Help: How to use the slab debug log message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all:
Sorry to bother everyone.
When I was writing a mmc host driver, an unaligned access was triggered. I tried to turn on slub debug and got the following 
information:

The kernel version is v6.10-rc1, also I test it in v6.9, it is same.
[    5.122249] =============================================================================
[    5.130490] BUG kmalloc-8 (Not tainted): Freepointer corrupt
[    5.136184] -----------------------------------------------------------------------------
[    5.136184] 
[    5.145914] Allocated in mmc_app_send_scr+0xe8/0x1e0 age=11 cpu=1 pid=24
[    5.152678]  kmalloc_trace_noprof+0x128/0x340
[    5.157081]  mmc_app_send_scr+0xe4/0x1e0
[    5.161039]  mmc_sd_setup_card+0x154/0x640
[    5.165171]  mmc_sd_init_card+0x15c/0xcc0
[    5.169214]  mmc_attach_sd+0x10c/0x220
[    5.172998]  mmc_rescan+0x37c/0x4a0
[    5.176526]  process_one_work+0x17c/0x320
[    5.180575]  worker_thread+0x384/0x4e0
[    5.184358]  kthread+0x13c/0x160
[    5.187620]  ret_from_kernel_thread+0x8/0xa4
[    5.191925] Freed in mpi_free+0x34/0xa0 age=44 cpu=0 pid=100
[    5.197628]  mpi_free+0x30/0xa0
[    5.200797]  rsa_dec+0x188/0x260
[    5.204061]  test_akcipher_one+0x758/0x8c0
[    5.208194]  alg_test_akcipher+0xa8/0x140
[    5.212239]  alg_test+0x180/0x780
[    5.215586]  cryptomgr_test+0x1c/0x40
[    5.219281]  kthread+0x13c/0x160
[    5.222539]  ret_from_kernel_thread+0x8/0xa4
[    5.226843] Slab 0xffffffff01048ac0 objects=146 used=67 fp=0x90000001048add58 flags=0x1ffff0000000200(workingset|node=0|zone=1|lastcpupid=0xffff)
[    5.239968] Object 0x90000001048adce8 @offset=7400 fp=0x00000000048add58
[    5.239968] 
[    5.248206] Redzone  90000001048adce0: cc cc cc cc cc cc cc cc                          ........
[    5.257052] Object   90000001048adce8: 00 00 a5 02 6b 6b 6b a5                          ....kkk.
[    5.265897] Redzone  90000001048adcf0: cc cc cc cc cc cc cc cc                          ........
[    5.274741] Padding  90000001048add44: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a              ZZZZZZZZZZZZ
[    5.283935] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.10.0-rc1+ #5998
[    5.290853] Workqueue: events_freezable mmc_rescan
[    5.295695] Stack : 90000001000993b0 0000000000000000 9000000002db37e4 9000000100298000
[    5.303778]         900000010029b800 900000010029b808 0000000000000000 0000000000000000
[    5.311856]         900000010029b808 0000000000000001 900000018029b527 900000010029b3b0
[    5.319934]         ffffffffffffffff 900000010029b808 5404302515683bd9 9000000100239040
[    5.328012]         000000000000024f 0000000000000001 0000000000000000 0000000000000003
[    5.336090]         0000000000000b54 0000000000047025 0000000008d6c000 90000000057b4000
[    5.344168]         0000000000000000 0000000000000000 9000000004994fb8 9000000004b25000
[    5.352245]         0000000000000000 90000001048adcf0 0000000000000001 9000000100004640
[    5.360321]         90000001048adce8 0000000000000000 9000000002db3804 ffffff80141ac4a2
[    5.368399]         00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d
[    5.376476]         ...
[    5.378950] Call Trace:
[    5.378955] [<9000000002db3804>] show_stack+0x64/0x1a0
[    5.386599] [<90000000041e8c74>] dump_stack_lvl+0x74/0xb0
[    5.392043] [<90000000041ce578>] object_err+0x3c/0x60
[    5.397141] [<90000000030484f4>] check_object+0x4b4/0x4e0
[    5.402583] [<9000000003048e34>] free_to_partial_list+0x1f4/0x6a0
[    5.408721] [<9000000003049c08>] kfree+0x188/0x340
[    5.413552] [<9000000003d9e564>] mmc_app_send_scr+0x184/0x1e0
[    5.419341] [<9000000003d9c5f4>] mmc_sd_setup_card+0x154/0x640
[    5.425216] [<9000000003d9cc3c>] mmc_sd_init_card+0x15c/0xcc0
[    5.431004] [<9000000003d9da4c>] mmc_attach_sd+0x10c/0x220
[    5.436530] [<9000000003d9177c>] mmc_rescan+0x37c/0x4a0
[    5.441797] [<9000000002dfa5bc>] process_one_awork+0x17c/0x320
[    5.447586] [<9000000002dfb304>] worker_thread+0x384/0x4e0
[    5.453113] [<9000000002e06abc>] kthread+0x13c/0x160
[    5.458117] [<9000000002db14a4>] ret_from_kernel_thread+0x8/0xa4
[    5.464164] 
[    5.465674] Disabling lock debugging due to kernel taint
[    5.471016] FIX kmalloc-8: Object at 0x90000001048adce8 not freed

But I don't know how to proceed, because the two functions of alloc and free in the log have nothing to do with each other. Then, how can I find the address 0x90000001048adce8?

I tried to analyze mmc_app_send_scr() and rsa_dec(), but to no avail.

If anyone is convenient, please give me some advice on how to continue debugging.

Thanks.

Yang

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux