bugzilla-daemon at freedesktop.org
2017-Dec-07 11:03 UTC
[Nouveau] [Bug 104161] New: refcount_t: increment on 0; use-after-free.
https://bugs.freedesktop.org/show_bug.cgi?id=104161
Bug ID: 104161
Summary: refcount_t: increment on 0; use-after-free.
Product: xorg
Version: git
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: Driver/nouveau
Assignee: nouveau at lists.freedesktop.org
Reporter: sgilles at math.umd.edu
QA Contact: xorg-team at lists.x.org
Created attachment 136033
--> https://bugs.freedesktop.org/attachment.cgi?id=136033&action=edit
dmesg including trace(s)
I'm using current (within 24 hours) versions of libdrm, mesa, and the
mainline
kernel, with xf86-video-nouveau-1.0.15. This shows up early in dmesg. The
driver appears usable afterwards.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freedesktop.org/archives/nouveau/attachments/20171207/0fabda89/attachment.html>
bugzilla-daemon at freedesktop.org
2017-Dec-07 11:32 UTC
[Nouveau] [Bug 104161] refcount_t: increment on 0; use-after-free.
https://bugs.freedesktop.org/show_bug.cgi?id=104161 --- Comment #1 from Pierre Moreau <pierre.morrow at free.fr> --- I believe this should be fixed by https://github.com/skeggsb/nouveau/commit/9068f1df2394f0e4ab2b2a28cac06b462fe0a0aa. Could you please try applying it on your kernel (note this is an out-of-tree module, so you’ll need to prefix all the paths with “drivers/gpu/” when applying to the mainline tree) and confirm that it resolves the issue for you? -- You are receiving this mail because: You are the assignee for the bug. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20171207/9946df57/attachment.html>
bugzilla-daemon at freedesktop.org
2017-Dec-07 11:48 UTC
[Nouveau] [Bug 104161] refcount_t: increment on 0; use-after-free.
https://bugs.freedesktop.org/show_bug.cgi?id=104161
S. Gilles <sgilles at math.umd.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from S. Gilles <sgilles at math.umd.edu> ---
I can confirm that the issue is resolved. Thanks for the quick reply, and my
apologies for the noise.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freedesktop.org/archives/nouveau/attachments/20171207/7cfd0be7/attachment-0001.html>
bugzilla-daemon at freedesktop.org
2017-Dec-07 11:49 UTC
[Nouveau] [Bug 104161] refcount_t: increment on 0; use-after-free.
https://bugs.freedesktop.org/show_bug.cgi?id=104161 --- Comment #3 from Pierre Moreau <pierre.morrow at free.fr> --- No worries! Thanks for testing the graphics stack and reporting the bug, as well as for quickly testing the fix. -- You are receiving this mail because: You are the assignee for the bug. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20171207/3b02c792/attachment.html>
Apparently Analagous Threads
- [Bug 104340] New: Memory leak with GEM objects
- [Bug 101184] New: [bisected] Panic on boot with GK106
- [RFC] gem: fix "refcount_t: underflow; use-after-free"
- [PATCH AUTOSEL 5.9 34/35] drm/nouveau/gem: fix "refcount_t: underflow; use-after-free"
- [PATCH AUTOSEL 5.8 28/29] drm/nouveau/gem: fix "refcount_t: underflow; use-after-free"