Latest working kernel version:Unknown <2.6.24 Earliest failing kernel version: 2.6.24 Distribution: Bluewhite64 Hardware Environment: Acer 1511 LMi laptop + very old battery (new battery doesn't crash!) Software Environment: /proc, cat Problem Description: When I plug a battery that has nearly no lifetime anymore, the kernel crashes at any filesystem access (tested under 2.6.24), even if the cord is plugged. With 2.6.25-rc4+debug options (especially kmalloc), it doesn't crash anymore, but I got a very bad bug report: ============================================================================= BUG kmalloc-96: Redzone overwritten ----------------------------------------------------------------------------- INFO: 0xffff81004d9c8840-0xffff81004d9c8847. First byte 0x1 instead of 0xcc INFO: Freed in scsi_execute_req+0xa1/0xf0 age=510 cpu=0 pid=3261 INFO: Slab 0xffffe200010fa3c0 used=5 fp=0xffff81004d9c8bd0 flags=0x4a0000000000c3 INFO: Object 0xffff81004d9c87e0 @offset=2016 fp=0x0000000000000002 Bytes b4 0xffff81004d9c87d0: 5d bb fe ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ]»þÿ....ZZZZZZZZ Object 0xffff81004d9c87e0: 04 00 00 00 04 00 00 00 f8 87 9c 4d 00 81 ff ff ........ø..M..ÿÿ Object 0xffff81004d9c87f0: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ Object 0xffff81004d9c8800: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0xffff81004d9c8810: 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 ........ÿÿÿÿ.... Object 0xffff81004d9c8820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0xffff81004d9c8830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Redzone 0xffff81004d9c8840: 01 00 00 00 00 00 00 00 ........ Padding 0xffff81004d9c8880: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ Pid: 3458, comm: cat Not tainted 2.6.25-rc4 #1 Call Trace: [<ffffffff802889c7>] print_trailer+0xe7/0x170 [<ffffffff80288af5>] check_bytes_and_report+0xa5/0xd0 [<ffffffff8039f47a>] ? acpi_battery_get_state+0xe7/0xf8 [<ffffffff80288d85>] check_object+0x65/0x250 [<ffffffff8028a4a3>] __slab_free+0x263/0x370 [<ffffffff8028a738>] kfree+0xb8/0x130 [<ffffffff8039f47a>] ? acpi_battery_get_state+0xe7/0xf8 [<ffffffff8039f47a>] acpi_battery_get_state+0xe7/0xf8 [<ffffffff8039f67b>] acpi_battery_update+0x1f0/0x217 [<ffffffff802541b5>] ? trace_hardirqs_on+0xd5/0x160 [<ffffffff8039f6e6>] acpi_battery_read+0x1b/0x2c [<ffffffff8039f71b>] acpi_battery_read_state+0x11/0x13 [<ffffffff802ab6bc>] seq_read+0x8c/0x2e0 [<ffffffff802ab630>] ? seq_read+0x0/0x2e0 [<ffffffff802ab630>] ? seq_read+0x0/0x2e0 [<ffffffff802d046f>] proc_reg_read+0x7f/0xc0 [<ffffffff8028ead4>] vfs_read+0xc4/0x160 [<ffffffff8028ef70>] sys_read+0x50/0x90 [<ffffffff8020b50b>] system_call_after_swapgs+0x7b/0x80 FIX kmalloc-96: Restoring 0xffff81004d9c8840-0xffff81004d9c8847=0xcc Steps to reproduce: I've never seen this one until this battery got dead (less than 4s of power). I bought a new battery and it is OK, so I suspect battery power calculation to do something wrong. At first, I thought the battery was demanding too much power on the power supply, but since I've seen the kmalloc crash I reported this bug.
I also can reproduce it each time i do: cat /proc/acpi/battery/BAT1/state with this battery.
Will you please attach the output of acpidump? Thanks.
Created attachment 15272 [details] DSDT file for this laptop Here is the dsdt. Please note that this bug is **not** a regression, the crash also occurred with 2.6.24 (and maybe previous kernels, but at that time the battery was OK).
Please check the patch attached to original bug report. *** This bug has been marked as a duplicate of bug 8573 ***
The computer does not crash anymore with 8573 patch. However, I get "bad address" errors: christian@athor:~$ cat /proc/acpi/battery/BAT1/state cat: /proc/acpi/battery/BAT1/state: Bad address That may be the right behaviour, the most important is that now it doesn't crash.
Ok, this is -EFAULT returned.
Created attachment 15274 [details] Don't fail on broken package Please check if adding this patch to the mix helps :)
It works now: christian@athor:~$ cat /proc/acpi/battery/BAT1/state present: yes capacity state: ok charging state: charged present rate: unknown remaining capacity: unknown present voltage: 0 mV christian@athor:~$ cat /proc/acpi/battery/BAT1/info present: yes design capacity: 4400 mAh last full capacity: 65524 mAh battery technology: rechargeable design voltage: 14800 mV design capacity warning: 300 mAh design capacity low: 132 mAh capacity granularity 1: 32 mAh capacity granularity 2: 32 mAh model number: ZP02 serial number: 1 battery type: LION OEM info: SIMPLO The last small detail ;-) is the "last full capacity > design capacity"... but the battery is simply dead so I consider this as normal. However, I would have expected 65536, no -32... funny. Thanks a lot.
Thanks for report and testing :)
This seems like a case of BIOS bug triggering a Linux bug. External (Z005) Name (PBST, Package (0x04) { 0x00, Z005, Z005, 0x2710 }) Z005 is undefined. In the case of a functional battery, the Z005 references in PBST (referenced by _BST) are over-written with the run-time present-rate and remaining-capacity. But in the case of a failing battery, these entries are not over-written, but instead the bogus reference to Z005 is attempted, which confuses Linux.