Re: [PATCH] ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()

Next message: Dmitry Torokhov: "Re: [PATCH v4 1/2] dt-bindings: Input: Add Wacom W9000-series penabled touchscreens"
Previous message: Catalin Marinas: "Re: [PATCH] arm64/mm: harden ASID allocator against empty bitmap after rollover"
In reply to: Takashi Iwai: "Re: [PATCH] ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Tue Mar 10 2026 - 13:29:30 EST

On Tue, 10 Mar 2026 18:11:19 +0100,
Mehul Rao wrote:
>
>
> Hi Takashi,
>
> Thanks for applying!
>
> It was found through an LLM-assisted static analysis pipeline that scans
> kernel subsystems for concurrency bugs, then verified with KASAN by writing a
> PoC that races snd_pcm_drain() against snd_pcm_close() on linked snd-dummy
> substreams from two threads.
>
> The race window is narrow, so I injected a msleep(50) between the unlock and
> the runtime field access to reliably trigger the KASAN splat
> (slab-use-after-free in snd_pcm_drain). Without the delay it didn't fire in
> 3000 iterations though.
>
> Please let me know if you would like these kinds of patches in the future. I
> am new to kernel development and this was one of my first patches. I am trying
> to learn as I go.

Sure, more fixes in this level of good quality are appreciated.

thanks,

Takashi