Re: [linux-next:master] [mm/slab] 4fad56bdb6: BUG_kmalloc-#:Padding_overwritten.#-#@offset=

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Harry Yoo <harry.yoo@oracle.com>
To: kernel test robot <oliver.sang@intel.com>
Cc: oe-lkp@lists.linux.dev, lkp@intel.com,
	Vlastimil Babka <vbabka@suse.cz>,
	linux-mm@kvack.org, surenb@google.com
Subject: Re: [linux-next:master] [mm/slab]  4fad56bdb6: BUG_kmalloc-#:Padding_overwritten.#-#@offset=
Date: Sat, 24 Jan 2026 20:12:21 +0900	[thread overview]
Message-ID: <aXSpFYShAMM3MnXu@hyeyoo> (raw)
In-Reply-To: <202601231457.f7b31e09-lkp@intel.com>

On Fri, Jan 23, 2026 at 03:21:19PM +0800, kernel test robot wrote:
> 
> 
> Hello,
> 
> kernel test robot noticed "BUG_kmalloc-#:Padding_overwritten.#-#@offset=" on:
> 
> commit: 4fad56bdb6b4c4bc0ea2d919df1ae4eef7b69919 ("mm/slab: save memory by allocating slabobj_ext array from leftover")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git
> 
> [test failed on linux-next/master e3b32dcb9f23e3c3927ef3eec6a5842a988fb574]
> 
> in testcase: boot
> 
> config: x86_64-randconfig-012-20260121
> compiler: clang-20
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
> 
> (please refer to attached dmesg/kmsg for entire log/backtrace)
> 
> 
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202601231457.f7b31e09-lkp@intel.com
> 
> 
> 
> [    3.646661][    T0] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
> [    3.647660][    T0] **********************************************************
> [    3.648834][    T0] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
> [    3.651537][    T0] Kernel/User page tables isolation: enabled
> [    3.653242][    T0] =============================================================================
> [    3.655191][    T0] BUG kmalloc-192 (Tainted: G                T  ): Padding overwritten. 0xffff88810006c028-0xffff88810006bfff @offset=8232
> [    3.657925][    T0] -----------------------------------------------------------------------------
> [    3.657925][    T0]
> [    3.660319][    T0] Padding ffff88810006c028: 00 00 00 00 00 00 00 00 30 c0 06 00 81 88 ff ff  ........0.......
> [    3.662476][    T0] Padding ffff88810006c038: 30 c0 06 00 81 88 ff ff 00 00 00 00 00 00 00 00  0...............
> [    3.664649][    T0] Padding ffff88810006c048: 48 c0 06 00 81 88 ff ff 48 c0 06 00 81 88 ff ff  H.......H.......
> 
> 
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20260123/202601231457.f7b31e09-lkp@intel.com

Thanks for the report! It was very helpful to reproduce the bug.
after some printk() debugging, I discovered that the slab being reported
allocated the slabobj_ext array via kmalloc.

So I added a warning to confirm that the array was allocated
from the same slab we're allocating the array for:

@@ -2145,6 +2164,12 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s,
                return -ENOMEM;
        }

+       unsigned long start = (unsigned long)slab_address(slab);
+       unsigned long end = start + slab_size(slab);
+       unsigned long val = (unsigned long)vec;
+
+       WARN_ON_ONCE(val >= start && val < end);

and it was hit:

WARNING: mm/slub.c:2171 at alloc_slab_obj_exts+0x18a/0x1e0, CPU#0: swapper/0
[...]
Call Trace:
 <TASK>
 __alloc_tagging_slab_alloc_hook+0xac/0x220
 __kmalloc_cache_noprof+0x196/0x470
 ? __kmalloc_cache_noprof+0x200/0x470
 ? shrinker_alloc+0xa9/0x3b0
 shrinker_alloc+0xa9/0x3b0
 vmalloc_init+0x616/0x8f0
[...]

I sent a fix to prevent this and confirmed that the fix resolved
the reported issue.

https://lore.kernel.org/linux-mm/20260124104614.9739-1-harry.yoo@oracle.com/

Thanks!

-- 
Cheers,
Harry / Hyeonggon

     prev parent reply	other threads:[~2026-01-24 11:12 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-23  7:21 kernel test robot
2026-01-24 11:12 ` Harry Yoo [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aXSpFYShAMM3MnXu@hyeyoo \
    --to=harry.yoo@oracle.com \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=oe-lkp@lists.linux.dev \
    --cc=oliver.sang@intel.com \
    --cc=surenb@google.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox