syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue

Status: fixed on 2020/04/15 17:19
Subsystems: sound
[Documentation on labels]
Reported-by: syzbot+e60ddfa48717579799dd@syzkaller.appspotmail.com
Fix commit: bb51e669fa49 ALSA: seq: Avoid concurrent access to queue flags
First crash: 1922d, last: 1749d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.4 000/113] 4.4.215-stable review 120 (120) 2020/03/16 10:53
[PATCH 4.14 000/237] 4.14.172-stable review 252 (252) 2020/03/01 09:52
[PATCH 4.19 00/97] 4.19.107-stable review 108 (108) 2020/02/28 18:05
[PATCH 5.5 000/150] 5.5.7-stable review 166 (166) 2020/02/28 15:12
[PATCH 4.9 000/165] 4.9.215-stable review 174 (174) 2020/02/28 14:31
[PATCH 5.4 000/135] 5.4.23-stable review 140 (140) 2020/02/28 03:42
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue (3) sound 111 1504d 1650d 19/28 fixed on 2021/03/10 01:48
upstream KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue (2) sound 42 1685d 1747d 0/28 closed as invalid on 2020/06/18 14:24

Sample crash report:
==================================================================
BUG: KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue

write to 0xffff8880a32a0964 of 1 bytes by task 2299 on cpu 0:
 queue_access_unlock sound/core/seq/seq_queue.c:367 [inline]
 snd_seq_control_queue+0x15a/0x320 sound/core/seq/seq_queue.c:726
 event_input_timer+0x29/0x40 sound/core/seq/seq_system.c:103
 snd_seq_deliver_single_event.constprop.0+0x403/0x500 sound/core/seq/seq_clientmgr.c:638
 snd_seq_deliver_event+0x2eb/0x4b0 sound/core/seq/seq_clientmgr.c:839
 snd_seq_dispatch_event+0x9d/0x300 sound/core/seq/seq_clientmgr.c:913
 snd_seq_check_queue+0xf3/0x210 sound/core/seq/seq_queue.c:262
 snd_seq_enqueue_event+0x15a/0x2a0 sound/core/seq/seq_queue.c:330
 snd_seq_client_enqueue_event.constprop.0+0x187/0x2a0 sound/core/seq/seq_clientmgr.c:974
 snd_seq_write+0x227/0x4e0 sound/core/seq/seq_clientmgr.c:1093
 __vfs_write+0x58/0xb0 fs/read_write.c:494
 vfs_write fs/read_write.c:558 [inline]
 vfs_write+0x189/0x380 fs/read_write.c:542
 ksys_write+0x16a/0x1a0 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write fs/read_write.c:620 [inline]
 __x64_sys_write+0x49/0x60 fs/read_write.c:620
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880a32a0964 of 1 bytes by interrupt on cpu 1:
 snd_seq_check_queue+0x59/0x210 sound/core/seq/seq_queue.c:247
 snd_seq_timer_interrupt+0x222/0x260 sound/core/seq/seq_timer.c:158
 snd_timer_process_callbacks+0x1eb/0x230 sound/core/timer.c:796
 snd_timer_interrupt sound/core/timer.c:919 [inline]
 snd_timer_interrupt+0x488/0x950 sound/core/timer.c:840
 snd_hrtimer_callback+0x188/0x250 sound/core/hrtimer.c:50
 __run_hrtimer kernel/time/hrtimer.c:1517 [inline]
 __hrtimer_run_queues+0x271/0x600 kernel/time/hrtimer.c:1579
 hrtimer_interrupt+0x226/0x490 kernel/time/hrtimer.c:1641
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline]
 smp_apic_timer_interrupt+0xd8/0x270 arch/x86/kernel/apic/apic.c:1144
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 inet_csk_find_open_port net/ipv4/inet_connection_sock.c:220 [inline]
 inet_csk_get_port+0x745/0x12d0 net/ipv4/inet_connection_sock.c:300
 __inet_bind+0x372/0x680 net/ipv4/af_inet.c:524
 inet_bind+0xc0/0x100 net/ipv4/af_inet.c:453
 rds_tcp_conn_path_connect+0x21a/0x5d0 net/rds/tcp_connect.c:144
 rds_connect_worker+0x10b/0x1a0 net/rds/threads.c:176
 process_one_work+0x424/0x930 kernel/workqueue.c:2264
 worker_thread+0x9a/0x7e0 kernel/workqueue.c:2410
 kthread+0x1cb/0x1f0 kernel/kthread.c:255
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 8616 Comm: kworker/u4:6 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_connect_worker
==================================================================

Crashes (97):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/14 21:00 https://github.com/google/ktsan.git kcsan 40959e34d670 3f3c5574 .config console log report ci2-upstream-kcsan-gce
2020/04/09 15:20 https://github.com/google/ktsan.git kcsan 40959e34d670 a8c6a3f8 .config console log report ci2-upstream-kcsan-gce
2020/04/01 06:44 https://github.com/google/ktsan.git kcsan 40959e34d670 a34e2c33 .config console log report ci2-upstream-kcsan-gce
2020/03/30 12:56 https://github.com/google/ktsan.git kcsan 40959e34d670 c8d1cc20 .config console log report ci2-upstream-kcsan-gce
2020/03/29 04:52 https://github.com/google/ktsan.git kcsan 40959e34d670 05736b29 .config console log report ci2-upstream-kcsan-gce
2020/03/24 14:57 https://github.com/google/ktsan.git kcsan 40959e34d670 33e14df3 .config console log report ci2-upstream-kcsan-gce
2020/03/23 13:28 https://github.com/google/ktsan.git kcsan 40959e34d670 78267cec .config console log report ci2-upstream-kcsan-gce
2020/03/20 05:34 https://github.com/google/ktsan.git kcsan 40959e34d670 2c31c529 .config console log report ci2-upstream-kcsan-gce
2020/03/10 00:29 https://github.com/google/ktsan.git kcsan 941e0d917bbf 35f53e45 .config console log report ci2-upstream-kcsan-gce
2020/03/08 11:34 https://github.com/google/ktsan.git kcsan 941e0d917bbf 2e9971bb .config console log report ci2-upstream-kcsan-gce
2020/03/07 01:54 https://github.com/google/ktsan.git kcsan 941e0d917bbf fd2a5f28 .config console log report ci2-upstream-kcsan-gce
2020/03/05 22:09 https://github.com/google/ktsan.git kcsan 766d004d1b85 b655d91b .config console log report ci2-upstream-kcsan-gce
2020/03/04 17:09 https://github.com/google/ktsan.git kcsan 766d004d1b85 712198ac .config console log report ci2-upstream-kcsan-gce
2020/03/03 13:07 https://github.com/google/ktsan.git kcsan 766d004d1b85 350a7a26 .config console log report ci2-upstream-kcsan-gce
2020/03/02 17:37 https://github.com/google/ktsan.git kcsan 766d004d1b85 4a4e0509 .config console log report ci2-upstream-kcsan-gce
2020/02/28 02:23 https://github.com/google/ktsan.git kcsan 766d004d1b85 c88c7b75 .config console log report ci2-upstream-kcsan-gce
2020/02/27 14:20 https://github.com/google/ktsan.git kcsan 766d004d1b85 40bcfdd5 .config console log report ci2-upstream-kcsan-gce
2020/02/26 19:40 https://github.com/google/ktsan.git kcsan 766d004d1b85 251aabb7 .config console log report ci2-upstream-kcsan-gce
2020/02/20 20:52 https://github.com/google/ktsan.git kcsan b12d66a6c34f 81230308 .config console log report ci2-upstream-kcsan-gce
2020/02/14 19:52 https://github.com/google/ktsan.git kcsan b12d66a6c34f 5d7b90f1 .config console log report ci2-upstream-kcsan-gce
2020/02/11 23:32 https://github.com/google/ktsan.git kcsan f60f0f543333 4d1ab643 .config console log report ci2-upstream-kcsan-gce
2020/02/07 08:27 https://github.com/google/ktsan.git kcsan 245a43005292 06150bf1 .config console log report ci2-upstream-kcsan-gce
2020/02/06 16:49 https://github.com/google/ktsan.git kcsan 245a43005292 5be3a391 .config console log report ci2-upstream-kcsan-gce
2020/02/06 08:02 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/02/02 20:57 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/02/02 10:34 https://github.com/google/ktsan.git kcsan 245a43005292 2274ad39 .config console log report ci2-upstream-kcsan-gce
2020/02/01 16:30 https://github.com/google/ktsan.git kcsan 245a43005292 326d4c78 .config console log report ci2-upstream-kcsan-gce
2020/01/30 00:25 https://github.com/google/ktsan.git kcsan 245a43005292 5ed23f9a .config console log report ci2-upstream-kcsan-gce
2020/01/28 00:46 https://github.com/google/ktsan.git kcsan 245a43005292 56cd6c9b .config console log report ci2-upstream-kcsan-gce
2020/01/26 22:37 https://github.com/google/ktsan.git kcsan 245a43005292 dd56146d .config console log report ci2-upstream-kcsan-gce
2020/01/26 00:19 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2020/01/25 05:14 https://github.com/google/ktsan.git kcsan 245a43005292 2e95ab33 .config console log report ci2-upstream-kcsan-gce
2020/01/24 01:21 https://github.com/google/ktsan.git kcsan 245a43005292 11ebf937 .config console log report ci2-upstream-kcsan-gce
2020/01/22 20:55 https://github.com/google/ktsan.git kcsan 245a43005292 3334d684 .config console log report ci2-upstream-kcsan-gce
2020/01/21 13:39 https://github.com/google/ktsan.git kcsan 245a43005292 8eda0b95 .config console log report ci2-upstream-kcsan-gce
2020/01/20 13:38 https://github.com/google/ktsan.git kcsan 245a43005292 c40da18c .config console log report ci2-upstream-kcsan-gce
2020/01/19 16:23 https://github.com/google/ktsan.git kcsan 245a43005292 0342f8c7 .config console log report ci2-upstream-kcsan-gce
2020/01/19 00:54 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config console log report ci2-upstream-kcsan-gce
2020/01/16 16:46 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/16 00:00 https://github.com/google/ktsan.git kcsan 245a43005292 f9b69507 .config console log report ci2-upstream-kcsan-gce
2020/01/11 04:01 https://github.com/google/ktsan.git kcsan 245a43005292 4c04afaa .config console log report ci2-upstream-kcsan-gce
2020/01/09 16:47 https://github.com/google/ktsan.git kcsan 245a43005292 4de4e9f0 .config console log report ci2-upstream-kcsan-gce
2020/01/09 01:52 https://github.com/google/ktsan.git kcsan 245a43005292 ddc3e859 .config console log report ci2-upstream-kcsan-gce
2020/01/08 08:58 https://github.com/google/ktsan.git kcsan 245a43005292 6738e0b3 .config console log report ci2-upstream-kcsan-gce
2020/01/07 12:58 https://github.com/google/ktsan.git kcsan 245a43005292 1bcd407e .config console log report ci2-upstream-kcsan-gce
2020/01/05 17:40 https://github.com/google/ktsan.git kcsan 245a43005292 d646e21f .config console log report ci2-upstream-kcsan-gce
2020/01/04 06:02 https://github.com/google/ktsan.git kcsan 245a43005292 68256974 .config console log report ci2-upstream-kcsan-gce
2020/01/03 19:48 https://github.com/google/ktsan.git kcsan 245a43005292 9dcc1191 .config console log report ci2-upstream-kcsan-gce
2020/01/02 23:33 https://github.com/google/ktsan.git kcsan 245a43005292 25a0186e .config console log report ci2-upstream-kcsan-gce
2019/10/31 05:46 https://github.com/google/ktsan.git kcsan 05f2236801fe a41ca8fa .config console log report ci2-upstream-kcsan-gce
2019/10/30 01:22 https://github.com/google/ktsan.git kcsan 05f2236801fe 5ea87a66 .config console log report ci2-upstream-kcsan-gce
2019/10/28 22:47 https://github.com/google/ktsan.git kcsan 05f2236801fe 439d7b14 .config console log report ci2-upstream-kcsan-gce
2019/10/27 01:28 https://github.com/google/ktsan.git kcsan 05f2236801fe 25bb509e .config console log report ci2-upstream-kcsan-gce
2019/10/26 00:11 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config console log report ci2-upstream-kcsan-gce
2019/10/25 17:32 https://github.com/google/ktsan.git kcsan 05f2236801fe 04ca72cd .config console log report ci2-upstream-kcsan-gce
2019/10/24 14:53 https://github.com/google/ktsan.git kcsan 05f2236801fe d01bb02a .config console log report ci2-upstream-kcsan-gce
2019/10/24 03:05 https://github.com/google/ktsan.git kcsan 05f2236801fe b602d64b .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.