| Summary: | refcount_t: increment on 0; use-after-free. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | S. Gilles <sgilles> | ||||
| Component: | Driver/nouveau | Assignee: | Nouveau Project <nouveau> | ||||
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> | ||||
| Severity: | normal | ||||||
| Priority: | medium | ||||||
| Version: | git | ||||||
| Hardware: | x86-64 (AMD64) | ||||||
| OS: | Linux (All) | ||||||
| Whiteboard: | |||||||
| i915 platform: | i915 features: | ||||||
| Attachments: |
|
||||||
I believe this should be fixed by https://github.com/skeggsb/nouveau/commit/9068f1df2394f0e4ab2b2a28cac06b462fe0a0aa. Could you please try applying it on your kernel (note this is an out-of-tree module, so you’ll need to prefix all the paths with “drivers/gpu/” when applying to the mainline tree) and confirm that it resolves the issue for you? I can confirm that the issue is resolved. Thanks for the quick reply, and my apologies for the noise. No worries! Thanks for testing the graphics stack and reporting the bug, as well as for quickly testing the fix. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 136033 [details] dmesg including trace(s) I'm using current (within 24 hours) versions of libdrm, mesa, and the mainline kernel, with xf86-video-nouveau-1.0.15. This shows up early in dmesg. The driver appears usable afterwards.