If SLAB_RED_ZONE is enabled, slub adds guard zone of sizeof(void *) onto head of slab page (red zone padding of left of object) on v4.6 or later. Without this fix, like following SUPERBLK and [allocate addr] has difference. crash> mount MOUNT SUPERBLK TYPE DEVNAME DIRNAME ffff88013ae58040 ffff88013ac35698 rootfs rootfs / [...] crash> kmem ffff88013ac35698 CACHE NAME OBJSIZE ALLOCATED TOTAL SLABS SSIZE ffff88013ac05bc0 kmalloc-4096 4096 118 126 18 32k SLAB MEMORY NODE TOTAL ALLOCATED FREE ffffea0004eb0c00 ffff88013ac30000 0 7 7 0 FREE / [ALLOCATED] [ffff88013ac35690] [...] --- defs.h | 1 + memory.c | 8 ++++++++ symbols.c | 2 ++ 3 files changed, 11 insertions(+) diff -puN memory.c~slub-red_zone-fix memory.c --- crash-64/memory.c~slub-red_zone-fix 2017-01-30 10:21:12.123644726 +0900 +++ crash-64-hirofumi/memory.c 2017-01-30 10:21:12.127644748 +0900 @@ -723,6 +723,7 @@ vm_init(void) MEMBER_OFFSET_INIT(kmem_cache_node, "kmem_cache", "node"); MEMBER_OFFSET_INIT(kmem_cache_cpu_slab, "kmem_cache", "cpu_slab"); MEMBER_OFFSET_INIT(kmem_cache_list, "kmem_cache", "list"); + MEMBER_OFFSET_INIT(kmem_cache_red_left_pad, "kmem_cache", "red_left_pad"); MEMBER_OFFSET_INIT(kmem_cache_name, "kmem_cache", "name"); MEMBER_OFFSET_INIT(kmem_cache_flags, "kmem_cache", "flags"); MEMBER_OFFSET_INIT(kmem_cache_cpu_freelist, "kmem_cache_cpu", "freelist"); @@ -18442,6 +18443,13 @@ do_slab_slub(struct meminfo *si, int ver fprintf(fp, "< SLUB: free list END (%d found) >\n", i); } + if (VALID_MEMBER(kmem_cache_red_left_pad)) { +#define SLAB_RED_ZONE 0x00000400UL + ulong flags = ULONG(si->cache_buf + OFFSET(kmem_cache_flags)); + ulong red_left_pad = ULONG(si->cache_buf + OFFSET(kmem_cache_red_left_pad)); + if (flags & SLAB_RED_ZONE) + vaddr += red_left_pad; + } for (p = vaddr; p < vaddr + objects * si->size; p += si->size) { hq_open(); is_free = FALSE; diff -puN defs.h~slub-red_zone-fix defs.h --- crash-64/defs.h~slub-red_zone-fix 2017-01-30 10:21:12.124644731 +0900 +++ crash-64-hirofumi/defs.h 2017-02-01 00:11:33.445552457 +0900 @@ -1696,6 +1696,7 @@ struct offset_table { long kmem_cache_align; long kmem_cache_name; long kmem_cache_list; + long kmem_cache_red_left_pad; long kmem_cache_node; long kmem_cache_cpu_slab; long page_inuse; diff -puN symbols.c~slub-red_zone-fix symbols.c --- crash-64/symbols.c~slub-red_zone-fix 2017-01-30 10:21:12.124644731 +0900 +++ crash-64-hirofumi/symbols.c 2017-02-01 00:11:33.446552463 +0900 @@ -9330,6 +9330,8 @@ dump_offset_table(char *spec, ulong make OFFSET(kmem_cache_name)); fprintf(fp, " kmem_cache_list: %ld\n", OFFSET(kmem_cache_list)); + fprintf(fp, " kmem_cache_red_left_pad: %ld\n", + OFFSET(kmem_cache_red_left_pad)); fprintf(fp, " kmem_cache_node: %ld\n", OFFSET(kmem_cache_node)); fprintf(fp, " kmem_cache_cpu_slab: %ld\n", _ -- OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp&gt;