FYI, we noticed the following commit (built with gcc-7): commit: fa858b6eec3f4908973131b1d5a3f2e35c4182cd ("XArray: Add xas_replace") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | 12fd2aee6d | fa858b6eec | +------------------------------------------+------------+------------+ | boot_successes | 6 | 29 | | boot_failures | 0 | 17 | | BUG:KASAN:wild-memory-access_in_g | 0 | 7 | | RIP:copy_user_generic_unrolled | 0 | 4 | | general_protection_fault:#[##] | 0 | 16 | | RIP:get_page_from_freelist | 0 | 7 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 16 | | BUG:Bad_page_state_in_process | 0 | 9 | | BUG:KASAN:wild-memory-access_in_f | 0 | 8 | | RIP:free_pcppages_bulk | 0 | 8 | | BUG:KASAN:wild-memory-access_in_r | 0 | 1 | | RIP:release_pages | 0 | 1 | +------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 90.960908] BUG: Bad page state in process find pfn:05da9 [ 90.961733] page:ffffea0000176a40 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 [ 90.962958] flags: 0x0() [ 90.963352] raw: 0000000000000000 dead000000000100 dead000000000200 0000000000000000 [ 90.964491] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000 [ 90.965588] page dumped because: nonzero mapcount [ 90.966270] CPU: 0 PID: 263 Comm: find Not tainted 5.2.0-rc2-00162-gfa858b6eec3f4 #1 [ 90.967353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 90.968534] Call Trace: [ 90.968921] bad_page+0x118/0x14b [ 90.969433] free_pcppages_bulk+0x2a9/0xc7b [ 90.970060] ? ftrace_likely_update+0x29a/0x2ae [ 90.970708] ? get_pfnblock_flags_mask+0xa9/0xa9 [ 90.971376] ? tracer_hardirqs_off+0x15/0x153 [ 90.972007] free_unref_page_list+0x1eb/0x266 [ 90.972633] release_pages+0x61e/0x65f [ 90.973181] ? mark_page_accessed+0x3cb/0x3cb [ 90.973806] ? ftrace_likely_update+0x29a/0x2ae [ 90.974460] __pagevec_release+0x50/0x5e [ 90.975035] shmem_undo_range+0x99e/0xa46 [ 90.975636] ? shmem_getpage+0x5f/0x5f [ 90.976207] ? ftrace_likely_update+0x29a/0x2ae [ 90.976881] ? match_held_lock+0x1c/0x1eb [ 90.977465] ? find_held_lock+0x86/0x96 [ 90.978027] ? match_held_lock+0x1c/0x1eb [ 90.978604] ? find_held_lock+0x86/0x96 [ 90.979165] ? match_held_lock+0x1c/0x1eb [ 90.979742] ? match_held_lock+0x1c/0x1eb [ 90.980328] ? match_held_lock+0x1c/0x1eb [ 90.980934] ? find_held_lock+0x86/0x96 [ 90.981526] shmem_truncate_range+0x32/0x6b [ 90.982135] shmem_evict_inode+0x172/0x496 [ 90.982726] ? find_held_lock+0x86/0x96 [ 90.983284] ? shmem_truncate_range+0x6b/0x6b [ 90.983908] ? ftrace_likely_update+0x29a/0x2ae [ 90.984560] ? shmem_truncate_range+0x6b/0x6b [ 90.985190] evict+0x1b7/0x2cd [ 90.985641] ? find_inode_nowait+0xe1/0xe1 [ 90.986236] iput+0x334/0x3b1 [ 90.986690] do_unlinkat+0x2b2/0x42a [ 90.987241] ? vfs_unlink+0x26a/0x26a [ 90.987792] ? __check_heap_object+0x88/0x149 [ 90.988449] ? ftrace_likely_update+0x29a/0x2ae [ 90.989129] ? ftrace_likely_update+0x29a/0x2ae [ 90.989804] ? getname_flags+0x3cb/0x3da [ 90.990377] __x64_sys_unlinkat+0x7d/0x90 [ 90.990954] ? do_syscall_64+0x4f7/0x828 [ 90.991524] do_syscall_64+0x507/0x828 [ 90.992078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 90.992795] RIP: 0033:0x7f21f9c27a5d [ 90.993323] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02 [ 90.995955] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107 [ 90.997023] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d [ 90.998022] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c [ 90.999020] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 91.000052] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000 [ 91.001087] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820 [ 91.002087] Disabling lock debugging due to kernel taint [ 91.002831] ================================================================== [ 91.003845] BUG: KASAN: wild-memory-access in free_pcppages_bulk+0x13e/0xc7b [ 91.004832] Write of size 8 at addr dead000000000108 by task find/263 [ 91.005758] [ 91.006010] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1 [ 91.007311] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 91.008468] Call Trace: [ 91.008834] ? free_pcppages_bulk+0x13e/0xc7b [ 91.009462] __kasan_report+0x1d0/0x1fa [ 91.010023] ? free_pcppages_bulk+0x13e/0xc7b [ 91.010660] kasan_report+0x31/0x3a [ 91.011193] ? free_pcppages_bulk+0x13e/0xc7b [ 91.011844] free_pcppages_bulk+0x13e/0xc7b [ 91.012472] ? ftrace_likely_update+0x29a/0x2ae [ 91.013149] ? get_pfnblock_flags_mask+0xa9/0xa9 [ 91.013828] ? tracer_hardirqs_off+0x15/0x153 [ 91.014457] free_unref_page_list+0x1eb/0x266 [ 91.015084] release_pages+0x61e/0x65f [ 91.015624] ? mark_page_accessed+0x3cb/0x3cb [ 91.016250] ? ftrace_likely_update+0x29a/0x2ae [ 91.016894] __pagevec_release+0x50/0x5e [ 91.017464] shmem_undo_range+0x99e/0xa46 [ 91.018047] ? shmem_getpage+0x5f/0x5f [ 91.018584] ? ftrace_likely_update+0x29a/0x2ae [ 91.019235] ? match_held_lock+0x1c/0x1eb [ 91.019810] ? find_held_lock+0x86/0x96 [ 91.020365] ? match_held_lock+0x1c/0x1eb [ 91.020940] ? find_held_lock+0x86/0x96 [ 91.021498] ? match_held_lock+0x1c/0x1eb [ 91.022078] ? match_held_lock+0x1c/0x1eb [ 91.022652] ? match_held_lock+0x1c/0x1eb [ 91.023233] ? find_held_lock+0x86/0x96 [ 91.023782] shmem_truncate_range+0x32/0x6b [ 91.027841] shmem_evict_inode+0x172/0x496 [ 91.028447] ? find_held_lock+0x86/0x96 [ 91.029003] ? shmem_truncate_range+0x6b/0x6b [ 91.029635] ? ftrace_likely_update+0x29a/0x2ae [ 91.030287] ? shmem_truncate_range+0x6b/0x6b [ 91.030909] evict+0x1b7/0x2cd [ 91.031369] ? find_inode_nowait+0xe1/0xe1 [ 91.031955] iput+0x334/0x3b1 [ 91.032399] do_unlinkat+0x2b2/0x42a [ 91.032928] ? vfs_unlink+0x26a/0x26a [ 91.033461] ? __check_heap_object+0x88/0x149 [ 91.034089] ? ftrace_likely_update+0x29a/0x2ae [ 91.034733] ? ftrace_likely_update+0x29a/0x2ae [ 91.035392] ? getname_flags+0x3cb/0x3da [ 91.035957] __x64_sys_unlinkat+0x7d/0x90 [ 91.036554] ? do_syscall_64+0x4f7/0x828 [ 91.037144] do_syscall_64+0x507/0x828 [ 91.037721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 91.038471] RIP: 0033:0x7f21f9c27a5d [ 91.039025] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02 [ 91.041597] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107 [ 91.042655] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d [ 91.043650] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c [ 91.044646] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 91.045642] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000 [ 91.046637] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820 [ 91.047633] ================================================================== [ 91.048657] general protection fault: 0000 [#1] DEBUG_PAGEALLOC KASAN [ 91.049571] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1 [ 91.050868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 91.052083] RIP: 0010:free_pcppages_bulk+0x143/0xc7b [ 91.052786] Code: 8d 43 08 4c 8b 3b 48 89 c7 48 89 44 24 10 e8 1e 32 01 00 48 8b 43 08 49 8d 7f 08 48 89 44 24 10 e8 b8 32 01 00 48 8b 44 24 10 <49> 89 47 08 48 89 c7 e8 a7 32 01 00 48 8b 44 24 10 4c 89 ef 4c 89 [ 91.055362] RSP: 0018:ffff88805b997758 EFLAGS: 00010092 [ 91.056144] RAX: dead000000000200 RBX: ffffea0000176a48 RCX: ffff88805bb80040 [ 91.057181] RDX: 0000000000000000 RSI: ffffffff8124ce51 RDI: ffffffff837f81c0 [ 91.058199] RBP: ffff88806b1f85d0 R08: 0000000000000003 R09: 0000000000000007 [ 91.059197] R10: fffffbfff08469ee R11: fffffbfff08469ed R12: 0000000000000001 [ 91.060194] R13: ffff88806b1f85b0 R14: ffffffff84087a00 R15: dead000000000100 [ 91.061195] FS: 00007f21fa61b700(0000) GS:ffffffff83693000(0000) knlGS:0000000000000000 [ 91.062324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.063135] CR2: 00000000017f5000 CR3: 000000005fec7000 CR4: 00000000000406f0 [ 91.064137] Call Trace: [ 91.064503] ? ftrace_likely_update+0x29a/0x2ae [ 91.065190] ? get_pfnblock_flags_mask+0xa9/0xa9 [ 91.065873] ? tracer_hardirqs_off+0x15/0x153 [ 91.066541] free_unref_page_list+0x1eb/0x266 [ 91.067171] release_pages+0x61e/0x65f [ 91.067712] ? mark_page_accessed+0x3cb/0x3cb [ 91.068341] ? ftrace_likely_update+0x29a/0x2ae [ 91.068985] __pagevec_release+0x50/0x5e [ 91.069557] shmem_undo_range+0x99e/0xa46 [ 91.070144] ? shmem_getpage+0x5f/0x5f [ 91.070685] ? ftrace_likely_update+0x29a/0x2ae [ 91.071340] ? match_held_lock+0x1c/0x1eb [ 91.071919] ? find_held_lock+0x86/0x96 [ 91.072478] ? match_held_lock+0x1c/0x1eb [ 91.073063] ? find_held_lock+0x86/0x96 [ 91.073617] ? match_held_lock+0x1c/0x1eb [ 91.074203] ? match_held_lock+0x1c/0x1eb [ 91.074781] ? match_held_lock+0x1c/0x1eb [ 91.075366] ? find_held_lock+0x86/0x96 [ 91.075920] shmem_truncate_range+0x32/0x6b [ 91.076526] shmem_evict_inode+0x172/0x496 [ 91.077122] ? find_held_lock+0x86/0x96 [ 91.077672] ? shmem_truncate_range+0x6b/0x6b [ 91.078301] ? ftrace_likely_update+0x29a/0x2ae [ 91.078945] ? shmem_truncate_range+0x6b/0x6b [ 91.079572] evict+0x1b7/0x2cd [ 91.080026] ? find_inode_nowait+0xe1/0xe1 To reproduce: # build kernel cd linux cp config-5.2.0-rc2-00162-gfa858b6eec3f4 .config make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, lkp