From: Marco Elver <elver@google.com>
To: peterz@infradead.org
Cc: alexander.shishkin@linux.intel.com, acme@kernel.org,
mingo@redhat.com, jolsa@redhat.com, mark.rutland@arm.com,
namhyung@kernel.org, tglx@linutronix.de, glider@google.com,
viro@zeniv.linux.org.uk, arnd@arndb.de, christian@brauner.io,
dvyukov@google.com, jannh@google.com, axboe@kernel.dk,
mascasa@google.com, pcc@google.com, irogers@google.com,
kasan-dev@googlegroups.com, linux-arch@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
x86@kernel.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v3 01/11] perf: Rework perf_event_exit_event()
Date: Thu, 25 Mar 2021 20:10:51 +0100 [thread overview]
Message-ID: <YFzgO0AhGFODmgc1@elver.google.com> (raw)
In-Reply-To: <YFy3qI65dBfbsZ1z@elver.google.com>
On Thu, Mar 25, 2021 at 05:17PM +0100, Marco Elver wrote:
[...]
> > syzkaller found a crash with stack trace pointing at changes in this
> > patch. Can't tell if this is an old issue or introduced in this series.
>
> Yay, I found a reproducer. v5.12-rc4 is good, and sadly with this patch only we
> crash. :-/
>
> Here's a stacktrace with just this patch applied:
>
> | BUG: kernel NULL pointer dereference, address: 00000000000007af
[...]
> | RIP: 0010:task_pid_ptr kernel/pid.c:324 [inline]
> | RIP: 0010:__task_pid_nr_ns+0x112/0x240 kernel/pid.c:500
[...]
> | Call Trace:
> | perf_event_pid_type kernel/events/core.c:1412 [inline]
> | perf_event_pid kernel/events/core.c:1421 [inline]
> | perf_event_read_event+0x78/0x1d0 kernel/events/core.c:7406
> | sync_child_event kernel/events/core.c:12404 [inline]
> | perf_child_detach kernel/events/core.c:2223 [inline]
> | __perf_remove_from_context+0x14d/0x280 kernel/events/core.c:2359
> | perf_remove_from_context+0x9f/0xf0 kernel/events/core.c:2395
> | perf_event_exit_event kernel/events/core.c:12442 [inline]
> | perf_event_exit_task_context kernel/events/core.c:12523 [inline]
> | perf_event_exit_task+0x276/0x4c0 kernel/events/core.c:12556
> | do_exit+0x4cd/0xed0 kernel/exit.c:834
> | do_group_exit+0x4d/0xf0 kernel/exit.c:922
> | get_signal+0x1d2/0xf30 kernel/signal.c:2777
> | arch_do_signal_or_restart+0xf7/0x750 arch/x86/kernel/signal.c:789
> | handle_signal_work kernel/entry/common.c:147 [inline]
> | exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
> | exit_to_user_mode_prepare+0x113/0x190 kernel/entry/common.c:208
> | irqentry_exit_to_user_mode+0x6/0x30 kernel/entry/common.c:314
> | asm_exc_general_protection+0x1e/0x30 arch/x86/include/asm/idtentry.h:571
I spun up gdb, and it showed me this:
| #0 perf_event_read_event (event=event@entry=0xffff888107cd5000, task=task@entry=0xffffffffffffffff)
| at kernel/events/core.c:7397
^^^ TASK_TOMBSTONE
| #1 0xffffffff811fc9cd in sync_child_event (child_event=0xffff888107cd5000) at kernel/events/core.c:12404
| #2 perf_child_detach (event=0xffff888107cd5000) at kernel/events/core.c:2223
| #3 __perf_remove_from_context (event=event@entry=0xffff888107cd5000, cpuctx=cpuctx@entry=0xffff88842fdf0c00,
| ctx=ctx@entry=0xffff8881073cb800, info=info@entry=0x3 <fixed_percpu_data+3>) at kernel/events/core.c:2359
| #4 0xffffffff811fcb9f in perf_remove_from_context (event=event@entry=0xffff888107cd5000, flags=flags@entry=3)
| at kernel/events/core.c:2395
| #5 0xffffffff81204526 in perf_event_exit_event (ctx=0xffff8881073cb800, event=0xffff888107cd5000)
| at kernel/events/core.c:12442
| #6 perf_event_exit_task_context (ctxn=0, child=0xffff88810531a200) at kernel/events/core.c:12523
| #7 perf_event_exit_task (child=0xffff88810531a200) at kernel/events/core.c:12556
| #8 0xffffffff8108838d in do_exit (code=code@entry=11) at kernel/exit.c:834
| #9 0xffffffff81088e4d in do_group_exit (exit_code=11) at kernel/exit.c:922
and therefore synthesized this fix on top:
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 57de8d436efd..e77294c7e654 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -12400,7 +12400,7 @@ static void sync_child_event(struct perf_event *child_event)
if (child_event->attr.inherit_stat) {
struct task_struct *task = child_event->ctx->task;
- if (task)
+ if (task && task != TASK_TOMBSTONE)
perf_event_read_event(child_event, task);
}
which fixes the problem. My guess is that the parent and child are both
racing to exit?
Does that make any sense?
Thanks,
-- Marco
next prev parent reply other threads:[~2021-03-25 19:11 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 11:24 [PATCH v3 00/11] Add support for synchronous signals on perf events Marco Elver
2021-03-24 11:24 ` [PATCH v3 01/11] perf: Rework perf_event_exit_event() Marco Elver
2021-03-25 10:17 ` Marco Elver
2021-03-25 16:17 ` Marco Elver
2021-03-25 19:10 ` Marco Elver [this message]
2021-03-29 11:50 ` Peter Zijlstra
2021-03-24 11:24 ` [PATCH v3 02/11] perf: Apply PERF_EVENT_IOC_MODIFY_ATTRIBUTES to children Marco Elver
2021-03-24 11:24 ` [PATCH v3 03/11] perf: Support only inheriting events if cloned with CLONE_THREAD Marco Elver
2021-03-24 11:24 ` [PATCH v3 04/11] perf: Add support for event removal on exec Marco Elver
2021-03-24 11:24 ` [PATCH v3 05/11] signal: Introduce TRAP_PERF si_code and si_perf to siginfo Marco Elver
2021-03-24 11:24 ` [PATCH v3 06/11] perf: Add support for SIGTRAP on perf events Marco Elver
2021-03-25 8:14 ` Marco Elver
2021-03-29 12:07 ` Peter Zijlstra
2021-03-29 14:27 ` Oleg Nesterov
2021-03-29 14:32 ` Marco Elver
2021-03-30 7:04 ` Peter Zijlstra
2021-03-29 18:22 ` Marco Elver
2021-03-29 18:33 ` Oleg Nesterov
2021-03-31 12:32 ` Marco Elver
2021-03-31 14:51 ` Peter Zijlstra
2021-03-31 16:50 ` Marco Elver
2021-03-24 11:24 ` [PATCH v3 07/11] perf: Add breakpoint information to siginfo on SIGTRAP Marco Elver
2021-03-24 12:53 ` Peter Zijlstra
2021-03-24 13:01 ` Peter Zijlstra
2021-03-24 13:21 ` Peter Zijlstra
2021-03-24 13:43 ` Peter Zijlstra
2021-03-24 14:00 ` Peter Zijlstra
2021-03-24 14:05 ` Marco Elver
2021-03-24 14:12 ` Dmitry Vyukov
2021-03-24 14:15 ` Dmitry Vyukov
2021-03-25 7:00 ` Marco Elver
2021-03-25 14:18 ` Ingo Molnar
2021-03-25 15:17 ` Marco Elver
2021-03-25 15:35 ` Ingo Molnar
2021-03-24 13:47 ` Marco Elver
2021-03-24 11:25 ` [PATCH v3 08/11] selftests/perf_events: Add kselftest for process-wide sigtrap handling Marco Elver
2021-03-24 11:25 ` [PATCH v3 09/11] selftests/perf_events: Add kselftest for remove_on_exec Marco Elver
2021-03-24 11:25 ` [PATCH v3 10/11] tools headers uapi: Sync tools/include/uapi/linux/perf_event.h Marco Elver
2021-03-24 11:25 ` [PATCH v3 11/11] perf test: Add basic stress test for sigtrap handling Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFzgO0AhGFODmgc1@elver.google.com \
--to=elver@google.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=christian@brauner.io \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=irogers@google.com \
--cc=jannh@google.com \
--cc=jolsa@redhat.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mascasa@google.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=pcc@google.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).