From: Marc-André Lureau <marcandre.lureau@redhat.com>

qbus_create_inplace() creates a new reference in realize(), it must be
released in unrealize().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20180531195119.22021-4-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb/dev-smartcard-reader.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
index 2131e33d27..f7c91230d5 100644
--- a/hw/usb/dev-smartcard-reader.c
+++ b/hw/usb/dev-smartcard-reader.c
@@ -1147,6 +1147,7 @@ static void ccid_unrealize(USBDevice *dev, Error **errp)
     USBCCIDState *s = USB_CCID_DEV(dev);
 
     ccid_bulk_in_clear(s);
+    object_unref(OBJECT(&s->bus));
 }
 
 static void ccid_flush_pending_answers(USBCCIDState *s)
-- 
2.9.3

On 12/06/2018 12:44, Gerd Hoffmann wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
> 
> qbus_create_inplace() creates a new reference in realize(), it must be
> released in unrealize().
> 
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-id: 20180531195119.22021-4-marcandre.lureau@redhat.com
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Nope, that's only happening because patch 3 was wrong---and if we did
keep patch 3, you would have to do it in all devices that produce buses;
not just this one.

Paolo

> ---
>  hw/usb/dev-smartcard-reader.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c
> index 2131e33d27..f7c91230d5 100644
> --- a/hw/usb/dev-smartcard-reader.c
> +++ b/hw/usb/dev-smartcard-reader.c
> @@ -1147,6 +1147,7 @@ static void ccid_unrealize(USBDevice *dev, Error **errp)
>      USBCCIDState *s = USB_CCID_DEV(dev);
>  
>      ccid_bulk_in_clear(s);
> +    object_unref(OBJECT(&s->bus));
>  }
>  
>  static void ccid_flush_pending_answers(USBCCIDState *s)
>