FYI, we noticed the following commit: https://github.com/0day-ci/linux Nikolay-Borisov/inotify-Convert-to-using-per-namespace-limits/20161011-153830 commit 464e1236c367919e405c8d248d6a4118fdc4a2c1 ("inotify: Convert to using per-namespace limits") in testcase: trinity with following parameters: runtime: 300s Trinity is a linux system call fuzz tester. on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 320M caused below changes: +-------------------------------------------------------+------------+------------+ | | 101105b171 | 464e1236c3 | +-------------------------------------------------------+------------+------------+ | boot_successes | 20 | 62 | | boot_failures | 14 | 94 | | invoked_oom-killer:gfp_mask=0x | 14 | 10 | | Mem-Info | 14 | 10 | | page_allocation_failure:order:#,mode:#(GFP_USER) | 1 | | | BUG_kmalloc-#(Not_tainted):Freepointer_corrupt | 0 | 46 | | INFO:Allocated_in_setup_userns_sysctls_age=#cpu=#pid= | 0 | 46 | | INFO:Freed_in_free_ctx_age=#cpu=#pid= | 0 | 8 | | INFO:Slab#objects=#used=#fp=#flags= | 0 | 45 | | INFO:Object#@offset=#fp= | 0 | 46 | | calltrace:free_user_ns | 0 | 46 | | BUG_kmalloc-#(Tainted:G_B):Freepointer_corrupt | 0 | 3 | | INFO:Freed_in_kernfs_fop_release_age=#cpu=#pid= | 0 | 8 | | BUG:kernel_reboot-without-warning_in_test_stage | 0 | 38 | | INFO:Slab#objects=#used=#fp=0x(null)flags= | 0 | 1 | | BUG:unable_to_handle_kernel | 0 | 1 | | Oops | 0 | 1 | | RIP:copy_process | 0 | 1 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 1 | | INFO:Freed_in_skb_free_head_age=#cpu=#pid= | 0 | 3 | | INFO:Freed_in_kvfree_age=#cpu=#pid= | 0 | 2 | | INFO:Freed_in_ep_free_age=#cpu=#pid= | 0 | 1 | | INFO:Freed_in_free_pipe_info_age=#cpu=#pid= | 0 | 3 | +-------------------------------------------------------+------------+------------+ [ 64.996369] genirq: Flags mismatch irq 4. 00000000 (serial) vs. 00000080 (goldfish_pdev_bus) [ 65.007839] genirq: Flags mismatch irq 4. 00000000 (serial) vs. 00000080 (goldfish_pdev_bus) [ 65.519812] ============================================================================= [ 65.521973] BUG kmalloc-512 (Not tainted): Freepointer corrupt [ 65.523368] ----------------------------------------------------------------------------- [ 65.523368] [ 65.525977] Disabling lock debugging due to kernel taint [ 65.527277] INFO: Allocated in setup_userns_sysctls+0x3f/0xa6 age=5 cpu=1 pid=418 [ 65.558397] INFO: Freed in free_ctx+0x1d/0x20 age=6 cpu=0 pid=19 [ 65.566491] INFO: Slab 0xffff88000f147700 objects=19 used=15 fp=0xffff8800070de7c8 flags=0x200004081 [ 65.568956] INFO: Object 0xffff8800070dee68 @offset=11880 fp=0xffff880007030288 [ 65.568956] [ 65.574100] Redzone ffff8800070dee60: cc cc cc cc cc cc cc cc ........ [ 65.576524] Object ffff8800070dee68: 90 d1 fd 81 ff ff ff ff 68 02 03 07 00 88 ff ff ........h....... [ 65.579009] Object ffff8800070dee78: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.581691] Object ffff8800070dee88: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.584222] Object ffff8800070dee98: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.586768] Object ffff8800070deea8: a4 d1 fd 81 ff ff ff ff 6c 02 03 07 00 88 ff ff ........l....... [ 65.589412] Object ffff8800070deeb8: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.591971] Object ffff8800070deec8: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.594469] Object ffff8800070deed8: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.596977] Object ffff8800070deee8: b7 d1 fd 81 ff ff ff ff 70 02 03 07 00 88 ff ff ........p....... [ 65.599617] Object ffff8800070deef8: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.602173] Object ffff8800070def08: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.604667] Object ffff8800070def18: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.607358] Object ffff8800070def28: ca d1 fd 81 ff ff ff ff 74 02 03 07 00 88 ff ff ........t....... [ 65.609905] Object ffff8800070def38: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.612456] Object ffff8800070def48: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.614946] Object ffff8800070def58: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.617618] Object ffff8800070def68: dd d1 fd 81 ff ff ff ff 78 02 03 07 00 88 ff ff ........x....... [ 65.620145] Object ffff8800070def78: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.622607] Object ffff8800070def88: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.625270] Object ffff8800070def98: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.627773] Object ffff8800070defa8: f0 d1 fd 81 ff ff ff ff 7c 02 03 07 00 88 ff ff ........|....... [ 65.630300] Object ffff8800070defb8: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.632804] Object ffff8800070defc8: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.635477] Object ffff8800070defd8: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.637983] Object ffff8800070defe8: 03 d2 fd 81 ff ff ff ff 80 02 03 07 00 88 ff ff ................ [ 65.640507] Object ffff8800070deff8: 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ [ 65.642994] Object ffff8800070df008: 59 02 0c 81 ff ff ff ff 00 00 00 00 00 00 00 00 Y............... [ 65.645711] Object ffff8800070df018: e0 4d 4a 83 ff ff ff ff 40 17 26 82 ff ff ff ff .MJ.....@.&..... [ 65.648170] Object ffff8800070df028: 00 00 00 00 00 00 00 00 84 02 03 07 00 88 ff ff ................ [ 65.650683] Object ffff8800070df038: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 65.653395] Object ffff8800070df048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 65.655876] Object ffff8800070df058: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 65.658394] Redzone ffff8800070df068: cc cc cc cc cc cc cc cc ........ [ 65.660854] Padding ffff8800070df1a8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 65.663396] CPU: 0 PID: 35 Comm: kworker/0:1 Tainted: G B 4.8.0-11826-g464e123 #1 [ 65.665746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014 [ 65.668185] Workqueue: events free_user_ns [ 65.669571] ffffc90000187ad8 ffffffff8148d545 ffff88000e804e00 ffff8800070dee68 [ 65.672224] ffffc90000187b08 ffffffff811a74a0 ffff88000e804e00 ffff88000f147700 [ 65.674863] ffff8800070dee68 00000000000000cc ffffc90000187b30 ffffffff811a8088 [ 65.677604] Call Trace: [ 65.678412] [] dump_stack+0x86/0xc0 [ 65.679908] [] print_trailer+0x178/0x181 [ 65.681439] [] object_err+0x2f/0x36 [ 65.682835] [] check_object+0x265/0x282 [ 65.684336] [] free_debug_processing+0xc1/0x35c [ 65.686049] [] ? retire_userns_sysctls+0x2e/0x33 [ 65.687714] [] ? retire_userns_sysctls+0x2e/0x33 [ 65.689398] [] __slab_free+0x6f/0x426 [ 65.690840] [] ? kvm_clock_read+0x25/0x2e [ 65.692350] [] ? kvm_sched_clock_read+0x9/0x12 [ 65.694056] [] ? sched_clock+0x9/0xd [ 65.695552] [] ? mark_held_locks+0x5e/0x74 [ 65.697043] [] ? kfree+0xfe/0x170 [ 65.698430] [] ? retire_userns_sysctls+0x2e/0x33 [ 65.700159] [] kfree+0x165/0x170 [ 65.701540] [] ? kfree+0x165/0x170 [ 65.702885] [] retire_userns_sysctls+0x2e/0x33 [ 65.704553] [] free_user_ns+0x26/0x6b [ 65.706069] [] process_one_work+0x208/0x3a5 [ 65.707635] [] ? process_one_work+0x1a5/0x3a5 [ 65.729991] [] worker_thread+0x24a/0x380 [ 65.731583] [] ? process_scheduled_works+0x2e/0x2e [ 65.733274] [] kthread+0x106/0x10e [ 65.734628] [] ? __kthread_parkme+0x81/0x81 [ 65.736286] [] ret_from_fork+0x2a/0x40 [ 65.737828] FIX kmalloc-512: Object at 0xffff8800070dee68 not freed [ 65.887942] genirq: Flags mismatch irq 4. 00000000 (serial) vs. 00000080 (goldfish_pdev_bus) [ 66.042944] genirq: Flags mismatch irq 4. 00000000 (serial) vs. 00000080 (goldfish_pdev_bus) To reproduce: git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git cd lkp-tests bin/lkp install job.yaml # job file is attached in this email bin/lkp run job.yaml Thanks, Xiaolong