From nobody Tue Oct  7 13:35:10 2025
Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D9442BEFFF;
	Wed,  9 Jul 2025 11:28:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=202.181.97.72
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1752060483; cv=none;
 b=rhp8LPQtZRc8HM36TTHZJq9WkqfGv750O31FVbs1ZfBm7XfREyBsrWN2y2ZwwaxtfHpslPE8x5EDzHwBZiyDihehsysXUWrot8vMIxnDw5XFBqYahi6qYSYEQsfojfuA0xJUJkI3/Yl0pKPp+NHiVMhe2qaqCbpycNxkUArCsz4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1752060483; c=relaxed/simple;
	bh=kf+NiVclc+sDXGzOBzKaDobKOTnaEML1L+EsObfXRF0=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type;
 b=mn0E3DVqd7tg8lWANC6PId+kCirPK253RIEWv6xYGmb2/k/3/c828ru9aEjxQzHAmaeUnc2znX58A6eB443CE77tRY9+aIE7hmT7m2QzlaF54kL0fkEPK6gahWGLgsQrpVmBgYZ6qXJYQf6DudWgZS/bLVW07VVAhAQF2myAYIw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp;
 spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp;
 arc=none smtp.client-ip=202.181.97.72
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=none (p=none dis=none) header.from=I-love.SAKURA.ne.jp
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=I-love.SAKURA.ne.jp
Received: from www262.sakura.ne.jp (localhost [127.0.0.1])
	by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 569BRrTZ011304;
	Wed, 9 Jul 2025 20:27:53 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Received: from [192.168.1.6] (M106072142033.v4.enabler.ne.jp [106.72.142.33])
	(authenticated bits=0)
	by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 569BRq5x011301
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO);
	Wed, 9 Jul 2025 20:27:53 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Message-ID: <b1c224bd-97f9-462c-a3e3-125d5e19c983@I-love.SAKURA.ne.jp>
Date: Wed, 9 Jul 2025 20:27:52 +0900
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: [PATCH v2] perf/core: Fix WARN in perf_sigtrap()
To: Peter Zijlstra <peterz@infradead.org>
Cc: syzbot <syzbot+2fe61cb2a86066be6985@syzkaller.appspotmail.com>,
        linux-perf-users@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
References: <685af60a.a00a0220.2e5631.0092.GAE@google.com>
 <ed888189-dad4-47e1-bfc8-4f2213eda32d@I-love.SAKURA.ne.jp>
 <f8dee957-d286-421d-976a-c0c580454fb3@I-love.SAKURA.ne.jp>
 <20250709094451.GI1613200@noisy.programming.kicks-ass.net>
Content-Language: en-US
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
In-Reply-To: <20250709094451.GI1613200@noisy.programming.kicks-ass.net>
Content-Transfer-Encoding: quoted-printable
X-Virus-Status: clean
X-Anti-Virus-Server: fsav404.rs.sakura.ne.jp
Content-Type: text/plain; charset="utf-8"

Since exit_task_work() runs after perf_event_exit_task_context() updated
ctx->task to TASK_TOMBSTONE, perf_sigtrap() from perf_pending_task() might
observe event->ctx->task =3D=3D TASK_TOMBSTONE.

Swap the early exit tests in order not to hit WARN_ON_ONCE().

Reported-by: syzbot <syzbot+2fe61cb2a86066be6985@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=3D2fe61cb2a86066be6985
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 kernel/events/core.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 0db36b2b2448..22fdf0c187cd 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -7204,18 +7204,18 @@ void perf_event_wakeup(struct perf_event *event)
 static void perf_sigtrap(struct perf_event *event)
 {
 	/*
-	 * We'd expect this to only occur if the irq_work is delayed and either
-	 * ctx->task or current has changed in the meantime. This can be the
-	 * case on architectures that do not implement arch_irq_work_raise().
+	 * Both perf_pending_task() and perf_pending_irq() can race with the
+	 * task exiting.
 	 */
-	if (WARN_ON_ONCE(event->ctx->task !=3D current))
+	if (current->flags & PF_EXITING)
 		return;
=20
 	/*
-	 * Both perf_pending_task() and perf_pending_irq() can race with the
-	 * task exiting.
+	 * We'd expect this to only occur if the irq_work is delayed and either
+	 * ctx->task or current has changed in the meantime. This can be the
+	 * case on architectures that do not implement arch_irq_work_raise().
 	 */
-	if (current->flags & PF_EXITING)
+	if (WARN_ON_ONCE(event->ctx->task !=3D current))
 		return;
=20
 	send_sig_perf((void __user *)event->pending_addr,
--=20
2.47.1