[Bug 267028] kernel panics when booting with both (zfs,ko or vboxnetflt,ko or acpi_wmi.ko) and amdgpu.ko

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267028

--- Comment #288 from Mark Millard <marklmi26-fbsd@yahoo.com> ---
(In reply to Mark Millard from comment #260)
(In reply to satanist+freebsd from comment #259)

I was mistaken about:

        mod = malloc(sizeof(struct modlist), M_LINKER, M_NOWAIT | M_ZERO);
        if (mod == NULL)
                panic("no memory for module list");
        mod->container = container;
        mod->name = modname;
        mod->version = version;
        TAILQ_INSERT_TAIL(&found_modules, mod, link);
        return (mod);

if something similar to mod == 0xfffff80000000007 resulted:

It appears that an assignment to the likes of
mod->container might well be allowed without a general
protection trap at the time. The actual fault is from
the likes of the strcmp being given
name == 0xe987f000fea5f0 in:

{link = {tqe_next = 0xeef3f000e2c3f0, tqe_prev = 0xff54f000eef3f0}, container =
0x322ff0003287f0, name = 0xe987f000fea5f0 <error: Cannot access memory at
address 0xe987f000fea5f0>, 
  version = 15660016}

from having dereferenced 0xfffff80000000007.

However:

        mod->container = container; // 0x322ff0003287f0
        mod->name = modname;        // 0xe987f000fea5f0
        mod->version = version;     // 0xEEF3F0

does not seem likely for what that code would be assigning.
So it still appears that the mod value from this code is
later replaced with the junk 0xfffff80000000007 .

-- 
You are receiving this mail because:
You are on the CC list for the bug.