On 2 July 2012 18:28, Peter Maydell <peter.mayd...@linaro.org> wrote:
> If you create a usb-storage device on the qemu command line
> and then try to delete it via the monitor, QEMU asserts:
>
> $ dd if=/dev/zero bs=4096 count=1024 of=usb.img
> $ ./i386-softmmu/qemu-system-i386 -clock unix -monitor stdio -usb
> -drive if=none,file=usb.img,id=myusb -device
> usb-storage,id=myusb,drive=myusb,removable=on
> QEMU 1.1.50 monitor - type 'help' for more information
> (qemu) device_del myusb
> **
> ERROR:qom/object.c:408:object_delete: assertion failed: (obj->ref == 0)
> Aborted
Further investigation shows that this is happening because
device_finalize (at #19 in this backtrace) tries to free the
'usb-storage' device; it handles child buses (which in this
case is the SCSI bus the usb-storage module's disk is hanging
off) by (via qbus_finalize()) freeing all the devices on the
bus. Unfortunately the "scsi-disk" object still has a nonzero
refcount, and so we assert.
The stray reference to the object is coming from qdev_init():
object_property_add_child(container_get(qdev_get_machine(),
"/unattached"),
name, OBJECT(dev), NULL);
...what should be unreffing this reference when the qdev object
is deleted?
-- PMM
