Hi all: Sorry to bother everyone. When I was writing a mmc host driver, an unaligned access was triggered. I tried to turn on slub debug and got the following information: The kernel version is v6.10-rc1, also I test it in v6.9, it is same. [ 5.313003] raw data malloc: 90000001058ec0e8: 6b 6b 6b 6b 6b 6b 6b a5 cc cc cc cc cc cc cc cc kkkkkkk......... [ 5.323268] raw data malloc: 90000001058ec0f8: 58 c1 8e 05 01 00 00 90 68 fa 2d 04 00 00 00 90 X.......h.-..... [ 5.333520] mmc0: starting CMD51 arg 00000000 flags 000000b5 [ 5.339221] mmc0: blksz 8 blocks 1 flags 00000200 tsac 100 ms nsac 0 [ 5.381553] mmc0: req done (CMD51): 0: 00000920 5f5a83be f6dbdfff 8a804035 [ 5.388483] mmc0: 8 bytes transferred: 0 [ 5.392809] raw data free: 90000001058ec0e8: 00 00 a5 02 6b 6b 6b a5 cc cc cc cc cc cc cc cc ....kkk......... [ 5.402898] raw data free: 90000001058ec0f8: 58 c1 8e 05 00 00 00 00 68 fa 2d 04 00 00 00 90 X.......h.-..... [ 5.412991] ============================================================================= [ 5.421227] BUG kmalloc-8 (Not tainted): Freepointer corrupt [ 5.426920] ----------------------------------------------------------------------------- [ 5.426920] [ 5.436650] Allocated in mmc_app_send_scr+0xe8/0x240 age=31 cpu=1 pid=24 [ 5.443409] kmalloc_trace_noprof+0x128/0x340 [ 5.447809] mmc_app_send_scr+0xe4/0x240 [ 5.451765] mmc_sd_setup_card+0x154/0x680 [ 5.455895] mmc_sd_init_card+0x15c/0xcc0 [ 5.459938] mmc_attach_sd+0x10c/0x1e0 [ 5.463719] mmc_rescan+0x3bc/0x480 [ 5.467244] process_one_work+0x17c/0x320 [ 5.471289] worker_thread+0x384/0x4e0 [ 5.475071] kthread+0x13c/0x160 [ 5.478337] ret_from_kernel_thread+0x8/0xa4 [ 5.482642] Freed in mpi_free+0x34/0xa0 age=118 cpu=0 pid=100 [ 5.488440] mpi_free+0x30/0xa0 [ 5.491613] rsa_dec+0x188/0x260 [ 5.494875] test_akcipher_one+0x758/0x8c0 [ 5.499007] alg_test_akcipher+0xa8/0x140 [ 5.503051] alg_test+0x180/0x780 [ 5.506397] cryptomgr_test+0x1c/0x40 [ 5.510091] kthread+0x13c/0x160 [ 5.513354] ret_from_kernel_thread+0x8/0xa4 [ 5.517657] Slab 0xffffffff01058ec0 objects=146 used=3 fp=0x90000001058ec158 flags=0x1ffff0000000200(workingset|node=0|zone=1|lastcpupid=0xffff) [ 5.530692] Object 0x90000001058ec0e8 @offset=232 fp=0x00000000058ec158 [ 5.530692] [ 5.538840] Redzone 90000001058ec0e0: cc cc cc cc cc cc cc cc ........ [ 5.547685] Object 90000001058ec0e8: 00 00 a5 02 6b 6b 6b a5 ....kkk. [ 5.556530] Redzone 90000001058ec0f0: cc cc cc cc cc cc cc cc ........ [ 5.565374] Padding 90000001058ec144: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ [ 5.574570] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.10.0-rc2+ #237 [ 5.581400] Workqueue: events_freezable mmc_rescan [ 5.586241] Stack : 90000001000993b0 0000000000000000 90000000032f3724 900000010029c000 [ 5.594324] 900000010029f820 900000010029f828 0000000000000000 0000000000000000 [ 5.602403] 900000010029f828 0000000000000001 900000018029f547 900000010029f3d0 [ 5.610481] ffffffffffffffff 900000010029f828 b5fc08827591f330 9000000100239040 [ 5.618558] 000000000000026f 0000000000000001 0000000000000000 0000000000000003 [ 5.626635] 00000000000016a8 000000000008df18 000000000882c000 9000000005cf4000 [ 5.634713] 0000000000000000 0000000000000000 9000000004ed58f0 9000000005065000 [ 5.642791] 0000000000000000 90000001058ec0f0 0000000000000001 9000000100004640 [ 5.650868] 90000001058ec0e8 0000000000000000 90000000032f3744 0000000000000000 [ 5.658945] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d [ 5.667023] ... [ 5.669496] Call Trace: [ 5.669501] [<90000000032f3744>] show_stack+0x64/0x1a0 [ 5.677145] [<9000000004729ef4>] dump_stack_lvl+0x74/0xb0 [ 5.682585] [<900000000470f598>] object_err+0x3c/0x60 [ 5.687681] [<900000000358b3d4>] check_object+0x4b4/0x4e0 [ 5.693121] [<900000000358bd14>] free_to_partial_list+0x1f4/0x6a0 [ 5.699258] [<900000000358cae8>] kfree+0x188/0x340 [ 5.704088] [<90000000042dfb5c>] mmc_app_send_scr+0x1dc/0x240 [ 5.709875] [<90000000042ddb94>] mmc_sd_setup_card+0x154/0x680 [ 5.715749] [<90000000042de21c>] mmc_sd_init_card+0x15c/0xcc0 [ 5.721535] [<90000000042df02c>] mmc_attach_sd+0x10c/0x1e0 [ 5.727060] [<90000000042d2d7c>] mmc_rescan+0x3bc/0x480 [ 5.732325] [<900000000333965c>] process_one_work+0x17c/0x320 [ 5.738111] [<900000000333a3a4>] worker_thread+0x384/0x4e0 [ 5.743635] [<9000000003345b9c>] kthread+0x13c/0x160 [ 5.748641] [<90000000032f1444>] ret_from_kernel_thread+0x8/0xa4 [ 5.754688] [ 5.756197] Disabling lock debugging due to kernel taint [ 5.761540] FIX kmalloc-8: Object at 0x90000001058ec0e8 not freed But I don't know how to proceed, because the two functions of alloc and free in the log have nothing to do with each other. Then, how can I trace the slab object 0x90000001058ec0e8? I tried to analyze mmc_app_send_scr() and rsa_dec(), but to no avail. If anyone is convenient, please give me some advice on how to continue debugging. Thanks. Yang
