Bug 13628

Summary: NULL dereference in acpi_get_pci_dev
Product: ACPI Reporter: Daniel Gnoutcheff (daniel)
Component: Config-OtherAssignee: acpi_config-other
Status: CLOSED CODE_FIX    
Severity: high CC: lenb
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.31-rc1 Subsystem:
Regression: Yes Bisected commit-id:
Attachments: dmesg - bootup and BUGs

Description Daniel Gnoutcheff 2009-06-26 15:14:29 UTC
Created attachment 22106 [details]
dmesg - bootup and BUGs

I'm getting a video-related kernel BUG (null dereference) when loading thinkpad_acpi. i915 also seems to trigger the same BUG, and Xorg fails to start (at least when using kernel modesetting). 

This is a Lenovo Thinkpad R61 7733A82.
Last known working version: 2.6.30
First know failing version: 2.6.31-rc1
Distro: Ubuntu 8.04.2 amd64

git bisect says:
1e4cffe78e1decd937c7b78410eec87da6b87954 is first bad commit
commit 1e4cffe78e1decd937c7b78410eec87da6b87954
Author: Alexander Chiang <achiang@hp.com>
Date:   Wed Jun 10 19:56:00 2009 +0000

    ACPI: video: convert to acpi_get_pci_dev
    
    Now that acpi_get_pci_dev is available, let's use it instead of
    acpi_get_physical_pci_device()
    
    Cc: Thomas Renninger <trenn@suse.de>
    Signed-off-by: Alex Chiang <achiang@hp.com>
    Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
    Signed-off-by: Len Brown <len.brown@intel.com>

:040000 040000 0499fac9c0a9b479379f42d120ed72d75b9c2174 ac8c0684bcce4b5ce652338b4435269e531bf600 M	drivers


The BUG in question is included in the attached dmesg log (starting at line 1309). The most useful-looking bits are:
> [    9.510698] BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000018
> [    9.510955] IP: [<ffffffff811567e4>] acpi_get_pci_dev+0xf6/0x142

Playing with objdump suggests that the kernel is crashing at this line in acpi_get_pci_dev (drivers/acpi/pci_root.c):
>               pbus = pdev->subordinate;
pdev, which comes from a pci_get_slot call, does indeed seem to be NULL, hence the BUG.

Hope this helps!
Comment 1 Daniel Gnoutcheff 2009-06-26 16:54:28 UTC
I see this has already been reported in LKML. (Oops.)

http://lkml.org/lkml/2009/6/25/139
http://lkml.org/lkml/2009/6/25/289
Comment 2 Daniel Gnoutcheff 2009-06-26 22:47:41 UTC
Fixed by commit 412af97838828bc6d035a1902c8974f944663da6
Closing.