On 14/10/2019 17:09, Borislav Petkov wrote:
On Mon, Oct 14, 2019 at 04:18:49PM +0100, John Garry wrote:
Hi guys,
I'm experimenting by trying to boot an allmodconfig arm64 kernel, as
mentioned here:
https://lore.kernel.org/linux-arm-kernel/507325a3-030e-2843-0f46-7e18c6025...@huawei.com/
One thing that I noticed - it's hard to miss actually - is the amount of
complaining from KASAN about the EDAC/ghes code. Maybe this is something I
should not care about/red herring, or maybe something genuine. Let me know
what you think.
The kernel is v5.4-rc3, and I raised the EDAC mc debug level to get extra
debug prints.
Log below, Thanks,
John
Log snippet (I cut off after the first KASAN warning):
[ 70.471011][ T1] random: get_random_u32 called from new_slab+0x360/0x698
with crng_init=0
[ 70.478671][ T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR
[0x94110034/64/0/3/0]
[ 70.526585][ T1] EDAC DEBUG: edac_mc_alloc: allocating 3524 bytes for mci
data (32 dimms, 32 csrows/channels)
[ 70.542013][ T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4
size = 16384 MB(ECC)
[ 70.551044][ T1] EDAC DEBUG: ghes_edac_dmidecode: type 26, detail
0x2080, width 72(total 64)
[ 70.559986][ T1] EDAC DEBUG: edac_mc_add_mc_with_groups:
[ 70.567082][ T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0
created
[ 70.575608][ T1] EDAC DEBUG: edac_create_dimm_object: device dimm2
created at location memory 2
[ 70.585818][ T1] EDAC DEBUG: edac_create_csrow_object: device csrow2
created
[ 70.594110][ T1] EDAC MC0: Giving out device to module ghes_edac.c
controller ghes_edac: DEV ghes (INTERRUPT)
[ 70.605936][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.611188][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device:
[ 70.619443][ T1] random: get_random_u32 called from
kobject_put+0x8c/0x190 with crng_init=0
[ 70.628163][ T1] kobject: 'csrow2' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 750)
[ 70.638477][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering
device dimm2
[ 70.647903][ T1] kobject: 'dimm2' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 250)
[ 70.658105][ T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV
ghes
[ 70.665673][ T1] EDAC DEBUG: edac_mc_free:
[ 70.670211][ T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device
mc0
[ 70.679027][ T1] kobject: 'mc0' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 500)
[ 70.690987][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.695769][ T1] EDAC DEBUG: edac_mc_free:
[ 70.700412][ T1] ------------[ cut here ]------------
[ 70.705832][ T1] ODEBUG: free active (active state 0) object type:
timer_list hint: delayed_work_timer_fn+0x0/0x48
[ 70.716663][ T1] WARNING: CPU: 50 PID: 1 at lib/debugobjects.c:484
debug_print_object+0xec/0x130
If I am parsing these unwrapped messages correctly (btw, pls use another
mail client for pasting log lines - thunderbird is usually ok but I
guess you need to configure it properly
Maybe you can receive the cutdown log attachment while I figure out how
to do that...
), that must be some workqueue
object of sorts.
Now, ghes_edac doesn't init the workqueue:
[ 70.594110][ T1] EDAC MC0: Giving out device to module ghes_edac.c
controller ghes_edac: DEV ghes (INTERRUPT)
as it is in interrupt mode.
So the only other workqueue I see is that "delayed XXX" stuff which is in
kobject_release().
AFAICT.
Do you have CONFIG_DEBUG_KOBJECT_RELEASE enabled and if so, does the
warning go away if you disable it?
Yes, it's enabled with allmodconfig, but no, it does not go away with
disabling (see log #2).
Cheers,
John
Thx.
t!
[ 69.915028][ T1] debugfs: File '\_SB_.MB5D' in directory 'domains'
already present!
[ 70.055740][ T1] shpchp: Standard Hot Plug PCI Controller Driver version:
0.4
[ 70.106050][ T1] gbefb: couldn't reserve mmio region
[ 70.111495][ T1] gbefb: probe of gbefb.0 failed with error -16
[ 70.122848][ T2] _warn_unseeded_randomness: 103 callbacks suppressed
[ 70.122867][ T2] random: get_random_u64 called from
copy_process+0x444/0x2bf0 with crng_init=0
[ 70.161416][ T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR
[0x94110034/64/0/3/0]
[ 70.171690][ T1] EDAC DEBUG: edac_mc_alloc: allocating 3332 bytes for mci
data (32 dimms, 32 csrows/channels)
[ 70.186961][ T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4
size = 16384 MB(ECC)
[ 70.195905][ T1] EDAC DEBUG: ghes_edac_dmidecode: type 26, detail
0x2080, width 72(total 64)
[ 70.204856][ T1] EDAC DEBUG: edac_mc_add_mc_with_groups:
[ 70.211902][ T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0
created
[ 70.220567][ T1] EDAC DEBUG: edac_create_dimm_object: device dimm2
created at location memory 2
[ 70.230772][ T1] EDAC DEBUG: edac_create_csrow_object: device csrow2
created
[ 70.239012][ T1] EDAC MC0: Giving out device to module ghes_edac.c
controller ghes_edac: DEV ghes (INTERRUPT)
[ 70.250886][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.256169][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device:
[ 70.264999][ T1] EDAC DEBUG: csrow_attr_release: device csrow2 released
[ 70.272080][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering
device dimm2
[ 70.281573][ T1] EDAC DEBUG: dimm_attr_release: device dimm2 released
[ 70.288461][ T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV
ghes
[ 70.296035][ T1] EDAC DEBUG: edac_mc_free:
[ 70.300580][ T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device
mc0
[ 70.309379][ T1] EDAC DEBUG: mci_attr_release: device mc0 released
[ 70.318165][ T1]
==================================================================
[ 70.326165][ T1] BUG: KASAN: use-after-free in
ghes_edac_unregister+0x28/0x70
[ 70.333575][ T1] Read of size 8 at addr ffff002323ca9b1c by task
swapper/0/1
[ 70.340894][ T1]
[ 70.343099][ T1] CPU: 57 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc3+
#1147
[ 70.350421][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 70.359652][ T1] Call trace:
[ 70.362811][ T1] dump_backtrace+0x0/0x298
[ 70.367183][ T1] show_stack+0x20/0x30
[ 70.371209][ T1] dump_stack+0x190/0x21c
[ 70.375410][ T1] print_address_description.isra.6+0x80/0x3d0
[ 70.381431][ T1] __kasan_report+0x174/0x23c
[ 70.385977][ T1] kasan_report+0xc/0x18
[ 70.390088][ T1] __asan_load8+0xa4/0xb0
[ 70.394286][ T1] ghes_edac_unregister+0x28/0x70
[ 70.399181][ T1] ghes_remove+0x274/0x2a0
[ 70.403468][ T1] platform_drv_remove+0x44/0x78
[ 70.408273][ T1] really_probe+0x404/0x840
[ 70.412644][ T1] driver_probe_device+0x190/0x1f0
[ 70.417623][ T1] device_driver_attach+0x7c/0xb0
[ 70.422515][ T1] __driver_attach+0x1b8/0x1d0
[ 70.427148][ T1] bus_for_each_dev+0xf8/0x190
[ 70.431779][ T1] driver_attach+0x34/0x40
[ 70.436062][ T1] bus_add_driver+0x1d8/0x340
[ 70.440607][ T1] driver_register+0x168/0x1e8
[ 70.445239][ T1] __platform_driver_register+0x80/0x90
[ 70.450656][ T1] ghes_init+0xc4/0x174
[ 70.454680][ T1] do_one_initcall+0x328/0x788
[ 70.459314][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 70.464381][ T1] kernel_init+0x18/0x178
[ 70.468578][ T1] ret_from_fork+0x10/0x18
[ 70.472859][ T1]
[ 70.475058][ T1] Allocated by task 1:
[ 70.478996][ T1] save_stack+0x28/0xb0
[ 70.483021][ T1] __kasan_kmalloc.isra.9+0xa0/0xc8
[ 70.488087][ T1] kasan_kmalloc+0xc/0x18
[ 70.492284][ T1] __kmalloc+0x2d0/0x338
[ 70.496397][ T1] edac_mc_alloc+0xaa8/0xb18
[ 70.500856][ T1] ghes_edac_register+0x164/0x398
[ 70.505748][ T1] ghes_probe+0x648/0x6d8
[ 70.509946][ T1] platform_drv_probe+0x8c/0x110
[ 70.514751][ T1] really_probe+0x32c/0x840
[ 70.519122][ T1] driver_probe_device+0x190/0x1f0
[ 70.524100][ T1] device_driver_attach+0x7c/0xb0
[ 70.528992][ T1] __driver_attach+0x1b8/0x1d0
[ 70.533624][ T1] bus_for_each_dev+0xf8/0x190
[ 70.538255][ T1] driver_attach+0x34/0x40
[ 70.542539][ T1] bus_add_driver+0x1d8/0x340
[ 70.547083][ T1] driver_register+0x168/0x1e8
[ 70.551715][ T1] __platform_driver_register+0x80/0x90
[ 70.557127][ T1] ghes_init+0xc4/0x174
[ 70.561151][ T1] do_one_initcall+0x328/0x788
[ 70.565784][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 70.570850][ T1] kernel_init+0x18/0x178
[ 70.575047][ T1] ret_from_fork+0x10/0x18
[ 70.579327][ T1]
[ 70.581525][ T1] Freed by task 1:
[ 70.585115][ T1] save_stack+0x28/0xb0
[ 70.589139][ T1] __kasan_slab_free+0x140/0x170
[ 70.593945][ T1] kasan_slab_free+0x10/0x18
[ 70.598405][ T1] slab_free_freelist_hook+0x19c/0x228
[ 70.603730][ T1] kfree+0x264/0x420
[ 70.607494][ T1] mci_attr_release+0x74/0x80
[ 70.612040][ T1] device_release+0xa4/0x108
[ 70.616499][ T1] kobject_put+0x250/0x2c0
[ 70.620784][ T1] device_unregister+0x88/0x98
[ 70.625415][ T1] edac_unregister_sysfs+0x78/0x88
[ 70.630395][ T1] edac_mc_free+0x78/0x88
[ 70.634592][ T1] ghes_edac_unregister+0x44/0x70
[ 70.639485][ T1] ghes_remove+0x274/0x2a0
[ 70.643769][ T1] platform_drv_remove+0x44/0x78
[ 70.648574][ T1] really_probe+0x404/0x840
[ 70.652944][ T1] driver_probe_device+0x190/0x1f0
[ 70.657924][ T1] device_driver_attach+0x7c/0xb0
[ 70.662815][ T1] __driver_attach+0x1b8/0x1d0
[ 70.667447][ T1] bus_for_each_dev+0xf8/0x190
[ 70.672078][ T1] driver_attach+0x34/0x40
[ 70.676361][ T1] bus_add_driver+0x1d8/0x340
[ 70.680906][ T1] driver_register+0x168/0x1e8
[ 70.685539][ T1] __platform_driver_register+0x80/0x90
[ 70.690951][ T1] ghes_init+0xc4/0x174
[ 70.694975][ T1] do_one_initcall+0x328/0x788
[ 70.699607][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 70.704673][ T1] kernel_init+0x18/0x178
[ 70.708870][ T1] ret_from_fork+0x10/0x18
[ 70.713151][ T1]
[ 70.715352][ T1] The buggy address belongs to the object at
ffff002323ca9000
[ 70.715352][ T1] which belongs to the cache kmalloc-4k of size 4096
[ 70.729272][ T1] The buggy address is located 2844 bytes inside of
[ 70.729272][ T1] 4096-byte region [ffff002323ca9000, ffff002323caa000)
[ 70.742582][ T1] The buggy address belongs to the page:
[ 70.748083][ T1] page:fffffe008c6f2a00 refcount:1 mapcount:0
mapping:ffff0020bfc17080 index:0x0 compound_mapcount: 0
[ 70.758886][ T1] flags: 0x1ffff00000010200(slab|head)
[ 70.764217][ T1] raw: 1ffff00000010200 fffffe008c6f2408 fffffe008c6f2808
ffff0020bfc17080
[ 70.772671][ T1] raw: 0000000000000000 0000000000020002 00000001ffffffff
0000000000000000
[ 70.781119][ T1] page dumped because: kasan: bad access detected
[ 70.787397][ T1]
[ 70.789595][ T1] Memory state around the buggy address:
[ 70.795096][ T1] ffff002323ca9a00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 70.803027][ T1] ffff002323ca9a80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 70.810957][ T1] >ffff002323ca9b00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 70.818884][ T1] ^
[ 70.823603][ T1] ffff002323ca9b80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 70.831534][ T1] ffff002323ca9c00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 70.839461][ T1]
==================================================================
[ 70.847388][ T1] Disabling lock debugging due to kernel taint
[ 70.853571][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.858302][ T1] EDAC DEBUG: edac_mc_free:
[ 70.862829][ T1]
==================================================================
[ 70.870751][ T1] BUG: KASAN: double-free or invalid-free in
kfree+0x264/0x420
[ 70.878142][ T1]
[ 70.880331][ T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B
5.4.0-rc3+ #1147
[ 70.888939][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 70.898154][ T1] Call trace:
[ 70.901296][ T1] dump_backtrace+0x0/0x298
[ 70.905651][ T1] show_stack+0x20/0x30
[ 70.909660][ T1] dump_stack+0x190/0x21c
[ 70.913844][ T1] print_address_description.isra.6+0x80/0x3d0
[ 70.919850][ T1] kasan_report_invalid_free+0x78/0xa0
[ 70.925161][ T1] __kasan_slab_free+0xbc/0x170
[ 70.929864][ T1] kasan_slab_free+0x10/0x18
[ 70.934306][ T1] slab_free_freelist_hook+0x19c/0x228
[ 70.939616][ T1] kfree+0x264/0x420
[ 70.943365][ T1] _edac_mc_free+0x6c/0x210
[ 70.947721][ T1] edac_mc_free+0x68/0x88
[ 70.951903][ T1] ghes_edac_unregister+0x44/0x70
[ 70.956782][ T1] ghes_remove+0x274/0x2a0
[ 70.961052][ T1] platform_drv_remove+0x44/0x78
[ 70.965841][ T1] really_probe+0x404/0x840
[ 70.970196][ T1] driver_probe_device+0x190/0x1f0
[ 70.975159][ T1] device_driver_attach+0x7c/0xb0
[ 70.980035][ T1] __driver_attach+0x1b8/0x1d0
[ 70.984652][ T1] bus_for_each_dev+0xf8/0x190
[ 70.989267][ T1] driver_attach+0x34/0x40
[ 70.993535][ T1] bus_add_driver+0x1d8/0x340
[ 70.998063][ T1] driver_register+0x168/0x1e8
[ 71.002680][ T1] __platform_driver_register+0x80/0x90
[ 71.008078][ T1] ghes_init+0xc4/0x174
[ 71.012086][ T1] do_one_initcall+0x328/0x788
[ 71.016704][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.021754][ T1] kernel_init+0x18/0x178
[ 71.025936][ T1] ret_from_fork+0x10/0x18
[ 71.030202][ T1]
[ 71.032385][ T1] Allocated by task 1:
[ 71.036308][ T1] save_stack+0x28/0xb0
[ 71.040317][ T1] __kasan_kmalloc.isra.9+0xa0/0xc8
[ 71.045367][ T1] kasan_kmalloc+0xc/0x18
[ 71.049549][ T1] kmem_cache_alloc_trace+0x2a0/0x2e8
[ 71.054773][ T1] edac_mc_alloc+0x7c4/0xb18
[ 71.059216][ T1] ghes_edac_register+0x164/0x398
[ 71.064093][ T1] ghes_probe+0x648/0x6d8
[ 71.068275][ T1] platform_drv_probe+0x8c/0x110
[ 71.073064][ T1] really_probe+0x32c/0x840
[ 71.077419][ T1] driver_probe_device+0x190/0x1f0
[ 71.082381][ T1] device_driver_attach+0x7c/0xb0
[ 71.087257][ T1] __driver_attach+0x1b8/0x1d0
[ 71.091874][ T1] bus_for_each_dev+0xf8/0x190
[ 71.096489][ T1] driver_attach+0x34/0x40
[ 71.100757][ T1] bus_add_driver+0x1d8/0x340
[ 71.105286][ T1] driver_register+0x168/0x1e8
[ 71.109902][ T1] __platform_driver_register+0x80/0x90
[ 71.115299][ T1] ghes_init+0xc4/0x174
[ 71.119307][ T1] do_one_initcall+0x328/0x788
[ 71.123923][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.128973][ T1] kernel_init+0x18/0x178
[ 71.133155][ T1] ret_from_fork+0x10/0x18
[ 71.137420][ T1]
[ 71.139603][ T1] Freed by task 1:
[ 71.143178][ T1] save_stack+0x28/0xb0
[ 71.147186][ T1] __kasan_slab_free+0x140/0x170
[ 71.151976][ T1] kasan_slab_free+0x10/0x18
[ 71.156418][ T1] slab_free_freelist_hook+0x19c/0x228
[ 71.161728][ T1] kfree+0x264/0x420
[ 71.165477][ T1] dimm_attr_release+0x78/0x88
[ 71.170093][ T1] device_release+0xa4/0x108
[ 71.174536][ T1] kobject_put+0x250/0x2c0
[ 71.178805][ T1] device_unregister+0x88/0x98
[ 71.183421][ T1] edac_remove_sysfs_mci_device+0x20c/0x248
[ 71.189166][ T1] edac_mc_del_mc+0xec/0x158
[ 71.193609][ T1] ghes_edac_unregister+0x3c/0x70
[ 71.198486][ T1] ghes_remove+0x274/0x2a0
[ 71.202755][ T1] platform_drv_remove+0x44/0x78
[ 71.207543][ T1] really_probe+0x404/0x840
[ 71.211899][ T1] driver_probe_device+0x190/0x1f0
[ 71.216861][ T1] device_driver_attach+0x7c/0xb0
[ 71.221737][ T1] __driver_attach+0x1b8/0x1d0
[ 71.226354][ T1] bus_for_each_dev+0xf8/0x190
[ 71.230969][ T1] driver_attach+0x34/0x40
[ 71.235237][ T1] bus_add_driver+0x1d8/0x340
[ 71.239766][ T1] driver_register+0x168/0x1e8
[ 71.244382][ T1] __platform_driver_register+0x80/0x90
[ 71.249778][ T1] ghes_init+0xc4/0x174
[ 71.253787][ T1] do_one_initcall+0x328/0x788
[ 71.258403][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.263453][ T1] kernel_init+0x18/0x178
[ 71.267635][ T1] ret_from_fork+0x10/0x18
[ 71.271900][ T1]
[ 71.274085][ T1] The buggy address belongs to the object at
ffff002323ce2000
[ 71.274085][ T1] which belongs to the cache kmalloc-2k of size 2048
[ 71.287989][ T1] The buggy address is located 0 bytes inside of
[ 71.287989][ T1] 2048-byte region [ffff002323ce2000, ffff002323ce2800)
[ 71.301022][ T1] The buggy address belongs to the page:
[ 71.306508][ T1] page:fffffe008c6f3800 refcount:1 mapcount:0
mapping:ffff0020bfc10c80 index:0x0 compound_mapcount: 0
[ 71.317291][ T1] flags: 0x1ffff00000010200(slab|head)
[ 71.322606][ T1] raw: 1ffff00000010200 fffffe008c6f3608 fffffe008c6f3a08
ffff0020bfc10c80
[ 71.331044][ T1] raw: 0000000000000000 0000000000050005 00000001ffffffff
0000000000000000
[ 71.339477][ T1] page dumped because: kasan: bad access detected
[ 71.345738][ T1]
[ 71.347920][ T1] Memory state around the buggy address:
[ 71.353405][ T1] ffff002323ce1f00: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.361319][ T1] ffff002323ce1f80: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.369234][ T1] >ffff002323ce2000: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.377145][ T1] ^
[ 71.381066][ T1] ffff002323ce2080: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.388981][ T1] ffff002323ce2100: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.396892][ T1]
==================================================================
[ 70.234085][ T1] gbefb: probe of gbefb.0 failed with error -16
[ 70.249643][ T1] kobject: 'wakeup' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 750)
[ 70.260091][ T1] kobject: 'wakeup63' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 750)
[ 70.268834][ T1] kobject: 'wakeup' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 500)
[ 70.268879][ T1] kobject: 'wakeup64' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 250)
[ 70.296399][ T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR
[0x94110034/64/0/3/0]
[ 70.306670][ T1] EDAC DEBUG: edac_mc_alloc: allocating 3524 bytes for mci
data (32 dimms, 32 csrows/channels)
[ 70.322002][ T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4
size = 16384 MB(ECC)
[ 70.330897][ T1] EDAC DEBUG: ghes_edac_dmidecode: type 26, detail
0x2080, width 72(total 64)
[ 70.339844][ T1] EDAC DEBUG: edac_mc_add_mc_with_groups:
[ 70.346860][ T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0
created
[ 70.355347][ T1] EDAC DEBUG: edac_create_dimm_object: device dimm2
created at location memory 2
[ 70.365595][ T1] EDAC DEBUG: edac_create_csrow_object: device csrow2
created
[ 70.373817][ T1] EDAC MC0: Giving out device to module ghes_edac.c
controller ghes_edac: DEV ghes (INTERRUPT)
[ 70.385243][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.390527][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device:
[ 70.398823][ T1] _warn_unseeded_randomness: 49 callbacks suppressed
[ 70.398845][ T1] random: get_random_u32 called from
kobject_put+0x8c/0x190 with crng_init=0
[ 70.414150][ T1] kobject: 'csrow2' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 500)
[ 70.424461][ T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering
device dimm2
[ 70.433873][ T1] kobject: 'dimm2' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 750)
[ 70.444066][ T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV
ghes
[ 70.451689][ T1] EDAC DEBUG: edac_mc_free:
[ 70.456229][ T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device
mc0
[ 70.465009][ T1] kobject: 'mc0' ((____ptrval____)): kobject_release,
parent (____ptrval____) (delayed 500)
[ 70.475868][ T1] random: get_random_u32 called from new_slab+0x360/0x698
with crng_init=0
[ 70.485594][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 70.490369][ T1] EDAC DEBUG: edac_mc_free:
[ 70.495532][ T1] ------------[ cut here ]------------
[ 70.500956][ T1] ODEBUG: free active (active state 0) object type:
timer_list hint: delayed_work_timer_fn+0x0/0x48
[ 70.511845][ T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484
debug_print_object+0xec/0x130
[ 70.520900][ T1] Modules linked in:
[ 70.524671][ T1] CPU: 51 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc3+
#1146
[ 70.531991][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 70.541221][ T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[ 70.541246][ T1] pc : debug_print_object+0xec/0x130
[ 70.551881][ T1] lr : debug_print_object+0xec/0x130
[ 70.551890][ T1] sp : ffff0020bf2c7740
[ 70.551899][ T1] x29: ffff0020bf2c7740 x28: ffff002324575000
[ 70.551914][ T1] x27: ffff002324575090 x26: ffffa00017543de0
[ 70.551929][ T1] x25: ffffa000101cd558 x24: ffffa00012051fc0
[ 70.551952][ T1] x23: ffffa000150d2200 x22: ffffa000120523a0
[ 70.561099][ T1] x21: ffffa00012051640 x20: 0000000000000000
[ 70.561116][ T1] x19: ffffa00015019000 x18: 0000000000000000
[ 70.561131][ T1] x17: 0000000000000000 x16: 00000000000026b0
[ 70.561145][ T1] x15: 0000000000000000 x14: 6e6968207473696c
[ 70.561160][ T1] x13: 5f72656d6974203a x12: 1fffe00417e58e5a
[ 70.573187][ T1] x11: ffff800417e58e5a x10: dfffa00000000000
[ 70.585213][ T1] x9 : ffff800417e58e5b x8 : 0000000000000001
[ 70.585228][ T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b
[ 70.585243][ T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058
[ 70.585258][ T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0
[ 70.585273][ T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000
[ 70.597298][ T1] Call trace:
[ 70.597312][ T1] debug_print_object+0xec/0x130
[ 70.597325][ T1] __debug_check_no_obj_freed+0x114/0x290
[ 70.597337][ T1] debug_check_no_obj_freed+0x18/0x28
[ 70.597349][ T1] slab_free_freelist_hook+0x18c/0x228
[ 70.597359][ T1] kfree+0x264/0x420
[ 70.597376][ T1] _edac_mc_free+0x6c/0x210
[ 70.609382][ T1] edac_mc_free+0x68/0x88
[ 70.609396][ T1] ghes_edac_unregister+0x44/0x70
[ 70.609410][ T1] ghes_remove+0x274/0x2a0
[ 70.609424][ T1] platform_drv_remove+0x44/0x78
[ 70.609434][ T1] really_probe+0x404/0x840
[ 70.609445][ T1] driver_probe_device+0x190/0x1f0
[ 70.609456][ T1] device_driver_attach+0x7c/0xb0
[ 70.609466][ T1] __driver_attach+0x1b8/0x1d0
[ 70.609478][ T1] bus_for_each_dev+0xf8/0x190
[ 70.609488][ T1] driver_attach+0x34/0x40
[ 70.609499][ T1] bus_add_driver+0x1d8/0x340
[ 70.609509][ T1] driver_register+0x168/0x1e8
[ 70.609529][ T1] __platform_driver_register+0x80/0x90
[ 70.621543][ T1] ghes_init+0xc4/0x174
[ 70.621556][ T1] do_one_initcall+0x328/0x788
[ 70.621571][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 70.621584][ T1] kernel_init+0x18/0x178
[ 70.621594][ T1] ret_from_fork+0x10/0x18
[ 70.621610][ T1] irq event stamp: 4389198
[ 70.633626][ T1] hardirqs last enabled at (4389197):
[<ffffa00010272398>] console_unlock+0x8d8/0x990
[ 70.633643][ T1] hardirqs last disabled at (4389198):
[<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[ 70.633655][ T1] softirqs last enabled at (4389194):
[<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[ 70.633670][ T1] softirqs last disabled at (4389187):
[<ffffa000101965e4>] irq_exit+0x114/0x1a0
[ 70.633687][ T1] random: get_random_bytes called from
print_oops_end_marker+0x30/0x68 with crng_init=0
[ 70.633709][ T1] ---[ end trace f366d53b6f843ce8 ]---
[ 70.702660][ T1] ------------[ cut here ]------------
[ 70.711430][ T1] ODEBUG: free active (active state 0) object type:
timer_list hint: delayed_work_timer_fn+0x0/0x48
[ 70.721167][ T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484
debug_print_object+0xec/0x130
[ 70.734461][ T1] Modules linked in:
[ 70.744498][ T1] CPU: 51 PID: 1 Comm: swapper/0 Tainted: G W
5.4.0-rc3+ #1146
[ 70.744508][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 70.744519][ T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[ 70.744531][ T1] pc : debug_print_object+0xec/0x130
[ 70.744543][ T1] lr : debug_print_object+0xec/0x130
[ 70.744555][ T1] sp : ffff0020bf2c7740
[ 70.753182][ T1] x29: ffff0020bf2c7740 x28: ffff00232453a000
[ 70.753199][ T1] x27: ffff00232453a090 x26: ffffa00017543de0
[ 70.753215][ T1] x25: ffffa000101cd558 x24: ffffa00012051fc0
[ 70.753231][ T1] x23: ffffa000150d2200 x22: ffffa000120523a0
[ 70.766743][ T1] x21: ffffa00012051640 x20: 0000000000000000
[ 70.780503][ T1] x19: ffffa00015019000 x18: 0000000000000000
[ 70.780519][ T1] x17: 0000000000000000 x16: 00000000000026b0
[ 70.780534][ T1] x15: 0000000000000000 x14: 726f775f64657961
[ 70.780549][ T1] x13: 6c6564203a746e69 x12: 1fffe00417e58e5a
[ 70.799861][ T1] x11: ffff800417e58e5a x10: dfffa00000000000
[ 70.799877][ T1] x9 : ffff800417e58e5b x8 : 0000000000000001
[ 70.799892][ T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b
[ 70.799907][ T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058
[ 70.799922][ T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0
[ 70.829068][ T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000
[ 70.848735][ T1] Call trace:
[ 70.848749][ T1] debug_print_object+0xec/0x130
[ 70.848762][ T1] __debug_check_no_obj_freed+0x114/0x290
[ 70.848774][ T1] debug_check_no_obj_freed+0x18/0x28
[ 70.848786][ T1] slab_free_freelist_hook+0x18c/0x228
[ 70.848801][ T1] kfree+0x264/0x420
[ 70.861248][ T1] _edac_mc_free+0x1b0/0x210
[ 70.861260][ T1] edac_mc_free+0x68/0x88
[ 70.861272][ T1] ghes_edac_unregister+0x44/0x70
[ 70.861283][ T1] ghes_remove+0x274/0x2a0
[ 70.861295][ T1] platform_drv_remove+0x44/0x78
[ 70.861305][ T1] really_probe+0x404/0x840
[ 70.861317][ T1] driver_probe_device+0x190/0x1f0
[ 70.861331][ T1] device_driver_attach+0x7c/0xb0
[ 70.926321][ T1] __driver_attach+0x1b8/0x1d0
[ 70.926338][ T1] bus_for_each_dev+0xf8/0x190
[ 70.938348][ T1] driver_attach+0x34/0x40
[ 70.938360][ T1] bus_add_driver+0x1d8/0x340
[ 70.938370][ T1] driver_register+0x168/0x1e8
[ 70.938382][ T1] __platform_driver_register+0x80/0x90
[ 70.938393][ T1] ghes_init+0xc4/0x174
[ 70.938407][ T1] do_one_initcall+0x328/0x788
[ 70.950417][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 70.950429][ T1] kernel_init+0x18/0x178
[ 70.950440][ T1] ret_from_fork+0x10/0x18
[ 70.950448][ T1] irq event stamp: 4389536
[ 70.950461][ T1] hardirqs last enabled at (4389535):
[<ffffa000100c0e78>] el1_irq+0x138/0x200
[ 70.950478][ T1] hardirqs last disabled at (4389536):
[<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[ 71.118261][ T1] softirqs last enabled at (4389534):
[<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[ 71.118278][ T1] softirqs last disabled at (4389527):
[<ffffa000101965e4>] irq_exit+0x114/0x1a0
[ 71.136533][ T1] ---[ end trace f366d53b6f843ce9 ]---
[ 71.137908][ T1] ------------[ cut here ]------------
[ 71.147364][ T1] ODEBUG: free active (active state 0) object type:
timer_list hint: delayed_work_timer_fn+0x0/0x48
[ 71.158178][ T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484
debug_print_object+0xec/0x130
[ 71.167232][ T1] Modules linked in:
[ 71.167251][ T1] CPU: 51 PID: 1 Comm: swapper/0 Tainted: G W
5.4.0-rc3+ #1146
[ 71.167261][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 71.167271][ T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[ 71.167283][ T1] pc : debug_print_object+0xec/0x130
[ 71.167301][ T1] lr : debug_print_object+0xec/0x130
[ 71.179747][ T1] sp : ffff0020bf2c7740
[ 71.179756][ T1] x29: ffff0020bf2c7740 x28: ffff002324534000
[ 71.179772][ T1] x27: ffff002324534090 x26: ffffa00017543de0
[ 71.179787][ T1] x25: ffffa000101cd558 x24: ffffa00012051fc0
[ 71.179802][ T1] x23: ffffa000150d2200 x22: ffffa000120523a0
[ 71.179821][ T1] x21: ffffa00012051640 x20: 0000000000000000
[ 71.194524][ T1] x19: ffffa00015019000 x18: 0000000000000000
[ 71.194540][ T1] x17: 0000000000000000 x16: 00000000000026b0
[ 71.194555][ T1] x15: 0000000000000000 x14: 775f646579616c65
[ 71.194569][ T1] x13: 64203a746e696820 x12: 1fffe00417e58e5a
[ 71.204857][ T1] x11: ffff800417e58e5a x10: dfffa00000000000
[ 71.204873][ T1] x9 : ffff800417e58e5b x8 : 0000000000000001
[ 71.204889][ T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b
[ 71.204904][ T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058
[ 71.214930][ T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0
[ 71.214947][ T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000
[ 71.214961][ T1] Call trace:
[ 71.214974][ T1] debug_print_object+0xec/0x130
[ 71.214986][ T1] __debug_check_no_obj_freed+0x114/0x290
[ 71.215006][ T1] debug_check_no_obj_freed+0x18/0x28
[ 71.281033][ T1] slab_free_freelist_hook+0x18c/0x228
[ 71.281044][ T1] kfree+0x264/0x420
[ 71.281055][ T1] _edac_mc_free+0x1f8/0x210
[ 71.281066][ T1] edac_mc_free+0x68/0x88
[ 71.281078][ T1] ghes_edac_unregister+0x44/0x70
[ 71.281089][ T1] ghes_remove+0x274/0x2a0
[ 71.281100][ T1] platform_drv_remove+0x44/0x78
[ 71.281111][ T1] really_probe+0x404/0x840
[ 71.281121][ T1] driver_probe_device+0x190/0x1f0
[ 71.281132][ T1] device_driver_attach+0x7c/0xb0
[ 71.281142][ T1] __driver_attach+0x1b8/0x1d0
[ 71.281154][ T1] bus_for_each_dev+0xf8/0x190
[ 71.281166][ T1] driver_attach+0x34/0x40
[ 71.293176][ T1] bus_add_driver+0x1d8/0x340
[ 71.293186][ T1] driver_register+0x168/0x1e8
[ 71.293198][ T1] __platform_driver_register+0x80/0x90
[ 71.293208][ T1] ghes_init+0xc4/0x174
[ 71.293219][ T1] do_one_initcall+0x328/0x788
[ 71.293231][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.302370][ T1] kernel_init+0x18/0x178
[ 71.302381][ T1] ret_from_fork+0x10/0x18
[ 71.302389][ T1] irq event stamp: 4390142
[ 71.302401][ T1] hardirqs last enabled at (4390141):
[<ffffa000100c0e78>] el1_irq+0x138/0x200
[ 71.302416][ T1] hardirqs last disabled at (4390142):
[<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[ 71.302429][ T1] softirqs last enabled at (4390140):
[<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[ 71.312787][ T1] softirqs last disabled at (4390133):
[<ffffa000101965e4>] irq_exit+0x114/0x1a0
[ 71.312796][ T1] ---[ end trace f366d53b6f843cea ]---
[ 71.374558][ T1]
==================================================================
[ 71.382943][ T1] BUG: KASAN: use-after-free in
ghes_edac_unregister+0x28/0x70
[ 71.382954][ T1] Read of size 8 at addr ffff002324534bdc by task
swapper/0/1
[ 71.382961][ T1]
[ 71.382977][ T1] CPU: 52 PID: 1 Comm: swapper/0 Tainted: G W
5.4.0-rc3+ #1146
[ 71.382986][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 71.382995][ T1] Call trace:
[ 71.383010][ T1] dump_backtrace+0x0/0x298
[ 71.393017][ T1] show_stack+0x20/0x30
[ 71.393029][ T1] dump_stack+0x190/0x21c
[ 71.393043][ T1] print_address_description.isra.6+0x80/0x3d0
[ 71.393055][ T1] __kasan_report+0x174/0x2s_edac_unregister+0x28/0x70
[ 71.469817][ T1] ghes_remove+0x274/0x2a0
[ 71.469837][ T1] platform_drv_remove+0x44/0x78
[ 71.484544][ T1] really_probe+0x404/0x840
[ 71.484556][ T1] driver_probe_device+0x190/0x1f0
[ 71.484567][ T1] device_driver_attach+0x7c/0xb0
[ 71.484578][ T1] __driver_attach+0x1b8/0x1d0
[ 71.484589][ T1] bus_for_each_dev+0xf8/0x190
[ 71.484600][ T1] driver_attach+0x34/0x40
[ 71.484618][ T1] bus_add_driver+0x1d8/0x340
[ 71.495501][ T1] driver_register+0x168/0x1e8
[ 71.495514][ T1] __platform_driver_register+0x80/0x90
[ 71.495525][ T1] ghes_init+0xc4/0x174
[ 71.495536][ T1] do_one_initcall+0x328/0x788
[ 71.495548][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.495560][ T1] kernel_init+0x18/0x178
[ 71.495571][ T1] ret_from_fork+0x10/0x18
[ 71.495582][ T1]
[ 71.535102][ T1] Allocated by task 1:
[ 71.535115][ T1] save_stack+0x28/0xb0
[ 71.544170][ T1] __kasan_kmalloc.isra.9+0xa0/0xc8
[ 71.544181][ T1] kasan_kmalloc+0xc/0x18
[ 71.544192][ T1] __kmalloc+0x2d0/0x338
[ 71.544205][ T1] edac_mc_alloc+0xaa8/0xb18
[ 71.544216][ T1] ghes_edac_register+0x164/0x398
[ 71.544227][ T1] ghes_probe+0x648/0x6d8
[ 71.544239][ T1] platform_drv_probe+0x8c/0x110
[ 71.544250][ T1] really_probe+0x32c/0x840
[ 71.553304][ T1] driver_probe_device+0x190/0x1f0
[ 71.553315][ T1] device_driver_attach+0x7c/0xb0
[ 71.553326][ T1] __driver_attach+0x1b8/0x1d0
[ 71.553338][ T1] bus_for_each_dev+0xf8/0x190
[ 71.553348][ T1] driver_attach+0x34/0x40
[ 71.553359][ T1] bus_add_driver+0x1d8/0x340
[ 71.553369][ T1] driver_register+0x168/0x1e8
[ 71.553382][ T1] __platform_driver_register+0x80/0x90
[ 71.567572][ T1] ghes_init+0xc4/0x174
[ 71.567588][ T1] do_one_initcall+0x328/0x788
[ 71.576829][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.576841][ T1] kernel_init+0x18/0x178
[ 71.576852][ T1] ret_from_fork+0x10/0x18
[ 71.576859][ T1]
[ 71.576868][ T1] Freed by task 1:
[ 71.576879][ T1] save_stack+0x28/0xb0
[ 71.576891][ T1] __kasan_slab_free+0x140/0x170
[ 71.576908][ T1] kasan_slab_free+0x10/0x18
[ 71.585708][ T1] slab_free_freelist_hook+0x19c/0x228
[ 71.585720][ T1] kfree+0x264/0x420
[ 71.585732][ T1] _edac_mc_free+0x1f8/0x210
[ 71.585743][ T1] edac_mc_free+0x68/0x88
[ 71.585754][ T1] ghes_edac_unregister+0x44/0x70
[ 71.585766][ T1] ghes_remove+0x274/0x2a0
[ 71.585777][ T1] platform_drv_remove+0x44/0x78
[ 71.585792][ T1] really_probe+0x404/0x840
[ 71.659765][ T904] kobject: 'wakeup54' ((____ptrval____)): kobject_cleanup,
parent (____ptrval____)
[ 71.663982][ T1] driver_probe_device+0x190/0x1f0
[ 71.663994][ T1] device_driver_attach+0x7c/0xb0
[ 71.664006][ T1] __driver_attach+0x1b8/0x1d0
[ 71.664017][ T1] bus_for_each_dev+0xf8/0x190
[ 71.664028][ T1] driver_attach+0x34/0x40
[ 71.664038][ T1] bus_add_driver+0x1d8/0x340
[ 71.664049][ T1] driver_register+0x168/0x1e8
[ 71.664061][ T1] __platform_driver_register+0x80/0x90
[ 71.664071][ T1] ghes_init+0xc4/0x174
[ 71.664082][ T1] do_one_initcall+0x328/0x788
[ 71.664094][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.664105][ T1] kernel_init+0x18/0x178
[ 71.664116][ T1] ret_from_fork+0x10/0x18
[ 71.664129][ T1]
[ 71.669171][ T904] kobject: 'wakeup54' ((____ptrval____)): calling ktype
release
[ 71.673978][ T1] The buggy address belongs to the object at
ffff002324534000
[ 71.673978][ T1] which belongs to the cache kmalloc-4k of size 4096
[ 71.673990][ T1] The buggy address is located 3036 bytes inside of
[ 71.673990][ T1] 4096-byte region [ffff002324534000, ffff002324535000)
[ 71.673999][ T1] The buggy address belongs to the page:
[ 71.674013][ T1] page:fffffe008c714c00 refcount:1 mapcount:0
mapping:ffff0020bfc16980 index:0x0 compound_mapcount: 0
[ 71.674032][ T1] flags: 0x1ffff00000010200(slab|head)
[ 71.674055][ T1] raw: 1ffff00000010200 fffffe008c714808 fffffe008c716e08
ffff0020bfc16980
[ 71.678784][ T904] kobject: 'wakeup54': free name
[ 71.683294][ T1] raw: 0000000000000000 0000000000020002 00000001ffffffff
0000000000000000
[ 71.683303][ T1] page dumped because: kasan: bad access detected
[ 71.683310][ T1]
[ 71.683318][ T1] Memory state around the buggy address:
[ 71.683330][ T1] ffff002324534a80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.683341][ T1] ffff002324534b00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.683352][ T1] >ffff002324534b80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.683368][ T1] ^
[ 71.755750][ T853] kobject: 'wakeup' ((____ptrval____)): kobject_cleanup,
parent (____ptrval____)
[ 71.756770][ T1] ffff002324534c00: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.756781][ T1] ffff002324534c80: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.761102][ T853] kobject: 'wakeup' ((____ptrval____)): calling ktype
release
[ 71.765835][ T1]
==================================================================
[ 71.765843][ T1] Disabling lock debugging due to kernel taint
[ 71.765935][ T850] kobject: 'wakeup21' ((____ptrval____)): kobject_cleanup,
parent (____ptrval____)
[ 71.766851][ T1] EDAC DEBUG: edac_mc_del_mc:
[ 71.766864][ T1] EDAC DEBUG: edac_mc_free:
[ 71.766881][ T1]
==================================================================
[ 71.766891][ T1] BUG: KASAN: double-free or invalid-free in
kfree+0x264/0x420
[ 71.766895][ T1]
[ 71.766904][ T1] CPU: 48 PID: 1 Comm: swapper/0 Tainted: G B W
5.4.0-rc3+ #1146
[ 71.766910][ T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI
RC0 - V1.16.01 03/15/2019
[ 71.766915][ T1] Call trace:
[ 71.766923][ T1] dump_backtrace+0x0/0x298
[ 71.766929][ T1] show_stack+0x20/0x30
[ 71.766936][ T1] dump_stack+0x190/0x21c
[ 71.766945][ T1] print_address_description.isra.6+0x80/0x3d0
[ 71.766953][ T1] kasan_report_invalid_free+0x78/0xa0
[ 71.766960][ T1] __kasan_slab_free+0xbc/0x170
[ 71.766968][ T1] kasan_slab_free+0x10/0x18
[ 71.766975][ T1] slab_free_freelist_hook+0x19c/0x228
[ 71.766981][ T1] kfree+0x264/0x420
[ 71.766989][ T1] _edac_mc_free+0x6c/0x210
[ 71.766997][ T1] edac_mc_free+0x68/0x88
[ 71.767004][ T1] ghes_edac_unregister+0x44/0x70
[ 71.767012][ T1] ghes_remove+0x274/0x2a0
[ 71.767019][ T1] platform_drv_remove+0x44/0x78
[ 71.767026][ T1] really_probe+0x404/0x840
[ 71.767033][ T1] driver_probe_device+0x190/0x1f0
[ 71.767039][ T1] device_driver_attach+0x7c/0xb0
[ 71.767046][ T1] __driver_attach+0x1b8/0x1d0
[ 71.767054][ T1] bus_for_each_dev+0xf8/0x190
[ 71.767060][ T1] driver_attach+0x34/0x40
[ 71.767067][ T1] bus_add_driver+0x1d8/0x340
[ 71.767073][ T1] driver_register+0x168/0x1e8
[ 71.767081][ T1] __platform_driver_register+0x80/0x90
[ 71.767088][ T1] ghes_init+0xc4/0x174
[ 71.767095][ T1] do_one_initcall+0x328/0x788
[ 71.767104][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.767111][ T1] kernel_init+0x18/0x178
[ 71.767118][ T1] ret_from_fork+0x10/0x18
[ 71.767122][ T1]
[ 71.767127][ T1] Allocated by task 1:
[ 71.767135][ T1] save_stack+0x28/0xb0
[ 71.767143][ T1] __kasan_kmalloc.isra.9+0xa0/0xc8
[ 71.767150][ T1] kasan_kmalloc+0xc/0x18
[ 71.767157][ T1] kmem_cache_alloc_trace+0x2a0/0x2e8
[ 71.767165][ T1] edac_mc_alloc+0x5d4/0xb18
[ 71.767172][ T1] ghes_edac_register+0x164/0x398
[ 71.767180][ T1] ghes_probe+0x648/0x6d8
[ 71.767187][ T1] platform_drv_probe+0x8c/0x110
[ 71.767193][ T1] really_probe+0x32c/0x840
[ 71.767201][ T1] driver_probe_device+0x190/0x1f0
[ 71.767207][ T1] device_driver_attach+0x7c/0xb0
[ 71.767214][ T1] __driver_attach+0x1b8/0x1d0
[ 71.767222][ T1] bus_for_each_dev+0xf8/0x190
[ 71.767228][ T1] driver_attach+0x34/0x40
[ 71.767234][ T1] bus_add_driver+0x1d8/0x340
[ 71.767241][ T1] driver_register+0x168/0x1e8
[ 71.767249][ T1] __platform_driver_register+0x80/0x90
[ 71.767255][ T1] ghes_init+0xc4/0x174
[ 71.767262][ T1] do_one_initcall+0x328/0x788
[ 71.767270][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.767277][ T1] kernel_init+0x18/0x178
[ 71.767284][ T1] ret_from_fork+0x10/0x18
[ 71.767287][ T1]
[ 71.767292][ T1] Freed by task 1:
[ 71.767299][ T1] save_stack+0x28/0xb0
[ 71.767306][ T1] __kasan_slab_free+0x140/0x170
[ 71.767314][ T1] kasan_slab_free+0x10/0x18
[ 71.767321][ T1] slab_free_freelist_hook+0x19c/0x228
[ 71.767327][ T1] kfree+0x264/0x420
[ 71.767335][ T1] _edac_mc_free+0x15c/0x210
[ 71.767342][ T1] edac_mc_free+0x68/0x88
[ 71.767349][ T1] ghes_edac_unregister+0x44/0x70
[ 71.767357][ T1] ghes_remove+0x274/0x2a0
[ 71.767364][ T1] platform_drv_remove+0x44/0x78
[ 71.767371][ T1] really_probe+0x404/0x840
[ 71.767377][ T1] driver_probe_device+0x190/0x1f0
[ 71.767384][ T1] device_driver_attach+0x7c/0xb0
[ 71.767391][ T1] __driver_attach+0x1b8/0x1d0
[ 71.767398][ T1] bus_for_each_dev+0xf8/0x190
[ 71.767405][ T1] driver_attach+0x34/0x40
[ 71.767411][ T1] bus_add_driver+0x1d8/0x340
[ 71.767418][ T1] driver_register+0x168/0x1e8
[ 71.767426][ T1] __platform_driver_register+0x80/0x90
[ 71.767432][ T1] ghes_init+0xc4/0x174
[ 71.767439][ T1] do_one_initcall+0x328/0x788
[ 71.767447][ T1] kernel_init_freeable+0x2fc/0x3d4
[ 71.767454][ T1] kernel_init+0x18/0x178
[ 71.767461][ T1] ret_from_fork+0x10/0x18
[ 71.767464][ T1]
[ 71.767471][ T1] The buggy address belongs to the object at
ffff002324528800
[ 71.767471][ T1] which belongs to the cache kmalloc-128 of size 128
[ 71.767478][ T1] The buggy address is located 0 bytes inside of
[ 71.767478][ T1] 128-byte region [ffff002324528800, ffff002324528880)
[ 71.767482][ T1] The buggy address belongs to the page:
[ 71.767490][ T1] page:fffffe008c714a00 refcount:1 mapcount:0
mapping:ffff0020bfc10580 index:0xffff00232452e480 compound_mapcount: 0
[ 71.767500][ T1] flags: 0x1ffff00000010200(slab|head)
[ 71.767511][ T1] raw: 1ffff00000010200 fffffe008c72b408 fffffe008c715408
ffff0020bfc10580
[ 71.767521][ T1] raw: ffff00232452e480 0000000000330019 00000001ffffffff
0000000000000000
[ 71.767525][ T1] page dumped because: kasan: bad access detected
[ 71.767529][ T1]
[ 71.767532][ T1] Memory state around the buggy address:
[ 71.767540][ T1] ffff002324528700: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.767547][ T1] ffff002324528780: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.767553][ T1] >ffff002324528800: fb fb fb fb fb fb fb fb fb fb fb fb
fb fb fb fb
[ 71.767557][ T1] ^
[ 71.767564][ T1] ffff002324528880: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.767571][ T1] ffff002324528900: fc fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc
[ 71.767575][ T1]
==================================================================
