Nouveau - Dec 2017 - nouveau: refcount_t splat on 4.15-rc1 on nv50

I get these kernel error messages too on 4.15-rc2 (and rc1) with my
MSI GeForce 210.

The messages appear to be benign as X Window and the X nouveau driver 
seem to work fine.

[    8.069341] fb: switching to nouveaufb from VESA VGA
[    8.089848] Console: switching to colour dummy device 80x25
[    8.089983] nouveau 0000:0f:00.0: NVIDIA GT218 (0a8280b1)
[    8.104713] snd_hda_codec_realtek hdaudioC0D0: ALC262: SKU not ready 
0x411111f0
[    8.105125] snd_hda_codec_realtek hdaudioC0D0: autoconfig for ALC262: 
line_outs=1 (0x15/0x0/0x0/0x0/0x0) type:line
[    8.105128] snd_hda_codec_realtek hdaudioC0D0:    speaker_outs=1 
(0x16/0x0/0x0/0x0/0x0)
[    8.105131] snd_hda_codec_realtek hdaudioC0D0:    hp_outs=1 
(0x1b/0x0/0x0/0x0/0x0)
[    8.105133] snd_hda_codec_realtek hdaudioC0D0:    mono: mono_out=0x0
[    8.105135] snd_hda_codec_realtek hdaudioC0D0:    inputs:
[    8.105138] snd_hda_codec_realtek hdaudioC0D0:      Front Mic=0x19
[    8.105140] snd_hda_codec_realtek hdaudioC0D0:      Rear Mic=0x18
[    8.105142] snd_hda_codec_realtek hdaudioC0D0:      Line=0x1a
[    8.115685] input: HDA Intel Front Mic as 
/devices/pci0000:00/0000:00:1b.0/sound/card0/input6
[    8.115722] input: HDA Intel Rear Mic as 
/devices/pci0000:00/0000:00:1b.0/sound/card0/input7
[    8.115754] input: HDA Intel Line as 
/devices/pci0000:00/0000:00:1b.0/sound/card0/input8
[    8.115785] input: HDA Intel Line Out as 
/devices/pci0000:00/0000:00:1b.0/sound/card0/input9
[    8.115813] input: HDA Intel Front Headphone as 
/devices/pci0000:00/0000:00:1b.0/sound/card0/input10
[    8.208559] nouveau 0000:0f:00.0: bios: version 70.18.a6.00.00
[    8.209028] nouveau 0000:0f:00.0: fb: 1024 MiB DDR3
[    8.209046] ------------[ cut here ]------------
[    8.209048] refcount_t: increment on 0; use-after-free.
[    8.209068] WARNING: CPU: 2 PID: 529 at lib/refcount.c:153 
refcount_inc+0x27/0x30
[    8.209070] Modules linked in: wmi_bmof coretemp snd_hda_codec_realtek 
nouveau(+) intel_powerclamp snd_hda_codec_generic mxm_wmi kvm_intel video 
snd_hda_intel ttm kvm snd_hda_codec tg3 irqbypass drm_kms_helper 
snd_hda_core psmouse drm crc32c_intel snd_hwdep libphy evdev agpgart 
snd_pcm i2c_algo_bit intel_cstate fb_sys_fops firewire_ohci serio_raw 
snd_timer syscopyarea sysfillrect firewire_core ptp sysimgblt lpc_ich snd 
pps_core i2c_core soundcore hwmon uhci_hcd wmi button ehci_pci ehci_hcd 
shpchp acpi_cpufreq loop
[    8.209098] CPU: 2 PID: 529 Comm: udevd Tainted: G          I 
4.15.0-rc2-mine #1
[    8.209101] Hardware name: Hewlett-Packard HP Z400 Workstation/0B4Ch, 
BIOS 786G3 v03.60 02/24/2016
[    8.209104] task: 000000003ca190e9 task.stack: 0000000057d30570
[    8.209106] RIP: 0010:refcount_inc+0x27/0x30
[    8.209108] RSP: 0000:ffffbfc5c02a7630 EFLAGS: 00010282
[    8.209110] RAX: 000000000000002b RBX: ffff9c8be6126c80 RCX: 
ffffffffb1439258
[    8.209112] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 
0000000000000246
[    8.209114] RBP: ffff9c8be6126cd0 R08: 0000000000000328 R09: 
0000000000000000
[    8.209116] R10: ffffffffc0417e72 R11: 0720072007200720 R12: 
0000000000000000
[    8.209118] R13: ffff9c8be50a5460 R14: 0000000000000001 R15: 
ffff9c8be50a5440
[    8.209120] FS:  00007f19ee1517c0(0000) GS:ffff9c8befa80000(0000) 
knlGS:0000000000000000
[    8.209122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    8.209124] CR2: 00007f19eccdcb18 CR3: 00000001a5818000 CR4: 
00000000000006e0
[    8.209126] Call Trace:
[    8.209182]  nv50_instobj_acquire+0xb1/0xf0 [nouveau]
[    8.209216]  nvkm_instobj_new+0xe2/0x160 [nouveau]
[    8.209245]  nvkm_memory_new+0x31/0x50 [nouveau]
[    8.209278]  nvkm_mmu_ptc_get.part.4+0x1ae/0x230 [nouveau]
[    8.209311]  nvkm_vmm_iter.constprop.13+0x458/0x790 [nouveau]
[    8.209344]  ? nvkm_vmm_map_choose+0xb0/0xb0 [nouveau]
[    8.209348]  ? kvmalloc_node+0x3e/0x70
[    8.209381]  ? nvkm_vmm_ctor+0x1ce/0x250 [nouveau]
[    8.209413]  nvkm_vmm_ptes_get+0x2e/0x80 [nouveau]
[    8.209446]  nvkm_vmm_boot+0x3e/0x80 [nouveau]
[    8.209475]  nv50_bar_oneinit+0xe8/0x310 [nouveau]
[    8.209504]  nvkm_subdev_init+0x4b/0x1f0 [nouveau]
[    8.209538]  nvkm_device_init+0x12c/0x260 [nouveau]
[    8.209573]  nvkm_udevice_init+0x41/0x60 [nouveau]
[    8.209602]  nvkm_object_init+0x3a/0x180 [nouveau]
[    8.209630]  nvkm_ioctl_new+0x19d/0x260 [nouveau]
[    8.209658]  ? nvkm_client_notify+0x30/0x30 [nouveau]
[    8.209692]  ? nvkm_udevice_rd08+0x20/0x20 [nouveau]
[    8.209720]  nvkm_ioctl+0x100/0x240 [nouveau]
[    8.209747]  nvif_object_init+0xbf/0x110 [nouveau]
[    8.209774]  nvif_device_init+0xe/0x30 [nouveau]
[    8.209808]  nouveau_cli_init+0x1bb/0x560 [nouveau]
[    8.209812]  ? kmem_cache_alloc_trace+0x175/0x1e0
[    8.209846]  nouveau_drm_load+0x56/0x900 [nouveau]
[    8.209865]  drm_dev_register+0x12f/0x1c0 [drm]
[    8.209874]  drm_get_pci_dev+0x93/0x170 [drm]
[    8.209877]  ? __pci_set_master+0x42/0x70
[    8.209911]  nouveau_drm_probe+0x1a9/0x230 [nouveau]
[    8.209915]  ? __pm_runtime_resume+0x54/0x70
[    8.209917]  pci_device_probe+0xc8/0x140
[    8.209921]  driver_probe_device+0x246/0x330
[    8.209924]  __driver_attach+0x8a/0x90
[    8.209926]  ? driver_probe_device+0x330/0x330
[    8.209928]  bus_for_each_dev+0x5c/0x90
[    8.209930]  bus_add_driver+0x196/0x220
[    8.209932]  ? 0xffffffffc05f6000
[    8.209934]  driver_register+0x57/0xc0
[    8.209935]  ? 0xffffffffc05f6000
[    8.209938]  do_one_initcall+0x4b/0x190
[    8.209941]  ? _cond_resched+0x15/0x40
[    8.209943]  ? kmem_cache_alloc_trace+0x103/0x1e0
[    8.209947]  ? do_init_module+0x22/0x201
[    8.209949]  do_init_module+0x5b/0x201
[    8.209951]  load_module+0x242b/0x2b20
[    8.209953]  ? __vfs_read+0xd2/0x140
[    8.209956]  ? SYSC_finit_module+0x90/0xb0
[    8.209958]  SYSC_finit_module+0x90/0xb0
[    8.209961]  entry_SYSCALL_64_fastpath+0x1e/0x81
[    8.209963] RIP: 0033:0x7f19ed6365b9
[    8.209965] RSP: 002b:00007ffc34049688 EFLAGS: 00000246 ORIG_RAX: 
0000000000000139
[    8.209967] RAX: ffffffffffffffda RBX: 00000000017cfe70 RCX: 
00007f19ed6365b9
[    8.209969] RDX: 0000000000000000 RSI: 00007f19ed915285 RDI: 
0000000000000015
[    8.209971] RBP: 00007f19ed915285 R08: 0000000000000000 R09: 
0000000000000000
[    8.209973] R10: 0000000000000015 R11: 0000000000000246 R12: 
0000000000000000
[    8.209975] R13: 00000000017c8c40 R14: 0000000000020000 R15: 
0000000000020000
[    8.209978] Code: 00 00 00 00 e8 ab ff ff ff 84 c0 74 02 f3 c3 80 3d a8 
52 eb 00 00 75 f5 48 c7 c7 20 b2 16 b1 c6 05 98 52 eb 00 01 e8 69 20 9f ff 
<0f> ff c3 66 0f 1f 44 00 00 8b 06 83 f8 ff 74 39 31 c9 39 f8 89
[    8.209998] ---[ end trace d58b8c135ffc0c8a ]---
[    8.252893] ------------[ cut here ]------------
[    8.252898] refcount_t: underflow; use-after-free.


Richard Narron
--