WARNING in amradio_set_mute/usb_submit

Date	Name	Commit	Repro	Result
2023/05/17	upstream (ToT)	f1fcbaa18b28	C	[report] WARNING in amradio_set_mute/usb_submit_urb

Date

Name

Commit

Repro

Result

2023/05/17

upstream (ToT)

f1fcbaa18b28

[report] WARNING in amradio_set_mute/usb_submit_urb

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in amradio_set_mute/usb_submit_urb usb	C			3	66d	627d	0/28	upstream: reported C repro on 2023/05/12 02:38
linux-5.15	WARNING in amradio_set_mute/usb_submit_urb origin:upstream	C		error	1	44d	624d	0/3	upstream: reported C repro on 2023/05/14 10:18

upstream

WARNING in amradio_set_mute/usb_submit_urb usb

66d

627d

0/28

upstream: reported C repro on 2023/05/12 02:38

linux-5.15

WARNING in amradio_set_mute/usb_submit_urb origin:upstream

error

44d

624d

0/3

upstream: reported C repro on 2023/05/14 10:18


Created	Duration	User	Repo	Result
2024/12/15 11:23	1h51m	bisect fix	linux-6.1.y	OK (0) job log log
2024/11/03 04:54	2h06m	bisect fix	linux-6.1.y	OK (0) job log log
2024/10/03 07:41	2h30m	bisect fix	linux-6.1.y	OK (0) job log log
2024/08/22 01:53	2h17m	bisect fix	linux-6.1.y	OK (0) job log log
2024/07/11 02:45	2h08m	bisect fix	linux-6.1.y	OK (0) job log log
2024/06/01 19:49	1h21m	bisect fix	linux-6.1.y	OK (0) job log log
2024/04/29 23:58	2h10m	bisect fix	linux-6.1.y	OK (0) job log log
2024/03/07 03:21	1h22m	bisect fix	linux-6.1.y	OK (0) job log log
2024/01/29 05:45	1h36m	bisect fix	linux-6.1.y	OK (0) job log log
2023/12/27 04:33	1h52m	bisect fix	linux-6.1.y	OK (0) job log log
2023/11/26 14:35	1h32m	bisect fix	linux-6.1.y	OK (0) job log log
2023/10/26 16:36	1h59m	bisect fix	linux-6.1.y	OK (0) job log log
2023/09/22 14:09	1h24m	bisect fix	linux-6.1.y	OK (0) job log log
2023/07/13 01:49	5h47m	bisect fix	linux-6.1.y	OK (0) job log log
2023/06/07 18:34	43m	bisect fix	linux-6.1.y	OK (0) job log log

usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000d7c40b00 x25: ffff0000d73cf000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c0889e00 x18: ffff80001d235bc0 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 73576 hardirqs last enabled at (73575): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (73576): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (72646): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (72646): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (72637): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 2 usb 1-1: new high-speed USB device number 3 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000ca4b7200 x25: ffff0000c4a17000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3148000 x18: ffff80001d236140 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 80652 hardirqs last enabled at (80651): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (80652): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (78488): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (78488): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (78483): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 3 usb 1-1: new high-speed USB device number 4 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000cc8a6700 x25: ffff0000cfbc6000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3146e00 x18: 1fffe0003679bf76 x17: ffff800015a8d000 x16: ffff80000830159c x15: ffff0001b3cdfbbc x14: 1ffff00002b520b2 x13: dfff800000000000 x12: 0000000000000003 x11: 0000000000ff0100 x10: 0000000000000003 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : ffff800008277b18 x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : ffff80001248c5a0 x0 : ffff80019e2fc000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 86734 hardirqs last enabled at (86733): [<ffff800008277bb8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline] hardirqs last enabled at (86733): [<ffff800008277bb8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000 hardirqs last disabled at (86734): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (86726): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (86726): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (86709): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 4 usb 1-1: new high-speed USB device number 5 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000d2c5f900 x25: ffff0000d9f5d000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3155e00 x18: 0000000000000278 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 93402 hardirqs last enabled at (93401): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (93402): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (93040): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (93040): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (93031): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 5 usb 1-1: new high-speed USB device number 6 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000c97ace00 x25: ffff0000da826000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c316aa00 x18: 0000000000000278 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 99536 hardirqs last enabled at (99535): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (99536): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (99530): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (99530): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (99493): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 6 usb 1-1: new high-speed USB device number 7 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000cbc95700 x25: ffff0000da117000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c357a000 x18: 0000000000000140 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 105476 hardirqs last enabled at (105475): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (105476): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (103568): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (103568): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (103557): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 7 usb 1-1: new high-speed USB device number 8 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000cbef3b00 x25: ffff0000dade8000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3589c00 x18: 1fffe0003679bf76 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 111514 hardirqs last enabled at (111513): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (111514): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (109606): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (109606): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (109601): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 8 usb 1-1: new high-speed USB device number 9 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000d7e20e00 x25: ffff0000dea39000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3594600 x18: 1fffe0003679bf76 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 118494 hardirqs last enabled at (118493): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (118494): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (118488): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (118488): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (118483): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 9 usb 1-1: new high-speed USB device number 10 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000cccb3000 x25: ffff0000db7da000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3592800 x18: 1fffe0003679bf76 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 125180 hardirqs last enabled at (125179): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (125180): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (124908): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (124908): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (124877): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 10 usb 1-1: new high-speed USB device number 11 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000c30bb100 x25: ffff0000db4bb000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3985600 x18: 1fffe0003679bf76 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 130946 hardirqs last enabled at (130945): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (130946): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (130278): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (130278): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (130269): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 11 usb 1-1: new high-speed USB device number 12 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000c3772b00 x25: ffff0000dba94000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c3993400 x18: 1fffe0003679bf76 x17: ffff800015a8d000 x16: ffff80000830159c x15: ffff0001b3cdfbbc x14: 1ffff00002b520b2 x13: dfff800000000000 x12: 0000000000000003 x11: 0000000000ff0100 x10: 0000000000000003 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : ffff800008277b18 x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : ffff80001248c5a0 x0 : ffff80019e2fc000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 137650 hardirqs last enabled at (137649): [<ffff800008277bb8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline] hardirqs last enabled at (137649): [<ffff800008277bb8>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000 hardirqs last disabled at (137650): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (137642): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (137642): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (137609): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 12 usb 1-1: new high-speed USB device number 13 using dummy_hcd usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: config 6 has an invalid interface number: 97 but max is 1 usb 1-1: config 6 has an invalid interface number: 114 but max is 1 usb 1-1: config 6 has no interface number 0 usb 1-1: config 6 has no interface number 1 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x6 has an invalid bInterval 17, changing to 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0x5 has invalid maxpacket 1024, setting to 64 usb 1-1: config 6 interface 97 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 8 usb 1-1: config 6 interface 97 altsetting 1 endpoint 0xA has invalid maxpacket 1527, setting to 64 usb 1-1: config 6 interface 97 has no altsetting 0 usb 1-1: config 6 interface 114 has no altsetting 0 usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=10.4c usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-1: Product: syz usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 14 at drivers/usb/core/urb.c:505 usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 14 Comm: kworker/0:1 Tainted: G W 6.1.127-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 lr : usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 sp : ffff80001d2367c0 x29: ffff80001d236800 x28: 0000000000000001 x27: ffff800013788a28 x26: ffff0000d2ab2b00 x25: ffff0000dbf8d000 x24: 0000000000000008 x23: ffff80001378f340 x22: dfff800000000000 x21: 0000000000000002 x20: 0000000000000c00 x19: ffff0000c39a3000 x18: 0000000000000278 x17: 0000000000000000 x16: ffff80001232fa24 x15: 0000000000000000 x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000ff0100 x10: 0000000000000000 x9 : 9e77f3c88b108a00 x8 : 9e77f3c88b108a00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001d2360b8 x4 : ffff800015b731c0 x3 : ffff800008586abc x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 Call trace: usb_submit_urb+0xa44/0x1588 drivers/usb/core/urb.c:504 usb_start_wait_urb+0xec/0x414 drivers/usb/core/message.c:58 usb_bulk_msg+0x2ec/0x3ec drivers/usb/core/message.c:387 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline] amradio_set_mute+0x1d4/0x428 drivers/media/radio/radio-mr800.c:182 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline] usb_amradio_probe+0x388/0x6f8 drivers/media/radio/radio-mr800.c:554 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xacc drivers/base/dd.c:639 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785 driver_probe_device+0x78/0x330 drivers/base/dd.c:815 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:429 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:489 device_add+0xae0/0xef4 drivers/base/core.c:3696 usb_new_device+0x908/0x144c drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5479 [inline] hub_port_connect_change drivers/usb/core/hub.c:5619 [inline] port_event drivers/usb/core/hub.c:5775 [inline] hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5857 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292 process_scheduled_works kernel/workqueue.c:2355 [inline] worker_thread+0xb6c/0xfec kernel/workqueue.c:2441 kthread+0x250/0x2d8 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864 irq event stamp: 144154 hardirqs last enabled at (144153): [<ffff80000833f268>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261 hardirqs last disabled at (144154): [<ffff80001232b704>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (143366): [<ffff8000081c2418>] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (143366): [<ffff8000081c2418>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599 softirqs last disabled at (143357): [<ffff800008020174>] __do_softirq+0x14/0x20 kernel/softirq.c:605 ---[ end trace 0000000000000000 ]--- (null): radio-mr800 - initialization failed radio-mr800: probe of 1-1:6.97 failed with error -71 usbhid 1-1:6.97: couldn't find an input interrupt endpoint usb 1-1: USB disconnect, device number 13 usb 1-1: new high-speed USB device number 14 using dummy_hcd

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Assets (help?)	Manager	Title
2025/01/25 18:50	linux-6.1.y	75cefdf153f5	9fbd772e	.config	console log	report	syz / log	C	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	WARNING in amradio_set_mute/usb_submit_urb
2024/03/29 13:22	linux-6.1.y	e5cd595e23c1	c52bcb23	.config	console log	report	syz	C	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	WARNING in amradio_set_mute/usb_submit_urb
2023/05/08 04:00	linux-6.1.y	ca48fc16c493	90c93c40	.config	console log	report	syz	C	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	WARNING in amradio_set_mute/usb_submit_urb

Crashes (3):

Assets (help?)