amd64/132042: drm module crash the system when closing gnome
session
Olivier Cochard-Labbé
olivier at freenas.org
Wed Feb 25 10:44:13 PST 2009
Dear FreeBSD kernel guru,
>
>
> This is drm specific and not amd64-specific.
I know, but on the web page http://www.freebsd.org/send-pr.html, the
category selection don't propose "drm".
Then I choose the category related to the kernel that I'm using.
>
> Please go to frame 8 and 'p *m'. If the 'mtx_lock' member is 6, then the
> mutex is destroyed and it is a use-after-free bug in drm(4).
>
(kgdb) frame 8
#8 0xffffffff802d47aa in _mtx_lock_sleep (m=0xffffff000348a968,
tid=18446742974229954560, opts=Variable "opts" is not available.
) at /usr/src/sys/kern/kern_mutex.c:339
339 owner = (struct thread *)(v & ~MTX_FLAGMASK);
(kgdb) p *m
$1 = {lock_object = {lo_name = 0xffffffffaf198e0f "DRM IRQ lock",
lo_type = 0xffffffffaf198e0f "DRM IRQ lock", lo_flags = 16908288,
lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}},
mtx_lock = 6, mtx_recurse = 0}
The mtx_lock is 6, as you predicted.
Regards,
Olivier
(reading gnu gdb documentation for understanding what "frame" and "p *m"
mean)
More information about the freebsd-amd64
mailing list