ci starts bisection 2024-03-04 22:04:54.011301863 +0000 UTC m=+33802.669637876
bisecting fixing commit since 7c5e046bdcb2513f9decb3765d8bf92d604279cf
building syzkaller on fb427a0782000106c62de76d251e5a02de5406a9
ensuring issue is reproducible on original commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf

testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 86db28948bf4ba9f1878e9fafbf951b3bdce31724faaf938a186645e4800fc38
all runs: crashed: WARNING in free_event
representative crash: WARNING in free_event, types: [WARNING]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 61659f2e482b49d842e1bd7fcd9d4bec35e781e9cc23f09cd4410e9d12e02707
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed
kconfig minimization: base=3937 full=7658 leaves diff=2015
split chunks (needed=false): <2015>
split chunk #0 of len 2015 into 5 parts
testing without sub-chunk 1/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3c8af514326c4bfcd4f333d309d5eee1ced875165281930a47fb7b7eb7cdc4ea
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 01570189bea26424a861533a1b4ba8130f5baab71cb087649ad64146e3abd34f
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ebdfb9ff0088a30a763ea3bb9c71793257510bcf503e7a586c74de984e7c82ec
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b3646f4809e3508cd3db999bc800f35fe850957777eabaabfdc97db8adc61530
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 7c5e046bdcb2513f9decb3765d8bf92d604279cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9c8a7f11d197e5be3f54f296e1d4fa876d6015acdd9baefcc1f8705c961cceb9
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
the chunk can be dropped
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed
testing current HEAD dced881ead78e4d6add3735d02a9186ba2415630
testing commit dced881ead78e4d6add3735d02a9186ba2415630 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2b583d4a0865c0c7150d22d0b2902a9ddc1c884d34c21f20a353b37a7d6b1769
all runs: crashed: WARNING in perf_event_release_kernel
representative crash: WARNING in perf_event_release_kernel, types: [WARNING]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 1h28m8.658405465s (build: 58m51.887096191s, test: 24m12.487508565s)
crash still not fixed or there were kernel test errors
commit msg: Merge branch 'check-bpf_func_state-callback_depth-when-pruning-states'
crash: WARNING in perf_event_release_kernel
------------[ cut here ]------------
unexpected event refcount: 2; ptr=ffff88810ca80ae0
WARNING: CPU: 1 PID: 1867 at kernel/events/core.c:5256 free_event kernel/events/core.c:5254 [inline]
WARNING: CPU: 1 PID: 1867 at kernel/events/core.c:5256 perf_event_release_kernel+0x29b/0x300 kernel/events/core.c:5421
Modules linked in:
CPU: 1 PID: 1867 Comm: syz-executor.0 Not tainted 6.8.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:free_event kernel/events/core.c:5254 [inline]
RIP: 0010:perf_event_release_kernel+0x29b/0x300 kernel/events/core.c:5421
Code: df e8 e9 c3 ef ff 4c 89 fd 48 8d 44 24 08 49 39 c7 75 8c eb 24 90 48 8b b5 58 ff ff ff 48 c7 c7 34 b5 3e 82 e8 76 3a e9 ff 90 <0f> 0b 90 90 eb c8 f6 85 ac 00 00 00 03 75 41 48 8b 3c 24 f0 48 ff
RSP: 0018:ffffc900019dfcd8 EFLAGS: 00010246
RAX: 9659d5cb0c235200 RBX: ffff8881062c352c RCX: 0000000000000002
RDX: 0000000000000000 RSI: c0000000ffffdfff RDI: 00000000ffffffff
RBP: ffff88810ca80dc0 R08: 0000000000000000 R09: ffffffff826c36b0
R10: 00000000ffffffff R11: 00000000ffffdfff R12: dead000000000122
R13: 0000000000000000 R14: dead000000000100 R15: ffffc900019dfce0
FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555726ada8 CR3: 0000000107b82000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 perf_release+0x10/0x20 kernel/events/core.c:5442
 __fput+0xf4/0x290 fs/file_table.c:376
 task_work_run+0x81/0xb0 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x2c8/0x9b0 kernel/exit.c:871
 do_group_exit+0x85/0xa0 kernel/exit.c:1020
 get_signal+0x737/0x790 kernel/signal.c:2893
 arch_do_signal_or_restart+0x89/0x2a0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:105 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
 syscall_exit_to_user_mode+0x57/0x200 kernel/entry/common.c:212
 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242
 </TASK>