WARNING in go7007_usb_onboard_write_interrupt/usb_submit

WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
Status: upstream: reported C repro on 2021/02/07 07:40
Reported-by: syzbot+d4ebc877b1223f20d5a0@syzkaller.appspotmail.com
First crash: 25d, last: 3d15h

Sample crash report:

usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: SerialNumber: syz
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 2 != type 3
WARNING: CPU: 0 PID: 2608 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 0 PID: 2608 Comm: kworker/0:2 Not tainted 5.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Code: 84 d4 02 00 00 e8 e9 e9 ba fd 4c 89 ef e8 f1 3d 1d ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 00 6a 61 86 e8 31 ee f9 01 <0f> 0b e9 81 f8 ff ff e8 bd e9 ba fd 48 81 c5 30 06 00 00 e9 ad f7
RSP: 0018:ffffc90006cf6c70 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff88810a895040 RSI: ffffffff81299db3 RDI: fffff52000d9ed80
RBP: ffff88810155f8a0 R08: 0000000000000001 R09: 0000000000000000
R10: ffffffff8149c4ab R11: 0000000000000000 R12: 0000000000000002
R13: ffff8881121670a0 R14: ffff8881031c06e0 R15: ffff888102b46f00
FS:  0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bfb7b520d0 CR3: 000000010a1f1000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
 go7007_usb_onboard_write_interrupt+0x26a/0x340 drivers/media/usb/go7007/go7007-usb.c:735
 go7007_usb_interface_reset+0x139/0x540 drivers/media/usb/go7007/go7007-usb.c:649
 go7007_load_encoder+0x11f/0x510 drivers/media/usb/go7007/go7007-driver.c:107
 go7007_boot_encoder+0x2a/0xe0 drivers/media/usb/go7007/go7007-driver.c:131
 go7007_usb_probe+0x80e/0x21f0 drivers/media/usb/go7007/go7007-usb.c:1161
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 really_probe+0x291/0xe60 drivers/base/dd.c:554
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:740
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:846
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:914
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbc4/0x1d90 drivers/base/core.c:3109
 usb_set_configuration+0x113c/0x1910 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 really_probe+0x291/0xe60 drivers/base/dd.c:554
 driver_probe_device+0x26b/0x3d0 drivers/base/dd.c:740
 __device_attach_driver+0x1d1/0x290 drivers/base/dd.c:846
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:914
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbc4/0x1d90 drivers/base/core.c:3109
 usb_new_device.cold+0x721/0x1058 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x2357/0x4320 drivers/usb/core/hub.c:5591
 process_one_work+0x98d/0x1580 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x38c/0x460 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Crashes (5):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-usb	2021/02/03 08:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	64eaa0fa	624dad51	.config	log	report	syz	C		WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/25 07:31	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3b9cdafb	fcc6d71b	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/07 17:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8cf9045b	2ce644fc	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/05 03:28	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	8dc6e6dd	23a562df	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb
ci2-upstream-usb	2021/02/03 07:38	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	64eaa0fa	624dad51	.config	log	report			info	WARNING in go7007_usb_onboard_write_interrupt/usb_submit_urb