When `owner` == `mr`, `object_unparent` will crash: object_unparent(mr) -> object_property_del_child(mr, mr) -> object_finalize_child_property(mr, name, mr) -> object_unref(mr) -> object_finalize(mr) -> object_property_del_all(mr) -> object_finalize_child_property(mr, name, mr) -> object_unref(mr) -> fail on g_assert(obj->ref > 0)
Signed-off-by: Joelle van Dyne <[email protected]> --- hw/display/virtio-gpu-virgl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c index 18404be5892..4109ff7932a 100644 --- a/hw/display/virtio-gpu-virgl.c +++ b/hw/display/virtio-gpu-virgl.c @@ -123,7 +123,7 @@ virtio_gpu_virgl_map_resource_blob(VirtIOGPU *g, vmr->g = g; mr = &vmr->mr; - memory_region_init_ram_ptr(mr, OBJECT(mr), "blob", size, data); + memory_region_init_ram_ptr(mr, OBJECT(g), "blob", size, data); memory_region_add_subregion(&b->hostmem, offset, mr); memory_region_set_enabled(mr, true); -- 2.50.1 (Apple Git-155)
