On Thu, Jun 5, 2014 at 6:18 PM, Michael S. Tsirkin <m...@redhat.com> wrote: > On Thu, Jun 05, 2014 at 05:31:45PM +0200, Stefan Hajnoczi wrote: >> qemu-iotests ./check -qcow2 067 is entering an infinite loop during >> system_reset. This failure is a non-deterministic use-after-free and >> the infinite loop happens maybe 1/3 of the time. > > This patch makes it fail deterministically. > > diff --git a/hw/pci/pci.c b/hw/pci/pci.c > index 22fe5ee..6815fad 100644 > --- a/hw/pci/pci.c > +++ b/hw/pci/pci.c > @@ -790,6 +790,7 @@ static void pci_config_alloc(PCIDevice *pci_dev) > static void pci_config_free(PCIDevice *pci_dev) > { > g_free(pci_dev->config); > + pci_dev->config = NULL; > g_free(pci_dev->cmask); > g_free(pci_dev->wmask); > g_free(pci_dev->w1cmask);
Thanks for the patch, I bisected the use-after-free to this commit: commit 5c21ce77d7e5643089ceec556c0408445d017f32 Author: Bandan Das <b...@redhat.com> Date: Wed Mar 12 21:02:12 2014 +0100 qdev: Realize buses on device realization Integrate (un)realization of child buses with realization/unrealization of the device hosting them. Code in device_unparent() is reordered for unrealization of buses to work as part of device unrealization. That way no changes need to be made to bus instantiation. Signed-off-by: Bandan Das <b...@redhat.com> Signed-off-by: Andreas Färber <afaer...@suse.de> Stefan