Start VM with 8 multiple-function block devs, hot-removing those block devs by 'device_del ...' would cause qemu abort.
| (qemu) device_del virti0-0-0 | (qemu) ** |ERROR:qom/object.c:389:object_delete: assertion failed: (obj->ref == 0) It's a regression introduced by commit 57c9fafe The whole PCI slot should be removed once. Currently only one func is cleaned in pci_unplug_device(), if you try to remove a single func by monitor cmd. free_qdev() are called for all functions in slot, but unparent_delete() is only called for one function. --- aliguori has a better resolution, better to do it in 1.2 v2: fix warning: too many arguments for format v3: move object_unparent() to acpi_piix_eject_slot() Signed-off-by: Amos Kong <kongjian...@gmail.com> --- hw/acpi_piix4.c | 1 + hw/pci.c | 1 - 2 files changed, 1 insertions(+), 1 deletions(-) diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c index 585da4e..0345490 100644 --- a/hw/acpi_piix4.c +++ b/hw/acpi_piix4.c @@ -299,6 +299,7 @@ static void acpi_piix_eject_slot(PIIX4PMState *s, unsigned slots) if (pc->no_hotplug) { slot_free = false; } else { + object_unparent(OBJECT(dev)); qdev_free(qdev); } } diff --git a/hw/pci.c b/hw/pci.c index b706e69..c1ebdde 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -1527,7 +1527,6 @@ static int pci_unplug_device(DeviceState *qdev) qerror_report(QERR_DEVICE_NO_HOTPLUG, object_get_typename(OBJECT(dev))); return -1; } - object_unparent(OBJECT(dev)); return dev->bus->hotplug(dev->bus->hotplug_qdev, dev, PCI_HOTPLUG_DISABLED); } -- 1.7.1