From: Ian Rogers <irogers@google.com>
To: Sam Sun <samsun1006219@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
adrian.hunter@intel.com, jolsa@kernel.org,
alexander.shishkin@linux.intel.com, mark.rutland@arm.com,
namhyung@kernel.org, acme@kernel.org, mingo@redhat.com,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
xrivendell7@gmail.com, zqq0103.hey@gmail.com,
Frederic Weisbecker <frederic@kernel.org>,
haifeng.xu@shopee.com
Subject: Re: [Linux kernel bug] WARNING in free_event
Date: Wed, 17 Apr 2024 07:50:27 -0700 [thread overview]
Message-ID: <CAP-5=fVKp8o8uYEydJEE++ORtiVgxHVYYrQW5aPNoX2AiHbq3Q@mail.gmail.com> (raw)
In-Reply-To: <CAEkJfYO9Heg9s5b=v23fb12S3LH=3oyUDLFWhba4nYTXL98CQg@mail.gmail.com>
On Wed, Apr 17, 2024 at 6:38 AM Sam Sun <samsun1006219@gmail.com> wrote:
>
> Dear developers and maintainers,
>
> We encountered a kernel warning in the function free_event() while
> using our modified syzkaller. It was tested on the latest upstream
> linux(6.9-rc4). C repro and kernel config are attached to this email.
> Kernel dump log is listed below.
> ```
Thank you for the report, unfortunately there have also been similar
reports and some possibly related fixes posted:
https://lore.kernel.org/linux-perf-users/CAP-5=fUa+-Tj2b_hxk96Qg5=Qu7jYHgHREbsmBa2ZmuF-X9QaA@mail.gmail.com/
https://lore.kernel.org/lkml/20240329235812.18917-1-frederic@kernel.org/
https://lore.kernel.org/lkml/20240410035506.599192-1-haifeng.xu@shopee.com/
Thanks,
Ian
> ------------[ cut here ]------------
> unexpected event refcount: 2; ptr=ffff88801931e0c0
> WARNING: CPU: 0 PID: 8082 at kernel/events/core.c:5254
> free_event+0xa3/0xc0 kernel/events/core.c:5254
> Modules linked in:
> CPU: 0 PID: 8082 Comm: syz-executor381 Not tainted 6.7.0-rc7 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.13.0-1ubuntu1.1 04/01/2014
> RIP: 0010:free_event+0xa3/0xc0 kernel/events/core.c:5254
> Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 25 48 8b
> b5 38 02 00 00 48 89 ea 48 c7 c7 c0 38 b7 8a e8 6e 30 9e ff 90 <0f> 0b
> 90 90 5d 41 5c 41 5d e9 bf 45 d7 ff 4c 89 ef e8 d7 e9 2b 00
> RSP: 0018:ffffc9000176f9e8 EFLAGS: 00010282
> RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff814c00fa
> RDX: ffff888063d919c0 RSI: ffffffff814c0107 RDI: 0000000000000001
> RBP: ffff88801931e0c0 R08: 0000000000000001 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002
> R13: ffff88801931e2f8 R14: ffff88801931e3a0 R15: ffff88801931e0c0
> FS: 0000000000000000(0000) GS:ffff888044200000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020000008 CR3: 000000000cd78000 CR4: 0000000000750ef0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> PKRU: 55555554
> Call Trace:
> <TASK>
> perf_event_release_kernel+0x5d4/0x8f0 kernel/events/core.c:5421
> perf_release+0x37/0x50 kernel/events/core.c:5442
> __fput+0x282/0xbb0 fs/file_table.c:394
> task_work_run+0x168/0x260 kernel/task_work.c:180
> exit_task_work include/linux/task_work.h:38 [inline]
> do_exit+0xaf0/0x2a40 kernel/exit.c:869
> do_group_exit+0xd4/0x2a0 kernel/exit.c:1018
> get_signal+0x243c/0x2630 kernel/signal.c:2904
> arch_do_signal_or_restart+0x81/0x7d0 arch/x86/kernel/signal.c:309
> exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
> exit_to_user_mode_prepare+0x121/0x240 kernel/entry/common.c:204
> __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
> syscall_exit_to_user_mode+0x1e/0x60 kernel/entry/common.c:296
> ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
> </TASK>
> ```
> If you have any questions, please contact us.
> Reported by: Yue Sun <samsun1006219@gmail.com>
> Reported by: xingwei lee <xrivendell7@gmail.com>
>
> Best Regards,
> Yue
prev parent reply other threads:[~2024-04-17 14:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-17 13:37 [Linux kernel bug] WARNING in free_event Sam Sun
2024-04-17 14:50 ` Ian Rogers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAP-5=fVKp8o8uYEydJEE++ORtiVgxHVYYrQW5aPNoX2AiHbq3Q@mail.gmail.com' \
--to=irogers@google.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=frederic@kernel.org \
--cc=haifeng.xu@shopee.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=samsun1006219@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=xrivendell7@gmail.com \
--cc=zqq0103.hey@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).