KCSAN: data-race in snd_timer_interrupt / snd_timer

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in snd_timer_interrupt / snd_timer_pause (3) sound	6				1	1621d	1621d	0/29	auto-closed as invalid on 2021/04/29 16:51
upstream	KCSAN: data-race in snd_timer_interrupt / snd_timer_pause (2) sound	6				1	1796d	1796d	0/29	auto-closed as invalid on 2020/11/06 04:33

================================================================== BUG: KCSAN: data-race in snd_timer_interrupt / snd_timer_pause write to 0xffff88809f1d2a10 of 4 bytes by interrupt on cpu 1: snd_timer_process_callbacks sound/core/timer.c:793 [inline] snd_timer_interrupt+0xa40/0xb50 sound/core/timer.c:919 snd_hrtimer_callback+0x13a/0x220 sound/core/hrtimer.c:50 __run_hrtimer+0x154/0x4b0 kernel/time/hrtimer.c:1520 __hrtimer_run_queues kernel/time/hrtimer.c:1584 [inline] hrtimer_interrupt+0x37c/0xa40 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0xa3/0x280 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0x80/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:592 check_kcov_mode kernel/kcov.c:165 [inline] write_comp_data kernel/kcov.c:218 [inline] __sanitizer_cov_trace_const_cmp8+0x31/0x90 kernel/kcov.c:291 page_remove_rmap+0x63/0x2e0 mm/rmap.c:1330 zap_pte_range+0x702/0x1610 mm/memory.c:1089 zap_pmd_range mm/memory.c:1193 [inline] zap_pud_range mm/memory.c:1222 [inline] zap_p4d_range mm/memory.c:1243 [inline] unmap_page_range+0x751/0x870 mm/memory.c:1264 unmap_single_vma+0x157/0x210 mm/memory.c:1309 unmap_vmas+0xc0/0x150 mm/memory.c:1341 exit_mmap+0x1c7/0x3b0 mm/mmap.c:3162 __mmput+0xa2/0x220 kernel/fork.c:1099 mmput+0x38/0x40 kernel/fork.c:1120 exit_mm+0x2c8/0x330 kernel/exit.c:482 do_exit+0x415/0x16e0 kernel/exit.c:792 do_group_exit+0x17a/0x180 kernel/exit.c:903 __do_sys_exit_group+0xb/0x10 kernel/exit.c:914 __se_sys_exit_group+0x5/0x10 kernel/exit.c:912 __x64_sys_exit_group+0x16/0x20 kernel/exit.c:912 do_syscall_64+0x51/0xb0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 read to 0xffff88809f1d2a10 of 4 bytes by task 30353 on cpu 0: snd_timer_pause+0x13/0x50 sound/core/timer.c:735 seq_timer_stop sound/core/seq/seq_timer.c:331 [inline] snd_seq_timer_stop+0x8e/0xb0 sound/core/seq/seq_timer.c:341 snd_seq_queue_process_event sound/core/seq/seq_queue.c:681 [inline] snd_seq_control_queue+0x2e5/0x550 sound/core/seq/seq_queue.c:732 event_input_timer+0x1e/0x30 sound/core/seq/seq_system.c:103 snd_seq_deliver_single_event+0x31b/0x4f0 sound/core/seq/seq_clientmgr.c:638 snd_seq_deliver_event+0x192/0x4a0 sound/core/seq/seq_clientmgr.c:839 snd_seq_kernel_client_dispatch+0x16f/0x190 sound/core/seq/seq_clientmgr.c:2323 send_timer_event sound/core/seq/oss/seq_oss_timer.c:140 [inline] snd_seq_oss_timer_stop+0xb4/0xf0 sound/core/seq/oss/seq_oss_timer.c:176 snd_seq_oss_reset+0x14d/0x160 sound/core/seq/oss/seq_oss_init.c:450 snd_seq_oss_release+0x76/0x170 sound/core/seq/oss/seq_oss_init.c:412 odev_release+0x3a/0x60 sound/core/seq/oss/seq_oss.c:140 __fput+0x1df/0x460 fs/file_table.c:281 ____fput+0x11/0x20 fs/file_table.c:314 task_work_run+0x8e/0x110 kernel/task_work.c:135 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop arch/x86/entry/common.c:239 [inline] __prepare_exit_to_usermode+0x1c6/0x230 arch/x86/entry/common.c:269 __syscall_return_slowpath+0x47/0x60 arch/x86/entry/common.c:352 do_syscall_64+0x5d/0xb0 arch/x86/entry/common.c:393 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 30353 Comm: syz-executor.5 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ==================================================================