Bug 10669

Summary: ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)
Product: ACPI Reporter: Rafael J. Wysocki (rjw)
Component: ACPICA-CoreAssignee: Lin Ming (ming.m.lin)
Severity: normal CC: acpi-bugzilla, bunk, lenb, ming.m.lin, vegard.nossum
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.26-rc1 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 10492    
Attachments: proposed patch
proposed patch

Description Rafael J. Wysocki 2008-05-11 12:41:48 UTC
Subject    : ACPI: kmemcheck: Caught 16-bit read from freed memory (f7c12ec6)
Submitter  : "Vegard Nossum" <vegard.nossum@gmail.com>
Date       : 2008-05-06 16:09
References : http://marc.info/?l=linux-acpi&m=121009034825514&w=4
Handled-By : Lin Ming <ming.m.lin@intel.com>

This entry is being used for tracking a regression from 2.6.25.  Please don't
close it until the problem is fixed in the mainline.
Comment 1 Len Brown 2008-05-13 21:39:33 UTC
note that bc7a36ab74e09da7bb63e2477b0740ac992b290e
"ACPICA: Fixes for Unload and DDBHandles"
is reverted from the acpi-test tree until this is root-caused
and resolved.
Comment 2 Lin Ming 2008-05-19 07:13:18 UTC
Created attachment 16198 [details]
proposed patch
Comment 3 Lin Ming 2008-05-19 07:13:19 UTC
Created attachment 16199 [details]
proposed patch
Comment 4 Lin Ming 2008-05-19 07:21:52 UTC
Hi, Vegard

Would you please help to test the patch at comment #3?
Comment 5 Lin Ming 2008-05-19 19:58:07 UTC
add comments for the patch:
It's not safe to access walk_state->op in acpi_ps_get_next_namepath and acpi_ps_get_next_arg since it may have been deleted.

It's safe to refer to current op by walk_state->opcode.
Comment 6 Rafael J. Wysocki 2008-05-20 15:13:38 UTC
Regressions list annotation:
Handled-By : Ming Lin <ming.m.lin@intel.com>
Comment 7 Rafael J. Wysocki 2008-05-20 15:14:09 UTC
Regressions list annotation:
Patch : http://bugzilla.kernel.org/attachment.cgi?id=16199&action=view
Comment 8 Vegard Nossum 2008-05-25 07:42:33 UTC

The patch in comment #3 fixes it for me!

Thanks :-)

Comment 9 Adrian Bunk 2008-06-12 01:23:54 UTC
now as commit 8410565f540db87ca938f56f92780d251e4f157d in Linus' tree