WARNING in amradio_send_cmd/usb_submit

WARNING in amradio_send_cmd/usb_submit_urb
Status: upstream: reported C repro on 2019/07/22 12:38
Reported-by: syzbot+485b10e300244dc0046c@syzkaller.appspotmail.com
First crash: 357d, last: 21d

Sample crash report:

usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 173 at drivers/usb/core/urb.c:478 usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 173 Comm: kworker/1:3 Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x30 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 fixup_bug arch/x86/kernel/traps.c:170 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:usb_submit_urb+0x1188/0x1460 drivers/usb/core/urb.c:478
Code: 4d 85 ed 74 46 e8 88 b1 d2 fd 4c 89 f7 e8 b0 a4 16 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 56 3d 86 e8 70 87 a6 fd <0f> 0b e9 20 f4 ff ff e8 5c b1 d2 fd 0f 1f 44 00 00 e8 52 b1 d2 fd
RSP: 0018:ffff8881cc6fef48 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812a339d RDI: ffffed10398dfddb
RBP: ffff8881cd0c08f0 R08: ffff8881cc6f0000 R09: ffffed103b666292
R10: ffff8881db33148f R11: ffffed103b666291 R12: 0000000000000001
R13: ffff8881d8e4b360 R14: ffff8881cd6c90a0 R15: ffff8881d57bb400
 usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
 usb_bulk_msg+0x228/0x550 drivers/usb/core/message.c:254
 amradio_send_cmd+0x2e4/0x840 drivers/media/radio/radio-mr800.c:150
 amradio_set_mute drivers/media/radio/radio-mr800.c:182 [inline]
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x43c/0x6ef drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x310/0x800 drivers/usb/core/driver.c:374
 really_probe+0x290/0xac0 drivers/base/dd.c:520
 driver_probe_device+0x223/0x350 drivers/base/dd.c:697
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:804
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:870
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c40 drivers/base/core.c:2538
 usb_set_configuration+0xed4/0x1850 drivers/usb/core/message.c:2032
 usb_generic_driver_probe+0x9d/0xe0 drivers/usb/core/generic.c:241
 usb_probe_device+0xd9/0x230 drivers/usb/core/driver.c:272
 really_probe+0x290/0xac0 drivers/base/dd.c:520
 driver_probe_device+0x223/0x350 drivers/base/dd.c:697
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:804
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:431
 __device_attach+0x21a/0x390 drivers/base/dd.c:870
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0x1367/0x1c40 drivers/base/core.c:2538
 usb_new_device.cold+0x552/0xf6e drivers/usb/core/hub.c:2554
 hub_port_connect drivers/usb/core/hub.c:5208 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]
 port_event drivers/usb/core/hub.c:5494 [inline]
 hub_event+0x226d/0x43c0 drivers/usb/core/hub.c:5576
 process_one_work+0x965/0x1630 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x326/0x430 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (21):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci2-upstream-usb	2020/05/28 21:17	https://github.com/google/kasan.git usb-fuzzer	d19c64b3	c7192a2f	.config	log	report	syz	C	gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/05/13 22:35	https://github.com/google/kasan.git usb-fuzzer	059e7e0f	a885920d	.config	log	report	syz	C	gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/02/09 13:45	https://github.com/google/kasan.git usb-fuzzer	e5cd56e9	6ece2ea5	.config	log	report	syz	C	gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/11/15 22:36	https://github.com/google/kasan.git usb-fuzzer	3183c037	79248ee8	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/02 22:40	https://github.com/google/kasan.git usb-fuzzer	eea39f24	14544a56	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/10 02:05	https://github.com/google/kasan.git usb-fuzzer	e96407b4	acb51638	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/07/19 21:26	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	1656845f	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/06/19 19:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	f8f02d5c	123cf502	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/06/14 20:45	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	b791d1bd	2a22c77a	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/05/28 05:10	https://github.com/google/kasan.git usb-fuzzer	d19c64b3	9072c126	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/05/23 18:52	https://github.com/google/kasan.git usb-fuzzer	806d8acc	4afdfa20	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/05/23 15:27	https://github.com/google/kasan.git usb-fuzzer	806d8acc	4afdfa20	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/05/19 08:18	https://github.com/google/kasan.git usb-fuzzer	806d8acc	684d3606	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/03/18 02:20	https://github.com/google/kasan.git usb-fuzzer	d6ff8147	97bc55ce	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2020/02/21 10:58	https://github.com/google/kasan.git usb-fuzzer	7f0cd6c7	bd2a74a3	.config	log	report			gregkh@linuxfoundation.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/11/12 20:47	https://github.com/google/kasan.git usb-fuzzer	3183c037	048f2d49	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/10/03 16:42	https://github.com/google/kasan.git usb-fuzzer	58d5f26a	fc17ba49	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/01 22:19	https://github.com/google/kasan.git usb-fuzzer	eea39f24	bad3cce2	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/24 08:37	https://github.com/google/kasan.git usb-fuzzer	eea39f24	78ded196	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/07/20 16:04	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	1656845f	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/07/19 20:57	https://github.com/google/kasan.git usb-fuzzer	6a3599ce	1656845f	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org