On Tue, 24 Jul 2018 05:59:56 +0200,
DaeRyong Jeong wrote:
I just realized that the crash has been spotted by Syzkaller a few days before.
(https://syzkaller.appspot.com/bug?id=3490860a465e6b39227c6906f0ef2d40ad4d5bb1)
I'm CC'ing Syzkaller's mailing list.
It's very likely a false-positive sanity check, and if so, nothing
serious at all. We may simply remove two snd_BUG_ON() lines.
But I'd love to have a C reproducer to confirm my understanding is
correct...
thanks,
Takashi
---
--- a/sound/core/seq/seq_ports.c
+++ b/sound/core/seq/seq_ports.c
@@ -272,9 +272,6 @@ static int port_delete(struct snd_seq_client *client,
if (port->private_free)
port->private_free(port->private_data);
- snd_BUG_ON(port->c_src.count != 0);
- snd_BUG_ON(port->c_dest.count != 0);
-
kfree(port);
return 0;
}