"Serge E. Hallyn" <se...@hallyn.com> writes: Hi Serge,
> Hi, > > a regression test of CVE-2011-1751 (fixed by > 505597e4476a6bc219d0ec1362b760d71cb4fdca) found that when writing 2 to > 0xae08, qemu-system-i386 crashes with > > ERROR:qom/object.c:386:object_finalize: assertion failed: (obj->ref == 0) > > A simple way to reproduce this (in qemu 1.1 or 1.2) is: > > serge@ubuntu:~/qa-regression-testing/scripts$ > ~/src/qemu/i386-softmmu/qemu-system-i386 -usb -monitor stdio -vnc :1 -hda > x.img > QEMU 1.2.50 monitor - type 'help' for more information > (qemu) o 0xae08 2 > ** > ERROR:qom/object.c:386:object_finalize: assertion failed: (obj->ref == 0) > Aborted (core dumped) > > I don't think it's a regression of the CVE, as some added printfs show it is > the usb controller which is being unplugged (dev 1, fn 2, not dev 1 fn 3). > > Bus 0, device 1, function 2: > USB controller: PCI device 8086:7020 > IRQ 11. > BAR4: I/O at 0xc040 [0xc05f]. > id "" > Bus 0, device 1, function 3: > Bridge: PCI device 8086:7113 > IRQ 9. > id "" Thanks, I'll take a look. Regards, Anthony Liguori > > > -serge