WARNING: ODEBUG bug in put

WARNING: ODEBUG bug in put_device
Status: upstream: reported syz repro on 2020/08/07 07:16
Reported-by: syzbot+a9290936c6e87b3dc3c2@syzkaller.appspotmail.com
First crash: 117d, last: 117d

Cause bisection: introduced by (bisect log) :
commit 6f8c8f3c31015808100ee54fc471ff5dffdf1734
Author: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Date: Thu Aug 8 08:01:44 2019 +0000

hwmon: pmbus: ucd9000: remove unneeded include

Crash: KASAN: use-after-free Read in sco_chan_del (log)
Repro: syz .config

Fix bisection: failed (bisect log)

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	WARNING: ODEBUG bug in put_device	syz			106	2d01h	149d	0/1	upstream: reported syz repro on 2020/07/06 01:29

Sample crash report:

------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: work_struct hint: hci_conn_timeout+0x0/0x2a0 net/bluetooth/hci_conn.c:1499
WARNING: CPU: 1 PID: 8156 at lib/debugobjects.c:485 debug_print_object+0x160/0x250 lib/debugobjects.c:485
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8156 Comm: kworker/u5:3 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: hci5 hci_rx_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:231
 __warn.cold+0x20/0x45 kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:235
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:255
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:485
Code: dd e0 cf 93 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd e0 cf 93 88 48 c7 c7 40 c5 93 88 e8 42 e4 a8 fd <0f> 0b 83 05 23 3c 15 07 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89
RSP: 0018:ffffc9000a26f858 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88809eac6380 RSI: ffffffff815d8eb7 RDI: fffff5200144defd
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880ae720fcb
R10: 0000000000000000 R11: 0000000035313854 R12: ffffffff89ba3300
R13: ffffffff814b53c0 R14: dead000000000100 R15: dffffc0000000000
 __debug_check_no_obj_freed lib/debugobjects.c:967 [inline]
 debug_check_no_obj_freed+0x301/0x41c lib/debugobjects.c:998
 kfree+0xf0/0x2c0 mm/slab.c:3756
 device_release+0x71/0x200 drivers/base/core.c:1800
 kobject_cleanup lib/kobject.c:704 [inline]
 kobject_release lib/kobject.c:735 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x171/0x270 lib/kobject.c:752
 put_device+0x1b/0x30 drivers/base/core.c:3029
 hci_conn_del+0x27e/0x6a0 net/bluetooth/hci_conn.c:645
 hci_sco_setup+0x3a1/0x440 net/bluetooth/hci_conn.c:400
 hci_conn_complete_evt net/bluetooth/hci_event.c:2657 [inline]
 hci_event_packet+0x5e0b/0x87a8 net/bluetooth/hci_event.c:6058
 hci_rx_work+0x22e/0xb50 net/bluetooth/hci_core.c:4889
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci-upstream-kasan-gce-selinux-root	2020/08/07 02:32	upstream	47ec5303	1f122f88	.config	log	report	syz			gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, rafael@kernel.org