500
Received: by mail-wg0-f53.google.com with SMTP id e12so1567674wge.10
	for <qemu-devel@nongnu.org>; Thu, 22 Nov 2012 10:09:30 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <50AE6A55.3000406@redhat.com>
Date: Thu, 22 Nov 2012 19:09:25 +0100
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <CAFEAcA9AS2MHZhPyRxtEzkQ4aYe=t7xthX5veioE01GYOrZLjQ@mail.gmail.com>
	<CAFEAcA-PwdWYwOQFnDOPVf5s_3L2LON599i9zCNEOm1+xPLepA@mail.gmail.com>
	<CAFEAcA_hLFLVbo4X9OixzVGPbZ5OQJQQzCUnV=JTGozJObUt_A@mail.gmail.com>
In-Reply-To: <CAFEAcA_hLFLVbo4X9OixzVGPbZ5OQJQQzCUnV=JTGozJObUt_A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)"
 deleting usb-storage from monitor
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Anthony Liguori <aliguori@us.ibm.com>, QEMU Developers <qemu-devel@nongnu.org>, Gerd Hoffmann <kraxel@redhat.com>

Il 22/11/2012 18:05, Peter Maydell ha scritto:
> On 4 July 2012 14:51, Peter Maydell <peter.maydell@linaro.org> wrote:
>> On 2 July 2012 18:28, Peter Maydell <peter.maydell@linaro.org> wrote:
>>> If you create a usb-storage device on the qemu command line
>>> and then try to delete it via the monitor, QEMU asserts:
>>>
>>> $ dd if=/dev/zero bs=4096 count=1024 of=usb.img
>>> $ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
>>> -drive if=none,file=usb.img,id=myusb  -device
>>> usb-storage,id=myusb,drive=myusb,removable=on
>>> QEMU 1.1.50 monitor - type 'help' for more information
>>> (qemu) device_del myusb
>>> **
>>> ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
>>> Aborted
>>
>> Further investigation shows that this is happening because
>> device_finalize (at #19 in this backtrace) tries to free the
>> 'usb-storage' device; it handles child buses (which in this
>> case is the SCSI bus the usb-storage module's disk is hanging
>> off) by (via qbus_finalize()) freeing all the devices on the
>> bus. Unfortunately the "scsi-disk" object still has a nonzero
>> refcount, and so we assert.
>>
>> The stray reference to the object is coming from qdev_init():
>>         object_property_add_child(container_get(qdev_get_machine(),
>>                                                 "/unattached"),
>>                                   name, OBJECT(dev), NULL);
>>
>> ...what should be unreffing this reference when the qdev object
>> is deleted?
> 
> Just a note that this assert() still happens in current
> git master...

I looked at it, and it's like 4 bugs, all-in-one.  I'll post a patch
tomorrow, it's somewhat scary.

Paolo