WARNING in vmk80xx_write_packet/usb_submit

WARNING in vmk80xx_write_packet/usb_submit_urb
Status: upstream: reported C repro on 2019/07/09 12:27
Reported-by: syzbot+5205eb2f17de3e01946e@syzkaller.appspotmail.com
First crash: 676d, last: 93d

Sample crash report:

usb 1-1: config 0 interface 85 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=59.b1
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 5 at drivers/usb/core/urb.c:478 usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Code: 4d 85 ed 74 46 e8 38 c2 d2 fd 4c 89 f7 e8 70 ac 16 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 00 52 3d 86 e8 40 96 a6 fd <0f> 0b e9 20 f4 ff ff e8 0c c2 d2 fd 0f 1f 44 00 00 e8 02 c2 d2 fd
RSP: 0018:ffff8881da1d6f58 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812a2d8d RDI: ffffed103b43addd
RBP: ffff8881d97c5b00 R08: ffff8881da19e300 R09: ffffed103b6443c9
R10: ffff8881db221e43 R11: ffffed103b6443c8 R12: 0000000000000001
R13: ffff8881d9975ca8 R14: ffff8881cd7f90a0 R15: ffff8881d97c5d00
 usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
 usb_bulk_msg+0x228/0x550 drivers/usb/core/message.c:254
 vmk80xx_write_packet+0x1df/0x260 drivers/staging/comedi/drivers/vmk80xx.c:213
 vmk80xx_reset_device drivers/staging/comedi/drivers/vmk80xx.c:226 [inline]
 vmk80xx_auto_attach+0x13ee/0x1800 drivers/staging/comedi/drivers/vmk80xx.c:814
 comedi_auto_config+0x16e/0x250 drivers/staging/comedi/drivers.c:1067
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:527
 driver_probe_device+0x223/0x350 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:808
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:874
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c20 drivers/base/core.c:2533
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2025
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:527
 driver_probe_device+0x223/0x350 drivers/base/dd.c:701
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:808
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:874
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c20 drivers/base/core.c:2533
 usb_new_device.cold+0x552/0xf6e drivers/usb/core/hub.c:2548
 hub_port_connect drivers/usb/core/hub.c:5195 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5335 [inline]
 port_event drivers/usb/core/hub.c:5481 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5563
 process_one_work+0x965/0x1630 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x326/0x430 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (39):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-usb	2020/05/13 23:11	https://github.com/google/kasan.git usb-fuzzer	059e7e0f	a885920d	.config	log	report	syz	C
ci2-upstream-usb	2020/03/17 00:52	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	749688d2	.config	log	report	syz	C
ci2-upstream-usb	2020/03/01 07:32	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	c88c7b75	.config	log	report	syz	C
ci2-upstream-usb	2020/02/25 01:56	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	59b57593	.config	log	report	syz	C
ci2-upstream-usb	2020/01/23 11:49	https://github.com/google/kasan.git usb-fuzzer	4cc301ee	3334d684	.config	log	report	syz	C
ci2-upstream-usb	2019/12/20 02:35	https://github.com/google/kasan.git usb-fuzzer	ecdf2214	36650b4b	.config	log	report	syz	C
ci2-upstream-usb	2019/12/17 09:47	https://github.com/google/kasan.git usb-fuzzer	4cc037ec	d13d7958	.config	log	report	syz	C
ci2-upstream-usb	2019/12/07 11:11	https://github.com/google/kasan.git usb-fuzzer	1f22d15c	85f26751	.config	log	report	syz	C
ci2-upstream-usb	2019/12/04 19:25	https://github.com/google/kasan.git usb-fuzzer	1f22d15c	b2088328	.config	log	report	syz	C
ci2-upstream-usb	2019/11/16 07:07	https://github.com/google/kasan.git usb-fuzzer	46178223	cdac920b	.config	log	report	syz	C
ci2-upstream-usb	2019/11/06 06:55	https://github.com/google/kasan.git usb-fuzzer	b1aa9d83	bc2c6e45	.config	log	report	syz	C
ci2-upstream-usb	2019/10/30 04:24	https://github.com/google/kasan.git usb-fuzzer	ff6409a6	5ea87a66	.config	log	report	syz	C
ci2-upstream-usb	2019/10/03 12:31	https://github.com/google/kasan.git usb-fuzzer	58d5f26a	fc17ba49	.config	log	report	syz	C
ci2-upstream-usb	2019/09/29 04:24	https://github.com/google/kasan.git usb-fuzzer	2994c077	eb6b9855	.config	log	report	syz	C
ci2-upstream-usb	2019/09/09 07:48	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	a60cb4cd	.config	log	report	syz	C
ci2-upstream-usb	2019/08/31 11:00	https://github.com/google/kasan.git usb-fuzzer	eea39f24	bcd7bcc2	.config	log	report	syz	C
ci2-upstream-usb	2019/07/23 05:30	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	55e0c077	.config	log	report	syz	C
ci2-upstream-usb	2019/07/04 03:09	https://github.com/google/kasan.git usb-fuzzer	7829a896	55565fa0	.config	log	report	syz	C
ci2-upstream-usb	2021/02/06 04:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	23e32a59	23a562df	.config	log	report			info	WARNING in vmk80xx_write_packet/usb_submit_urb
ci2-upstream-usb	2020/08/29 02:03	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3ed8e1c2	d5a3ae1f	.config	log	report
ci2-upstream-usb	2020/08/26 08:25	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cb06b385	344da168	.config	log	report
ci2-upstream-usb	2020/08/02 09:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	e3ee0e74	96dd3623	.config	log	report
ci2-upstream-usb	2020/06/23 16:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f8f02d5c	6930bbef	.config	log	report
ci2-upstream-usb	2020/06/14 10:53	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b791d1bd	a61674a5	.config	log	report
ci2-upstream-usb	2020/05/04 17:35	https://github.com/google/kasan.git usb-fuzzer	059e7e0f	58ae5e18	.config	log	report
ci2-upstream-usb	2020/03/13 10:56	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	fd69032d	.config	log	report
ci2-upstream-usb	2020/03/07 01:12	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	fd2a5f28	.config	log	report
ci2-upstream-usb	2019/12/24 19:15	https://github.com/google/kasan.git usb-fuzzer	ecdf2214	be5c2c81	.config	log	report
ci2-upstream-usb	2019/12/16 18:21	https://github.com/google/kasan.git usb-fuzzer	4cc037ec	0ae38e44	.config	log	report
ci2-upstream-usb	2019/11/19 19:42	https://github.com/google/kasan.git usb-fuzzer	46178223	432c7650	.config	log	report
ci2-upstream-usb	2019/11/14 11:32	https://github.com/google/kasan.git usb-fuzzer	3183c037	048f2d49	.config	log	report
ci2-upstream-usb	2019/11/12 21:47	https://github.com/google/kasan.git usb-fuzzer	3183c037	048f2d49	.config	log	report
ci2-upstream-usb	2019/11/08 21:10	https://github.com/google/kasan.git usb-fuzzer	d60bbfea	1e35461e	.config	log	report
ci2-upstream-usb	2019/10/31 05:27	https://github.com/google/kasan.git usb-fuzzer	ff6409a6	a41ca8fa	.config	log	report
ci2-upstream-usb	2019/10/05 10:31	https://github.com/google/kasan.git usb-fuzzer	58d5f26a	f3f7d9c8	.config	log	report
ci2-upstream-usb	2019/09/15 06:43	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	32d59357	.config	log	report
ci2-upstream-usb	2019/07/26 08:13	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	732bc5a0	.config	log	report
ci2-upstream-usb	2019/07/14 03:17	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	e6fb0f13	.config	log	report
ci2-upstream-usb	2019/07/12 17:51	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	baa5258a	.config	log	report