[LKP] [lkp-robot] [refcount] 856e7fa7f8: kernel_BUG_at_lib/refcount.c

FYI, we noticed the following commit: commit: 856e7fa7f81c5717b02cfc07b7e2325ea519813b ("refcount: Check bad states with CHECK_DATA_CORRUPTION") https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git kspp/corruption in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -m 420M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-----------------------------------------------------------------------------+------------+------------+ | | 83901809c8 | 856e7fa7f8 | +-----------------------------------------------------------------------------+------------+------------+ | boot_successes | 0 | 0 | | boot_failures | 17 | 14 | | kobject(#):tried_to_init_an_initialized_object,something_is_seriously_wrong | 17 | 14 | | WARNING:at_lib/refcount.c:#refcount_inc | 17 | | | kernel_BUG_at_lib/list_debug.c | 8 | 1 | | EIP:__list_add_valid | 8 | 1 | | Kernel_panic-not_syncing:Fatal_exception | 8 | 11 | | WARNING:at_drivers/usb/core/urb.c:#usb_submit_urb | 4 | | | kernel_BUG_at_lib/refcount.c | 0 | 10 | | EIP:refcount_inc | 0 | 10 | | BUG:unable_to_handle_kernel | 0 | 3 | | Oops:#[##] | 0 | 3 | | EIP:console_unlock | 0 | 3 | | Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 3 | +-----------------------------------------------------------------------------+------------+------------+ [ 13.658265] kernel BUG at lib/refcount.c:129! [ 13.658265] kernel BUG at lib/refcount.c:129! [ 13.658267] invalid opcode: 0000 [#1] [ 13.658267] invalid opcode: 0000 [#1] [ 13.658270] CPU: 0 PID: 116 Comm: kworker/u2:1 Not tainted 4.10.0-10734-g856e7fa #1 [ 13.658270] CPU: 0 PID: 116 Comm: kworker/u2:1 Not tainted 4.10.0-10734-g856e7fa #1 [ 13.658274] Workqueue: events_unbound async_run_entry_fn [ 13.658274] Workqueue: events_unbound async_run_entry_fn [ 13.658276] task: 96d41c80 task.stack: 9581e000 [ 13.658276] task: 96d41c80 task.stack: 9581e000 [ 13.658280] EIP: refcount_inc+0x7c/0x80 [ 13.658280] EIP: refcount_inc+0x7c/0x80 [ 13.658281] EFLAGS: 00210296 CPU: 0 [ 13.658281] EFLAGS: 00210296 CPU: 0 [ 13.658283] EAX: 0000002b EBX: 00000001 ECX: 00000000 EDX: 00000037 [ 13.658283] EAX: 0000002b EBX: 00000001 ECX: 00000000 EDX: 00000037 [ 13.658285] ESI: 00000001 EDI: 00000690 EBP: 9581fd70 ESP: 9581fd64 [ 13.658285] ESI: 00000001 EDI: 00000690 EBP: 9581fd70 ESP: 9581fd64 [ 13.658287] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 [ 13.658287] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 [ 13.658289] CR0: 80050033 CR2: 00000000 CR3: 08928000 CR4: 001406f0 [ 13.658289] CR0: 80050033 CR2: 00000000 CR3: 08928000 CR4: 001406f0 [ 13.658293] Call Trace: [ 13.658293] Call Trace: [ 13.658297] kobject_get+0x51/0xc0 [ 13.658297] kobject_get+0x51/0xc0 [ 13.658301] ? kfree+0x24d/0x410 [ 13.658301] ? kfree+0x24d/0x410 [ 13.658304] kobject_add_internal+0x60/0x6b0 [ 13.658304] kobject_add_internal+0x60/0x6b0 [ 13.658308] ? kfree_const+0x2c/0x30 [ 13.658308] ? kfree_const+0x2c/0x30 [ 13.658311] ? kobject_set_name_vargs+0xd3/0x100 [ 13.658311] ? kobject_set_name_vargs+0xd3/0x100 [ 13.658313] kobject_add_varg+0x3f/0x60 [ 13.658313] kobject_add_varg+0x3f/0x60 [ 13.658316] kobject_add+0x5b/0xa0 [ 13.658316] kobject_add+0x5b/0xa0 [ 13.658320] ? debugfs_create_dir+0x100/0x130 [ 13.658320] ? debugfs_create_dir+0x100/0x130 [ 13.658323] blk_mq_register_hctx+0xbf/0xf0 [ 13.658323] blk_mq_register_hctx+0xbf/0xf0 [ 13.658326] blk_mq_register_dev+0xd1/0x150 [ 13.658326] blk_mq_register_dev+0xd1/0x150 [ 13.658329] blk_register_queue+0x15a/0x280 [ 13.658329] blk_register_queue+0x15a/0x280 [ 13.658332] ? disk_part_iter_next+0x4c/0x310 [ 13.658332] ? disk_part_iter_next+0x4c/0x310 [ 13.658334] device_add_disk+0x1de/0x7e0 [ 13.658334] device_add_disk+0x1de/0x7e0 [ 13.658338] sd_probe_async+0x10f/0x220 [ 13.658338] sd_probe_async+0x10f/0x220 [ 13.658341] ? __lock_is_held+0x48/0x90 [ 13.658341] ? __lock_is_held+0x48/0x90 [ 13.658344] async_run_entry_fn+0x38/0x130 [ 13.658344] async_run_entry_fn+0x38/0x130 [ 13.658347] process_one_work+0x2e4/0xad0 [ 13.658347] process_one_work+0x2e4/0xad0 [ 13.658349] ? process_one_work+0x224/0xad0 [ 13.658349] ? process_one_work+0x224/0xad0 [ 13.658352] worker_thread+0x317/0x9a0 [ 13.658352] worker_thread+0x317/0x9a0 [ 13.658355] kthread+0x14c/0x150 [ 13.658355] kthread+0x14c/0x150 [ 13.658357] ? process_one_work+0xad0/0xad0 [ 13.658357] ? process_one_work+0xad0/0xad0 [ 13.658360] ? __kthread_create_on_node+0x260/0x260 [ 13.658360] ? __kthread_create_on_node+0x260/0x260 [ 13.658363] ret_from_fork+0x21/0x2c [ 13.658363] ret_from_fork+0x21/0x2c [ 13.658364] Code: 00 00 00 89 da 31 c9 b8 e0 d9 55 88 e8 fe ce af ff 83 c4 04 5b 5e 5d c3 8d b4 26 00 00 00 00 c7 04 24 5c 52 2f 88 e8 11 6e b5 ff <0f> 0b 66 90 55 89 e5 57 56 53 83 ec 0c 8b 1a 89 45 f0 89 55 ec [ 13.658364] Code: 00 00 00 89 da 31 c9 b8 e0 d9 55 88 e8 fe ce af ff 83 c4 04 5b 5e 5d c3 8d b4 26 00 00 00 00 c7 04 24 5c 52 2f 88 e8 11 6e b5 ff <0f> 0b 66 90 55 89 e5 57 56 53 83 ec 0c 8b 1a 89 45 f0 89 55 ec [ 13.658419] EIP: refcount_inc+0x7c/0x80 SS:ESP: 0068:9581fd64 [ 13.658419] EIP: refcount_inc+0x7c/0x80 SS:ESP: 0068:9581fd64 [ 13.658427] ---[ end trace f8b175a495546f92 ]--- To reproduce: git clone https://github.com/01org/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, Xiaolong