[src/trunk]: src/sys/dev/usb usb: Insert assertion to diagnose ud_cdesc/ud_if...

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/981fe4da00da
branches:  trunk
changeset: 364379:981fe4da00da
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sat Mar 19 20:50:32 2022 +0000

description:
usb: Insert assertion to diagnose ud_cdesc/ud_ifaces inconsistency.

Syzbot found a way to see ud_cdesc=NULL but ud_ifaces!=NULL:

https://syzkaller.appspot.com/bug?id=e6d4449a128e73a9a88100a5cc833e5cae9fecae

Maybe it's a race with two threads somehow doing usbd_free_device at
the same time when only one should, but let's rule this case out
early on to make it easier to prove it has to be a race.

diffstat:

 sys/dev/usb/usb_subr.c |  5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 08301a1aebc9 -r 981fe4da00da sys/dev/usb/usb_subr.c
--- a/sys/dev/usb/usb_subr.c    Sat Mar 19 20:44:07 2022 +0000
+++ b/sys/dev/usb/usb_subr.c    Sat Mar 19 20:50:32 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: usb_subr.c,v 1.274 2022/03/13 20:44:06 riastradh Exp $ */
+/*     $NetBSD: usb_subr.c,v 1.275 2022/03/19 20:50:32 riastradh Exp $ */
 /*     $FreeBSD: src/sys/dev/usb/usb_subr.c,v 1.18 1999/11/17 22:33:47 n_hibma Exp $   */
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.274 2022/03/13 20:44:06 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: usb_subr.c,v 1.275 2022/03/19 20:50:32 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -905,6 +905,7 @@
        /* XXX Use usbd_set_config() to reset the config? */
        /* XXX Should we forbid USB_UNCONFIG_NO from bConfigurationValue? */
        dev->ud_config = USB_UNCONFIG_NO;
+       KASSERT(dev->ud_ifaces == NULL);
        kmem_free(cdp, len);
        dev->ud_cdesc = NULL;
        if (bdp != NULL) {