qemu crashes when doing iotest on virtio-9p filesystem

Qemu crashes when doing avocado-vt test on virtio-9p filesystem.
This bug can be reproduced running https://github.com/autotest/tp-qemu/blob/master/qemu/tests/9p.py with the latest qemu-4.0.0.
The crash stack goes like:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 v9fs_mark_fids_unreclaim (pdu=pdu@entry=0xaaab00046868, path=path@entry=0xffff851e2fa8)
    at hw/9pfs/9p.c:505
#1 0x0000aaaae3585acc in v9fs_unlinkat (opaque=0xaaab00046868) at hw/9pfs/9p.c:2590
#2 0x0000aaaae3811c10 in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>)
    at util/coroutine-ucontext.c:116
#3 0x0000ffffa13ddb20 in ?? () from /lib64/libc.so.6
Backtrace stopped: not enough registers or memory available to unwind further

A segment fault is triggered at hw/9pfs/9p.c line 505

    for (fidp = s->fid_list; fidp; fidp = fidp->next) {
        if (fidp->path.size != path->size) { # fidp is invalid
            continue;
        }

(gdb) p path
$10 = (V9fsPath *) 0xffff851e2fa8
(gdb) p *path
$11 = {size = 21, data = 0xaaaafed6f420 "./9p_test/p2a1/d0/f1"}
(gdb) p *fidp
Cannot access memory at address 0x101010101010101
(gdb) p *pdu
$12 = {size = 19, tag = 54, id = 76 'L', cancelled = 0 '\000', complete = {entries = {
      sqh_first = 0x0, sqh_last = 0xaaab00046870}}, s = 0xaaab000454b8, next = {
    le_next = 0xaaab000467c0, le_prev = 0xaaab00046f88}, idx = 88}
(gdb)

Address Sanitizer shows error and saying that there is a heap-use-after-free on *fidp*.