<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - double free when exporting a temporarily imported semaphore" href="https://bugs.freedesktop.org/show_bug.cgi?id=106643">106643</a> </td> </tr> <tr> <th>Summary</th> <td>double free when exporting a temporarily imported semaphore </td> </tr> <tr> <th>Product</th> <td>Mesa </td> </tr> <tr> <th>Version</th> <td>17.3 </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>Drivers/Vulkan/intel </td> </tr> <tr> <th>Assignee</th> <td>intel-3d-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>cstout@chromium.org </td> </tr> <tr> <th>QA Contact</th> <td>intel-3d-bugs@lists.freedesktop.org </td> </tr> <tr> <th>CC</th> <td>jason@jlekstrand.net </td> </tr></table> <p> <div> <pre>At the bottom of anv_GetSemaphoreFdKHR: /* From the Vulkan 1.0.53 spec: * * "Export operations have the same transference as the specified handle * type’s import operations. [...] If the semaphore was using a * temporarily imported payload, the semaphore’s prior permanent payload * will be restored. */ if (impl == &semaphore->temporary) anv_semaphore_impl_cleanup(device, impl); If this happens, the underlying semaphore resource is released but the semaphore type is not updated to NONE. So, on Destroy, the semaphore resource will be released again. I think instead it should be: anv_semaphore_reset_temporary(device, semaphore);</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>