Date: Mon, 26 Nov 2012 11:29:55 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: Stefan Farfeleder <stefanf@FreeBSD.org> Cc: freebsd-acpi@FreeBSD.org Subject: Re: ACPI panic Message-ID: <50B33693.2060000@FreeBSD.org> In-Reply-To: <20121126091101.GA1469@mole.fafoe.narf.at> References: <20121120103522.GB2012@mole.fafoe.narf.at> <50AC0A68.8070906@FreeBSD.org> <20121121104840.GA1468@mole.fafoe.narf.at> <20121122081831.GA1483@mole.fafoe.narf.at> <50ADFD75.10709@FreeBSD.org> <50ADFFB2.1000108@FreeBSD.org> <50AE057D.8060808@FreeBSD.org> <20121125140008.GA1497@mole.fafoe.narf.at> <50B244A1.1040800@FreeBSD.org> <20121126091101.GA1469@mole.fafoe.narf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
on 26/11/2012 11:11 Stefan Farfeleder said the following:
> On Sun, Nov 25, 2012 at 06:17:37PM +0200, Andriy Gapon wrote:
>> @@ -238,6 +240,10 @@ AcpiOsReleaseObject (
>> if (Object == Curr) {
>> panic("freeing a free object %p", Object);
>> }
>> + Depth--;
>> + if (Depth < 0) {
>> + panic("cycle in a cache list");
>> + }
>> }
>> (void) AcpiUtReleaseMutex (ACPI_MTX_CACHES);
>
> I can easily trigger this panic. At the time of the panic, the cache
> list has ~30 entries and somewhere in the middle there's a 2-item cycle
> A -> B -> A. I don't think release is called twice on A as your patch
> checks that and the cycle is not at the beginning of the loop. So this
> means "someone" changes the next pointer while the object is in the
> cache.
Very interesting, thank you.
Are you able to get a crash dump?
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B33693.2060000>