WARNING: ODEBUG bug in smsusb_term

WARNING: ODEBUG bug in smsusb_term_device
Status: upstream: reported C repro on 2019/07/23 12:48
Reported-by: syzbot+25ddf1bb485cd9400ca4@syzkaller.appspotmail.com
First crash: 790d, last: 17d

Cause bisection: introduced by (bisect log) [ignored commit]:
commit f2c2e717642c66f7fe7e5dd69b2e8ff5849f4d10
Author: Andrey Konovalov <andreyknvl@google.com>
Date: Mon Feb 24 16:13:03 2020 +0000

usb: gadget: add raw-gadget interface

Crash: WARNING: ODEBUG bug in smsusb_term_device (log)
Repro: syz .config

Sample crash report:

smsmdtv:smscore_start_device: set device mode failed , rc -22
smsusb:smsusb_init_device: smscore_start_device(...) failed
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: work_struct hint: do_submit_urb+0x0/0x3e0 drivers/media/usb/siano/smsusb.c:146
WARNING: CPU: 1 PID: 4014 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 1 PID: 4014 Comm: kworker/1:2 Not tainted 5.11.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd c0 96 9e 89 4c 89 ee 48 c7 c7 c0 8a 9e 89 e8 cc bd f6 04 <0f> 0b 83 05 f5 f7 df 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90002edee08 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff888015d64100 RSI: ffffffff815b7455 RDI: fffff520005dbdb3
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815b05fe R11: 0000000000000000 R12: ffffffff894adb00
R13: ffffffff899e9100 R14: ffffffff81491940 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88802cb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff3437cff8 CR3: 000000001bbed000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __debug_check_no_obj_freed lib/debugobjects.c:987 [inline]
 debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018
 kfree+0xd5/0x270 mm/slab.c:3759
 smsusb_term_device+0x1c0/0x2e0 drivers/media/usb/siano/smsusb.c:350
 smsusb_init_device+0xa86/0xb10 drivers/media/usb/siano/smsusb.c:487
 smsusb_probe+0xd9e/0xe3b drivers/media/usb/siano/smsusb.c:566
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 really_probe+0x291/0xe60 drivers/base/dd.c:554
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:740
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:846
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:914
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbc4/0x1d90 drivers/base/core.c:3109
 usb_set_configuration+0x1137/0x1910 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 really_probe+0x291/0xe60 drivers/base/dd.c:554
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:740
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:846
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:914
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbc4/0x1d90 drivers/base/core.c:3109
 usb_new_device.cold+0x721/0x1058 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x2357/0x4320 drivers/usb/core/hub.c:5591
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-selinux-root	2021/08/15 00:27	upstream	ba31f97d43be	1b20171a	.config	log	report	syz

Crashes (30):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-qemu-upstream	2021/02/16 23:15	upstream	f40ddce88593	98682e5e	.config	log	report	syz	C		WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb	2020/06/19 18:37	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f8f02d5c671f	123cf502	.config	log	report	syz	C
ci2-upstream-usb	2020/05/28 21:48	https://github.com/google/kasan.git usb-fuzzer	d19c64b3d097	c7192a2f	.config	log	report	syz	C
ci2-upstream-usb	2020/05/14 02:53	https://github.com/google/kasan.git usb-fuzzer	059e7e0ff26c	a885920d	.config	log	report	syz	C
ci2-upstream-usb	2020/03/24 15:08	https://github.com/google/kasan.git usb-fuzzer	e17994d1e7b1	33e14df3	.config	log	report	syz	C
ci2-upstream-usb	2020/03/06 14:54	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	7fb694ef	.config	log	report	syz	C
ci2-upstream-usb	2020/02/28 21:48	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	c88c7b75	.config	log	report	syz	C
ci2-upstream-usb	2020/02/26 20:16	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	251aabb7	.config	log	report	syz	C
ci2-upstream-usb	2020/02/24 23:18	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	59b57593	.config	log	report	syz	C
ci2-upstream-usb	2020/01/31 16:23	https://github.com/google/kasan.git usb-fuzzer	cd234325a5f1	5ed23f9a	.config	log	report	syz	C
ci2-upstream-usb	2020/01/23 01:16	https://github.com/google/kasan.git usb-fuzzer	4cc301ee04d9	3334d684	.config	log	report	syz	C
ci2-upstream-usb	2019/12/17 05:09	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	d13d7958	.config	log	report	syz	C
ci2-upstream-usb	2019/09/22 10:56	https://github.com/google/kasan.git usb-fuzzer	e0bd8d794fc9	d96e88f3	.config	log	report	syz	C
ci2-upstream-usb	2019/07/23 03:06	https://github.com/google/kasan.git usb-fuzzer	6a3599ceaa39	55e0c077	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/07/09 01:03	upstream	3dbdb38e2869	1b20171a	.config	log	report	syz			WARNING: ODEBUG bug in smsusb_term_device
ci-upstream-kasan-gce-smack-root	2021/05/30 10:16	upstream	6799d4f2da49	325a8dab	.config	log	report	syz			WARNING: ODEBUG bug in smsusb_term_device
ci-upstream-linux-next-kasan-gce-root	2021/06/20 19:22	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz			WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb	2020/12/09 02:13	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b175d273d4e4	40cc414d	.config	log	report	syz
ci2-upstream-usb	2021/09/03 01:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	1b4f3dfb4792	f62a5829	.config	log	report			info	WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb	2021/02/06 13:14	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	23e32a595e11	0655e081	.config	log	report			info	WARNING: ODEBUG bug in smsusb_term_device
ci2-upstream-usb	2020/12/08 12:49	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	08a02f954b0d	9af51e31	.config	log	report			info
ci2-upstream-usb	2020/11/19 22:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e1e52361c61a	0767f13f	.config	log	report			info
ci2-upstream-usb	2020/10/10 16:15	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	93578a25d4e2	b74c49a6	.config	log	report			info
ci2-upstream-usb	2019/12/14 10:38	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	eef6e580	.config	log	report
ci2-upstream-usb	2019/12/14 00:45	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	a5c1ab05	.config	log	report
ci2-upstream-usb	2019/09/07 07:12	https://github.com/google/kasan.git usb-fuzzer	f0df5c1be1e9	a60cb4cd	.config	log	report
ci2-upstream-usb	2019/09/02 10:24	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	db7c31ca	.config	log	report
ci2-upstream-usb	2019/09/01 18:17	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	bad3cce2	.config	log	report
ci2-upstream-usb	2019/08/31 10:26	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	bcd7bcc2	.config	log	report
ci2-upstream-usb	2019/08/30 22:38	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	9adfa876	.config	log	report