Date: Wed, 25 Feb 2009 19:14:38 +0100 From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@freenas.org> To: John Baldwin <jhb@freebsd.org> Cc: freebsd-gnats-submit@freebsd.org, rnoland@freebsd.org, freebsd-amd64@freebsd.org Subject: Re: amd64/132042: drm module crash the system when closing gnome session Message-ID: <3131aa530902251014y6606c3d7pb27b80d734140cd0@mail.gmail.com> In-Reply-To: <200902250919.19779.jhb@freebsd.org> References: <200902240640.n1O6eLg7058706@www.freebsd.org> <200902250919.19779.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear FreeBSD kernel guru, > > > This is drm specific and not amd64-specific. I know, but on the web page http://www.freebsd.org/send-pr.html, the category selection don't propose "drm". Then I choose the category related to the kernel that I'm using. > > Please go to frame 8 and 'p *m'. If the 'mtx_lock' member is 6, then the > mutex is destroyed and it is a use-after-free bug in drm(4). > (kgdb) frame 8 #8 0xffffffff802d47aa in _mtx_lock_sleep (m=0xffffff000348a968, tid=18446742974229954560, opts=Variable "opts" is not available. ) at /usr/src/sys/kern/kern_mutex.c:339 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); (kgdb) p *m $1 = {lock_object = {lo_name = 0xffffffffaf198e0f "DRM IRQ lock", lo_type = 0xffffffffaf198e0f "DRM IRQ lock", lo_flags = 16908288, lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}}, mtx_lock = 6, mtx_recurse = 0} The mtx_lock is 6, as you predicted. Regards, Olivier (reading gnu gdb documentation for understanding what "frame" and "p *m" mean)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3131aa530902251014y6606c3d7pb27b80d734140cd0>