FYI, we noticed the following commit: commit: fee1df54b64871f8c097a53fcb02145af48c0b48 ("inotify: Convert to using per-namespace limits") https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu qemu64,+ssse3 -smp 4 -m 4G caused below changes: +-------------------------------------------------------+------------+------------+ | | 19339c2516 | fee1df54b6 | +-------------------------------------------------------+------------+------------+ | boot_successes | 14 | 3 | | boot_failures | 2 | 13 | | BUG:kernel_hang_in_test_stage | 2 | | | BUG_kmalloc-#(Not_tainted):Freepointer_corrupt | 0 | 13 | | INFO:Allocated_in_setup_userns_sysctls_age=#cpu=#pid= | 0 | 13 | | INFO:Freed_in_assoc_array_rcu_cleanup_age=#cpu=#pid= | 0 | 2 | | INFO:Slab#objects=#used=#fp=#flags= | 0 | 13 | | INFO:Object#@offset=#fp= | 0 | 13 | | calltrace:free_user_ns | 0 | 13 | | INFO:Freed_in_load_elf_binary_age=#cpu=#pid= | 0 | 3 | | INFO:Freed_in_kvfree_age=#cpu=#pid= | 0 | 3 | | INFO:Freed_in_skb_free_head_age=#cpu=#pid= | 0 | 1 | | INFO:Freed_in_do_readv_writev_age=#cpu=#pid= | 0 | 2 | | INFO:Freed_in_process_vm_rw_age=#cpu=#pid= | 0 | 2 | +-------------------------------------------------------+------------+------------+ [ 67.135026] [child2:457] Tried 8 32-bit syscalls unsuccessfully. Disabling all 32-bit syscalls. [ 67.170798] [ 67.195253] ============================================================================= [ 67.199676] BUG kmalloc-512 (Not tainted): Freepointer corrupt [ 67.202508] ----------------------------------------------------------------------------- [ 67.202508] [ 67.208161] Disabling lock debugging due to kernel taint [ 67.210870] INFO: Allocated in setup_userns_sysctls+0x44/0xd0 age=63 cpu=0 pid=459 [ 67.237533] INFO: Freed in assoc_array_rcu_cleanup+0x5b/0x60 age=194 cpu=0 pid=442 [ 67.270428] INFO: Slab 0xffff88013ee3c000 objects=19 used=7 fp=0xffff880119082478 flags=0x4700000004080 [ 67.274025] INFO: Object 0xffff880119080008 @offset=8 fp=0xffff8801127941b0 [ 67.274025] [ 67.277379] Redzone ffff880119080000: cc cc cc cc cc cc cc cc ........ [ 67.280871] Object ffff880119080008: ce cd c8 81 ff ff ff ff 90 41 79 12 01 88 ff ff .........Ay..... [ 67.297444] Object ffff880119080018: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.301144] Object ffff880119080028: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.304870] Object ffff880119080038: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.308378] Object ffff880119080048: e2 cd c8 81 ff ff ff ff 94 41 79 12 01 88 ff ff .........Ay..... [ 67.325144] Object ffff880119080058: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.328715] Object ffff880119080068: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.332349] Object ffff880119080078: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.348963] Object ffff880119080088: f5 cd c8 81 ff ff ff ff 98 41 79 12 01 88 ff ff .........Ay..... [ 67.352342] Object ffff880119080098: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.355934] Object ffff8801190800a8: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.359495] Object ffff8801190800b8: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.376219] Object ffff8801190800c8: 08 ce c8 81 ff ff ff ff 9c 41 79 12 01 88 ff ff .........Ay..... [ 67.380179] Object ffff8801190800d8: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.384134] Object ffff8801190800e8: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.401171] Object ffff8801190800f8: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.405146] Object ffff880119080108: 1b ce c8 81 ff ff ff ff a0 41 79 12 01 88 ff ff .........Ay..... [ 67.409110] Object ffff880119080118: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.421613] Object ffff880119080128: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.436803] Object ffff880119080138: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.439930] Object ffff880119080148: 2e ce c8 81 ff ff ff ff a4 41 79 12 01 88 ff ff .........Ay..... [ 67.443363] Object ffff880119080158: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.446991] Object ffff880119080168: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.463269] Object ffff880119080178: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.466942] Object ffff880119080188: 41 ce c8 81 ff ff ff ff a8 41 79 12 01 88 ff ff A........Ay..... [ 67.470603] Object ffff880119080198: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 67.474263] Object ffff8801190801a8: 50 6e 0a 81 ff ff ff ff 00 00 00 00 00 00 00 00 Pn.............. [ 67.491084] Object ffff8801190801b8: a0 d3 0c 82 ff ff ff ff 40 f0 e4 81 ff ff ff ff ........@....... [ 67.496620] Object ffff8801190801c8: 00 00 00 00 00 00 00 00 ac 41 79 12 01 88 ff ff .........Ay..... [ 67.501700] Object ffff8801190801d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.525954] Object ffff8801190801e8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.536043] Object ffff8801190801f8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 67.546183] Redzone ffff880119080208: cc cc cc cc cc cc cc cc ........ [ 67.555875] Padding ffff880119080348: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 67.567077] CPU: 0 PID: 18 Comm: kworker/0:1 Tainted: G B 4.9.0-rc6-00006-gfee1df5 #1 [ 67.573042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 67.576844] Workqueue: events free_user_ns [ 67.578704] ffff880139d2fc38 ffffffff81436206 ffff880139d2fc78 ffffffff8119c62d [ 67.582371] 0000000000000008 ffffffff00000001 ffff88013b002cc0 ffff880119080008 [ 67.598908] ffff88013ee3c000 00000000000000cc ffff880139d2fcc0 ffffffff8119d9b5 [ 67.602416] Call Trace: [ 67.603707] [] dump_stack+0x19/0x23 [ 67.605514] [] print_trailer+0x18d/0x280 [ 67.607380] [] check_object+0x195/0x2c0 [ 67.609301] [] free_debug_processing+0x175/0x3b0 [ 67.637750] [] ? retire_userns_sysctls+0x33/0x40 [ 67.640451] [] __slab_free+0x1d6/0x360 [ 67.642878] [] ? drop_sysctl_table+0x59/0xb0 [ 67.645506] [] ? drop_sysctl_table+0x59/0xb0 [ 67.648100] [] ? retire_userns_sysctls+0x33/0x40 [ 67.650856] [] kfree+0x15d/0x180 [ 67.668421] [] retire_userns_sysctls+0x33/0x40 [ 67.670508] [] free_user_ns+0x2b/0x70 [ 67.672421] [] process_one_work+0x1d0/0x4c0 [ 67.674448] [] worker_thread+0x4a/0x520 [ 67.676397] [] ? __schedule+0x165/0x4b0 [ 67.678351] [] ? process_one_work+0x4c0/0x4c0 [ 67.693456] [] ? process_one_work+0x4c0/0x4c0 [ 67.695532] [] kthread+0xd4/0xf0 [ 67.697350] [] ? __switch_to+0x306/0x650 [ 67.699312] [] ? __kthread_create_on_node+0x140/0x140 [ 67.701511] [] ret_from_fork+0x2a/0x40 [ 67.703496] FIX kmalloc-512: Object at 0xffff880119080008 not freed [ 67.725335] [child3:449] Tried 8 32-bit syscalls unsuccessfully. Disabling all 32-bit syscalls. [ 67.725336] To reproduce: git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, Ying Huang