Re: WARNING in port_delete

From: DaeRyong Jeong
Date: Tue Jul 24 2018 - 03:16:21 EST


I agree with that having a C reproducer would be much better.
Now I'm working on it.
I will immediately let you know once I get the C reproducer.


Thank you.

Best regards,
DaeRyong Jeong
On 24 Jul 2018, 4:00 PM +0900, Takashi Iwai <tiwai@xxxxxxx>, wrote:
On Tue, 24 Jul 2018 05:59:56 +0200,
DaeRyong Jeong wrote:

I just realized that the crash has been spotted by Syzkaller a few days before.
(https://syzkaller.appspot.com/bug?id=3490860a465e6b39227c6906f0ef2d40ad4d5bb1)

I'm CC'ing Syzkaller's mailing list.

It's very likely a false-positive sanity check, and if so, nothing
serious at all. We may simply remove two snd_BUG_ON() lines.

But I'd love to have a C reproducer to confirm my understanding is
correct...


thanks,

Takashi

---
--- a/sound/core/seq/seq_ports.c
+++ b/sound/core/seq/seq_ports.c
@@ -272,9 +272,6 @@ static int port_delete(struct snd_seq_client *client,
if (port->private_free)
port->private_free(port->private_data);

- snd_BUG_ON(port->c_src.count != 0);
- snd_BUG_ON(port->c_dest.count != 0);
-
kfree(port);
return 0;
}