WARNING in smsusb_start_streaming/usb_submit

WARNING in smsusb_start_streaming/usb_submit_urb
Status: upstream: reported C repro on 2019/08/21 12:58
Reported-by: syzbot+12002a39b8c60510f8fb@syzkaller.appspotmail.com
First crash: 113d, last: 35d

Sample crash report:

usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
smsusb:smsusb_probe: board id=3, interface number 0
smsusb:siano_media_device_register: media controller created
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 1 PID: 83 at drivers/usb/core/urb.c:477 usb_submit_urb+0x1188/0x13b0 drivers/usb/core/urb.c:477
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xca/0x13e lib/dump_stack.c:113
 panic+0x2aa/0x6e1 kernel/panic.c:221
 __warn.cold+0x2f/0x33 kernel/panic.c:582
 report_bug+0x27b/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x12b/0x1e0 arch/x86/kernel/traps.c:272
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:usb_submit_urb+0x1188/0x13b0 drivers/usb/core/urb.c:477
Code: 4d 85 ed 74 2c e8 b8 21 ef fd 4c 89 f7 e8 40 34 1f ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 40 77 14 86 e8 cd bc c4 fd <0f> 0b e9 20 f4 ff ff e8 8c 21 ef fd 4c 89 f2 48 b8 00 00 00 00 00
RSP: 0018:ffff8881d89f6fc8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8128c9cd RDI: ffffed103b13edeb
RBP: ffff8881d48ec950 R08: ffff8881d89e1800 R09: fffffbfff11ab3ae
R10: fffffbfff11ab3ad R11: ffffffff88d59d6f R12: 0000000000000003
R13: ffff8881d21754e0 R14: ffff8881cfbed0a0 R15: ffff8881cf644030
 smsusb_submit_urb+0x26d/0x390 drivers/media/usb/siano/smsusb.c:173
 smsusb_start_streaming+0x1f/0x87 drivers/media/usb/siano/smsusb.c:195
 smsusb_init_device+0x8aa/0x9d5 drivers/media/usb/siano/smsusb.c:475
 smsusb_probe+0x986/0xa24 drivers/media/usb/siano/smsusb.c:566
 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361
 really_probe+0x281/0x6d0 drivers/base/dd.c:548
 driver_probe_device+0x104/0x210 drivers/base/dd.c:721
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x360 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0xae6/0x16f0 drivers/base/core.c:2202
 usb_set_configuration+0xdf6/0x1670 drivers/usb/core/message.c:2023
 generic_probe+0x9d/0xd5 drivers/usb/core/generic.c:210
 usb_probe_device+0x99/0x100 drivers/usb/core/driver.c:266
 really_probe+0x281/0x6d0 drivers/base/dd.c:548
 driver_probe_device+0x104/0x210 drivers/base/dd.c:721
 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:828
 bus_for_each_drv+0x162/0x1e0 drivers/base/bus.c:430
 __device_attach+0x217/0x360 drivers/base/dd.c:894
 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:490
 device_add+0xae6/0x16f0 drivers/base/core.c:2202
 usb_new_device.cold+0x6a4/0xe79 drivers/usb/core/hub.c:2537
 hub_port_connect drivers/usb/core/hub.c:5184 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5324 [inline]
 port_event drivers/usb/core/hub.c:5470 [inline]
 hub_event+0x1df8/0x3800 drivers/usb/core/hub.c:5552
 process_one_work+0x92b/0x1530 kernel/workqueue.c:2269
 worker_thread+0x96/0xe20 kernel/workqueue.c:2415
 kthread+0x318/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (15):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci2-upstream-usb	2019/11/06 23:45	https://github.com/google/kasan.git usb-fuzzer	d60bbfea	da505f84	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/11/06 09:03	https://github.com/google/kasan.git usb-fuzzer	b1aa9d83	bc2c6e45	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/21 10:56	https://github.com/google/kasan.git usb-fuzzer	e0bd8d79	d96e88f3	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/01 11:43	https://github.com/google/kasan.git usb-fuzzer	eea39f24	bad3cce2	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/20 22:24	https://github.com/google/kasan.git usb-fuzzer	eea39f24	6b8391d0	.config	log	report	syz	C	gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/11/05 04:56	https://github.com/google/kasan.git usb-fuzzer	16bfd2ae	76630fc9	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/16 10:06	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	55c50e70	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/13 23:17	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	32d59357	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/07 16:38	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	a60cb4cd	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/06 10:48	https://github.com/google/kasan.git usb-fuzzer	f0df5c1b	c16be727	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/09/02 17:13	https://github.com/google/kasan.git usb-fuzzer	eea39f24	14544a56	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/29 02:04	https://github.com/google/kasan.git usb-fuzzer	eea39f24	40203c15	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/27 01:08	https://github.com/google/kasan.git usb-fuzzer	eea39f24	d21c5d9d	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/21 17:03	https://github.com/google/kasan.git usb-fuzzer	eea39f24	4ea67ff8	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
ci2-upstream-usb	2019/08/20 22:06	https://github.com/google/kasan.git usb-fuzzer	eea39f24	6b8391d0	.config	log	report			gregkh@linuxfoundation.org, gustavo@embeddedor.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org