Re: [Linux kernel bug] WARNING in free_event

Linux-perf-users Archive mirror
 help / color / mirror / Atom feed

From: Ian Rogers <irogers@google.com>
To: Sam Sun <samsun1006219@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
	 adrian.hunter@intel.com, jolsa@kernel.org,
	alexander.shishkin@linux.intel.com,  mark.rutland@arm.com,
	namhyung@kernel.org, acme@kernel.org, mingo@redhat.com,
	 peterz@infradead.org, syzkaller-bugs@googlegroups.com,
	xrivendell7@gmail.com,  zqq0103.hey@gmail.com,
	Frederic Weisbecker <frederic@kernel.org>,
	haifeng.xu@shopee.com
Subject: Re: [Linux kernel bug] WARNING in free_event
Date: Wed, 17 Apr 2024 07:50:27 -0700	[thread overview]
Message-ID: <CAP-5=fVKp8o8uYEydJEE++ORtiVgxHVYYrQW5aPNoX2AiHbq3Q@mail.gmail.com> (raw)
In-Reply-To: <CAEkJfYO9Heg9s5b=v23fb12S3LH=3oyUDLFWhba4nYTXL98CQg@mail.gmail.com>

On Wed, Apr 17, 2024 at 6:38 AM Sam Sun <samsun1006219@gmail.com> wrote:
>
> Dear developers and maintainers,
>
> We encountered a kernel warning in the function free_event() while
> using our modified syzkaller. It was tested on the latest upstream
> linux(6.9-rc4). C repro and kernel config are attached to this email.
> Kernel dump log is listed below.
> ```

Thank you for the report, unfortunately there have also been similar
reports and some possibly related fixes posted:
https://lore.kernel.org/linux-perf-users/CAP-5=fUa+-Tj2b_hxk96Qg5=Qu7jYHgHREbsmBa2ZmuF-X9QaA@mail.gmail.com/
https://lore.kernel.org/lkml/20240329235812.18917-1-frederic@kernel.org/
https://lore.kernel.org/lkml/20240410035506.599192-1-haifeng.xu@shopee.com/

Thanks,
Ian

> ------------[ cut here ]------------
> unexpected event refcount: 2; ptr=ffff88801931e0c0
> WARNING: CPU: 0 PID: 8082 at kernel/events/core.c:5254
> free_event+0xa3/0xc0 kernel/events/core.c:5254
> Modules linked in:
> CPU: 0 PID: 8082 Comm: syz-executor381 Not tainted 6.7.0-rc7 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.13.0-1ubuntu1.1 04/01/2014
> RIP: 0010:free_event+0xa3/0xc0 kernel/events/core.c:5254
> Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 25 48 8b
> b5 38 02 00 00 48 89 ea 48 c7 c7 c0 38 b7 8a e8 6e 30 9e ff 90 <0f> 0b
> 90 90 5d 41 5c 41 5d e9 bf 45 d7 ff 4c 89 ef e8 d7 e9 2b 00
> RSP: 0018:ffffc9000176f9e8 EFLAGS: 00010282
> RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff814c00fa
> RDX: ffff888063d919c0 RSI: ffffffff814c0107 RDI: 0000000000000001
> RBP: ffff88801931e0c0 R08: 0000000000000001 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000002
> R13: ffff88801931e2f8 R14: ffff88801931e3a0 R15: ffff88801931e0c0
> FS:  0000000000000000(0000) GS:ffff888044200000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020000008 CR3: 000000000cd78000 CR4: 0000000000750ef0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> PKRU: 55555554
> Call Trace:
>  <TASK>
>  perf_event_release_kernel+0x5d4/0x8f0 kernel/events/core.c:5421
>  perf_release+0x37/0x50 kernel/events/core.c:5442
>  __fput+0x282/0xbb0 fs/file_table.c:394
>  task_work_run+0x168/0x260 kernel/task_work.c:180
>  exit_task_work include/linux/task_work.h:38 [inline]
>  do_exit+0xaf0/0x2a40 kernel/exit.c:869
>  do_group_exit+0xd4/0x2a0 kernel/exit.c:1018
>  get_signal+0x243c/0x2630 kernel/signal.c:2904
>  arch_do_signal_or_restart+0x81/0x7d0 arch/x86/kernel/signal.c:309
>  exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
>  exit_to_user_mode_prepare+0x121/0x240 kernel/entry/common.c:204
>  __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
>  syscall_exit_to_user_mode+0x1e/0x60 kernel/entry/common.c:296
>  ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
>  </TASK>
> ```
> If you have any questions, please contact us.
> Reported by: Yue Sun <samsun1006219@gmail.com>
> Reported by: xingwei lee <xrivendell7@gmail.com>
>
> Best Regards,
> Yue

     prev parent reply	other threads:[~2024-04-17 14:50 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-17 13:37 [Linux kernel bug] WARNING in free_event Sam Sun
2024-04-17 14:50 ` Ian Rogers [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAP-5=fVKp8o8uYEydJEE++ORtiVgxHVYYrQW5aPNoX2AiHbq3Q@mail.gmail.com' \
    --to=irogers@google.com \
    --cc=acme@kernel.org \
    --cc=adrian.hunter@intel.com \
    --cc=alexander.shishkin@linux.intel.com \
    --cc=frederic@kernel.org \
    --cc=haifeng.xu@shopee.com \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-perf-users@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=peterz@infradead.org \
    --cc=samsun1006219@gmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=xrivendell7@gmail.com \
    --cc=zqq0103.hey@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).