qemu/hw
Eugenio Pérez f6ab64c05f virtio: Add corresponding memory_listener_unregister to unrealize
Address space is destroyed without proper removal of its listeners with
current code. They are expected to be removed in
virtio_device_instance_finalize [1], but qemu calls it through
object_deinit, after address_space_destroy call through
device_set_realized [2].

Move it to virtio_device_unrealize, called before device_set_realized
[3] and making it symmetric with memory_listener_register in
virtio_device_realize.

v2: Delete no-op call of virtio_device_instance_finalize.
    Add backtraces.

[1]

 #0  virtio_device_instance_finalize (obj=0x555557de5120)
     at /home/qemu/include/hw/virtio/virtio.h:71
 #1  0x0000555555b703c9 in object_deinit (type=0x555556639860,
      obj=<optimized out>) at ../qom/object.c:671
 #2  object_finalize (data=0x555557de5120) at ../qom/object.c:685
 #3  object_unref (objptr=0x555557de5120) at ../qom/object.c:1184
 #4  0x0000555555b4de9d in bus_free_bus_child (kid=0x555557df0660)
     at ../hw/core/qdev.c:55
 #5  0x0000555555c65003 in call_rcu_thread (opaque=opaque@entry=0x0)
     at ../util/rcu.c:281

Queued by:

 #0  bus_remove_child (bus=0x555557de5098,
     child=child@entry=0x555557de5120) at ../hw/core/qdev.c:60
 #1  0x0000555555b4ee31 in device_unparent (obj=<optimized out>)
     at ../hw/core/qdev.c:984
 #2  0x0000555555b70465 in object_finalize_child_property (
     obj=<optimized out>, name=<optimized out>, opaque=0x555557de5120)
     at ../qom/object.c:1725
 #3  0x0000555555b6fa17 in object_property_del_child (
     child=0x555557de5120, obj=0x555557ddcf90) at ../qom/object.c:645
 #4  object_unparent (obj=0x555557de5120) at ../qom/object.c:664
 #5  0x0000555555b4c071 in bus_unparent (obj=<optimized out>)
     at ../hw/core/bus.c:147
 #6  0x0000555555b70465 in object_finalize_child_property (
     obj=<optimized out>, name=<optimized out>, opaque=0x555557de5098)
     at ../qom/object.c:1725
 #7  0x0000555555b6fa17 in object_property_del_child (
     child=0x555557de5098, obj=0x555557ddcf90) at ../qom/object.c:645
 #8  object_unparent (obj=0x555557de5098) at ../qom/object.c:664
 #9  0x0000555555b4ee19 in device_unparent (obj=<optimized out>)
     at ../hw/core/qdev.c:981
 #10 0x0000555555b70465 in object_finalize_child_property (
     obj=<optimized out>, name=<optimized out>, opaque=0x555557ddcf90)
     at ../qom/object.c:1725
 #11 0x0000555555b6fa17 in object_property_del_child (
     child=0x555557ddcf90, obj=0x55555685da10) at ../qom/object.c:645
 #12 object_unparent (obj=0x555557ddcf90) at ../qom/object.c:664
 #13 0x00005555558dc331 in pci_for_each_device_under_bus (
     opaque=<optimized out>, fn=<optimized out>, bus=<optimized out>)
     at ../hw/pci/pci.c:1654

[2]

Optimizer omits pci_qdev_unrealize, called by device_set_realized, and
do_pci_unregister_device, called by pci_qdev_unrealize and caller of
address_space_destroy.

 #0  address_space_destroy (as=0x555557ddd1b8)
     at ../softmmu/memory.c:2840
 #1  0x0000555555b4fc53 in device_set_realized (obj=0x555557ddcf90,
      value=<optimized out>, errp=0x7fffeea8f1e0)
     at ../hw/core/qdev.c:850
 #2  0x0000555555b6eaa6 in property_set_bool (obj=0x555557ddcf90,
      v=<optimized out>, name=<optimized out>, opaque=0x555556650ba0,
     errp=0x7fffeea8f1e0) at ../qom/object.c:2255
 #3  0x0000555555b70e07 in object_property_set (
      obj=obj@entry=0x555557ddcf90,
      name=name@entry=0x555555db99df "realized",
      v=v@entry=0x7fffe46b7500,
      errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1400
 #4  0x0000555555b73c5f in object_property_set_qobject (
      obj=obj@entry=0x555557ddcf90,
      name=name@entry=0x555555db99df "realized",
      value=value@entry=0x7fffe44f6180,
      errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/qom-qobject.c:28
 #5  0x0000555555b71044 in object_property_set_bool (
      obj=0x555557ddcf90, name=0x555555db99df "realized",
      value=<optimized out>, errp=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1470
 #6  0x0000555555921cb7 in pcie_unplug_device (bus=<optimized out>,
      dev=0x555557ddcf90,
      opaque=<optimized out>) at /home/qemu/include/hw/qdev-core.h:17
 #7  0x00005555558dc331 in pci_for_each_device_under_bus (
      opaque=<optimized out>, fn=<optimized out>,
      bus=<optimized out>) at ../hw/pci/pci.c:1654

[3]

 #0  virtio_device_unrealize (dev=0x555557de5120)
     at ../hw/virtio/virtio.c:3680
 #1  0x0000555555b4fc63 in device_set_realized (obj=0x555557de5120,
     value=<optimized out>, errp=0x7fffee28df90)
     at ../hw/core/qdev.c:850
 #2  0x0000555555b6eab6 in property_set_bool (obj=0x555557de5120,
     v=<optimized out>, name=<optimized out>, opaque=0x555556650ba0,
     errp=0x7fffee28df90) at ../qom/object.c:2255
 #3  0x0000555555b70e17 in object_property_set (
     obj=obj@entry=0x555557de5120,
     name=name@entry=0x555555db99ff "realized",
     v=v@entry=0x7ffdd8035040,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1400
 #4  0x0000555555b73c6f in object_property_set_qobject (
     obj=obj@entry=0x555557de5120,
     name=name@entry=0x555555db99ff "realized",
     value=value@entry=0x7ffdd8035020,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/qom-qobject.c:28
 #5  0x0000555555b71054 in object_property_set_bool (
     obj=0x555557de5120, name=name@entry=0x555555db99ff "realized",
     value=value@entry=false, errp=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1470
 #6  0x0000555555b4edc5 in qdev_unrealize (dev=<optimized out>)
     at ../hw/core/qdev.c:403
 #7  0x0000555555b4c2a9 in bus_set_realized (obj=<optimized out>,
     value=<optimized out>, errp=<optimized out>)
     at ../hw/core/bus.c:204
 #8  0x0000555555b6eab6 in property_set_bool (obj=0x555557de5098,
     v=<optimized out>, name=<optimized out>, opaque=0x555557df04c0,
     errp=0x7fffee28e0a0) at ../qom/object.c:2255
 #9  0x0000555555b70e17 in object_property_set (
     obj=obj@entry=0x555557de5098,
     name=name@entry=0x555555db99ff "realized",
     v=v@entry=0x7ffdd8034f50,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1400
 #10 0x0000555555b73c6f in object_property_set_qobject (
     obj=obj@entry=0x555557de5098,
     name=name@entry=0x555555db99ff "realized",
     value=value@entry=0x7ffdd8020630,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/qom-qobject.c:28
 #11 0x0000555555b71054 in object_property_set_bool (
     obj=obj@entry=0x555557de5098,
     name=name@entry=0x555555db99ff "realized",
     value=value@entry=false, errp=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1470
 #12 0x0000555555b4c725 in qbus_unrealize (
     bus=bus@entry=0x555557de5098) at ../hw/core/bus.c:178
 #13 0x0000555555b4fc00 in device_set_realized (obj=0x555557ddcf90,
     value=<optimized out>, errp=0x7fffee28e1e0)
     at ../hw/core/qdev.c:844
 #14 0x0000555555b6eab6 in property_set_bool (obj=0x555557ddcf90,
     v=<optimized out>, name=<optimized out>, opaque=0x555556650ba0,
     errp=0x7fffee28e1e0) at ../qom/object.c:2255
 #15 0x0000555555b70e17 in object_property_set (
     obj=obj@entry=0x555557ddcf90,
     name=name@entry=0x555555db99ff "realized",
     v=v@entry=0x7ffdd8020560,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1400
 #16 0x0000555555b73c6f in object_property_set_qobject (
     obj=obj@entry=0x555557ddcf90,
     name=name@entry=0x555555db99ff "realized",
     value=value@entry=0x7ffdd8020540,
     errp=errp@entry=0x5555565bbf38 <error_abort>)
     at ../qom/qom-qobject.c:28
 #17 0x0000555555b71054 in object_property_set_bool (
     obj=0x555557ddcf90, name=0x555555db99ff "realized",
     value=<optimized out>, errp=0x5555565bbf38 <error_abort>)
     at ../qom/object.c:1470
 #18 0x0000555555921cb7 in pcie_unplug_device (bus=<optimized out>,
     dev=0x555557ddcf90, opaque=<optimized out>)
     at /home/qemu/include/hw/qdev-core.h:17
 #19 0x00005555558dc331 in pci_for_each_device_under_bus (
     opaque=<optimized out>, fn=<optimized out>, bus=<optimized out>)
     at ../hw/pci/pci.c:1654

Fixes: c611c76417 ("virtio: add MemoryListener to cache ring translations")
Buglink: https://bugs.launchpad.net/qemu/+bug/1912846
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20210125192505.390554-1-eperezma@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-02-05 08:52:58 -05:00
..
9pfs 9pfs: Convert reclaim list to QSLIST 2021-01-22 18:26:40 +01:00
acpi qapi: Use QAPI_LIST_APPEND in trivial cases 2021-01-28 08:08:45 +01:00
adc hw/adc: Add an ADC module for NPCM7XX 2021-01-12 21:19:02 +00:00
alpha vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
arm hw/arm: Display CPU type in machine description 2021-02-03 10:15:51 +00:00
audio audio/via-ac97: Simplify code and set user_creatable to false 2021-01-04 23:24:44 +01:00
avr vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
block block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
char hw/char/exynos4210_uart: Fix missing call to report ready for input 2021-02-02 17:00:54 +00:00
core virtio: move 'use-disabled-flag' property to hw_compat_4_2 2021-02-05 08:52:58 -05:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris cris: do not use ram_size global 2020-12-10 12:15:07 -05:00
display display/ui: add a callback to indicate GL state is flushed 2021-02-04 15:58:54 +01:00
dma hw/arm/xlnx-versal: Versal SoC requires ZDMA 2021-02-03 10:15:50 +00:00
gpio hw: gpio: implement gpio-pwr driver for qemu reset/poweroff 2021-01-29 10:47:28 +00:00
hppa hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
hyperv qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
i2c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
i386 hw/misc/pvpanic: split-out generic and bus dependent code 2021-01-29 10:47:28 +00:00
ide block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
input Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
intc hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register 2021-02-02 17:00:55 +00:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
isa vt82c686: Rename superio config related parts 2021-01-04 23:24:44 +01:00
lm32 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
m68k hw/m68k/next-cube: Add vmstate for NeXTPC device 2021-01-19 09:11:52 +01:00
mem nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
microblaze vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
mips docs/system: Remove deprecated 'fulong2e' machine alias 2021-01-14 17:13:54 +01:00
misc hw/misc/pvpanic: add PCI interface support 2021-01-29 10:47:28 +00:00
moxie moxie: do not use ram_size global 2020-12-10 12:15:08 -05:00
net net: checksum: Introduce fine control over checksum type 2021-01-25 17:04:56 +08:00
nios2 * New -action option and set-action QMP command (Alejandro) 2020-12-15 21:24:31 +00:00
nubus meson: convert hw/nubus 2020-08-21 06:30:25 -04:00
nvram hw/*: Use type casting for SysBusDevice in NPCM7XX 2021-01-12 21:19:02 +00:00
openrisc target/openrisc: Move pic_cpu code into CPU object proper 2020-12-15 12:04:30 +00:00
pci pci: add romsize property 2021-02-05 08:52:58 -05:00
pci-bridge Kconfig: Compile PXB for ARM_VIRT 2021-01-17 06:42:54 -05:00
pci-host acpi/gpex: Exclude pxb's resources from PCI0 2021-01-17 06:42:54 -05:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
rdma Machine queue, 2020-12-23 2021-01-01 22:57:15 +00:00
riscv riscv: Pass RISCVHartArrayState by pointer 2021-01-16 14:34:46 -08:00
rtc pl031: Use timer_free() in the finalize function to avoid memleaks 2021-01-18 11:51:26 +01:00
rx rx: move BIOS load from MCU to board 2020-12-10 12:15:06 -05:00
s390x Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
scsi block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
sd block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
semihosting semihosting: Implement SYS_ISERROR 2021-01-18 10:05:06 +00:00
sh4 hw: Use the PCI_SLOT() macro from 'hw/pci/pci.h' 2021-01-04 23:24:44 +01:00
smbios i386: do not use ram_size global 2020-12-10 12:15:08 -05:00
sparc sun4m: don't connect two qemu_irqs directly to the same input 2021-01-06 11:41:37 +00:00
sparc64 vl: extract softmmu/datadir.c 2020-12-10 12:15:18 -05:00
ssi hw/ssi: imx_spi: Correct tx and rx fifo endianness 2021-02-02 17:00:55 +00:00
timer arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
tpm tpm: tpm_spapr: Remove unused tracepoint 2021-01-25 20:56:38 -05:00
tricore tricore tcg cpus: Fix Lesser GPL version number 2020-11-15 16:40:30 +01:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb block: Separate blk_is_writable() and blk_supports_write_perm() 2021-01-27 20:45:20 +01:00
vfio ui: add an optional get_flags callback to GraphicHwOps 2021-02-04 15:58:54 +01:00
virtio virtio: Add corresponding memory_listener_unregister to unrealize 2021-02-05 08:52:58 -05:00
watchdog arm: Remove frq properties on CMSDK timer, dualtimer, watchdog, ARMSSE 2021-01-29 15:54:44 +00:00
xen pci: add romsize property 2021-02-05 08:52:58 -05:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa vl: make qemu_get_machine_opts static 2020-12-15 12:51:55 -05:00
Kconfig hw/net/can: ZynqMP CAN device requires PTIMER 2021-02-03 10:15:50 +00:00
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00