syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in snd_seq_prioq_cell_out / snd_seq_timer_interrupt

Status: fixed on 2020/04/15 17:19
Subsystems: sound
[Documentation on labels]
Reported-by: syzbot+fd5e0eaa1a32999173b2@syzkaller.appspotmail.com
Fix commit: dc7497795e01 ALSA: seq: Fix concurrent access to queue current tick/time
First crash: 1639d, last: 1465d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.4 000/113] 4.4.215-stable review 120 (120) 2020/03/16 10:53
[PATCH 4.14 000/237] 4.14.172-stable review 252 (252) 2020/03/01 09:52
[PATCH 4.19 00/97] 4.19.107-stable review 108 (108) 2020/02/28 18:05
[PATCH 5.5 000/150] 5.5.7-stable review 166 (166) 2020/02/28 15:12
[PATCH 4.9 000/165] 4.9.215-stable review 174 (174) 2020/02/28 14:31
[PATCH 5.4 000/135] 5.4.23-stable review 140 (140) 2020/02/28 03:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in snd_seq_prioq_cell_out / snd_seq_timer_interrupt

write to 0xffff88806e3c3318 of 4 bytes by interrupt on cpu 1:
 snd_seq_timer_update_tick sound/core/seq/seq_timer.h:58 [inline]
 snd_seq_timer_interrupt+0x1e4/0x260 sound/core/seq/seq_timer.c:150
 snd_timer_process_callbacks+0x1eb/0x230 sound/core/timer.c:796
 snd_timer_interrupt sound/core/timer.c:919 [inline]
 snd_timer_interrupt+0x488/0x950 sound/core/timer.c:840
 snd_hrtimer_callback+0x188/0x250 sound/core/hrtimer.c:50
 __run_hrtimer kernel/time/hrtimer.c:1517 [inline]
 __hrtimer_run_queues+0x271/0x600 kernel/time/hrtimer.c:1579
 hrtimer_interrupt+0x226/0x490 kernel/time/hrtimer.c:1641
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline]
 smp_apic_timer_interrupt+0xd8/0x270 arch/x86/kernel/apic/apic.c:1144
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
 arch_safe_halt arch/x86/include/asm/paravirt.h:144 [inline]
 default_idle+0x21/0x170 arch/x86/kernel/process.c:695
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1b7/0x290 kernel/sched/idle.c:269
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:361
 start_secondary+0x164/0x1b0 arch/x86/kernel/smpboot.c:264
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242

read to 0xffff88806e3c3318 of 4 bytes by task 10573 on cpu 0:
 event_is_ready sound/core/seq/seq_prioq.c:205 [inline]
 snd_seq_prioq_cell_out+0x7b/0x200 sound/core/seq/seq_prioq.c:225
 snd_seq_check_queue+0xd6/0x210 sound/core/seq/seq_queue.c:258
 snd_seq_enqueue_event+0x15a/0x2a0 sound/core/seq/seq_queue.c:330
 snd_seq_client_enqueue_event.constprop.0+0x187/0x2a0 sound/core/seq/seq_clientmgr.c:974
 snd_seq_write+0x227/0x4e0 sound/core/seq/seq_clientmgr.c:1093
 __vfs_write+0x58/0xb0 fs/read_write.c:494
 vfs_write fs/read_write.c:558 [inline]
 vfs_write+0x189/0x380 fs/read_write.c:542
 ksys_write+0x16a/0x1a0 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write fs/read_write.c:620 [inline]
 __x64_sys_write+0x49/0x60 fs/read_write.c:620
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10573 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (118):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/14 18:00 https://github.com/google/ktsan.git kcsan 40959e34d670 3f3c5574 .config console log report ci2-upstream-kcsan-gce
2020/04/14 06:37 https://github.com/google/ktsan.git kcsan 40959e34d670 7c54686a .config console log report ci2-upstream-kcsan-gce
2020/04/13 12:36 https://github.com/google/ktsan.git kcsan 40959e34d670 17a986e5 .config console log report ci2-upstream-kcsan-gce
2020/04/10 05:03 https://github.com/google/ktsan.git kcsan 40959e34d670 a8c6a3f8 .config console log report ci2-upstream-kcsan-gce
2020/04/07 02:33 https://github.com/google/ktsan.git kcsan 40959e34d670 99a96044 .config console log report ci2-upstream-kcsan-gce
2020/04/01 06:11 https://github.com/google/ktsan.git kcsan 40959e34d670 a34e2c33 .config console log report ci2-upstream-kcsan-gce
2020/03/30 10:46 https://github.com/google/ktsan.git kcsan 40959e34d670 c8d1cc20 .config console log report ci2-upstream-kcsan-gce
2020/03/29 06:30 https://github.com/google/ktsan.git kcsan 40959e34d670 05736b29 .config console log report ci2-upstream-kcsan-gce
2020/03/24 13:05 https://github.com/google/ktsan.git kcsan 40959e34d670 33e14df3 .config console log report ci2-upstream-kcsan-gce
2020/03/22 02:18 https://github.com/google/ktsan.git kcsan 40959e34d670 78267cec .config console log report ci2-upstream-kcsan-gce
2020/03/20 05:34 https://github.com/google/ktsan.git kcsan 40959e34d670 2c31c529 .config console log report ci2-upstream-kcsan-gce
2020/03/18 21:49 https://github.com/google/ktsan.git kcsan 941e0d917bbf 0a96a13c .config console log report ci2-upstream-kcsan-gce
2020/03/18 07:39 https://github.com/google/ktsan.git kcsan 941e0d917bbf 97bc55ce .config console log report ci2-upstream-kcsan-gce
2020/03/13 21:54 https://github.com/google/ktsan.git kcsan 941e0d917bbf 749688d2 .config console log report ci2-upstream-kcsan-gce
2020/03/13 16:09 https://github.com/google/ktsan.git kcsan 941e0d917bbf fd69032d .config console log report ci2-upstream-kcsan-gce
2020/03/09 19:07 https://github.com/google/ktsan.git kcsan 941e0d917bbf 35f53e45 .config console log report ci2-upstream-kcsan-gce
2020/03/07 13:08 https://github.com/google/ktsan.git kcsan 941e0d917bbf 2e9971bb .config console log report ci2-upstream-kcsan-gce
2020/03/07 01:48 https://github.com/google/ktsan.git kcsan 941e0d917bbf fd2a5f28 .config console log report ci2-upstream-kcsan-gce
2020/03/06 20:56 https://github.com/google/ktsan.git kcsan 941e0d917bbf 7fb694ef .config console log report ci2-upstream-kcsan-gce
2020/03/06 12:22 https://github.com/google/ktsan.git kcsan 766d004d1b85 7fb694ef .config console log report ci2-upstream-kcsan-gce
2020/03/05 18:25 https://github.com/google/ktsan.git kcsan 766d004d1b85 b655d91b .config console log report ci2-upstream-kcsan-gce
2020/03/05 04:06 https://github.com/google/ktsan.git kcsan 766d004d1b85 576fb9bc .config console log report ci2-upstream-kcsan-gce
2020/03/04 15:10 https://github.com/google/ktsan.git kcsan 766d004d1b85 712198ac .config console log report ci2-upstream-kcsan-gce
2020/03/04 10:11 https://github.com/google/ktsan.git kcsan 766d004d1b85 1f73b64b .config console log report ci2-upstream-kcsan-gce
2020/03/03 14:49 https://github.com/google/ktsan.git kcsan 766d004d1b85 350a7a26 .config console log report ci2-upstream-kcsan-gce
2020/03/02 12:27 https://github.com/google/ktsan.git kcsan 766d004d1b85 4a4e0509 .config console log report ci2-upstream-kcsan-gce
2020/02/28 02:17 https://github.com/google/ktsan.git kcsan 766d004d1b85 c88c7b75 .config console log report ci2-upstream-kcsan-gce
2020/02/26 01:03 https://github.com/google/ktsan.git kcsan 766d004d1b85 4c886d6a .config console log report ci2-upstream-kcsan-gce
2020/02/24 11:55 https://github.com/google/ktsan.git kcsan 766d004d1b85 1253d6f0 .config console log report ci2-upstream-kcsan-gce
2020/02/20 19:01 https://github.com/google/ktsan.git kcsan b12d66a6c34f 81230308 .config console log report ci2-upstream-kcsan-gce
2020/02/19 08:16 https://github.com/google/ktsan.git kcsan b12d66a6c34f 135c18aa .config console log report ci2-upstream-kcsan-gce
2020/02/18 17:04 https://github.com/google/ktsan.git kcsan b12d66a6c34f 012fbc32 .config console log report ci2-upstream-kcsan-gce
2020/02/17 18:27 https://github.com/google/ktsan.git kcsan b12d66a6c34f 72bfa6f2 .config console log report ci2-upstream-kcsan-gce
2020/02/16 18:42 https://github.com/google/ktsan.git kcsan b12d66a6c34f cf914200 .config console log report ci2-upstream-kcsan-gce
2020/02/14 07:02 https://github.com/google/ktsan.git kcsan b12d66a6c34f 5d7b90f1 .config console log report ci2-upstream-kcsan-gce
2020/02/10 08:25 https://github.com/google/ktsan.git kcsan f60f0f543333 35f5e45e .config console log report ci2-upstream-kcsan-gce
2020/02/09 16:01 https://github.com/google/ktsan.git kcsan f60f0f543333 6ece2ea5 .config console log report ci2-upstream-kcsan-gce
2020/02/07 16:59 https://github.com/google/ktsan.git kcsan 6cccb8ba35bd 06150bf1 .config console log report ci2-upstream-kcsan-gce
2020/02/06 18:39 https://github.com/google/ktsan.git kcsan 245a43005292 5be3a391 .config console log report ci2-upstream-kcsan-gce
2020/02/06 08:30 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/02/02 17:08 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/02/01 16:38 https://github.com/google/ktsan.git kcsan 245a43005292 326d4c78 .config console log report ci2-upstream-kcsan-gce
2020/01/29 22:35 https://github.com/google/ktsan.git kcsan 245a43005292 5ed23f9a .config console log report ci2-upstream-kcsan-gce
2020/01/29 06:21 https://github.com/google/ktsan.git kcsan 245a43005292 c8e81ce4 .config console log report ci2-upstream-kcsan-gce
2020/01/28 05:37 https://github.com/google/ktsan.git kcsan 245a43005292 56cd6c9b .config console log report ci2-upstream-kcsan-gce
2020/01/26 07:58 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2020/01/10 16:00 https://github.com/google/ktsan.git kcsan 245a43005292 532ec44e .config console log report ci2-upstream-kcsan-gce
2020/01/07 12:20 https://github.com/google/ktsan.git kcsan 245a43005292 1bcd407e .config console log report ci2-upstream-kcsan-gce
2019/10/24 04:56 https://github.com/google/ktsan.git kcsan 05f2236801fe b602d64b .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.