[BUG] WARNING in __perf_event_account_interrupt (kernel/events/core.c:2797)

[Zw Tang]

Hi,

I am reporting a WARNING triggered by a syzkaller reproducer on Linux 7.0.0-rc1.

The kernel hits a WARN in perf events interrupt accounting:

WARNING: kernel/events/core.c:2797 at __perf_event_account_interrupt+0x485/0x530

It is triggered from the perf overflow path while closing a perf_event
fd created for a tracepoint (PERF_TYPE_TRACEPOINT). The call trace
shows:

__perf_event_overflow()
perf_tp_event()
...
__x64_sys_close()

This looks like a potential state inconsistency / reentrancy issue
between tracepoint-perf event handling (overflow/accounting) and event
close/teardown paths, causing __perf_event_account_interrupt() to hit
a WARN_ON.

log:

[  109.197980] Call Trace:
[  109.198578]  <TASK>
[  109.199163]  __perf_event_overflow+0xb6/0xa00
[  109.200270]  ? perf_tp_event+0x703/0xcd0
[  109.201256]  perf_swevent_overflow+0xac/0x150
[  109.202321]  perf_swevent_event+0x14d/0x2e0
[  109.203372]  perf_tp_event+0x3d8/0xcd0
[  109.204320]  ? __perf_tp_event_target_task+0x540/0x540
[  109.205578]  ? __lock_acquire+0x55a/0x1ef0
[  109.206595]  ? lock_acquire+0x199/0x2f0
[  109.207556]  ? find_held_lock+0x2b/0x80
[  109.208512]  ? __sanitizer_cov_trace_pc+0x1d/0x50
[  109.209655]  ? _perf_event_period+0x1b2/0x240
[  109.210714]  ? perf_event_refresh+0x100/0x100
[  109.211984]  ? __might_fault+0x151/0x190
[  109.212905]  ? __sanitizer_cov_trace_pc+0x1d/0x50
[  109.214104]  ? __sanitizer_cov_trace_pc+0x1d/0x50
[  109.215238]  ? _perf_ioctl+0x147/0x1d40
[  109.216203]  ? perf_trace_run_bpf_submit+0xef/0x180
[  109.217378]  perf_trace_run_bpf_submit+0xef/0x180
[  109.218542]  perf_trace_lock_acquire+0x385/0x590
[  109.219684]  ? lock_release+0xc9/0x2b0
[  109.220824]  ? perf_trace_lock+0x510/0x510
[  109.221820]  ? __mutex_unlock_slowpath+0x157/0x760
[  109.223132]  ? _mutex_trylock_nest_lock+0x370/0x370
[  109.224302]  ? perf_event_ctx_lock_nested+0x89/0x4d0
[  109.225533]  lock_acquire+0xdf/0x2f0
[  109.226428]  ? file_close_fd+0x4d/0x80
[  109.227390]  ? __sanitizer_cov_trace_pc+0x1d/0x50
[  109.228570]  _raw_spin_lock+0x2b/0x40
[  109.229517]  ? file_close_fd+0x4d/0x80
[  109.230481]  file_close_fd+0x4d/0x80
[  109.231386]  __x64_sys_close+0x38/0x120
[  109.232343]  do_syscall_64+0x115/0x650
[  109.233305]  entry_SYSCALL_64_after_hwframe+0x4b/0x53


Reproducer:
C reproducer: https://pastebin.com/raw/GJtNs8JE
console output: https://pastebin.com/raw/zGwk1RhB
kernel config: https://pastebin.com/raw/g6ZhXQ79

Kernel:
git tree: torvalds/linux
commit: 4d349ee5c7782f8b27f6cb550f112c5e26fff38d
kernel version: 7.0.0-rc1
hardware: QEMU Ubuntu 24.10