From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:45735)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SlkQS-0007aK-1x
	for qemu-devel@nongnu.org; Mon, 02 Jul 2012 13:28:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SlkQL-00063w-IL
	for qemu-devel@nongnu.org; Mon, 02 Jul 2012 13:28:39 -0400
Received: from mail-bk0-f45.google.com ([209.85.214.45]:65002)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SlkQL-000636-AZ
	for qemu-devel@nongnu.org; Mon, 02 Jul 2012 13:28:33 -0400
Received: by bkty12 with SMTP id y12so1185785bkt.4
	for <qemu-devel@nongnu.org>; Mon, 02 Jul 2012 10:28:30 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 2 Jul 2012 18:28:30 +0100
Message-ID: <CAFEAcA9AS2MHZhPyRxtEzkQ4aYe=t7xthX5veioE01GYOrZLjQ@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Subject: [Qemu-devel] "object_delete: assertion failed: (obj->ref == 0)"
 deleting usb-storage from monitor
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: QEMU Developers <qemu-devel@nongnu.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>

If you create a usb-storage device on the qemu command line
and then try to delete it via the monitor, QEMU asserts:

$ dd if=/dev/zero bs=4096 count=1024 of=usb.img
$ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
-drive if=none,file=usb.img,id=myusb  -device
usb-storage,id=myusb,drive=myusb,removable=on
QEMU 1.1.50 monitor - type 'help' for more information
(qemu) device_del myusb
**
ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
Aborted

Backtrace:

#0  0xb7fe1422 in __kernel_vsyscall ()
#1  0xb7a36941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb7a39e42 in abort () at abort.c:92
#3  0xb7f5c4af in g_assertion_message () from /lib/libglib-2.0.so.0
#4  0xb7f5caed in g_assertion_message_expr () from /lib/libglib-2.0.so.0
#5  0x00294386 in object_delete (obj=0xb0a550) at qom/object.c:408
#6  0x001a29aa in qdev_free (dev=0xb0a550) at hw/qdev.c:272
#7  0x001a3c42 in qbus_finalize (obj=0xb0a1c4) at hw/qdev.c:777
#8  0x00294182 in object_deinit (obj=0xb0a1c4, type=0xae01f8) at
qom/object.c:357
#9  0x002941ee in object_deinit (obj=0xb0a1c4, type=0xadfe38) at
qom/object.c:367
#10 0x00294233 in object_finalize (data=0xb0a1c4) at qom/object.c:378
#11 0x001a316d in qbus_free (bus=0xb0a1c4) at hw/qdev.c:480
#12 0x001a3a5f in device_finalize (obj=0xb08d78) at hw/qdev.c:705
#13 0x00294182 in object_deinit (obj=0xb08d78, type=0xae03d8) at
qom/object.c:357
#14 0x002941ee in object_deinit (obj=0xb08d78, type=0xadef18) at
qom/object.c:367
#15 0x002941ee in object_deinit (obj=0xb08d78, type=0xadda10) at
qom/object.c:367
#16 0x00294233 in object_finalize (data=0xb08d78) at qom/object.c:378
#17 0x0029492a in object_unref (obj=0xb08d78) at qom/object.c:652
#18 0x0029434a in object_delete (obj=0xb08d78) at qom/object.c:407
#19 0x001a29aa in qdev_free (dev=0xb08d78) at hw/qdev.c:272
#20 0x001a292c in qdev_simple_unplug_cb (dev=0xb08d78) at hw/qdev.c:247
#21 0x001a27f1 in qdev_unplug (dev=0xb08d78, errp=0xbfffe588) at hw/qdev.c:209
#22 0x0019f563 in qmp_device_del (id=0xaf55b8 "myusb",
errp=0xbfffe588) at hw/qdev-monitor.c:609
#23 0x0018e7ba in hmp_device_del (mon=0xae65b0, qdict=0xbeb158) at hmp.c:950
#24 0x0032fe05 in handle_user_command (mon=0xae65b0, cmdline=0xae69f8
"device_del myusb")
    at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:3975
#25 0x0033154b in monitor_command_cb (mon=0xae65b0, cmdline=0xae69f8
"device_del myusb", opaque=0x0)
    at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:4594
#26 0x00296fdd in readline_handle_byte (rs=0xae69f8, ch=13) at readline.c:373
#27 0x003314c0 in monitor_read (opaque=0xae65b0, buf=0xbfffe6ac
"\r8\277\267\210\223\263", size=1)
    at /home/petmay01/linaro/qemu-from-laptop/qemu/monitor.c:4580
#28 0x0027ed70 in qemu_chr_be_write (s=0xae0e08, buf=0xbfffe6ac
"\r8\277\267\210\223\263", len=1) at qemu-char.c:164
#29 0x0027fcc2 in fd_chr_read (opaque=0xae0e08) at qemu-char.c:588
#30 0x001be40b in qemu_iohandler_poll (readfds=0x880e00,
writefds=0x880e80, xfds=0x880f00, ret=2) at iohandler.c:121
#31 0x00263018 in main_loop_wait (nonblocking=0) at main-loop.c:497
#32 0x0025b374 in main_loop () at
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:1560
#33 0x00262491 in main (argc=10, argv=0xbffffaa4, envp=0xbffffad0) at
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:3657

This is with master as of commit 7a0bac4da9c. It's not
specific to the PC model (it was originally reported to me as a problem
with qemu-linaro's beagle model).

-- PMM