FYI, we noticed the following commit (built with gcc-6): commit: a4a142d3d7ae19345838dabbf6aaa504dcc70021 ("[PATCH net-next v2 1/2] udp: msg_zerocopy") url: https://github.com/0day-ci/linux/commits/Willem-de-Bruijn/udp-msg_zerocopy/20181127-021130 in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +----------------------------------------------------------+------------+------------+ | | 358be65640 | a4a142d3d7 | +----------------------------------------------------------+------------+------------+ | boot_successes | 190 | 68 | | boot_failures | 12 | 25 | | Mem-Info | 12 | | | invoked_oom-killer:gfp_mask=0x | 3 | | | RIP:strnlen_user | 1 | | | RIP:__put_user_4 | 1 | | | RIP:copy_user_enhanced_fast_string | 1 | | | Out_of_memory:Kill_process | 1 | | | Out_of_memory_and_no_killable_processes | 1 | | | Kernel_panic-not_syncing:System_is_deadlocked_on_memory | 1 | | | RIP:iov_iter_fault_in_readable | 1 | | | WARNING:at_lib/refcount.c:#refcount_inc_checked | 0 | 25 | | RIP:refcount_inc_checked | 0 | 25 | | WARNING:at_lib/refcount.c:#refcount_sub_and_test_checked | 0 | 25 | | RIP:refcount_sub_and_test_checked | 0 | 25 | +----------------------------------------------------------+------------+------------+ [ 255.028826] WARNING: CPU: 0 PID: 1255 at lib/refcount.c:153 refcount_inc_checked+0x41/0x50 [ 255.031189] Modules linked in: [ 255.032022] CPU: 0 PID: 1255 Comm: trinity-c2 Not tainted 4.20.0-rc3-00915-ga4a142d #1 [ 255.033900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 255.037952] RIP: 0010:refcount_inc_checked+0x41/0x50 [ 255.039161] Code: 75 1f 5a ff e8 70 1f 5a ff 80 3d 57 60 29 02 00 75 ec e8 62 1f 5a ff 48 c7 c7 00 d8 81 bc c6 05 42 60 29 02 01 e8 ff 62 3e ff <0f> 0b eb d0 90 66 2e 0f 1f 84 00 00 00 00 00 41 56 41 55 41 89 fd [ 255.043305] RSP: 0018:ffff8880447bf4a0 EFLAGS: 00010282 [ 255.044553] RAX: 000000000000002b RBX: ffff88804b0dcd00 RCX: ffffffffba60489b [ 255.046179] RDX: ffff88807e48a680 RSI: 0000000000000004 RDI: ffffffffbd3d7008 [ 255.047798] RBP: ffff88804b0dd6c0 R08: fffffbfff7a7ae02 R09: fffffbfff7a7ae01 [ 255.049425] R10: ffff88804b0dcd03 R11: fffffbfff7a7ae02 R12: 000000000000001c [ 255.051064] R13: ffff88804b0dd778 R14: ffff88804b0dd774 R15: 0000000000000000 [ 255.052689] FS: 00007f1cf848cb40(0000) GS:ffffffffbce79000(0000) knlGS:0000000000000000 [ 255.054612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 255.055965] CR2: 000055e15adc6fa0 CR3: 000000004e12a000 CR4: 00000000000406f0 [ 255.057601] DR0: 00007f1cf8367000 DR1: 0000000000000000 DR2: 0000000000000000 [ 255.059231] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 255.060859] Call Trace: [ 255.061577] __ip_append_data+0x19ad/0x2980 [ 255.062757] ? udp_lib_close+0x20/0x20 [ 255.063730] ? rt_cache_valid+0x11f/0x170 [ 255.064739] ? ip_generic_getfrag+0x1c0/0x1c0 [ 255.065822] ? ipv4_mtu+0x23e/0x2c0 [ 255.066800] ip_make_skb+0x20e/0x280 [ 255.067725] ? udp_lib_close+0x20/0x20 [ 255.068697] ? ip_flush_pending_frames+0x30/0x30 [ 255.069838] udp_sendmsg+0xeda/0x1e80 [ 255.070784] ? udp_lib_close+0x20/0x20 [ 255.071752] ? udp_push_pending_frames+0xe0/0xe0 [ 255.072910] ? __lock_acquire+0x4c8/0x3010 [ 255.073952] ? __might_fault+0x105/0x1b0 [ 255.074953] ? rw_copy_check_uvector+0x1cf/0x2b0 [ 255.076089] ? import_iovec+0x202/0x390 [ 255.077084] ? _copy_from_user+0x92/0x100 [ 255.078108] ? move_addr_to_kernel+0x50/0x50 [ 255.079299] ? inet_sendmsg+0x106/0x1c0 [ 255.080294] ? udp_sendmsg+0x5/0x1e80 [ 255.081243] inet_sendmsg+0x106/0x1c0 [ 255.082186] ___sys_sendmsg+0x454/0x8f0 [ 255.083167] ? copy_msghdr_from_user+0x380/0x380 [ 255.084314] ? __lock_acquire+0x4c8/0x3010 [ 255.085353] ? hrtimer_start_range_ns+0x327/0x560 [ 255.086506] ? __fget_light+0xad/0x200 [ 255.087470] ? __sys_sendmsg+0xd2/0x170 [ 255.088456] ? ___sys_sendmsg+0x5/0x8f0 [ 255.089438] __sys_sendmsg+0xd2/0x170 [ 255.090380] ? __x64_sys_shutdown+0x80/0x80 [ 255.091430] ? perf_syscall_exit+0x286/0x4b0 [ 255.092500] ? ftrace_syscall_exit+0x520/0x520 [ 255.093601] ? lock_downgrade+0x570/0x570 [ 255.094616] do_syscall_64+0xdd/0xbc0 [ 255.095568] ? syscall_return_slowpath+0x320/0x320 [ 255.096746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.097972] RIP: 0033:0x7f1cf7daf229 [ 255.098905] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3f 4c 2b 00 f7 d8 64 89 01 48 [ 255.103014] RSP: 002b:00007ffff99ba758 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.104834] RAX: ffffffffffffffda RBX: 000000000000002e RCX: 00007f1cf7daf229 [ 255.106464] RDX: 0000000064010860 RSI: 000055e15af397d0 RDI: 0000000000000163 [ 255.108098] RBP: 00007ffff99ba800 R08: ffffffff9d472af1 R09: 00000000dcdcdcdc [ 255.109725] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000002 [ 255.111359] R13: 00007f1cf8477058 R14: 00007f1cf848cad8 R15: 00007f1cf8477000 [ 255.112992] irq event stamp: 118226 [ 255.113916] hardirqs last enabled at (118225): [] console_unlock+0x63c/0xa00 [ 255.115961] hardirqs last disabled at (118226): [] trace_hardirqs_off_thunk+0x1a/0x1c [ 255.118150] softirqs last enabled at (114672): [] tcp_recvmsg+0xfb5/0x2770 [ 255.120149] softirqs last disabled at (114670): [] release_sock+0x20/0x1b0 [ 255.122147] ---[ end trace ff7f08ca16c230bf ]--- To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, lkp