FYI, we noticed the following commit: commit: cf6c467d67d319e239aec57d7ba31cb9946f29bf ("drm/ttm: add BO priorities for the LRUs") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -m 320M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-----------------------------------------------------------------------+------------+------------+ | | 2ee7fc92cf | cf6c467d67 | +-----------------------------------------------------------------------+------------+------------+ | boot_successes | 0 | 0 | | boot_failures | 10 | 10 | | WARNING:at_drivers/gpu/drm/drm_mode_config.c:#drm_mode_config_cleanup | 10 | 10 | | BUG_kmalloc-#(Tainted:G_W):Invalid_object_pointer | 10 | | | INFO:Slab#objects=#used=#fp=#flags= | 10 | | | kernel_BUG_at_mm/slub.c | 0 | 10 | | invalid_opcode:#[##]SMP | 0 | 10 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 10 | +-----------------------------------------------------------------------+------------+------------+ [ 33.346631] kernel BUG at mm/slub.c:3869! [ 33.347547] invalid opcode: 0000 [#1] SMP [ 33.348361] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 4.10.0-rc5-00883-gcf6c467 #2 [ 33.350733] task: ffff880012aa0040 task.stack: ffffc900000d0000 [ 33.353164] RIP: 0010:kfree+0x2ac/0x530 [ 33.353749] RSP: 0000:ffffc900000d3c20 EFLAGS: 00010202 [ 33.356415] RAX: 0000000000000002 RBX: ffff88000e20c000 RCX: 0000000000000002 [ 33.357578] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff82bfcd20 [ 33.358856] RBP: ffffc900000d3c60 R08: 0000000000000005 R09: 0000000000000000 [ 33.361864] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88001320a300 [ 33.362978] R13: 0000000000000003 R14: 0000000000000000 R15: ffff8800121dddc8 [ 33.364153] FS: 0000000000000000(0000) GS:ffff880013a00000(0000) knlGS:0000000000000000 [ 33.365684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.366635] CR2: 0000000000000000 CR3: 0000000002a11000 CR4: 00000000000006f0 [ 33.367718] Call Trace: [ 33.368270] bochs_unload+0x3b/0x50 [ 33.368817] drm_dev_unregister+0x10d/0x120 [ 33.369475] drm_put_dev+0x47/0x70 [ 33.370484] bochs_pci_remove+0x15/0x20 [ 33.372124] pci_device_remove+0x98/0xa0 [ 33.372723] driver_probe_device+0x2a0/0x560 [ 33.373957] ? driver_probe_device+0x560/0x560 [ 33.374820] __driver_attach+0x138/0x150 [ 33.375476] bus_for_each_dev+0x8e/0xf0 [ 33.376107] driver_attach+0x1e/0x20 [ 33.376662] bus_add_driver+0x207/0x2f0 [ 33.377266] driver_register+0xbd/0x1b0 [ 33.377816] ? psb_init+0x43/0x43 [ 33.378492] __pci_register_driver+0x60/0x70 [ 33.379156] drm_pci_init+0x109/0x120 [ 33.379757] ? psb_init+0x43/0x43 [ 33.380302] bochs_init+0x1f/0x43 [ 33.380839] do_one_initcall+0xe9/0x2dc [ 33.381637] ? parse_args+0x360/0x4f0 [ 33.382224] kernel_init_freeable+0x2ad/0x3f3 [ 33.382893] ? rest_init+0x170/0x170 [ 33.383482] kernel_init+0xe/0x180 [ 33.383969] ret_from_fork+0x31/0x40 [ 33.384704] Code: 04 24 f6 c4 80 75 26 49 8b 44 24 20 a8 01 75 1d 31 d2 be 01 00 00 00 48 c7 c7 20 cd bf 82 e8 1c 02 f2 ff 48 83 05 9c c3 ac 01 01 <0f> 0b 31 d2 31 f6 48 c7 c7 20 cd bf 82 e8 02 02 f2 ff 49 8b 14 [ 33.387784] RIP: kfree+0x2ac/0x530 RSP: ffffc900000d3c20 [ 33.388858] ---[ end trace c26940c3a44e011b ]--- To reproduce: git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, Xiaolong