Hi,
while looking at the old syzkaller reports, I noticed that there are still some possible races around closing the timer object. Here is a patch set to cover it as well as some relevant cleanups / fixes.
I haven't set stable to Cc in them since they are really corner cases, and they haven't been tested much. But they should be safe (and easy) to backport, too, if any.
Takashi
===
Takashi Iwai (4): ALSA: timer: Unify timer callback process code ALSA: timer: Make sure to clear pending ack list ALSA: timer: Check ack_list emptiness instead of bit flag ALSA: timer: Make snd_timer_close() really kill pending actions
include/sound/timer.h | 1 - sound/core/timer.c | 123 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 74 insertions(+), 50 deletions(-)