BassCheck is an automatic static analysis tool that can detect various kinds of bugs such as data races. It employs a path- and field-sensitive analysis with a low false positive rate, and adopts function summaries to increase analysis efficiency. At present, BassCheck has detected some real bugs in Linux. Here are some data races reported by BassCheck.

1. A possible null-pointer dereference due to data race in dvbdmx_write()         

Version: Linux-6.2               File: drivers/media/dvb-core/dvb_demux.c

======== DATA_RACE ========

Access location: drivers/media/dvb-core/dvb_demux.c, 1144:  in dvbdmx_write

Field: struct.dmx_demux[1]    Lock: struct.dmx_demux[18]    Ratio: 2/3

######## CODE PATH ########

[BLOCK] drivers/media/dvb-core/dvb_demux.c, 1139 in dvbdmx_write


-------- DATA RACE DEMO --------

[ACCESS] drivers/media/dvb-core/dvb_demux.c, 1210:  in dvbdmx_connect_frontend

[LOCK] drivers/media/dvb-core/dvb_demux.c, 1208: mutex_lock_nested in dvbdmx_connect_frontend

######## DEMO CODE PATH ########

[BLOCK] drivers/media/dvb-core/dvb_demux.c, 1208 in dvbdmx_connect_frontend

[BLOCK] drivers/media/dvb-core/dvb_demux.c, 1200 in dvbdmx_connect_frontend


2. A possible data-inconsistency due to data race in get_serial_info()         

Version: Linux-6.2               File: drivers/staging/greybus/uart.c

======== DATA_RACE ========

Access location: drivers/staging/greybus/uart.c, 600:  in get_serial_info

Field: struct.tty_port[17]    Lock: struct.tty_port[13]    Ratio: 2/3

######## CODE PATH ########

[BLOCK] drivers/staging/greybus/uart.c, 594 in get_serial_info


-------- DATA RACE DEMO --------

[ACCESS] drivers/staging/greybus/uart.c, 624:  in set_serial_info

[LOCK] drivers/staging/greybus/uart.c, 622: mutex_lock_nested in set_serial_info

######## DEMO CODE PATH ########

[BLOCK] drivers/staging/greybus/uart.c, 624 in set_serial_info

[BLOCK] drivers/staging/greybus/uart.c, 618 in set_serial_info

[BLOCK] drivers/staging/greybus/uart.c, 609 in set_serial_info


3. A possible data race in do_alloc_pages() 

Version: Linux-6.2               File: sound/core/pcm_memory.c

======== DATA_RACE ========

Access location: sound/core/pcm_memory.c, 41:  in do_alloc_pages

Field: struct.snd_card[38]    Lock: struct.snd_card[39]                                                        

######## CODE PATH ########                                                     

[BLOCK] sound/core/pcm_memory.c, 41 in do_alloc_pages

[BLOCK] sound/core/pcm_memory.c, 34 in do_alloc_pages

[CALL] sound/core/pcm_memory.c, 183: do_alloc_pages in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 183 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 180 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 178 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 174 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 172 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 171 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 157 in snd_pcm_lib_preallocate_proc_write

                                                                                

-------- DATA RACE DEMO --------                                                                                                             

[ACCESS] sound/core/pcm_memory.c, 62:  in do_free_pages

[LOCK] sound/core/pcm_memory.c, 61: mutex_lock_nested in do_free_pages

######## DEMO CODE PATH ########                                                

[BLOCK] sound/core/pcm_memory.c, 61 in do_free_pages

[BLOCK] sound/core/pcm_memory.c, 57 in do_free_pages

[CALL] sound/core/pcm_memory.c, 200: do_free_pages in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 200 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 199 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 197 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 180 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 178 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 174 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 172 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 171 in snd_pcm_lib_preallocate_proc_write

[BLOCK] sound/core/pcm_memory.c, 157 in snd_pcm_lib_preallocate_proc_write



4. A possible data races in rx_urb_complete() 

Version: Linux-6.2               File: drivers/media/pci/bt8xx/bttv-driver.c

======== DATA_RACE ========

Access location: drivers/net/wireless/purelifi/plfxlc/usb.c, 108:  in rx_urb_complete

Field: struct.plfxlc_usb_tx[5]    Lock: struct.plfxlc_usb_tx[1]

######## CODE PATH ########

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 108 in rx_urb_complete

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 107 in rx_urb_complete

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 94 in rx_urb_complete

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 87 in rx_urb_complete

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 83 in rx_urb_complete

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 69 in rx_urb_complete


-------- DATA RACE DEMO --------

[ACCESS] drivers/net/wireless/purelifi/plfxlc/usb.c, 316:  in plfxlc_usb_disable_tx

[LOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 314: _raw_spin_lock_irqsave in plfxlc_usb_disable_tx

######## DEMO CODE PATH ########

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 315 in plfxlc_usb_disable_tx

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 314 in plfxlc_usb_disable_tx

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 304 in plfxlc_usb_disable_tx

[CALL] drivers/net/wireless/purelifi/plfxlc/chip.c, 83: plfxlc_usb_disable_tx in plfxlc_chip_disable_rxtx

[BLOCK] drivers/net/wireless/purelifi/plfxlc/chip.c, 76 in plfxlc_chip_disable_rxtx

[CALL] drivers/net/wireless/purelifi/plfxlc/usb.c, 719: plfxlc_chip_disable_rxtx in disconnect

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 711 in disconnect

[BLOCK] drivers/net/wireless/purelifi/plfxlc/usb.c, 699 in disconnect


5. A possible data race in buffer_queue()

Version: Linux-6.2               File: drivers/net/wireless/purelifi/plfxlc/usb.c

======== DATA_RACE ========

Access location: drivers/media/pci/bt8xx/bttv-driver.c, 1662:  in buffer_queue

Field: struct.bttv[72]    Lock: struct.bttv[35]


######## CODE PATH ########

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1662 in buffer_queue

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1653 in buffer_queue


-------- DATA RACE DEMO --------

[ACCESS] drivers/media/pci/bt8xx/bttv-driver.c, 1510:  in bttv_switch_overlay

[LOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1507: _raw_spin_lock_irqsave in bttv_switch_overlay

######## DEMO CODE PATH ########

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1508 in bttv_switch_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1507 in bttv_switch_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1506 in bttv_switch_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1505 in bttv_switch_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1504 in bttv_switch_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 1498 in bttv_switch_overlay

[CALL] drivers/media/pci/bt8xx/bttv-driver.c, 2558: bttv_switch_overlay in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2558 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2554 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2548 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2545 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2541 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2537 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2534 in bttv_overlay

[BLOCK] drivers/media/pci/bt8xx/bttv-driver.c, 2525 in bttv_overlay


6. A possible data race in lpfc_unregister_fcf_rescan() 

Version: Linux-6.2               File: drivers/scsi/lpfc/lpfc_hbadisc.c

======== DATA_RACE ========

Access location: drivers/scsi/lpfc/lpfc_hbadisc.c, 6979:  in lpfc_unregister_fcf_rescan

Field: struct.lpfc_hba[321][1]    Lock: struct.lpfc_hba[222]

######## CODE PATH ########

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 6979 in lpfc_unregister_fcf_rescan

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 6975 in lpfc_unregister_fcf_rescan

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 6961 in lpfc_unregister_fcf_rescan

[CALL] drivers/scsi/lpfc/lpfc_hbadisc.c, 3010: lpfc_unregister_fcf_rescan in lpfc_mbx_cmpl_fcf_rr_read_fcf_rec

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 3010 in lpfc_mbx_cmpl_fcf_rr_read_fcf_rec

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 3005 in lpfc_mbx_cmpl_fcf_rr_read_fcf_rec

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 3002 in lpfc_mbx_cmpl_fcf_rr_read_fcf_rec

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 2983 in lpfc_mbx_cmpl_fcf_rr_read_fcf_rec


-------- DATA RACE DEMO --------

[ACCESS] drivers/scsi/lpfc/lpfc_hbadisc.c, 1613:  in lpfc_mbx_cmpl_reg_fcfi

[LOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 1612: spin_lock_irq in lpfc_mbx_cmpl_reg_fcfi

######## DEMO CODE PATH ########

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 1610 in lpfc_mbx_cmpl_reg_fcfi

[BLOCK] drivers/scsi/lpfc/lpfc_hbadisc.c, 1597 in lpfc_mbx_cmpl_reg_fcfi


7.  A possible data-inconsistency due to data races in dib0700_rc_query_old_firmware()

Version: Linux-6.2               File: drivers/media/usb/dvb-usb/dib0700_devices.c

======== DATA_RACE ========

Access location: drivers/media/usb/dvb-usb/dib0700_devices.c, 532:  in dib0700_rc_query_old_firmware

Field: struct.dvb_usb_device[18][888888][11][0]    Lock: struct.dvb_usb_device[6]

######## CODE PATH ########

[BLOCK] drivers/media/usb/dvb-usb/dib0700_devices.c, 532 in dib0700_rc_query_old_firmware

[BLOCK] drivers/media/usb/dvb-usb/dib0700_devices.c, 516 in dib0700_rc_query_old_firmware


-------- DATA RACE DEMO --------

Possible: 2

[ACCESS] drivers/media/usb/dvb-usb/dib0700_core.c, 601:  in dib0700_streaming_ctrl

[LOCK] drivers/media/usb/dvb-usb/dib0700_core.c, 599: mutex_lock_nested in dib0700_streaming_ctrl

######## DEMO CODE PATH ########

[BLOCK] drivers/media/usb/dvb-usb/dib0700_core.c, 599 in dib0700_streaming_ctrl

[BLOCK] drivers/media/usb/dvb-usb/dib0700_core.c, 583 in dib0700_streaming_ctrl


8.  A possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()

Version: Linux-6.2               File: drivers/gpu/drm/exynos/exynos_drm_crtc.c

======== DATA_RACE ========

Access location: drivers/gpu/drm/exynos/exynos_drm_crtc.c, 47:  in exynos_drm_crtc_atomic_disable

Field: struct.drm_crtc[22][888888][18]    Lock: struct.drm_crtc[0][888888][29]

######## CODE PATH ########

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 43 in exynos_drm_crtc_atomic_disable

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 42 in exynos_drm_crtc_atomic_disable

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 32 in exynos_drm_crtc_atomic_disable


-------- DATA RACE DEMO --------

[ACCESS] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 44:  in exynos_drm_crtc_atomic_disable

[LOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 43: spin_lock_irq in exynos_drm_crtc_atomic_disable

######## DEMO CODE PATH ########

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 43 in exynos_drm_crtc_atomic_disable

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 42 in exynos_drm_crtc_atomic_disable

[BLOCK] drivers/gpu/drm/exynos/exynos_drm_crtc.c, 32 in exynos_drm_crtc_atomic_disable


9.  A possible null-pointer dereference due to data race in snd_hdac_regmap_sync()

Version: Linux-6.2               File: sound/hda/hdac_regmap.c

======== DATA_RACE ========

Access location: sound/hda/hdac_regmap.c, 600:  in snd_hdac_regmap_sync

Field: struct.hdac_device[23]    Lock: struct.hdac_device[24]

######## CODE PATH ########

[BLOCK] sound/hda/hdac_regmap.c, 598 in snd_hdac_regmap_sync

                                                                                

-------- DATA RACE DEMO --------

[ACCESS] sound/hda/hdac_regmap.c, 602:  in snd_hdac_regmap_sync

[LOCK] sound/hda/hdac_regmap.c, 601: mutex_lock_nested in snd_hdac_regmap_sync

######## DEMO CODE PATH ########

[BLOCK] sound/hda/hdac_regmap.c, 601 in snd_hdac_regmap_sync

[BLOCK] sound/hda/hdac_regmap.c, 598 in snd_hdac_regmap_sync



10.  An atomicity violation in mon_bin_vma_fault()

Version: Linux-5.17.13               File: drivers/usb/mon/mon_bin.c

======== DATA_RACE ========

Access location: drivers/usb/mon/mon_bin.c, 1252:  in mon_bin_vma_fault

Field: struct.mon_reader_bin->1    Lock: struct.mon_reader_bin->8

######## CODE PATH ########

[BLOCK] drivers/usb/mon/mon_bin.c, 1245 in mon_bin_vma_fault


-------- DATA RACE DEMO --------

[ACCESS] drivers/usb/mon/mon_bin.c, 1008:  in mon_bin_ioctl

[LOCK] drivers/usb/mon/mon_bin.c, 1007: mutex_lock_nested in mon_bin_ioctl

######## DEMO CODE PATH ########

[BLOCK] drivers/usb/mon/mon_bin.c, 1007 in mon_bin_ioctl

[BLOCK] drivers/usb/mon/mon_bin.c, 984 in mon_bin_ioctl





11.  An atomicity violation in xc4000_get_frequency()

Version: Linux-5.17.13               File: drivers/media/tuners/xc4000.c

======== DATA_RACE ========

Access location: drivers/media/tuners/xc4000.c, 1520:  in xc4000_get_frequency

Field: struct.xc4000_priv->5    Lock: struct.xc4000_priv->18    Ratio: 3/4

######## CODE PATH ########

[BLOCK] drivers/media/tuners/xc4000.c, 1516 in xc4000_get_frequency


-------- DATA RACE DEMO --------

[ACCESS] drivers/media/tuners/xc4000.c, 1289:  in xc4000_set_analog_params

[LOCK] drivers/media/tuners/xc4000.c, 1286: mutex_lock_nested in xc4000_set_analog_params

######## DEMO CODE PATH ########

[BLOCK] drivers/media/tuners/xc4000.c, 1286 in xc4000_set_analog_params

[BLOCK] drivers/media/tuners/xc4000.c, 1283 in xc4000_set_analog_params

[BLOCK] drivers/media/tuners/xc4000.c, 1256 in xc4000_set_analog_params