[BUG] WARNING in perf_cgroup_switch: EVENT_FROZEN assertion during kthread sched-out

From: Christopher Lusk

Date: Wed Apr 01 2026 - 10:30:44 EST

Hello,

I'm hitting a WARNING in perf_cgroup_switch() on kernel 6.12.0 during
continuous syzkaller fuzzing. The assertion WARN_ON_ONCE(ctx->is_active &
EVENT_FROZEN) in __perf_ctx_lock() fires when the rcu_preempt kthread is
being scheduled out.

Kernel: 6.12.0 (RHEL 10 build, no out-of-tree modules)
Hardware: QEMU/KVM (i440FX + PIIX)
Hits: 2 in ~5 days of continuous syzkaller fuzzing
Reproducer: None (triggered by concurrent perf_event_open + cgroup perf events)
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=221307

WARNING: CPU: 1 PID: 18 at kernel/events/core.c:941
perf_cgroup_switch+0x3af/0x4c0
CPU: 1 UID: 0 PID: 18 Comm: rcu_preempt Not tainted
6.12.0-124.38.1.el10_1+ #6 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.17.0-9.fc43 06/10/2025
RIP: 0010:perf_cgroup_switch+0x3af/0x4c0 kernel/events/core.c:941
Call Trace:
<TASK>
__perf_event_task_sched_out+0xa9/0x1d0 kernel/events/core.c:3776
perf_event_task_sched_out include/linux/perf_event.h:1595 [inline]
prepare_task_switch+0x358/0xca0 kernel/sched/core.c:5197
context_switch kernel/sched/core.c:5346 [inline]
__schedule+0x49d/0x1460 kernel/sched/core.c:6790
__schedule_loop kernel/sched/core.c:6868 [inline]
schedule+0x6a/0x1a0 kernel/sched/core.c:6883
rcu_gp_kthread+0x406/0x510 kernel/rcu/tree.c:2230
kthread+0x3a7/0x760 kernel/kthread.c:464
ret_from_fork+0x50/0x80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>

addr2line with -i resolves the WARNING to:

core.c:176 -> __perf_ctx_lock(): WARN_ON_ONCE(ctx->is_active & EVENT_FROZEN)
core.c:182 -> perf_ctx_lock() [inlined]
core.c:947 -> perf_cgroup_switch() call to perf_ctx_lock()

perf_cgroup_switch() runs in the sched-out path via prepare_task_switch ->
__perf_event_task_sched_out. It acquires the perf context lock through
perf_ctx_lock -> __perf_ctx_lock, which asserts EVENT_FROZEN is not set.

The rcu_preempt kthread (PID 18) should not have a per-CPU perf context
with EVENT_FROZEN set. Either the flag is being set on the per-CPU context
and not cleared before the sched-out path runs, or there is a race between
perf event freeze/thaw operations and the scheduler context switch.

The v5.18 perf_cgroup_switch fixes (96492a6c558a, 6875186aea5c, a0827713e298,
e19cd0b6fa59) address different root causes. No matching syzbot report found.

Thanks,
Christopher Lusk