ACPI panic
Stefan Farfeleder
stefanf at FreeBSD.org
Mon Nov 26 09:11:26 UTC 2012
On Sun, Nov 25, 2012 at 06:17:37PM +0200, Andriy Gapon wrote:
> @@ -238,6 +240,10 @@ AcpiOsReleaseObject (
> if (Object == Curr) {
> panic("freeing a free object %p", Object);
> }
> + Depth--;
> + if (Depth < 0) {
> + panic("cycle in a cache list");
> + }
> }
> (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
I can easily trigger this panic. At the time of the panic, the cache
list has ~30 entries and somewhere in the middle there's a 2-item cycle
A -> B -> A. I don't think release is called twice on A as your patch
checks that and the cycle is not at the beginning of the loop. So this
means "someone" changes the next pointer while the object is in the
cache.
Stefan
More information about the freebsd-acpi
mailing list