ACPI: Subsystem revision 20031205 tbget-0291: *** Info: Table [DSDT] replaced by host OS tbxface-0117 [03] acpi_load_tables : ACPI Tables successfully acquired Parsing all Control Methods:.................................................... Table [DSDT](id F004) - 1098 Objects with 52 Devices 332 Methods 18 Regions ACPI Namespace successfully loaded at root c04c839c ACPI: IRQ9 SCI: Edge set to Level Trigger. evxfevnt-0093 [04] acpi_enable : Transition to ACPI mode successful evgpeblk-0747 [06] ev_create_gpe_block : GPE 00 to 15 [_GPE] 2 regs at 0000009 Completing Region/Field/Buffer/Package initialization:.......................... Initialized 14/18 Regions 81/81 Fields 46/46 Buffers 27/27 Packages (1106 nodes) Executing all Device _STA and_INI methods:.....................................1 [ACPI Debug] String: 2222222 [ACPI Debug] String: sizeof refof SXX0 [ACPI Debug] Integer: 0000000000000006 [ACPI Debug] String: SXX5 [ACPI Debug] String: sizeof arg0 [ACPI Debug] Integer: 0000000000000006 [ACPI Debug] String: sizeof refof arg0 Unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: c01f6833 *pde = 00000000 Oops: 0000 [#1] CPU: 0 EIP: 0060:[<c01f6833>] Not tainted EFLAGS: 00010246 EIP is at acpi_ex_resolve_multiple+0x1e7/0x258 eax: 00000071 ebx: 00000000 ecx: c12bbb70 edx: c12bbb84 esi: cfe1c628 edi: cfe1c628 ebp: c12bbbb8 esp: c12bbb84 ds: 007b es: 007b ss: 0068 Process swapper (pid: 1, threadinfo=c12ba000 task=c12b98c0) Stack: 00000080 c0341556 c03414f1 00200000 00000000 cfe22028 cfe221e0 00000000 c01f8f25 cfe22028 cfe1c628 c12bbbbc c12bbbb8 c12bbbcc c0351740 00000000 00000080 c0341751 c034170f c0341e59 00000000 cfe22028 c12e35e8 c12e5348 Call Trace: [<c01f8f25>] acpi_ex_opcode_1A_0T_1R+0x3a7/0x4be [<c01eda82>] acpi_ds_exec_end_op+0x424/0x452 [<c020564a>] acpi_ps_parse_loop+0x41e/0xa9a [<c020e1df>] acpi_ut_status_exit+0x33/0x56 [<c01ee264>] acpi_ds_call_control_method+0x1e6/0x26c [<c01f07f3>] acpi_ds_get_current_walk_state+0x3f/0x4a [<c0205f18>] acpi_ps_parse_aml+0x252/0x276 [<c0206b07>] acpi_psx_execute+0x23b/0x290 [<c0201d53>] acpi_ns_execute_control_method+0xbb/0x106 [<c0201c3c>] acpi_ns_evaluate_by_handle+0xd4/0x130 [<c02019d4>] acpi_ns_evaluate_relative+0x154/0x1a0 [<c01deac2>] __delay+0x12/0x20 [<c0241562>] serial8250_console_write+0x162/0x270 [<c020e442>] acpi_ut_evaluate_object+0x42/0x1a6 [<c020e997>] acpi_ut_execute_STA+0x49/0xc2 [<c0203bdd>] acpi_ns_init_one_device+0x9f/0x1ce
The panic is caused by below test case: Name (SXX0, Buffer(6) {1,2,3,4,5,6}) Method (SXX5, 2, NotSerialized) { Store("sizeof arg0", Debug) Store(sizeof(Arg0), Debug) Store("sizeof refof arg0",Debug) Store(sizeof(refof(Arg0)),Debug) If (LLESS(Arg1, sizeof(Arg0))) { CreateByteField(Arg0, Arg1, SX20) store("store sx20", Debug) Store(SX20, Debug) } } Method (_STA, 0, NotSerialized) { /* Store ("sizeof SXX0", Debug) Store (sizeof(SXX0), Debug) */ Store ("sizeof refof SXX0", Debug) Store (sizeof(refof(SXX0)), Debug) Store ("SXX5", Debug) SXX5 (SXX0, 2) }
Created attachment 1768 [details] a patch for solving panic Maybe the more important thing is to fix bug which break evluate sizeof object passed through arguments.
the problem is solved. please reference bug 1799