WARNING in go7007_usb_onboard_write_interrupt/usb_submit

WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
Status: upstream: reported C repro on 2021/02/07 07:40
Reported-by: syzbot+d4ebc877b1223f20d5a0@syzkaller.appspotmail.com
First crash: 95d, last: 11d

Cause bisection: failed (bisect log)

Sample crash report:

usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 2 != type 3
WARNING: CPU: 1 PID: 2934 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 1 PID: 2934 Comm: kworker/1:2 Not tainted 5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Code: 84 d4 02 00 00 e8 f9 8c 33 fc 4c 89 ef e8 91 8d 10 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 c0 dc 04 8a e8 55 84 81 03 <0f> 0b e9 81 f8 ff ff e8 cd 8c 33 fc 48 81 c5 38 06 00 00 e9 ad f7
RSP: 0018:ffffc90001abec70 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88801a158000 RSI: ffffffff815c4cb5 RDI: fffff52000357d80
RBP: ffff88802b6540a0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815bda4e R11: 0000000000000000 R12: 0000000000000002
R13: ffff8880181840a0 R14: ffff88801cc97d98 R15: ffff8880142c8d00
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f5ef10a0b0 CR3: 000000001cb5c000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
 go7007_usb_onboard_write_interrupt+0x26a/0x340 drivers/media/usb/go7007/go7007-usb.c:735
 go7007_usb_interface_reset+0x139/0x540 drivers/media/usb/go7007/go7007-usb.c:649
 go7007_load_encoder+0x11f/0x510 drivers/media/usb/go7007/go7007-driver.c:107
 go7007_boot_encoder+0x2a/0xe0 drivers/media/usb/go7007/go7007-driver.c:131
 go7007_usb_probe+0x80e/0x21f0 drivers/media/usb/go7007/go7007-usb.c:1161
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 really_probe+0x291/0xe60 drivers/base/dd.c:557
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:743
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:849
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:917
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbdb/0x1db0 drivers/base/core.c:3242
 usb_set_configuration+0x113f/0x1910 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 really_probe+0x291/0xe60 drivers/base/dd.c:557
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:743
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:849
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:917
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbdb/0x1db0 drivers/base/core.c:3242
 usb_new_device.cold+0x721/0x1058 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x2357/0x4320 drivers/usb/core/hub.c:5591
 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Crashes (10):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce	2021/04/09 15:16	upstream	4fa56ad0	6a81331a	.config	log	report	syz	C		WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/03 08:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	64eaa0fa	624dad51	.config	log	report	syz	C		WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci-upstream-kasan-gce	2021/04/26 07:44	upstream	9f4ad9e4	2a82f1b3	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/04/28 04:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4a0225c3	805b5003	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/03/13 03:24	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	14b02f02	429d8a6b	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/03/12 00:36	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	60a35ba9	429d8a6b	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/25 07:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3b9cdafb	fcc6d71b	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/07 17:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8cf9045b	2ce644fc	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/05 03:28	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8dc6e6dd	23a562df	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/03 07:38	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	64eaa0fa	624dad51	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb