Re: edac KASAN warning in experimental arm64 allmodconfig boot

From: John Garry <john.garry@huawei.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
	James Morse <james.morse@arm.com>, <tony.luck@intel.com>,
	Robert Richter <rrichter@marvell.com>,
	<linux-edac@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: edac KASAN warning in experimental arm64 allmodconfig boot
Date: Mon, 14 Oct 2019 17:44:13 +0100	[thread overview]
Message-ID: <eb7858dc-9ecf-a924-39a5-1d7c243dd424@huawei.com> (raw)
In-Reply-To: <20191014160901.GE4715@zn.tnic>

[-- Attachment #1: Type: text/plain, Size: 3915 bytes --]

On 14/10/2019 17:09, Borislav Petkov wrote:
> On Mon, Oct 14, 2019 at 04:18:49PM +0100, John Garry wrote:
>> Hi guys,
>>
>> I'm experimenting by trying to boot an allmodconfig arm64 kernel, as
>> mentioned here:
>> https://lore.kernel.org/linux-arm-kernel/507325a3-030e-2843-0f46-7e18c60257de@huawei.com/
>>
>> One thing that I noticed - it's hard to miss actually - is the amount of
>> complaining from KASAN about the EDAC/ghes code. Maybe this is something I
>> should not care about/red herring, or maybe something genuine. Let me know
>> what you think.
>>
>> The kernel is v5.4-rc3, and I raised the EDAC mc debug level to get extra
>> debug prints.
>>
>> Log below, Thanks,
>> John
>> Log snippet (I cut off after the first KASAN warning):
>>
>> [   70.471011][    T1] random: get_random_u32 called from new_slab+0x360/0x698 with crng_init=0
>> [   70.478671][    T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR [0x94110034/64/0/3/0]
>> [   70.526585][    T1] EDAC DEBUG: edac_mc_alloc: allocating 3524 bytes for mci data (32 dimms, 32 csrows/channels)
>> [   70.542013][    T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4 size = 16384 MB(ECC)
>> [   70.551044][    T1] EDAC DEBUG: ghes_edac_dmidecode:         type 26, detail 0x2080, width 72(total 64)
>> [   70.559986][    T1] EDAC DEBUG: edac_mc_add_mc_with_groups:
>> [   70.567082][    T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0 created
>> [   70.575608][    T1] EDAC DEBUG: edac_create_dimm_object: device dimm2 created at location memory 2
>> [   70.585818][    T1] EDAC DEBUG: edac_create_csrow_object: device csrow2 created
>> [   70.594110][    T1] EDAC MC0: Giving out device to module ghes_edac.c controller ghes_edac: DEV ghes (INTERRUPT)
>> [   70.605936][    T1] EDAC DEBUG: edac_mc_del_mc:
>> [   70.611188][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device:
>> [   70.619443][    T1] random: get_random_u32 called from kobject_put+0x8c/0x190 with crng_init=0
>> [   70.628163][    T1] kobject: 'csrow2' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 750)
>> [   70.638477][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering device dimm2
>> [   70.647903][    T1] kobject: 'dimm2' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 250)
>> [   70.658105][    T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV ghes
>> [   70.665673][    T1] EDAC DEBUG: edac_mc_free:
>> [   70.670211][    T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device mc0
>> [   70.679027][    T1] kobject: 'mc0' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 500)
>> [   70.690987][    T1] EDAC DEBUG: edac_mc_del_mc:
>> [   70.695769][    T1] EDAC DEBUG: edac_mc_free:
>> [   70.700412][    T1] ------------[ cut here ]------------
>> [   70.705832][    T1] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x48
>> [   70.716663][    T1] WARNING: CPU: 50 PID: 1 at lib/debugobjects.c:484 debug_print_object+0xec/0x130
>
> If I am parsing these unwrapped messages correctly (btw, pls use another
> mail client for pasting log lines - thunderbird is usually ok but I
> guess you need to configure it properly

Maybe you can receive the cutdown log attachment while I figure out how 
to do that...

), that must be some workqueue
> object of sorts.
>
> Now, ghes_edac doesn't init the workqueue:
>
> [   70.594110][    T1] EDAC MC0: Giving out device to module ghes_edac.c controller ghes_edac: DEV ghes (INTERRUPT)
>
> as it is in interrupt mode.
>
> So the only other workqueue I see is that "delayed XXX" stuff which is in
> kobject_release().
>
> AFAICT.
>
> Do you have CONFIG_DEBUG_KOBJECT_RELEASE enabled and if so, does the
> warning go away if you disable it?
>

Yes, it's enabled with allmodconfig, but no, it does not go away with 
disabling (see log #2).

Cheers,
John

> Thx.
>

[-- Attachment #2: kasan edac log 2 --]
[-- Type: text/plain, Size: 14252 bytes --]

t!
[   69.915028][    T1] debugfs: File '\_SB_.MB5D' in directory 'domains' already present!
[   70.055740][    T1] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[   70.106050][    T1] gbefb: couldn't reserve mmio region
[   70.111495][    T1] gbefb: probe of gbefb.0 failed with error -16
[   70.122848][    T2] _warn_unseeded_randomness: 103 callbacks suppressed
[   70.122867][    T2] random: get_random_u64 called from copy_process+0x444/0x2bf0 with crng_init=0
[   70.161416][    T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR [0x94110034/64/0/3/0]
[   70.171690][    T1] EDAC DEBUG: edac_mc_alloc: allocating 3332 bytes for mci data (32 dimms, 32 csrows/channels)
[   70.186961][    T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4 size = 16384 MB(ECC)
[   70.195905][    T1] EDAC DEBUG: ghes_edac_dmidecode:         type 26, detail 0x2080, width 72(total 64)
[   70.204856][    T1] EDAC DEBUG: edac_mc_add_mc_with_groups: 
[   70.211902][    T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0 created
[   70.220567][    T1] EDAC DEBUG: edac_create_dimm_object: device dimm2 created at location memory 2 
[   70.230772][    T1] EDAC DEBUG: edac_create_csrow_object: device csrow2 created
[   70.239012][    T1] EDAC MC0: Giving out device to module ghes_edac.c controller ghes_edac: DEV ghes (INTERRUPT)
[   70.250886][    T1] EDAC DEBUG: edac_mc_del_mc: 
[   70.256169][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device: 
[   70.264999][    T1] EDAC DEBUG: csrow_attr_release: device csrow2 released
[   70.272080][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering device dimm2
[   70.281573][    T1] EDAC DEBUG: dimm_attr_release: device dimm2 released
[   70.288461][    T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV ghes
[   70.296035][    T1] EDAC DEBUG: edac_mc_free: 
[   70.300580][    T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device mc0
[   70.309379][    T1] EDAC DEBUG: mci_attr_release: device mc0 released
[   70.318165][    T1] ==================================================================
[   70.326165][    T1] BUG: KASAN: use-after-free in ghes_edac_unregister+0x28/0x70
[   70.333575][    T1] Read of size 8 at addr ffff002323ca9b1c by task swapper/0/1
[   70.340894][    T1] 
[   70.343099][    T1] CPU: 57 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc3+ #1147
[   70.350421][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   70.359652][    T1] Call trace:
[   70.362811][    T1]  dump_backtrace+0x0/0x298
[   70.367183][    T1]  show_stack+0x20/0x30
[   70.371209][    T1]  dump_stack+0x190/0x21c
[   70.375410][    T1]  print_address_description.isra.6+0x80/0x3d0
[   70.381431][    T1]  __kasan_report+0x174/0x23c
[   70.385977][    T1]  kasan_report+0xc/0x18
[   70.390088][    T1]  __asan_load8+0xa4/0xb0
[   70.394286][    T1]  ghes_edac_unregister+0x28/0x70
[   70.399181][    T1]  ghes_remove+0x274/0x2a0
[   70.403468][    T1]  platform_drv_remove+0x44/0x78
[   70.408273][    T1]  really_probe+0x404/0x840
[   70.412644][    T1]  driver_probe_device+0x190/0x1f0
[   70.417623][    T1]  device_driver_attach+0x7c/0xb0
[   70.422515][    T1]  __driver_attach+0x1b8/0x1d0
[   70.427148][    T1]  bus_for_each_dev+0xf8/0x190
[   70.431779][    T1]  driver_attach+0x34/0x40
[   70.436062][    T1]  bus_add_driver+0x1d8/0x340
[   70.440607][    T1]  driver_register+0x168/0x1e8
[   70.445239][    T1]  __platform_driver_register+0x80/0x90
[   70.450656][    T1]  ghes_init+0xc4/0x174
[   70.454680][    T1]  do_one_initcall+0x328/0x788
[   70.459314][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   70.464381][    T1]  kernel_init+0x18/0x178
[   70.468578][    T1]  ret_from_fork+0x10/0x18
[   70.472859][    T1] 
[   70.475058][    T1] Allocated by task 1:
[   70.478996][    T1]  save_stack+0x28/0xb0
[   70.483021][    T1]  __kasan_kmalloc.isra.9+0xa0/0xc8
[   70.488087][    T1]  kasan_kmalloc+0xc/0x18
[   70.492284][    T1]  __kmalloc+0x2d0/0x338
[   70.496397][    T1]  edac_mc_alloc+0xaa8/0xb18
[   70.500856][    T1]  ghes_edac_register+0x164/0x398
[   70.505748][    T1]  ghes_probe+0x648/0x6d8
[   70.509946][    T1]  platform_drv_probe+0x8c/0x110
[   70.514751][    T1]  really_probe+0x32c/0x840
[   70.519122][    T1]  driver_probe_device+0x190/0x1f0
[   70.524100][    T1]  device_driver_attach+0x7c/0xb0
[   70.528992][    T1]  __driver_attach+0x1b8/0x1d0
[   70.533624][    T1]  bus_for_each_dev+0xf8/0x190
[   70.538255][    T1]  driver_attach+0x34/0x40
[   70.542539][    T1]  bus_add_driver+0x1d8/0x340
[   70.547083][    T1]  driver_register+0x168/0x1e8
[   70.551715][    T1]  __platform_driver_register+0x80/0x90
[   70.557127][    T1]  ghes_init+0xc4/0x174
[   70.561151][    T1]  do_one_initcall+0x328/0x788
[   70.565784][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   70.570850][    T1]  kernel_init+0x18/0x178
[   70.575047][    T1]  ret_from_fork+0x10/0x18
[   70.579327][    T1] 
[   70.581525][    T1] Freed by task 1:
[   70.585115][    T1]  save_stack+0x28/0xb0
[   70.589139][    T1]  __kasan_slab_free+0x140/0x170
[   70.593945][    T1]  kasan_slab_free+0x10/0x18
[   70.598405][    T1]  slab_free_freelist_hook+0x19c/0x228
[   70.603730][    T1]  kfree+0x264/0x420
[   70.607494][    T1]  mci_attr_release+0x74/0x80
[   70.612040][    T1]  device_release+0xa4/0x108
[   70.616499][    T1]  kobject_put+0x250/0x2c0
[   70.620784][    T1]  device_unregister+0x88/0x98
[   70.625415][    T1]  edac_unregister_sysfs+0x78/0x88
[   70.630395][    T1]  edac_mc_free+0x78/0x88
[   70.634592][    T1]  ghes_edac_unregister+0x44/0x70
[   70.639485][    T1]  ghes_remove+0x274/0x2a0
[   70.643769][    T1]  platform_drv_remove+0x44/0x78
[   70.648574][    T1]  really_probe+0x404/0x840
[   70.652944][    T1]  driver_probe_device+0x190/0x1f0
[   70.657924][    T1]  device_driver_attach+0x7c/0xb0
[   70.662815][    T1]  __driver_attach+0x1b8/0x1d0
[   70.667447][    T1]  bus_for_each_dev+0xf8/0x190
[   70.672078][    T1]  driver_attach+0x34/0x40
[   70.676361][    T1]  bus_add_driver+0x1d8/0x340
[   70.680906][    T1]  driver_register+0x168/0x1e8
[   70.685539][    T1]  __platform_driver_register+0x80/0x90
[   70.690951][    T1]  ghes_init+0xc4/0x174
[   70.694975][    T1]  do_one_initcall+0x328/0x788
[   70.699607][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   70.704673][    T1]  kernel_init+0x18/0x178
[   70.708870][    T1]  ret_from_fork+0x10/0x18
[   70.713151][    T1] 
[   70.715352][    T1] The buggy address belongs to the object at ffff002323ca9000
[   70.715352][    T1]  which belongs to the cache kmalloc-4k of size 4096
[   70.729272][    T1] The buggy address is located 2844 bytes inside of
[   70.729272][    T1]  4096-byte region [ffff002323ca9000, ffff002323caa000)
[   70.742582][    T1] The buggy address belongs to the page:
[   70.748083][    T1] page:fffffe008c6f2a00 refcount:1 mapcount:0 mapping:ffff0020bfc17080 index:0x0 compound_mapcount: 0
[   70.758886][    T1] flags: 0x1ffff00000010200(slab|head)
[   70.764217][    T1] raw: 1ffff00000010200 fffffe008c6f2408 fffffe008c6f2808 ffff0020bfc17080
[   70.772671][    T1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   70.781119][    T1] page dumped because: kasan: bad access detected
[   70.787397][    T1] 
[   70.789595][    T1] Memory state around the buggy address:
[   70.795096][    T1]  ffff002323ca9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.803027][    T1]  ffff002323ca9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.810957][    T1] >ffff002323ca9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.818884][    T1]                             ^
[   70.823603][    T1]  ffff002323ca9b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.831534][    T1]  ffff002323ca9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.839461][    T1] ==================================================================
[   70.847388][    T1] Disabling lock debugging due to kernel taint
[   70.853571][    T1] EDAC DEBUG: edac_mc_del_mc: 
[   70.858302][    T1] EDAC DEBUG: edac_mc_free: 
[   70.862829][    T1] ==================================================================
[   70.870751][    T1] BUG: KASAN: double-free or invalid-free in kfree+0x264/0x420
[   70.878142][    T1] 
[   70.880331][    T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G    B             5.4.0-rc3+ #1147
[   70.888939][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   70.898154][    T1] Call trace:
[   70.901296][    T1]  dump_backtrace+0x0/0x298
[   70.905651][    T1]  show_stack+0x20/0x30
[   70.909660][    T1]  dump_stack+0x190/0x21c
[   70.913844][    T1]  print_address_description.isra.6+0x80/0x3d0
[   70.919850][    T1]  kasan_report_invalid_free+0x78/0xa0
[   70.925161][    T1]  __kasan_slab_free+0xbc/0x170
[   70.929864][    T1]  kasan_slab_free+0x10/0x18
[   70.934306][    T1]  slab_free_freelist_hook+0x19c/0x228
[   70.939616][    T1]  kfree+0x264/0x420
[   70.943365][    T1]  _edac_mc_free+0x6c/0x210
[   70.947721][    T1]  edac_mc_free+0x68/0x88
[   70.951903][    T1]  ghes_edac_unregister+0x44/0x70
[   70.956782][    T1]  ghes_remove+0x274/0x2a0
[   70.961052][    T1]  platform_drv_remove+0x44/0x78
[   70.965841][    T1]  really_probe+0x404/0x840
[   70.970196][    T1]  driver_probe_device+0x190/0x1f0
[   70.975159][    T1]  device_driver_attach+0x7c/0xb0
[   70.980035][    T1]  __driver_attach+0x1b8/0x1d0
[   70.984652][    T1]  bus_for_each_dev+0xf8/0x190
[   70.989267][    T1]  driver_attach+0x34/0x40
[   70.993535][    T1]  bus_add_driver+0x1d8/0x340
[   70.998063][    T1]  driver_register+0x168/0x1e8
[   71.002680][    T1]  __platform_driver_register+0x80/0x90
[   71.008078][    T1]  ghes_init+0xc4/0x174
[   71.012086][    T1]  do_one_initcall+0x328/0x788
[   71.016704][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.021754][    T1]  kernel_init+0x18/0x178
[   71.025936][    T1]  ret_from_fork+0x10/0x18
[   71.030202][    T1] 
[   71.032385][    T1] Allocated by task 1:
[   71.036308][    T1]  save_stack+0x28/0xb0
[   71.040317][    T1]  __kasan_kmalloc.isra.9+0xa0/0xc8
[   71.045367][    T1]  kasan_kmalloc+0xc/0x18
[   71.049549][    T1]  kmem_cache_alloc_trace+0x2a0/0x2e8
[   71.054773][    T1]  edac_mc_alloc+0x7c4/0xb18
[   71.059216][    T1]  ghes_edac_register+0x164/0x398
[   71.064093][    T1]  ghes_probe+0x648/0x6d8
[   71.068275][    T1]  platform_drv_probe+0x8c/0x110
[   71.073064][    T1]  really_probe+0x32c/0x840
[   71.077419][    T1]  driver_probe_device+0x190/0x1f0
[   71.082381][    T1]  device_driver_attach+0x7c/0xb0
[   71.087257][    T1]  __driver_attach+0x1b8/0x1d0
[   71.091874][    T1]  bus_for_each_dev+0xf8/0x190
[   71.096489][    T1]  driver_attach+0x34/0x40
[   71.100757][    T1]  bus_add_driver+0x1d8/0x340
[   71.105286][    T1]  driver_register+0x168/0x1e8
[   71.109902][    T1]  __platform_driver_register+0x80/0x90
[   71.115299][    T1]  ghes_init+0xc4/0x174
[   71.119307][    T1]  do_one_initcall+0x328/0x788
[   71.123923][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.128973][    T1]  kernel_init+0x18/0x178
[   71.133155][    T1]  ret_from_fork+0x10/0x18
[   71.137420][    T1] 
[   71.139603][    T1] Freed by task 1:
[   71.143178][    T1]  save_stack+0x28/0xb0
[   71.147186][    T1]  __kasan_slab_free+0x140/0x170
[   71.151976][    T1]  kasan_slab_free+0x10/0x18
[   71.156418][    T1]  slab_free_freelist_hook+0x19c/0x228
[   71.161728][    T1]  kfree+0x264/0x420
[   71.165477][    T1]  dimm_attr_release+0x78/0x88
[   71.170093][    T1]  device_release+0xa4/0x108
[   71.174536][    T1]  kobject_put+0x250/0x2c0
[   71.178805][    T1]  device_unregister+0x88/0x98
[   71.183421][    T1]  edac_remove_sysfs_mci_device+0x20c/0x248
[   71.189166][    T1]  edac_mc_del_mc+0xec/0x158
[   71.193609][    T1]  ghes_edac_unregister+0x3c/0x70
[   71.198486][    T1]  ghes_remove+0x274/0x2a0
[   71.202755][    T1]  platform_drv_remove+0x44/0x78
[   71.207543][    T1]  really_probe+0x404/0x840
[   71.211899][    T1]  driver_probe_device+0x190/0x1f0
[   71.216861][    T1]  device_driver_attach+0x7c/0xb0
[   71.221737][    T1]  __driver_attach+0x1b8/0x1d0
[   71.226354][    T1]  bus_for_each_dev+0xf8/0x190
[   71.230969][    T1]  driver_attach+0x34/0x40
[   71.235237][    T1]  bus_add_driver+0x1d8/0x340
[   71.239766][    T1]  driver_register+0x168/0x1e8
[   71.244382][    T1]  __platform_driver_register+0x80/0x90
[   71.249778][    T1]  ghes_init+0xc4/0x174
[   71.253787][    T1]  do_one_initcall+0x328/0x788
[   71.258403][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.263453][    T1]  kernel_init+0x18/0x178
[   71.267635][    T1]  ret_from_fork+0x10/0x18
[   71.271900][    T1] 
[   71.274085][    T1] The buggy address belongs to the object at ffff002323ce2000
[   71.274085][    T1]  which belongs to the cache kmalloc-2k of size 2048
[   71.287989][    T1] The buggy address is located 0 bytes inside of
[   71.287989][    T1]  2048-byte region [ffff002323ce2000, ffff002323ce2800)
[   71.301022][    T1] The buggy address belongs to the page:
[   71.306508][    T1] page:fffffe008c6f3800 refcount:1 mapcount:0 mapping:ffff0020bfc10c80 index:0x0 compound_mapcount: 0
[   71.317291][    T1] flags: 0x1ffff00000010200(slab|head)
[   71.322606][    T1] raw: 1ffff00000010200 fffffe008c6f3608 fffffe008c6f3a08 ffff0020bfc10c80
[   71.331044][    T1] raw: 0000000000000000 0000000000050005 00000001ffffffff 0000000000000000
[   71.339477][    T1] page dumped because: kasan: bad access detected
[   71.345738][    T1] 
[   71.347920][    T1] Memory state around the buggy address:
[   71.353405][    T1]  ffff002323ce1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.361319][    T1]  ffff002323ce1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.369234][    T1] >ffff002323ce2000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.377145][    T1]                    ^
[   71.381066][    T1]  ffff002323ce2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.388981][    T1]  ffff002323ce2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.396892][    T1] ==================================================================

[-- Attachment #3: kasan edac log --]
[-- Type: text/plain, Size: 25719 bytes --]

[   70.234085][    T1] gbefb: probe of gbefb.0 failed with error -16
[   70.249643][    T1] kobject: 'wakeup' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 750)
[   70.260091][    T1] kobject: 'wakeup63' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 750)
[   70.268834][    T1] kobject: 'wakeup' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 500)
[   70.268879][    T1] kobject: 'wakeup64' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 250)
[   70.296399][    T1] [Firmware Bug]: APEI: Invalid bit width + offset in GAR [0x94110034/64/0/3/0]
[   70.306670][    T1] EDAC DEBUG: edac_mc_alloc: allocating 3524 bytes for mci data (32 dimms, 32 csrows/channels)
[   70.322002][    T1] EDAC DEBUG: ghes_edac_dmidecode: DIMM2: Registered-DDR4 size = 16384 MB(ECC)
[   70.330897][    T1] EDAC DEBUG: ghes_edac_dmidecode:         type 26, detail 0x2080, width 72(total 64)
[   70.339844][    T1] EDAC DEBUG: edac_mc_add_mc_with_groups: 
[   70.346860][    T1] EDAC DEBUG: edac_create_sysfs_mci_device: device mc0 created
[   70.355347][    T1] EDAC DEBUG: edac_create_dimm_object: device dimm2 created at location memory 2 
[   70.365595][    T1] EDAC DEBUG: edac_create_csrow_object: device csrow2 created
[   70.373817][    T1] EDAC MC0: Giving out device to module ghes_edac.c controller ghes_edac: DEV ghes (INTERRUPT)
[   70.385243][    T1] EDAC DEBUG: edac_mc_del_mc: 
[   70.390527][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device: 
[   70.398823][    T1] _warn_unseeded_randomness: 49 callbacks suppressed
[   70.398845][    T1] random: get_random_u32 called from kobject_put+0x8c/0x190 with crng_init=0
[   70.414150][    T1] kobject: 'csrow2' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 500)
[   70.424461][    T1] EDAC DEBUG: edac_remove_sysfs_mci_device: unregistering device dimm2
[   70.433873][    T1] kobject: 'dimm2' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 750)
[   70.444066][    T1] EDAC MC: Removed device 0 for ghes_edac.c ghes_edac: DEV ghes
[   70.451689][    T1] EDAC DEBUG: edac_mc_free: 
[   70.456229][    T1] EDAC DEBUG: edac_unregister_sysfs: unregistering device mc0
[   70.465009][    T1] kobject: 'mc0' ((____ptrval____)): kobject_release, parent (____ptrval____) (delayed 500)
[   70.475868][    T1] random: get_random_u32 called from new_slab+0x360/0x698 with crng_init=0
[   70.485594][    T1] EDAC DEBUG: edac_mc_del_mc: 
[   70.490369][    T1] EDAC DEBUG: edac_mc_free: 
[   70.495532][    T1] ------------[ cut here ]------------
[   70.500956][    T1] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x48
[   70.511845][    T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484 debug_print_object+0xec/0x130
[   70.520900][    T1] Modules linked in:
[   70.524671][    T1] CPU: 51 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc3+ #1146
[   70.531991][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   70.541221][    T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[   70.541246][    T1] pc : debug_print_object+0xec/0x130
[   70.551881][    T1] lr : debug_print_object+0xec/0x130
[   70.551890][    T1] sp : ffff0020bf2c7740
[   70.551899][    T1] x29: ffff0020bf2c7740 x28: ffff002324575000 
[   70.551914][    T1] x27: ffff002324575090 x26: ffffa00017543de0 
[   70.551929][    T1] x25: ffffa000101cd558 x24: ffffa00012051fc0 
[   70.551952][    T1] x23: ffffa000150d2200 x22: ffffa000120523a0 
[   70.561099][    T1] x21: ffffa00012051640 x20: 0000000000000000 
[   70.561116][    T1] x19: ffffa00015019000 x18: 0000000000000000 
[   70.561131][    T1] x17: 0000000000000000 x16: 00000000000026b0 
[   70.561145][    T1] x15: 0000000000000000 x14: 6e6968207473696c 
[   70.561160][    T1] x13: 5f72656d6974203a x12: 1fffe00417e58e5a 
[   70.573187][    T1] x11: ffff800417e58e5a x10: dfffa00000000000 
[   70.585213][    T1] x9 : ffff800417e58e5b x8 : 0000000000000001 
[   70.585228][    T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b 
[   70.585243][    T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058 
[   70.585258][    T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0 
[   70.585273][    T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000 
[   70.597298][    T1] Call trace:
[   70.597312][    T1]  debug_print_object+0xec/0x130
[   70.597325][    T1]  __debug_check_no_obj_freed+0x114/0x290
[   70.597337][    T1]  debug_check_no_obj_freed+0x18/0x28
[   70.597349][    T1]  slab_free_freelist_hook+0x18c/0x228
[   70.597359][    T1]  kfree+0x264/0x420
[   70.597376][    T1]  _edac_mc_free+0x6c/0x210
[   70.609382][    T1]  edac_mc_free+0x68/0x88
[   70.609396][    T1]  ghes_edac_unregister+0x44/0x70
[   70.609410][    T1]  ghes_remove+0x274/0x2a0
[   70.609424][    T1]  platform_drv_remove+0x44/0x78
[   70.609434][    T1]  really_probe+0x404/0x840
[   70.609445][    T1]  driver_probe_device+0x190/0x1f0
[   70.609456][    T1]  device_driver_attach+0x7c/0xb0
[   70.609466][    T1]  __driver_attach+0x1b8/0x1d0
[   70.609478][    T1]  bus_for_each_dev+0xf8/0x190
[   70.609488][    T1]  driver_attach+0x34/0x40
[   70.609499][    T1]  bus_add_driver+0x1d8/0x340
[   70.609509][    T1]  driver_register+0x168/0x1e8
[   70.609529][    T1]  __platform_driver_register+0x80/0x90
[   70.621543][    T1]  ghes_init+0xc4/0x174
[   70.621556][    T1]  do_one_initcall+0x328/0x788
[   70.621571][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   70.621584][    T1]  kernel_init+0x18/0x178
[   70.621594][    T1]  ret_from_fork+0x10/0x18
[   70.621610][    T1] irq event stamp: 4389198
[   70.633626][    T1] hardirqs last  enabled at (4389197): [<ffffa00010272398>] console_unlock+0x8d8/0x990
[   70.633643][    T1] hardirqs last disabled at (4389198): [<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[   70.633655][    T1] softirqs last  enabled at (4389194): [<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[   70.633670][    T1] softirqs last disabled at (4389187): [<ffffa000101965e4>] irq_exit+0x114/0x1a0
[   70.633687][    T1] random: get_random_bytes called from print_oops_end_marker+0x30/0x68 with crng_init=0
[   70.633709][    T1] ---[ end trace f366d53b6f843ce8 ]---
[   70.702660][    T1] ------------[ cut here ]------------
[   70.711430][    T1] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x48
[   70.721167][    T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484 debug_print_object+0xec/0x130
[   70.734461][    T1] Modules linked in:
[   70.744498][    T1] CPU: 51 PID: 1 Comm: swapper/0 Tainted: G        W         5.4.0-rc3+ #1146
[   70.744508][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   70.744519][    T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[   70.744531][    T1] pc : debug_print_object+0xec/0x130
[   70.744543][    T1] lr : debug_print_object+0xec/0x130
[   70.744555][    T1] sp : ffff0020bf2c7740
[   70.753182][    T1] x29: ffff0020bf2c7740 x28: ffff00232453a000 
[   70.753199][    T1] x27: ffff00232453a090 x26: ffffa00017543de0 
[   70.753215][    T1] x25: ffffa000101cd558 x24: ffffa00012051fc0 
[   70.753231][    T1] x23: ffffa000150d2200 x22: ffffa000120523a0 
[   70.766743][    T1] x21: ffffa00012051640 x20: 0000000000000000 
[   70.780503][    T1] x19: ffffa00015019000 x18: 0000000000000000 
[   70.780519][    T1] x17: 0000000000000000 x16: 00000000000026b0 
[   70.780534][    T1] x15: 0000000000000000 x14: 726f775f64657961 
[   70.780549][    T1] x13: 6c6564203a746e69 x12: 1fffe00417e58e5a 
[   70.799861][    T1] x11: ffff800417e58e5a x10: dfffa00000000000 
[   70.799877][    T1] x9 : ffff800417e58e5b x8 : 0000000000000001 
[   70.799892][    T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b 
[   70.799907][    T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058 
[   70.799922][    T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0 
[   70.829068][    T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000 
[   70.848735][    T1] Call trace:
[   70.848749][    T1]  debug_print_object+0xec/0x130
[   70.848762][    T1]  __debug_check_no_obj_freed+0x114/0x290
[   70.848774][    T1]  debug_check_no_obj_freed+0x18/0x28
[   70.848786][    T1]  slab_free_freelist_hook+0x18c/0x228
[   70.848801][    T1]  kfree+0x264/0x420
[   70.861248][    T1]  _edac_mc_free+0x1b0/0x210
[   70.861260][    T1]  edac_mc_free+0x68/0x88
[   70.861272][    T1]  ghes_edac_unregister+0x44/0x70
[   70.861283][    T1]  ghes_remove+0x274/0x2a0
[   70.861295][    T1]  platform_drv_remove+0x44/0x78
[   70.861305][    T1]  really_probe+0x404/0x840
[   70.861317][    T1]  driver_probe_device+0x190/0x1f0
[   70.861331][    T1]  device_driver_attach+0x7c/0xb0
[   70.926321][    T1]  __driver_attach+0x1b8/0x1d0
[   70.926338][    T1]  bus_for_each_dev+0xf8/0x190
[   70.938348][    T1]  driver_attach+0x34/0x40
[   70.938360][    T1]  bus_add_driver+0x1d8/0x340
[   70.938370][    T1]  driver_register+0x168/0x1e8
[   70.938382][    T1]  __platform_driver_register+0x80/0x90
[   70.938393][    T1]  ghes_init+0xc4/0x174
[   70.938407][    T1]  do_one_initcall+0x328/0x788
[   70.950417][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   70.950429][    T1]  kernel_init+0x18/0x178
[   70.950440][    T1]  ret_from_fork+0x10/0x18
[   70.950448][    T1] irq event stamp: 4389536
[   70.950461][    T1] hardirqs last  enabled at (4389535): [<ffffa000100c0e78>] el1_irq+0x138/0x200
[   70.950478][    T1] hardirqs last disabled at (4389536): [<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[   71.118261][    T1] softirqs last  enabled at (4389534): [<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[   71.118278][    T1] softirqs last disabled at (4389527): [<ffffa000101965e4>] irq_exit+0x114/0x1a0
[   71.136533][    T1] ---[ end trace f366d53b6f843ce9 ]---
[   71.137908][    T1] ------------[ cut here ]------------
[   71.147364][    T1] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x48
[   71.158178][    T1] WARNING: CPU: 51 PID: 1 at lib/debugobjects.c:484 debug_print_object+0xec/0x130
[   71.167232][    T1] Modules linked in:
[   71.167251][    T1] CPU: 51 PID: 1 Comm: swapper/0 Tainted: G        W         5.4.0-rc3+ #1146
[   71.167261][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   71.167271][    T1] pstate: 80800009 (Nzcv daif -PAN +UAO)
[   71.167283][    T1] pc : debug_print_object+0xec/0x130
[   71.167301][    T1] lr : debug_print_object+0xec/0x130
[   71.179747][    T1] sp : ffff0020bf2c7740
[   71.179756][    T1] x29: ffff0020bf2c7740 x28: ffff002324534000 
[   71.179772][    T1] x27: ffff002324534090 x26: ffffa00017543de0 
[   71.179787][    T1] x25: ffffa000101cd558 x24: ffffa00012051fc0 
[   71.179802][    T1] x23: ffffa000150d2200 x22: ffffa000120523a0 
[   71.179821][    T1] x21: ffffa00012051640 x20: 0000000000000000 
[   71.194524][    T1] x19: ffffa00015019000 x18: 0000000000000000 
[   71.194540][    T1] x17: 0000000000000000 x16: 00000000000026b0 
[   71.194555][    T1] x15: 0000000000000000 x14: 775f646579616c65 
[   71.194569][    T1] x13: 64203a746e696820 x12: 1fffe00417e58e5a 
[   71.204857][    T1] x11: ffff800417e58e5a x10: dfffa00000000000 
[   71.204873][    T1] x9 : ffff800417e58e5b x8 : 0000000000000001 
[   71.204889][    T1] x7 : ffff0020bf2c72d7 x6 : ffff800417e58e5b 
[   71.204904][    T1] x5 : 1fffe00417e57936 x4 : ffff0020bf2bc058 
[   71.214930][    T1] x3 : ffffa00010000000 x2 : ffff800417e58eb0 
[   71.214947][    T1] x1 : 28c26c7bd9c65300 x0 : 0000000000000000 
[   71.214961][    T1] Call trace:
[   71.214974][    T1]  debug_print_object+0xec/0x130
[   71.214986][    T1]  __debug_check_no_obj_freed+0x114/0x290
[   71.215006][    T1]  debug_check_no_obj_freed+0x18/0x28
[   71.281033][    T1]  slab_free_freelist_hook+0x18c/0x228
[   71.281044][    T1]  kfree+0x264/0x420
[   71.281055][    T1]  _edac_mc_free+0x1f8/0x210
[   71.281066][    T1]  edac_mc_free+0x68/0x88
[   71.281078][    T1]  ghes_edac_unregister+0x44/0x70
[   71.281089][    T1]  ghes_remove+0x274/0x2a0
[   71.281100][    T1]  platform_drv_remove+0x44/0x78
[   71.281111][    T1]  really_probe+0x404/0x840
[   71.281121][    T1]  driver_probe_device+0x190/0x1f0
[   71.281132][    T1]  device_driver_attach+0x7c/0xb0
[   71.281142][    T1]  __driver_attach+0x1b8/0x1d0
[   71.281154][    T1]  bus_for_each_dev+0xf8/0x190
[   71.281166][    T1]  driver_attach+0x34/0x40
[   71.293176][    T1]  bus_add_driver+0x1d8/0x340
[   71.293186][    T1]  driver_register+0x168/0x1e8
[   71.293198][    T1]  __platform_driver_register+0x80/0x90
[   71.293208][    T1]  ghes_init+0xc4/0x174
[   71.293219][    T1]  do_one_initcall+0x328/0x788
[   71.293231][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.302370][    T1]  kernel_init+0x18/0x178
[   71.302381][    T1]  ret_from_fork+0x10/0x18
[   71.302389][    T1] irq event stamp: 4390142
[   71.302401][    T1] hardirqs last  enabled at (4390141): [<ffffa000100c0e78>] el1_irq+0x138/0x200
[   71.302416][    T1] hardirqs last disabled at (4390142): [<ffffa000100fd884>] debug_exception_enter+0x8c/0x190
[   71.302429][    T1] softirqs last  enabled at (4390140): [<ffffa000100bf4a4>] __do_softirq+0x894/0x920
[   71.312787][    T1] softirqs last disabled at (4390133): [<ffffa000101965e4>] irq_exit+0x114/0x1a0
[   71.312796][    T1] ---[ end trace f366d53b6f843cea ]---
[   71.374558][    T1] ==================================================================
[   71.382943][    T1] BUG: KASAN: use-after-free in ghes_edac_unregister+0x28/0x70
[   71.382954][    T1] Read of size 8 at addr ffff002324534bdc by task swapper/0/1
[   71.382961][    T1] 
[   71.382977][    T1] CPU: 52 PID: 1 Comm: swapper/0 Tainted: G        W         5.4.0-rc3+ #1146
[   71.382986][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   71.382995][    T1] Call trace:
[   71.383010][    T1]  dump_backtrace+0x0/0x298
[   71.393017][    T1]  show_stack+0x20/0x30
[   71.393029][    T1]  dump_stack+0x190/0x21c
[   71.393043][    T1]  print_address_description.isra.6+0x80/0x3d0
[   71.393055][    T1]  __kasan_report+0x174/0x2s_edac_unregister+0x28/0x70
[   71.469817][    T1]  ghes_remove+0x274/0x2a0
[   71.469837][    T1]  platform_drv_remove+0x44/0x78
[   71.484544][    T1]  really_probe+0x404/0x840
[   71.484556][    T1]  driver_probe_device+0x190/0x1f0
[   71.484567][    T1]  device_driver_attach+0x7c/0xb0
[   71.484578][    T1]  __driver_attach+0x1b8/0x1d0
[   71.484589][    T1]  bus_for_each_dev+0xf8/0x190
[   71.484600][    T1]  driver_attach+0x34/0x40
[   71.484618][    T1]  bus_add_driver+0x1d8/0x340
[   71.495501][    T1]  driver_register+0x168/0x1e8
[   71.495514][    T1]  __platform_driver_register+0x80/0x90
[   71.495525][    T1]  ghes_init+0xc4/0x174
[   71.495536][    T1]  do_one_initcall+0x328/0x788
[   71.495548][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.495560][    T1]  kernel_init+0x18/0x178
[   71.495571][    T1]  ret_from_fork+0x10/0x18
[   71.495582][    T1] 
[   71.535102][    T1] Allocated by task 1:
[   71.535115][    T1]  save_stack+0x28/0xb0
[   71.544170][    T1]  __kasan_kmalloc.isra.9+0xa0/0xc8
[   71.544181][    T1]  kasan_kmalloc+0xc/0x18
[   71.544192][    T1]  __kmalloc+0x2d0/0x338
[   71.544205][    T1]  edac_mc_alloc+0xaa8/0xb18
[   71.544216][    T1]  ghes_edac_register+0x164/0x398
[   71.544227][    T1]  ghes_probe+0x648/0x6d8
[   71.544239][    T1]  platform_drv_probe+0x8c/0x110
[   71.544250][    T1]  really_probe+0x32c/0x840
[   71.553304][    T1]  driver_probe_device+0x190/0x1f0
[   71.553315][    T1]  device_driver_attach+0x7c/0xb0
[   71.553326][    T1]  __driver_attach+0x1b8/0x1d0
[   71.553338][    T1]  bus_for_each_dev+0xf8/0x190
[   71.553348][    T1]  driver_attach+0x34/0x40
[   71.553359][    T1]  bus_add_driver+0x1d8/0x340
[   71.553369][    T1]  driver_register+0x168/0x1e8
[   71.553382][    T1]  __platform_driver_register+0x80/0x90
[   71.567572][    T1]  ghes_init+0xc4/0x174
[   71.567588][    T1]  do_one_initcall+0x328/0x788
[   71.576829][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.576841][    T1]  kernel_init+0x18/0x178
[   71.576852][    T1]  ret_from_fork+0x10/0x18
[   71.576859][    T1] 
[   71.576868][    T1] Freed by task 1:
[   71.576879][    T1]  save_stack+0x28/0xb0
[   71.576891][    T1]  __kasan_slab_free+0x140/0x170
[   71.576908][    T1]  kasan_slab_free+0x10/0x18
[   71.585708][    T1]  slab_free_freelist_hook+0x19c/0x228
[   71.585720][    T1]  kfree+0x264/0x420
[   71.585732][    T1]  _edac_mc_free+0x1f8/0x210
[   71.585743][    T1]  edac_mc_free+0x68/0x88
[   71.585754][    T1]  ghes_edac_unregister+0x44/0x70
[   71.585766][    T1]  ghes_remove+0x274/0x2a0
[   71.585777][    T1]  platform_drv_remove+0x44/0x78
[   71.585792][    T1]  really_probe+0x404/0x840
[   71.659765][  T904] kobject: 'wakeup54' ((____ptrval____)): kobject_cleanup, parent (____ptrval____)
[   71.663982][    T1]  driver_probe_device+0x190/0x1f0
[   71.663994][    T1]  device_driver_attach+0x7c/0xb0
[   71.664006][    T1]  __driver_attach+0x1b8/0x1d0
[   71.664017][    T1]  bus_for_each_dev+0xf8/0x190
[   71.664028][    T1]  driver_attach+0x34/0x40
[   71.664038][    T1]  bus_add_driver+0x1d8/0x340
[   71.664049][    T1]  driver_register+0x168/0x1e8
[   71.664061][    T1]  __platform_driver_register+0x80/0x90
[   71.664071][    T1]  ghes_init+0xc4/0x174
[   71.664082][    T1]  do_one_initcall+0x328/0x788
[   71.664094][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.664105][    T1]  kernel_init+0x18/0x178
[   71.664116][    T1]  ret_from_fork+0x10/0x18
[   71.664129][    T1] 
[   71.669171][  T904] kobject: 'wakeup54' ((____ptrval____)): calling ktype release
[   71.673978][    T1] The buggy address belongs to the object at ffff002324534000
[   71.673978][    T1]  which belongs to the cache kmalloc-4k of size 4096
[   71.673990][    T1] The buggy address is located 3036 bytes inside of
[   71.673990][    T1]  4096-byte region [ffff002324534000, ffff002324535000)
[   71.673999][    T1] The buggy address belongs to the page:
[   71.674013][    T1] page:fffffe008c714c00 refcount:1 mapcount:0 mapping:ffff0020bfc16980 index:0x0 compound_mapcount: 0
[   71.674032][    T1] flags: 0x1ffff00000010200(slab|head)
[   71.674055][    T1] raw: 1ffff00000010200 fffffe008c714808 fffffe008c716e08 ffff0020bfc16980
[   71.678784][  T904] kobject: 'wakeup54': free name
[   71.683294][    T1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   71.683303][    T1] page dumped because: kasan: bad access detected
[   71.683310][    T1] 
[   71.683318][    T1] Memory state around the buggy address:
[   71.683330][    T1]  ffff002324534a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.683341][    T1]  ffff002324534b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.683352][    T1] >ffff002324534b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.683368][    T1]                                                     ^
[   71.755750][  T853] kobject: 'wakeup' ((____ptrval____)): kobject_cleanup, parent (____ptrval____)
[   71.756770][    T1]  ffff002324534c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.756781][    T1]  ffff002324534c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.761102][  T853] kobject: 'wakeup' ((____ptrval____)): calling ktype release
[   71.765835][    T1] ==================================================================
[   71.765843][    T1] Disabling lock debugging due to kernel taint
[   71.765935][  T850] kobject: 'wakeup21' ((____ptrval____)): kobject_cleanup, parent (____ptrval____)
[   71.766851][    T1] EDAC DEBUG: edac_mc_del_mc: 
[   71.766864][    T1] EDAC DEBUG: edac_mc_free: 
[   71.766881][    T1] ==================================================================
[   71.766891][    T1] BUG: KASAN: double-free or invalid-free in kfree+0x264/0x420
[   71.766895][    T1] 
[   71.766904][    T1] CPU: 48 PID: 1 Comm: swapper/0 Tainted: G    B   W         5.4.0-rc3+ #1146
[   71.766910][    T1] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019
[   71.766915][    T1] Call trace:
[   71.766923][    T1]  dump_backtrace+0x0/0x298
[   71.766929][    T1]  show_stack+0x20/0x30
[   71.766936][    T1]  dump_stack+0x190/0x21c
[   71.766945][    T1]  print_address_description.isra.6+0x80/0x3d0
[   71.766953][    T1]  kasan_report_invalid_free+0x78/0xa0
[   71.766960][    T1]  __kasan_slab_free+0xbc/0x170
[   71.766968][    T1]  kasan_slab_free+0x10/0x18
[   71.766975][    T1]  slab_free_freelist_hook+0x19c/0x228
[   71.766981][    T1]  kfree+0x264/0x420
[   71.766989][    T1]  _edac_mc_free+0x6c/0x210
[   71.766997][    T1]  edac_mc_free+0x68/0x88
[   71.767004][    T1]  ghes_edac_unregister+0x44/0x70
[   71.767012][    T1]  ghes_remove+0x274/0x2a0
[   71.767019][    T1]  platform_drv_remove+0x44/0x78
[   71.767026][    T1]  really_probe+0x404/0x840
[   71.767033][    T1]  driver_probe_device+0x190/0x1f0
[   71.767039][    T1]  device_driver_attach+0x7c/0xb0
[   71.767046][    T1]  __driver_attach+0x1b8/0x1d0
[   71.767054][    T1]  bus_for_each_dev+0xf8/0x190
[   71.767060][    T1]  driver_attach+0x34/0x40
[   71.767067][    T1]  bus_add_driver+0x1d8/0x340
[   71.767073][    T1]  driver_register+0x168/0x1e8
[   71.767081][    T1]  __platform_driver_register+0x80/0x90
[   71.767088][    T1]  ghes_init+0xc4/0x174
[   71.767095][    T1]  do_one_initcall+0x328/0x788
[   71.767104][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.767111][    T1]  kernel_init+0x18/0x178
[   71.767118][    T1]  ret_from_fork+0x10/0x18
[   71.767122][    T1] 
[   71.767127][    T1] Allocated by task 1:
[   71.767135][    T1]  save_stack+0x28/0xb0
[   71.767143][    T1]  __kasan_kmalloc.isra.9+0xa0/0xc8
[   71.767150][    T1]  kasan_kmalloc+0xc/0x18
[   71.767157][    T1]  kmem_cache_alloc_trace+0x2a0/0x2e8
[   71.767165][    T1]  edac_mc_alloc+0x5d4/0xb18
[   71.767172][    T1]  ghes_edac_register+0x164/0x398
[   71.767180][    T1]  ghes_probe+0x648/0x6d8
[   71.767187][    T1]  platform_drv_probe+0x8c/0x110
[   71.767193][    T1]  really_probe+0x32c/0x840
[   71.767201][    T1]  driver_probe_device+0x190/0x1f0
[   71.767207][    T1]  device_driver_attach+0x7c/0xb0
[   71.767214][    T1]  __driver_attach+0x1b8/0x1d0
[   71.767222][    T1]  bus_for_each_dev+0xf8/0x190
[   71.767228][    T1]  driver_attach+0x34/0x40
[   71.767234][    T1]  bus_add_driver+0x1d8/0x340
[   71.767241][    T1]  driver_register+0x168/0x1e8
[   71.767249][    T1]  __platform_driver_register+0x80/0x90
[   71.767255][    T1]  ghes_init+0xc4/0x174
[   71.767262][    T1]  do_one_initcall+0x328/0x788
[   71.767270][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.767277][    T1]  kernel_init+0x18/0x178
[   71.767284][    T1]  ret_from_fork+0x10/0x18
[   71.767287][    T1] 
[   71.767292][    T1] Freed by task 1:
[   71.767299][    T1]  save_stack+0x28/0xb0
[   71.767306][    T1]  __kasan_slab_free+0x140/0x170
[   71.767314][    T1]  kasan_slab_free+0x10/0x18
[   71.767321][    T1]  slab_free_freelist_hook+0x19c/0x228
[   71.767327][    T1]  kfree+0x264/0x420
[   71.767335][    T1]  _edac_mc_free+0x15c/0x210
[   71.767342][    T1]  edac_mc_free+0x68/0x88
[   71.767349][    T1]  ghes_edac_unregister+0x44/0x70
[   71.767357][    T1]  ghes_remove+0x274/0x2a0
[   71.767364][    T1]  platform_drv_remove+0x44/0x78
[   71.767371][    T1]  really_probe+0x404/0x840
[   71.767377][    T1]  driver_probe_device+0x190/0x1f0
[   71.767384][    T1]  device_driver_attach+0x7c/0xb0
[   71.767391][    T1]  __driver_attach+0x1b8/0x1d0
[   71.767398][    T1]  bus_for_each_dev+0xf8/0x190
[   71.767405][    T1]  driver_attach+0x34/0x40
[   71.767411][    T1]  bus_add_driver+0x1d8/0x340
[   71.767418][    T1]  driver_register+0x168/0x1e8
[   71.767426][    T1]  __platform_driver_register+0x80/0x90
[   71.767432][    T1]  ghes_init+0xc4/0x174
[   71.767439][    T1]  do_one_initcall+0x328/0x788
[   71.767447][    T1]  kernel_init_freeable+0x2fc/0x3d4
[   71.767454][    T1]  kernel_init+0x18/0x178
[   71.767461][    T1]  ret_from_fork+0x10/0x18
[   71.767464][    T1] 
[   71.767471][    T1] The buggy address belongs to the object at ffff002324528800
[   71.767471][    T1]  which belongs to the cache kmalloc-128 of size 128
[   71.767478][    T1] The buggy address is located 0 bytes inside of
[   71.767478][    T1]  128-byte region [ffff002324528800, ffff002324528880)
[   71.767482][    T1] The buggy address belongs to the page:
[   71.767490][    T1] page:fffffe008c714a00 refcount:1 mapcount:0 mapping:ffff0020bfc10580 index:0xffff00232452e480 compound_mapcount: 0
[   71.767500][    T1] flags: 0x1ffff00000010200(slab|head)
[   71.767511][    T1] raw: 1ffff00000010200 fffffe008c72b408 fffffe008c715408 ffff0020bfc10580
[   71.767521][    T1] raw: ffff00232452e480 0000000000330019 00000001ffffffff 0000000000000000
[   71.767525][    T1] page dumped because: kasan: bad access detected
[   71.767529][    T1] 
[   71.767532][    T1] Memory state around the buggy address:
[   71.767540][    T1]  ffff002324528700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.767547][    T1]  ffff002324528780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.767553][    T1] >ffff002324528800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.767557][    T1]                    ^
[   71.767564][    T1]  ffff002324528880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.767571][    T1]  ffff002324528900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.767575][    T1] ==================================================================