http://bugzilla.kernel.org/show_bug.cgi?id=6550
Summary: acpi_gbl_global_list randomly gets corroputed
Kernel Version: 2.6.16 and later
Status: NEW
Severity: high
Owner: [EMAIL PROTECTED]
Submitter: [EMAIL PROTECTED]
CC: acpi-bugzilla@lists.sourceforge.net
I got a weird random NULL pointer in acpi_ut_find_allocation. My investigation
shows that the acpi_gbl_global_list somehow got corrupted between :
exconfig.c: acpi_ex_load_op: table_ptr = ACPI_MEM_ALLOCATE
(table_header.length);
And
tbinstal.c : acpi_tb_init_table_descriptor: table_desc = ACPI_MEM_CALLOCATE
(sizeof(struct acpi_table_desc));
For example:
The corrupted list had a internal node (dfef1200) with
prev pointer == 0x0 (Wrong)
next pointer == dff09600
And node (dff09600) with
prev pointer == 0x0 (Wrong)
next pointer == 182 (Wrong) XXXX: This cause kernel NULL pointer
panic.
The interesting thing is if the value of table_ptr allocated for the first
SSDT was larger than the successor by 0x200,
then the corresponding node for the first SSDT on the acpi_gbl_global_list
would be corrupted. Otherwise, everything
is just ok. For example, dfe72c00 was allocated for the first SSDT, dfe72a00
was allocated for the second SSDT,
then, I observed the node dfe72c00 corrupted. So, it looks like the execution
of code from
exconfig.c: acpi_ex_load_op: table_ptr = ACPI_MEM_ALLOCATE
(table_header.length);
to
tbinstal.c : acpi_tb_init_table_descriptor: table_desc = ACPI_MEM_CALLOCATE
(sizeof(struct acpi_table_desc));
for the second SSDT unexpectedly changed the node for the first SSDT on the
acpi_gbl_global_list.
But, how? Or there are other tricks?
I will debug further..., and stay tuned.
Thanks,
Luming
ps: The following are the log for the failed and successful boot.
Failed Log
...
acpi_ex_load_op: table_ptr=dff0a228
SSDT located at dff0a228
Parsing all Control Methods:
Table [SSDT](id 0086) - 5 Objects with 0 Devices 3 Methods 0 Regions
table_header.length = 470
acpi_ex_load_op: table_ptr=dff0a028
BUG: unable to handle kernel NULL pointer dereference at virtual address
0000018
6
printing eip:
c0227068
*pde = 00000000
Oops: 0000 [#1]
SMP .
Successful Log
...
table_header.length = 422
acpi_ex_load_op: table_ptr=c1944028
SSDT located at c1944028
Parsing all Control Methods:
Table [SSDT](id 0086) - 5 Objects with 0 Devices 3 Methods 0 Regions
table_header.length = 470
acpi_ex_load_op: table_ptr=c198be28
SSDT located at c198be28
Parsing all Control Methods:
Table [SSDT](id 0087) - 1 Objects with 0 Devices 1 Methods 0 Regions
ACPI: CPU0 (power states: C1[C1] C2[C2])
ACPI: Processor [CPU0] (supports 8 throttling states)
table_header.length = 135
acpi_ex_load_op: table_ptr=dfee67a8
SSDT located at dfee67a8
Parsing all Control Methods:
Table [SSDT](id 008B) - 3 Objects with 0 Devices 3 Methods 0 Regions
table_header.length = 133
acpi_ex_load_op: table_ptr=dfee66a8
SSDT located at dfee66a8
Parsing all Control Methods:
Table [SSDT](id 008C) - 1 Objects with 0 Devices 1 Meth
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
acpi-bugzilla mailing list
acpi-bugzilla@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acpi-bugzilla
