When tcmpset_32 fails to set the contested bit on m_owner, the retry loop re-read the value from m_count instead of m_owner, causing the loop to operate on the wrong field.
Signed-off-by: Warner Losh <[email protected]> --- bsd-user/freebsd/os-thread.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bsd-user/freebsd/os-thread.c b/bsd-user/freebsd/os-thread.c index 9e6055a040..b91e0d32b0 100644 --- a/bsd-user/freebsd/os-thread.c +++ b/bsd-user/freebsd/os-thread.c @@ -978,7 +978,7 @@ abi_long freebsd_lock_umutex(abi_ulong target_addr, uint32_t id, break; } else { - __get_user(owner, &target_umutex->m_count); + __get_user(owner, &target_umutex->m_owner); } } -- 2.52.0
