Hi all, While fuzzing with trinity inside a KVM tools guest running latest -next kernel I've stumbled on the following spew: [ 315.799264] ============================================================================= [ 315.800055] BUG inode_cache (Tainted: G B W ): Object padding overwritten [ 315.800055] ----------------------------------------------------------------------------- [ 315.800055] [ 315.800055] INFO: 0xffff880229a67030-0xffff880229a67033. First byte 0x1e instead of 0x5a [ 315.800055] INFO: Allocated in alloc_inode+0x41/0xa0 age=2328 cpu=33 pid=9788 [ 315.800055] __slab_alloc+0x413/0x4d0 [ 315.800055] kmem_cache_alloc+0x12f/0x2e0 [ 315.800055] alloc_inode+0x41/0xa0 [ 315.800055] new_inode_pseudo+0x1b/0x70 [ 315.800055] get_pipe_inode+0x1c/0xf0 [ 315.800055] create_pipe_files+0x2c/0x170 [ 315.800055] __do_pipe_flags+0x41/0xf0 [ 315.800055] SyS_pipe2+0x2b/0xb0 [ 315.800055] tracesys+0xdd/0xe2 [ 315.800055] INFO: Freed in free_inode_nonrcu+0x18/0x20 age=2516 cpu=33 pid=9819 [ 315.800055] __slab_free+0x41/0x5e0 [ 315.800055] kmem_cache_free+0x27b/0x380 [ 315.800055] free_inode_nonrcu+0x18/0x20 [ 315.800055] destroy_inode+0x4b/0x70 [ 315.800055] evict+0x188/0x1a0 [ 315.800055] iput_final+0x163/0x180 [ 315.814864] iput+0x4f/0x60 [ 315.814864] dentry_iput+0xc8/0xf0 [ 315.814864] d_kill+0x4e/0xc0 [ 315.814864] dentry_kill+0xdb/0x100 [ 315.814864] dput+0x10d/0x130 [ 315.814864] __fput+0x2a7/0x2c0 [ 315.814864] ____fput+0xe/0x10 [ 315.814864] task_work_run+0xae/0xf0 [ 315.814864] do_notify_resume+0x8e/0xe0 [ 315.814864] int_signal+0x12/0x17 [ 315.814864] INFO: Slab 0xffffea0008a69800 objects=23 used=13 fp=0xffff880229a62568 flags=0x6fffff80004081 [ 315.814864] INFO: Object 0xffff880229a66ae0 @offset=27360 fp=0xffff880229a66588 [ 315.814864] [ 315.814864] Bytes b4 ffff880229a66ad0: 56 ff ff ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a V.......ZZZZZZZZ [ 315.814864] Object ffff880229a66ae0: 80 11 04 00 ff bf ff ff 00 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66af0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 315.814864] Object ffff880229a66b00: 80 3b 51 88 ff ff ff ff 48 91 07 29 01 88 ff ff .;Q.....H..).... [ 315.814864] Object ffff880229a66b10: f0 6c a6 29 02 88 ff ff 00 00 00 00 00 00 00 00 .l.)............ [ 315.814864] Object ffff880229a66b20: 89 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66b30: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66b40: 00 87 93 03 00 00 00 00 01 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66b50: 00 87 93 03 00 00 00 00 01 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66b60: 00 87 93 03 00 00 00 00 12 00 12 00 ad 4e ad de .............N.. [ 315.814864] Object ffff880229a66b70: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 315.814864] Object ffff880229a66b80: e8 4d ae 86 ff ff ff ff 00 00 00 00 00 00 00 00 .M.............. [ 315.814864] Object ffff880229a66b90: 00 00 00 00 00 00 00 00 f7 63 77 85 ff ff ff ff .........cw..... [ 315.814864] Object ffff880229a66ba0: 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !............... [ 315.814864] Object ffff880229a66bb0: 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66bc0: 60 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 `............... [ 315.814864] Object ffff880229a66bd0: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [ 315.814864] Object ffff880229a66be0: ff ff ff ff ff ff ff ff 20 42 76 87 ff ff ff ff ........ Bv..... [ 315.814864] Object ffff880229a66bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66c00: 66 fe 6b 85 ff ff ff ff 21 00 00 00 00 00 00 00 f.k.....!....... [ 315.814864] Object ffff880229a66c10: 00 00 00 00 00 00 00 00 18 6c a6 29 02 88 ff ff .........l.).... [ 315.814864] Object ffff880229a66c20: 18 6c a6 29 02 88 ff ff 00 00 00 00 00 00 00 00 .l.)............ [ 315.814864] Object ffff880229a66c30: 00 00 00 00 00 00 00 00 c8 6b a6 29 02 88 ff ff .........k.).... [ 315.814864] Object ffff880229a66c40: f0 4d ae 86 ff ff ff ff 00 00 00 00 00 00 00 00 .M.............. [ 315.814864] Object ffff880229a66c50: 00 00 00 00 00 00 00 00 0f 64 77 85 ff ff ff ff .........dw..... [ 315.814864] Object ffff880229a66c60: 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !............... [ 315.814864] Object ffff880229a66c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66c80: 00 00 00 00 00 00 00 00 88 6c a6 29 02 88 ff ff .........l.).... [ 315.814864] Object ffff880229a66c90: 88 6c a6 29 02 88 ff ff 98 6c a6 29 02 88 ff ff .l.).....l.).... [ 315.814864] Object ffff880229a66ca0: 98 6c a6 29 02 88 ff ff a8 6c a6 29 02 88 ff ff .l.).....l.).... [ 315.814864] Object ffff880229a66cb0: a8 6c a6 29 02 88 ff ff 00 00 00 00 00 00 00 00 .l.)............ [ 315.814864] Object ffff880229a66cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.814864] Object ffff880229a66cd0: 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 ................ [ 315.814864] Object ffff880229a66ce0: 00 1e 66 84 ff ff ff ff 00 00 00 00 00 00 00 00 ..f............. [ 315.814864] Object ffff880229a66cf0: e0 6a a6 29 02 88 ff ff 00 00 00 00 20 00 00 00 .j.)........ ... [ 315.814864] Object ffff880229a66d00: 00 00 00 00 00 00 00 00 06 00 06 00 ad 4e ad de .............N.. [ 315.879593] Object ffff880229a66d10: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 315.879593] Object ffff880229a66d20: 58 3a 51 88 ff ff ff ff 00 00 00 00 00 00 00 00 X:Q............. [ 315.879593] Object ffff880229a66d30: 00 00 00 00 00 00 00 00 a9 63 77 85 ff ff ff ff .........cw..... [ 315.879593] Object ffff880229a66d40: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66d60: 60 6d a6 29 02 88 ff ff 60 6d a6 29 02 88 ff ff `m.)....`m.).... [ 315.879593] Object ffff880229a66d70: 01 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N.. [ 315.879593] Object ffff880229a66d80: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 315.879593] Object ffff880229a66d90: 20 42 76 87 ff ff ff ff 00 00 00 00 00 00 00 00 Bv............. [ 315.879593] Object ffff880229a66da0: 00 00 00 00 00 00 00 00 66 fe 6b 85 ff ff ff ff ........f.k..... [ 315.879593] Object ffff880229a66db0: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66dc0: c0 6d a6 29 02 88 ff ff c0 6d a6 29 02 88 ff ff .m.).....m.).... [ 315.879593] Object ffff880229a66dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66de0: 70 6d a6 29 02 88 ff ff 50 3a 51 88 ff ff ff ff pm.)....P:Q..... [ 315.879593] Object ffff880229a66df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66e00: c7 63 77 85 ff ff ff ff 06 00 00 00 00 00 00 00 .cw............. [ 315.879593] Object ffff880229a66e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66e30: 60 22 66 84 ff ff ff ff da 00 02 40 00 00 00 00 `"f........@.... [ 315.879593] Object ffff880229a66e40: c0 32 ad 86 ff ff ff ff 00 00 00 00 ad 4e ad de .2...........N.. [ 315.879593] Object ffff880229a66e50: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 315.879593] Object ffff880229a66e60: 48 3a 51 88 ff ff ff ff 00 00 00 00 00 00 00 00 H:Q............. [ 315.879593] Object ffff880229a66e70: 00 00 00 00 00 00 00 00 00 ef 6c 85 ff ff ff ff ..........l..... [ 315.879593] Object ffff880229a66e80: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66e90: 90 6e a6 29 02 88 ff ff 90 6e a6 29 02 88 ff ff .n.).....n.).... [ 315.879593] Object ffff880229a66ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.879593] Object ffff880229a66eb0: 00 00 00 00 00 00 00 00 b8 6e a6 29 02 88 ff ff .........n.).... [ 315.914258] Object ffff880229a66ec0: b8 6e a6 29 02 88 ff ff 00 00 00 00 00 00 00 00 .n.)............ [ 315.914258] Object ffff880229a66ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.914258] Object ffff880229a66ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 315.914258] Redzone ffff880229a66ef0: cc cc cc cc cc cc cc cc ........ [ 315.914258] Padding ffff880229a67030: 1e 00 00 00 5a 5a 5a 5a ....ZZZZ [ 315.914258] CPU: 33 PID: 9788 Comm: trinity-c42 Tainted: G B W 3.14.0-rc4-next-20140228-sasha-00012-g311cf87 #40 [ 315.914258] ffffea0008a69800 ffff8802f278f928 ffffffff84469f23 0000000000000008 [ 315.914258] ffff88012b4da580 ffff8802f278f958 ffffffff812cc51a ffff880229a67030 [ 315.914258] 000000000000005a ffffffff856cdb3f ffff880229a67033 ffff8802f278f9b8 [ 315.914258] Call Trace: [ 315.914258] [<ffffffff84469f23>] dump_stack+0x52/0x7f [ 315.914258] [<ffffffff812cc51a>] print_trailer+0x13a/0x150 [ 315.914258] [<ffffffff812cc981>] check_bytes_and_report+0xe1/0x130 [ 315.914258] [<ffffffff812ceac1>] check_object+0x161/0x220 [ 315.914258] [<ffffffff812d29f3>] free_debug_processing+0x163/0x2e0 [ 315.914258] [<ffffffff81317278>] ? free_inode_nonrcu+0x18/0x20 [ 315.914258] [<ffffffff81317278>] ? free_inode_nonrcu+0x18/0x20 [ 315.914258] [<ffffffff812d2bb1>] __slab_free+0x41/0x5e0 [ 315.914258] [<ffffffff8447186c>] ? _raw_spin_unlock_irqrestore+0x9c/0xc0 [ 315.914258] [<ffffffff81b1699f>] ? __debug_check_no_obj_freed+0x15f/0x220 [ 315.914258] [<ffffffff81317278>] ? free_inode_nonrcu+0x18/0x20 [ 315.914258] [<ffffffff81317278>] ? free_inode_nonrcu+0x18/0x20 [ 315.914258] [<ffffffff812d4b7b>] kmem_cache_free+0x27b/0x380 [ 315.914258] [<ffffffff81317278>] free_inode_nonrcu+0x18/0x20 [ 315.914258] [<ffffffff8131799b>] destroy_inode+0x4b/0x70 [ 315.914258] [<ffffffff81317b48>] evict+0x188/0x1a0 [ 315.914258] [<ffffffff81317cc3>] iput_final+0x163/0x180 [ 315.914258] [<ffffffff81317d2f>] iput+0x4f/0x60 [ 315.914258] [<ffffffff81af5a31>] ? lockref_put_or_lock+0x11/0x40 [ 315.914258] [<ffffffff81311518>] dentry_iput+0xc8/0xf0 [ 315.914258] [<ffffffff81311e0e>] d_kill+0x4e/0xc0 [ 315.914258] [<ffffffff8131309c>] ? dentry_kill+0x3c/0x100 [ 315.914258] [<ffffffff8131313b>] dentry_kill+0xdb/0x100 [ 315.914258] [<ffffffff8131326d>] dput+0x10d/0x130 [ 315.914258] [<ffffffff812fb067>] __fput+0x2a7/0x2c0 [ 315.914258] [<ffffffff812fb13e>] ____fput+0xe/0x10 [ 315.914258] [<ffffffff8116bf9e>] task_work_run+0xae/0xf0 [ 315.914258] [<ffffffff8114659a>] do_exit+0x32a/0x520 [ 315.914258] [<ffffffff81146839>] do_group_exit+0xa9/0xe0 [ 315.952435] [<ffffffff8115c072>] get_signal_to_deliver+0x4e2/0x570 [ 315.952435] [<ffffffff8106fc3b>] do_signal+0x4b/0x120 [ 315.952435] [<ffffffff8118a526>] ? vtime_account_user+0x96/0xb0 [ 315.952435] [<ffffffff810c180f>] ? is_prefetch+0xef/0x2c0 [ 315.952435] [<ffffffff81268de5>] ? context_tracking_user_exit+0x195/0x1d0 [ 315.952435] [<ffffffff811aaf96>] ? trace_hardirqs_on_caller+0x16/0x270 [ 315.952435] [<ffffffff811ab1fd>] ? trace_hardirqs_on+0xd/0x10 [ 315.952435] [<ffffffff8106ff8a>] do_notify_resume+0x5a/0xe0 [ 315.952435] [<ffffffff84471ebb>] retint_signal+0x4d/0x92 [ 315.952435] FIX inode_cache: Restoring 0xffff880229a67030-0xffff880229a67033=0x5a Thanks, Sasha -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html