perf record crash: refcount_inc assertion failed

Bug #1769027 reported by Cam Cope on 2018-05-04
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Joseph Salisbury
Joseph Salisbury

Bug Description

== SRU Justification ==
This SRU request is for two commits, that are needed for two bug reports. The
first bug(1767204) is marked as a duplicate of the bug used for this SRU
request. The commit(3d8bba9535ac) required to fix the first bug introduced the second
bug. The second bug is then fixed buy commit cd8dd032f61a.

The first issue is perf crashes due to swapped xyarray function signatures and is
fixed by commit 3d8bba9535ac.

The second issue is a crash due to "refcount_inc assertion failed".
This second bug is introduced by picking commit 3d8bba9535ac without
picking commit cd8dd032f61a first.

== Fixes ==
cd8dd032f61a ("perf cgroup: Fix refcount usage")
3d8bba9535ac ("perf xyarray: Fix wrong processing when closing evsel fd")

== Regression Potential ==
Low. Limited to perf tool.

== Test Case ==
A test kernel was built with these patches and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

== Original Bug Description ==
On linux-hwe-tools-4.13.0-39 in xenial:

Trying to run perf record ... --cgroup=mycgroup causes an immediate assertion failure:
refcount_inc: Assertion `!(!refcount_inc_not_zero(r))' failed.

Confirmed fixed by patching my linux-tools package with this upstream commit (on top of the commit in bug #1767204):

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1769027

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Cam Cope (ccope) wrote :

(setting to confirmed because this error isn't in the kernel logs)

description: updated
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: kernel-da-key
Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Artful):
importance: Undecided → Medium
status: New → Confirmed
Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Artful):
assignee: nobody → Joseph Salisbury (jsalisbury)
status: Confirmed → Triaged
Changed in linux (Ubuntu):
status: Confirmed → Triaged
Changed in linux (Ubuntu Artful):
status: Triaged → In Progress
Changed in linux (Ubuntu):
status: Triaged → In Progress
Joseph Salisbury (jsalisbury) wrote :

I built a test kernel with commit cd8dd032f61abeb08d2c03bab4968a9de231a1be. This test kernel also had commit 3d8bba9535a applied first.

The test kernel can be downloaded from:

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-image-unsigned, linux-modules and linux-modules-extra .deb packages.

Thanks in advance!

Joseph Salisbury (jsalisbury) wrote :

I'm going to mark bug 1767204 as a duplicate of this bug. I'll include the commit in that bug and the commit in this bug in a single SRU request once testing is complete.

Cam Cope (ccope) wrote :

Confirmed that the updated perf binary doesn't crash with the cgroups argument.

Joseph Salisbury (jsalisbury) wrote :
description: updated
Changed in linux (Ubuntu Artful):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed-artful'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-artful
Stefan Bader (smb) wrote :

Any progress on the verification for this?

Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package linux - 4.13.0-45.50

linux (4.13.0-45.50) artful; urgency=medium

  * linux: 4.13.0-45.50 -proposed tracker (LP: #1774124)

  * CVE-2018-3639 (x86)
    - SAUCE: Set generic SSBD feature for Intel cpus

linux (4.13.0-44.49) artful; urgency=medium

  * linux: 4.13.0-44.49 -proposed tracker (LP: #1772951)

  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.

  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation

  * CVE-2018-7492
    - rds: Fix NULL pointer dereference in __rds_rdma_map

  * CVE-2018-8781
    - drm: udl: Properly check framebuffer mmap offsets

  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
    - fsnotify: Fix fsnotify_mark_connector race

  * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679)
    - x86/xen: Reset VCPU0 info pointer after shared_info remap

  * Suspend to idle: Open lid didn't resume (LP: #1771542)
    - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * [SRU][Artful] using vfio-pci on a combination of cn8xxx and some PCI devices
    results in a kernel panic. (LP: #1770254)
    - PCI: Avoid bus reset if bridge itself is broken
    - PCI: Mark Cavium CN8xxx to avoid bus reset
    - PCI: Avoid slot reset if bridge itself is broken

  * Battery drains when laptop is off (shutdown) (LP: #1745646)
    - PCI / PM: Check device_may_wakeup() in pci_enable_wake()

  * perf record crash: refcount_inc assertion failed (LP: #1769027)
    - perf cgroup: Fix refcount usage
    - perf xyarray: Fix wrong processing when closing evsel fd

  * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot
    (LP: #1764194)
    - drm/i915/bios: filter out invalid DDC pins from VBT child devices

  * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684)
    - PCI / PM: Always check PME wakeup capability for runtime wakeup support

  * [SRU][Bionic/Artful] fix false positives in W...


Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers