Date: Wed, 25 Feb 2009 18:40:03 GMT From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@freenas.org> To: freebsd-amd64@FreeBSD.org Subject: Re: amd64/132042: drm module crash the system when closing gnome session Message-ID: <200902251840.n1PIe36k059704@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR amd64/132042; it has been noted by GNATS. From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@freenas.org> To: John Baldwin <jhb@freebsd.org> Cc: freebsd-amd64@freebsd.org, freebsd-gnats-submit@freebsd.org, rnoland@freebsd.org Subject: Re: amd64/132042: drm module crash the system when closing gnome session Date: Wed, 25 Feb 2009 19:14:38 +0100 --001636458198773a110463c235d4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Dear FreeBSD kernel guru, > > > This is drm specific and not amd64-specific. I know, but on the web page http://www.freebsd.org/send-pr.html, the category selection don't propose "drm". Then I choose the category related to the kernel that I'm using. > > Please go to frame 8 and 'p *m'. If the 'mtx_lock' member is 6, then the > mutex is destroyed and it is a use-after-free bug in drm(4). > (kgdb) frame 8 #8 0xffffffff802d47aa in _mtx_lock_sleep (m=0xffffff000348a968, tid=18446742974229954560, opts=Variable "opts" is not available. ) at /usr/src/sys/kern/kern_mutex.c:339 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); (kgdb) p *m $1 = {lock_object = {lo_name = 0xffffffffaf198e0f "DRM IRQ lock", lo_type = 0xffffffffaf198e0f "DRM IRQ lock", lo_flags = 16908288, lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}}, mtx_lock = 6, mtx_recurse = 0} The mtx_lock is 6, as you predicted. Regards, Olivier (reading gnu gdb documentation for understanding what "frame" and "p *m" mean) --001636458198773a110463c235d4 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div class=3D"gmail_quote"><div>Dear FreeBSD kernel guru,<br>=A0<br></div><= blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 2= 04, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br> <br> This is drm specific and not amd64-specific.</blockquote><div><br>I know, b= ut on the web page <a href=3D"http://www.freebsd.org/send-pr.html">http://w= ww.freebsd.org/send-pr.html</a>, the category selection don't propose &= quot;drm".<br> Then I choose the category related to the kernel that I'm using.<br>=A0= <br></div><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid= rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <br> Please go to frame 8 and 'p *m'. =A0If the 'mtx_lock' membe= r is 6, then the<br> mutex is destroyed and it is a use-after-free bug in drm(4).<br> <font color=3D"#888888"></font></blockquote><div><br>(kgdb) frame 8<br>#8= =A0 0xffffffff802d47aa in _mtx_lock_sleep (m=3D0xffffff000348a968, <br>=A0= =A0=A0 tid=3D18446742974229954560, opts=3DVariable "opts" is not = available.<br> ) at /usr/src/sys/kern/kern_mutex.c:339<br>339=A0=A0=A0 =A0=A0=A0 =A0=A0=A0= =A0=A0=A0 owner =3D (struct thread *)(v & ~MTX_FLAGMASK);<br>(kgdb) p = *m<br>$1 =3D {lock_object =3D {lo_name =3D 0xffffffffaf198e0f "DRM IRQ= lock", <br>=A0=A0=A0 lo_type =3D 0xffffffffaf198e0f "DRM IRQ loc= k", lo_flags =3D 16908288, <br> =A0=A0=A0 lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witnes= s =3D 0x0}}, <br>=A0 mtx_lock =3D 6, mtx_recurse =3D 0}<br><br>The mtx_lock= is 6, as you predicted.<br><br>Regards,<br><br>Olivier<br></div></div>(rea= ding gnu gdb documentation for understanding what "frame" and &qu= ot;p *m" mean)<br> --001636458198773a110463c235d4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902251840.n1PIe36k059704>