WARNING in smsusb_start_streaming/usb_submit

WARNING in smsusb_start_streaming/usb_submit_urb
Status: upstream: reported C repro on 2019/08/21 12:58
Reported-by: syzbot+12002a39b8c60510f8fb@syzkaller.appspotmail.com
First crash: 882d, last: 29d

Cause bisection: failed (bisect log)

Sample crash report:

usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
usb 1-1: string descriptor 0 read error: -71
smsusb:smsusb_probe: board id=2, interface number 0
smsusb:siano_media_device_register: media controller created
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 8 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G        W         5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xd27/0x1540 drivers/usb/core/urb.c:493
Code: 84 d4 02 00 00 e8 a9 78 23 fc 4c 89 ef e8 a1 85 0c ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 20 f2 26 8a e8 c0 65 8e 03 <0f> 0b e9 81 f8 ff ff e8 7d 78 23 fc 48 81 c5 40 06 00 00 e9 ad f7
RSP: 0018:ffffc90000eeee88 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff8880126c0200 RSI: ffffffff815ca6f5 RDI: fffff520001dddc3
RBP: ffff888018acd950 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815c452e R11: 0000000000000000 R12: 0000000000000003
R13: ffff8880428550a8 R14: ffff88801dc37500 R15: ffff888040e92030
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa210755020 CR3: 000000001e268000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 smsusb_submit_urb drivers/media/usb/siano/smsusb.c:173 [inline]
 smsusb_start_streaming+0x2b2/0x329 drivers/media/usb/siano/smsusb.c:195
 smsusb_init_device+0x9a3/0xb07 drivers/media/usb/siano/smsusb.c:475
 smsusb_probe+0xd8f/0xe2c drivers/media/usb/siano/smsusb.c:566
 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396
 really_probe+0x291/0xf60 drivers/base/dd.c:576
 driver_probe_device+0x298/0x410 drivers/base/dd.c:763
 __device_attach_driver+0x203/0x2c0 drivers/base/dd.c:870
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:938
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbe0/0x2100 drivers/base/core.c:3324
 usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238
 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
 really_probe+0x291/0xf60 drivers/base/dd.c:576
 driver_probe_device+0x298/0x410 drivers/base/dd.c:763
 __device_attach_driver+0x203/0x2c0 drivers/base/dd.c:870
 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:431
 __device_attach+0x228/0x4a0 drivers/base/dd.c:938
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:491
 device_add+0xbe0/0x2100 drivers/base/core.c:3324
 usb_new_device.cold+0x721/0x1058 drivers/usb/core/hub.c:2558
 hub_port_connect drivers/usb/core/hub.c:5278 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5418 [inline]
 port_event drivers/usb/core/hub.c:5564 [inline]
 hub_event+0x2357/0x4330 drivers/usb/core/hub.c:5646
 process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-selinux-root	2021/12/06 03:10	upstream	0fcfb00b28c0	95793bce	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/11/06 02:46	upstream	fe91c4725aee	95793bce	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/10/07 02:08	upstream	5af4055fa813	95793bce	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/09/07 01:47	upstream	4b93c544e90e	95793bce	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2021/08/07 11:56	upstream	c9194f32bfd9	95793bce	.config	log	report	syz	C

Crashes (70):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-kasan-gce-selinux-root	2021/07/08 11:35	upstream	3dbdb38e2869	95793bce	.config	log	report	syz	C		WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/29 11:42	upstream	5ff2756afde0	858ea628	.config	log	report	syz	C		WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-root	2021/05/26 15:47	upstream	ad9f25d33860	54f0bcf1	.config	log	report	syz	C		WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/06/20 05:07	linux-next	a1f92694393a	aba2b2fb	.config	log	report	syz	C		WARNING in smsusb_start_streaming/usb_submit_urb
ci2-upstream-usb	2020/12/08 10:10	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	08a02f954b0d	9af51e31	.config	log	report	syz	C
ci2-upstream-usb	2020/05/14 01:52	https://github.com/google/kasan.git usb-fuzzer	059e7e0ff26c	a885920d	.config	log	report	syz	C
ci2-upstream-usb	2020/02/29 16:23	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	c88c7b75	.config	log	report	syz	C
ci2-upstream-usb	2020/02/25 03:27	https://github.com/google/kasan.git usb-fuzzer	d6ff8147a51c	59b57593	.config	log	report	syz	C
ci2-upstream-usb	2020/01/25 00:47	https://github.com/google/kasan.git usb-fuzzer	cd234325a5f1	2e95ab33	.config	log	report	syz	C
ci2-upstream-usb	2019/12/16 23:26	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	0ae38e44	.config	log	report	syz	C
ci2-upstream-usb	2019/12/12 23:40	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	08003f64	.config	log	report	syz	C
ci2-upstream-usb	2019/11/06 23:45	https://github.com/google/kasan.git usb-fuzzer	d60bbfea36c1	da505f84	.config	log	report	syz	C
ci2-upstream-usb	2019/11/06 09:03	https://github.com/google/kasan.git usb-fuzzer	b1aa9d834830	bc2c6e45	.config	log	report	syz	C
ci2-upstream-usb	2019/09/21 10:56	https://github.com/google/kasan.git usb-fuzzer	e0bd8d794fc9	d96e88f3	.config	log	report	syz	C
ci2-upstream-usb	2019/09/01 11:43	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	bad3cce2	.config	log	report	syz	C
ci2-upstream-usb	2019/08/20 22:24	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	6b8391d0	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2021/05/14 14:00	upstream	315d99318179	8bdd5343	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/11 02:39	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-smack-root	2021/05/11 02:39	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/05/11 02:38	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/05/11 02:37	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-selinux-root	2021/05/11 02:36	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce	2021/05/11 02:34	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce	2021/05/11 02:34	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce	2021/05/11 02:33	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/11 02:37	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/11 02:36	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-kasan-gce-386	2021/05/11 02:36	upstream	0aa099a312b6	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci2-upstream-usb	2021/12/21 04:48	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	236c9ad1f870	62bd192b	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/05/14 13:58	linux-next	cd557f1c605f	8bdd5343	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci2-upstream-usb	2021/05/11 02:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4676be28a46e	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci2-upstream-usb	2021/05/11 02:34	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	4676be28a46e	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/05/11 02:33	linux-next	e6f67ebd93ef	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/05/11 02:33	linux-next	e6f67ebd93ef	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci-upstream-linux-next-kasan-gce-root	2021/05/11 02:33	linux-next	e6f67ebd93ef	ca873091	.config	log	report			info	WARNING in smsusb_start_streaming/usb_submit_urb
ci2-upstream-usb	2020/03/29 21:08	https://github.com/google/kasan.git usb-fuzzer	0fa84af850a4	05736b29	.config	log	report
ci2-upstream-usb	2019/12/15 01:05	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	eef6e580	.config	log	report
ci2-upstream-usb	2019/12/13 20:27	https://github.com/google/kasan.git usb-fuzzer	4cc037ecf2cb	a5c1ab05	.config	log	report
ci2-upstream-usb	2019/11/05 04:56	https://github.com/google/kasan.git usb-fuzzer	16bfd2aef585	76630fc9	.config	log	report
ci2-upstream-usb	2019/09/16 10:06	https://github.com/google/kasan.git usb-fuzzer	f0df5c1be1e9	55c50e70	.config	log	report
ci2-upstream-usb	2019/09/13 23:17	https://github.com/google/kasan.git usb-fuzzer	f0df5c1be1e9	32d59357	.config	log	report
ci2-upstream-usb	2019/09/07 16:38	https://github.com/google/kasan.git usb-fuzzer	f0df5c1be1e9	a60cb4cd	.config	log	report
ci2-upstream-usb	2019/09/06 10:48	https://github.com/google/kasan.git usb-fuzzer	f0df5c1be1e9	c16be727	.config	log	report
ci2-upstream-usb	2019/09/02 17:13	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	14544a56	.config	log	report
ci2-upstream-usb	2019/08/29 02:04	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	40203c15	.config	log	report
ci2-upstream-usb	2019/08/27 01:08	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	d21c5d9d	.config	log	report
ci2-upstream-usb	2019/08/21 17:03	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	4ea67ff8	.config	log	report
ci2-upstream-usb	2019/08/20 22:06	https://github.com/google/kasan.git usb-fuzzer	eea39f24f4a5	6b8391d0	.config	log	report