Triggers kernel WARN and UBSAN by creating a disabled child perf event in a hardware event group. Link: https://lore.kernel.org/lkml/aIIT7fq3xG9qtRD8@J2N7QTR9R3/

perf-disabled-child.c

/* 
 * Reproducer by Mark Rutland <mark.rutland@arm.com>
 * Triggers kernel WARN and UBSAN with disabled child perf event.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#include <sys/syscall.h>
#include <sys/types.h>

#include <linux/perf_event.h>

static int perf_event_open(struct perf_event_attr *attr, pid_t pid, int cpu,
						   int group_fd, unsigned long flags)
{
		return syscall(__NR_perf_event_open, attr, pid, cpu, group_fd, flags);
}

struct perf_event_attr attr_parent = {
		.type = PERF_TYPE_HARDWARE,
		.size = sizeof(attr_parent),
		.config = PERF_COUNT_HW_CPU_CYCLES,
		.sample_period = 1,
		.exclude_kernel = 1,
};

struct perf_event_attr attr_child = {
		.type = PERF_TYPE_HARDWARE,
		.size = sizeof(attr_child),
		.config = PERF_COUNT_HW_CPU_CYCLES,
		.exclude_kernel = 1,
		.disabled = 1,
};

int main(int argc, char *argv[])
{
		int parent, child;

		parent = perf_event_open(&attr_parent, 0, -1, -1, 0);
		if (parent < 0) {
				fprintf(stderr, "Unable to create event: %d\n", parent);
				exit (-1);
		}

		child = perf_event_open(&attr_child, 0, -1, parent, 0);
		if (child < 0) {
				fprintf(stderr, "Unable to create event: %d\n", child);
				exit (-1);
		}

		for (;;) {
				asm("" ::: "memory");
		}

		return 0;
}

perf-disabled-child.sh

#!/bin/bash

while true; do
    echo "Starting ./perf-disabled-child"
    ./perf-disabled-child &
    PID=$!
    
    sleep 5
    
    echo "Stopping ./perf-disabled-child (PID=$PID)"
    kill $PID

    sleep 1
done