[Bug 103927] [CI][BXT only] igt@* - incomplete timeout/system hang
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Dec 5 07:23:14 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=103927
--- Comment #28 from Stanislav Lisovskiy <stanislav.lisovskiy at intel.com> ---
(In reply to Chris Wilson from comment #27)
> (In reply to Stanislav Lisovskiy from comment #26)
> > (In reply to Chris Wilson from comment #25)
> > > (In reply to Stanislav Lisovskiy from comment #23)
> > > > (In reply to Francesco Balestrieri from comment #22)
> > > > > Stan, did you figure out anything from the latest logs?
> > > >
> > > > There is a NULL pointer deref in do_remove_conflicting_framebuffers
> > > > function:
> > >
> > > That's a known-use-after-free. You can't guarantee that you even see a NULL
> > > pointer as its value depends on what else gets written by a third party.
> >
> > Ok, is there any patch available elsewhere?
>
> Nope, we are hoping for a kasan hit to tell us where the use-after-free
> emanated from.
We could try also poisoning registered_fb[i] somehow to mark and determine when
it was freed.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20181205/8c595659/attachment.html>
More information about the intel-gfx-bugs
mailing list