On 27/07/16 16:56, Juergen Gross wrote: > I can reproduce a problem in qemu with Xen just by adding and removing a > USB bus. The bus is added via usb_bus_new() in hw/usb/xen-usb.c and > removed later via usb_bus_release(). > > Nothing bad happens until I close an active VNC viewer connected to the > graphical console emulated by the same qemu process. In the log file I > see "*** Error in `/usr/lib/xen/bin/qemu-system-i386': corrupted double- > linked list: 0x000055b236bd56b0 ***" and the qemu process will hang. > > Looking into the sources I suspected a missing > > object_unparent(OBJECT(&usbif->bus)); > > after calling usb_bus_release(&usbif->bus) to be the culprit, but > adding this call didn't help (shouldn't this be called from > usb_bus_release() instead?) > > I suspect something else is missing in qemu for removing a USB bus > without leaking resources, but I couldn't find anything up to now. Does > anyone have an idea what could be wrong?
Okay, problem solved. The bug was completely unrelated to usb_bus_release(). It was just always triggered just after that call. The problem was in Xen backend handling releasing more memory than desired. Patch already sent out. Juergen
