On Thu, 10 Mar 2022 at 16:30, Igor Mammedov <imamm...@redhat.com> wrote: > > Do On Thu, 10 Mar 2022 16:05:24 +0000 > Peter Maydell <peter.mayd...@linaro.org> wrote: > > > On Thu, 10 Mar 2022 at 15:36, Igor Mammedov <imamm...@redhat.com> wrote: > > > > > > On Wed, 9 Mar 2022 16:56:21 +0000 > > > Peter Maydell <peter.mayd...@linaro.org> wrote: > > > > ...also, in the device-introspect-test where I see this problem, > > > > unrealize is never going to be called anyway, because the device > > > > is only put through "instance_init" and then dereffed (which > > > > does not result in instance_finalize being called, because the > > > > refcount is still non-zero). > > > > > > question is why introspected device is deferred instead of being > > > destroyed if it's no longer needed? > > > > ...because the reference count is not zero. > > > > What is supposed to happen is: > > * device is created (inited), and has refcount of 1 > > * introspection code does its thing > > * introspection code derefs the device, and it gets deinited > > > > This bug means that when the device is inited it has a refcount > > that is too high, and so despite the code that creates it > > correctly dereffing it, it's still lying around. > > looks like ref count leak somewhere, instance_finalize() take care > of cleaning up instance_init() actions.
If you read the rest of the thread, we know why the refcount is too high. And instance_finalize *is never called*, so it cannot clean up what instance_init has done. > Do you have an example/reproducer? Yes, see the thread -- device-introspect-test shows it. (You can put printfs in ehci_sysbus_init and ehci_sysbus_finalize and see that for some devices we don't ever call finalize.) -- PMM