ci2 starts bisection 2023-06-07 18:34:29.189126301 +0000 UTC m=+4341.426767810
bisecting fixing commit since ca48fc16c49388400eddd6c6614593ebf7c7726a
building syzkaller on 90c93c40627cb0ac3c2c7cb99d807fd4c137adcb
ensuring issue is reproducible on original commit ca48fc16c49388400eddd6c6614593ebf7c7726a

testing commit ca48fc16c49388400eddd6c6614593ebf7c7726a gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8ec660a9d7f614670529584e771c47150a64bd26e4a19a404ee4613047c3a322
all runs: crashed: WARNING in amradio_set_mute/usb_submit_urb
testing current HEAD 76ba310227d2490018c271f1ecabb6c0a3212eb0
testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2cf71d4781ffe424ab9cc7a8476b8a7240404a1623fba7310b7dc786aaa2c96e
all runs: crashed: WARNING in amradio_set_mute/usb_submit_urb
crash still not fixed/happens on the oldest tested release
revisions tested: 2, total time: 43m23.119166271s (build: 36m4.979879826s, test: 6m52.599614644s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Linux 6.1.32
crash: WARNING in amradio_set_mute/usb_submit_urb
usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4237 at drivers/usb/core/urb.c:505 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4237 Comm: kworker/0:6 Not tainted 6.1.32-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
sp : ffff80001c2a6780
x29: ffff80001c2a67c0 x28: 0000000000000000 x27: ffff0000c4d12000
x26: dfff800000000000 x25: ffff80001226c128 x24: ffff0000ce2ac500
x23: ffff0000d199845c x22: ffff800012272940 x21: 0000000000000001
x20: 0000000000000c00 x19: ffff0000d1998400 x18: 1fffe00036908d76
x17: ffff80001424d000 x16: ffff8000082aa084 x15: ffff0001b4846bbc
x14: 1ffff0000284a0b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : d0288ef95cba4500
x8 : d0288ef95cba4500 x7 : ffff800008221ddc x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800010fab040 x0 : ffff8001a06a6000
Call trace:
 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xe8/0x3a8 drivers/usb/core/message.c:58
 usb_bulk_msg+0x284/0x398 drivers/usb/core/message.c:387
 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline]
 amradio_set_mute+0x1d0/0x3dc drivers/media/radio/radio-mr800.c:182
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x368/0x678 drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x3e4/0x810 drivers/usb/core/driver.c:396
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_set_configuration+0x1274/0x1730 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x7c/0x114 drivers/usb/core/generic.c:238
 usb_probe_device+0xbc/0x1e0 drivers/usb/core/driver.c:293
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_new_device+0x874/0x1188 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5355 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
 port_event drivers/usb/core/hub.c:5655 [inline]
 hub_event+0x1c7c/0x37b8 drivers/usb/core/hub.c:5737
 process_one_work+0x6c4/0x117c kernel/workqueue.c:2289
 worker_thread+0x7dc/0xe2c kernel/workqueue.c:2436
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 2046642
hardirqs last  enabled at (2046641): [<ffff800008221e7c>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (2046641): [<ffff800008221e7c>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (2046642): [<ffff800010e4bf3c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2046634): [<ffff800008020d2c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (2046634): [<ffff800008020d2c>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (2046539): [<ffff8000080298a0>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
 (null): radio-mr800 - initialization failed
radio-mr800: probe of 1-1:6.199 failed with error -71
usbhid 1-1:6.199: couldn't find an input interrupt endpoint
usb 1-1: USB disconnect, device number 2
usb 1-1: new high-speed USB device number 3 using dummy_hcd
usb 1-1: Using ep0 maxpacket: 32
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: config 6 has an invalid interface number: 199 but max is 2
usb 1-1: config 6 has an invalid interface number: 48 but max is 2
usb 1-1: config 6 has an invalid interface number: 105 but max is 2
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping
usb 1-1: config 6 has no interface number 0
usb 1-1: config 6 has no interface number 1
usb 1-1: config 6 has no interface number 2
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping
usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping
usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping
usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7
usb 1-1: config 6 interface 199 has no altsetting 0
usb 1-1: config 6 interface 48 has no altsetting 0
usb 1-1: config 6 interface 105 has no altsetting 0
usb 1-1: string descriptor 0 read error: -22
usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4237 at drivers/usb/core/urb.c:505 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4237 Comm: kworker/0:6 Tainted: G        W          6.1.32-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
sp : ffff80001c2a6780
x29: ffff80001c2a67c0 x28: 0000000000000000 x27: ffff0000d4055000
x26: dfff800000000000 x25: ffff80001226c128 x24: ffff0000c3bcec00
x23: ffff0000d19bfc5c x22: ffff800012272940 x21: 0000000000000001
x20: 0000000000000c00 x19: ffff0000d19bfc00 x18: ffffffffffffffff
x17: ffffffffffffffff x16: ffff8000082aa084 x15: 0000000000000001
x14: 1ffff0000284a0b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : d0288ef95cba4500
x8 : d0288ef95cba4500 x7 : ffff800010f190bc x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800010fab040 x0 : ffff8001a06a6000
Call trace:
 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xe8/0x3a8 drivers/usb/core/message.c:58
 usb_bulk_msg+0x284/0x398 drivers/usb/core/message.c:387
 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline]
 amradio_set_mute+0x1d0/0x3dc drivers/media/radio/radio-mr800.c:182
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x368/0x678 drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x3e4/0x810 drivers/usb/core/driver.c:396
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_set_configuration+0x1274/0x1730 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x7c/0x114 drivers/usb/core/generic.c:238
 usb_probe_device+0xbc/0x1e0 drivers/usb/core/driver.c:293
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_new_device+0x874/0x1188 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5355 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
 port_event drivers/usb/core/hub.c:5655 [inline]
 hub_event+0x1c7c/0x37b8 drivers/usb/core/hub.c:5737
 process_one_work+0x6c4/0x117c kernel/workqueue.c:2289
 worker_thread+0x7dc/0xe2c kernel/workqueue.c:2436
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 2058826
hardirqs last  enabled at (2058825): [<ffff800010f19dd0>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (2058825): [<ffff800010f19dd0>] __schedule+0xfd8/0x1c5c kernel/sched/core.c:6560
hardirqs last disabled at (2058826): [<ffff800010e4bf3c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2056712): [<ffff800008020d2c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (2056712): [<ffff800008020d2c>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (2056703): [<ffff8000080298a0>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
 (null): radio-mr800 - initialization failed
radio-mr800: probe of 1-1:6.199 failed with error -71
usbhid 1-1:6.199: couldn't find an input interrupt endpoint
usb 1-1: USB disconnect, device number 3
usb 1-1: new high-speed USB device number 4 using dummy_hcd
usb 1-1: Using ep0 maxpacket: 32
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: config 6 has an invalid interface number: 199 but max is 2
usb 1-1: config 6 has an invalid interface number: 48 but max is 2
usb 1-1: config 6 has an invalid interface number: 105 but max is 2
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping
usb 1-1: config 6 has no interface number 0
usb 1-1: config 6 has no interface number 1
usb 1-1: config 6 has no interface number 2
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping
usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping
usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping
usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7
usb 1-1: config 6 interface 199 has no altsetting 0
usb 1-1: config 6 interface 48 has no altsetting 0
usb 1-1: config 6 interface 105 has no altsetting 0
usb 1-1: string descriptor 0 read error: -22
usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4237 at drivers/usb/core/urb.c:505 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4237 Comm: kworker/0:6 Tainted: G        W          6.1.32-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
sp : ffff80001c2a6780
x29: ffff80001c2a67c0 x28: 0000000000000000 x27: ffff0000d2f9e000
x26: dfff800000000000 x25: ffff80001226c128 x24: ffff0000d050c100
x23: ffff0000d1e9105c x22: ffff800012272940 x21: 0000000000000001
x20: 0000000000000c00 x19: ffff0000d1e91000 x18: ffffffffffffffff
x17: ffffffffffffffff x16: ffff800010e50284 x15: 0000000000000001
x14: 1ffff0000284a0b0 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000002 x10: 0000000000000000 x9 : d0288ef95cba4500
x8 : d0288ef95cba4500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001c2a6058 x4 : ffff80001432a5a0 x3 : ffff8000084d12f0
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000029
Call trace:
 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xe8/0x3a8 drivers/usb/core/message.c:58
 usb_bulk_msg+0x284/0x398 drivers/usb/core/message.c:387
 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline]
 amradio_set_mute+0x1d0/0x3dc drivers/media/radio/radio-mr800.c:182
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x368/0x678 drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x3e4/0x810 drivers/usb/core/driver.c:396
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_set_configuration+0x1274/0x1730 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x7c/0x114 drivers/usb/core/generic.c:238
 usb_probe_device+0xbc/0x1e0 drivers/usb/core/driver.c:293
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_new_device+0x874/0x1188 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5355 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
 port_event drivers/usb/core/hub.c:5655 [inline]
 hub_event+0x1c7c/0x37b8 drivers/usb/core/hub.c:5737
 process_one_work+0x6c4/0x117c kernel/workqueue.c:2289
 worker_thread+0x7dc/0xe2c kernel/workqueue.c:2436
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 2069246
hardirqs last  enabled at (2069245): [<ffff8000082e138c>] __up_console_sem+0x54/0xa4 kernel/printk/printk.c:261
hardirqs last disabled at (2069246): [<ffff800010e4bf3c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2067212): [<ffff800008020d2c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (2067212): [<ffff800008020d2c>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (2067207): [<ffff8000080298a0>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
 (null): radio-mr800 - initialization failed
radio-mr800: probe of 1-1:6.199 failed with error -71
usbhid 1-1:6.199: couldn't find an input interrupt endpoint
usb 1-1: USB disconnect, device number 4
usb 1-1: new high-speed USB device number 5 using dummy_hcd
usb 1-1: Using ep0 maxpacket: 32
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: config 6 has an invalid interface number: 199 but max is 2
usb 1-1: config 6 has an invalid interface number: 48 but max is 2
usb 1-1: config 6 has an invalid interface number: 105 but max is 2
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping
usb 1-1: config 6 has no interface number 0
usb 1-1: config 6 has no interface number 1
usb 1-1: config 6 has no interface number 2
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping
usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping
usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping
usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7
usb 1-1: config 6 interface 199 has no altsetting 0
usb 1-1: config 6 interface 48 has no altsetting 0
usb 1-1: config 6 interface 105 has no altsetting 0
usb 1-1: string descriptor 0 read error: -22
usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4237 at drivers/usb/core/urb.c:505 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4237 Comm: kworker/0:6 Tainted: G        W          6.1.32-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
sp : ffff80001c2a6780
x29: ffff80001c2a67c0 x28: 0000000000000000 x27: ffff0000cfedd000
x26: dfff800000000000 x25: ffff80001226c128 x24: ffff0000de2c8300
x23: ffff0000d1e9645c x22: ffff800012272940 x21: 0000000000000001
x20: 0000000000000c00 x19: ffff0000d1e96400 x18: ffffffffffffffff
x17: ffffffffffffffff x16: ffff800010e50284 x15: 0000000000000001
x14: 1ffff0000284a0b0 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000002 x10: 0000000000000000 x9 : d0288ef95cba4500
x8 : d0288ef95cba4500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001c2a6058 x4 : ffff80001432a5a0 x3 : ffff8000084d12f0
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000029
Call trace:
 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xe8/0x3a8 drivers/usb/core/message.c:58
 usb_bulk_msg+0x284/0x398 drivers/usb/core/message.c:387
 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline]
 amradio_set_mute+0x1d0/0x3dc drivers/media/radio/radio-mr800.c:182
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x368/0x678 drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x3e4/0x810 drivers/usb/core/driver.c:396
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_set_configuration+0x1274/0x1730 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x7c/0x114 drivers/usb/core/generic.c:238
 usb_probe_device+0xbc/0x1e0 drivers/usb/core/driver.c:293
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_new_device+0x874/0x1188 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5355 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
 port_event drivers/usb/core/hub.c:5655 [inline]
 hub_event+0x1c7c/0x37b8 drivers/usb/core/hub.c:5737
 process_one_work+0x6c4/0x117c kernel/workqueue.c:2289
 worker_thread+0x7dc/0xe2c kernel/workqueue.c:2436
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 2078816
hardirqs last  enabled at (2078815): [<ffff8000082e138c>] __up_console_sem+0x54/0xa4 kernel/printk/printk.c:261
hardirqs last disabled at (2078816): [<ffff800010e4bf3c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2076656): [<ffff800008020d2c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (2076656): [<ffff800008020d2c>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (2076651): [<ffff8000080298a0>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
 (null): radio-mr800 - initialization failed
radio-mr800: probe of 1-1:6.199 failed with error -71
usbhid 1-1:6.199: couldn't find an input interrupt endpoint
usb 1-1: new high-speed USB device number 6 using dummy_hcd
usb 1-1: Using ep0 maxpacket: 32
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: config 6 has an invalid interface number: 199 but max is 2
usb 1-1: config 6 has an invalid interface number: 48 but max is 2
usb 1-1: config 6 has an invalid interface number: 105 but max is 2
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 contains an unexpected descriptor of type 0x2, skipping
usb 1-1: config 6 has an invalid interface descriptor of length 2, skipping
usb 1-1: config 6 has no interface number 0
usb 1-1: config 6 has no interface number 1
usb 1-1: config 6 has no interface number 2
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x8 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has an invalid endpoint with address 0x0, skipping
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x8, skipping
usb 1-1: config 6 interface 199 altsetting 128 bulk endpoint 0x2 has invalid maxpacket 8
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x1 has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0x5 has invalid maxpacket 1024, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x1, skipping
usb 1-1: config 6 interface 199 altsetting 128 endpoint 0xA has invalid maxpacket 512, setting to 64
usb 1-1: config 6 interface 199 altsetting 128 has a duplicate endpoint with address 0x4, skipping
usb 1-1: config 6 interface 48 altsetting 8 has a duplicate endpoint with address 0xA, skipping
usb 1-1: config 6 interface 105 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 7
usb 1-1: config 6 interface 199 has no altsetting 0
usb 1-1: config 6 interface 48 has no altsetting 0
usb 1-1: config 6 interface 105 has no altsetting 0
usb 1-1: string descriptor 0 read error: -22
usb 1-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=b9.c5
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 4237 at drivers/usb/core/urb.c:505 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 4237 Comm: kworker/0:6 Tainted: G        W          6.1.32-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: usb_hub_wq hub_event
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
lr : usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
sp : ffff80001c2a6780
x29: ffff80001c2a67c0 x28: 0000000000000000 x27: ffff0000cd406000
x26: dfff800000000000 x25: ffff80001226c128 x24: ffff0000c45c8100
x23: ffff0000d1eb365c x22: ffff800012272940 x21: 0000000000000001
x20: 0000000000000c00 x19: ffff0000d1eb3600 x18: 1fffe00036908d76
x17: ffff80001424d000 x16: ffff8000082aa084 x15: ffff0001b4846bbc
x14: 1ffff0000284a0b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : d0288ef95cba4500
x8 : d0288ef95cba4500 x7 : ffff800008221ddc x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800010fab040 x0 : ffff8001a06a6000
Call trace:
 usb_submit_urb+0x868/0x1394 drivers/usb/core/urb.c:504
 usb_start_wait_urb+0xe8/0x3a8 drivers/usb/core/message.c:58
 usb_bulk_msg+0x284/0x398 drivers/usb/core/message.c:387
 amradio_send_cmd drivers/media/radio/radio-mr800.c:150 [inline]
 amradio_set_mute+0x1d0/0x3dc drivers/media/radio/radio-mr800.c:182
 usb_amradio_init drivers/media/radio/radio-mr800.c:411 [inline]
 usb_amradio_probe+0x368/0x678 drivers/media/radio/radio-mr800.c:554
 usb_probe_interface+0x3e4/0x810 drivers/usb/core/driver.c:396
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_set_configuration+0x1274/0x1730 drivers/usb/core/message.c:2170
 usb_generic_driver_probe+0x7c/0x114 drivers/usb/core/generic.c:238
 usb_probe_device+0xbc/0x1e0 drivers/usb/core/driver.c:293
 really_probe+0x30c/0x8cc drivers/base/dd.c:639
 __driver_probe_device+0x15c/0x33c drivers/base/dd.c:783
 driver_probe_device+0x70/0x2a4 drivers/base/dd.c:813
 __device_attach_driver+0x2a4/0x3fc drivers/base/dd.c:941
 bus_for_each_drv+0x138/0x19c drivers/base/bus.c:427
 __device_attach+0x228/0x3c8 drivers/base/dd.c:1013
 device_initial_probe+0x14/0x20 drivers/base/dd.c:1062
 bus_probe_device+0x184/0x190 drivers/base/bus.c:487
 device_add+0x68c/0xb94 drivers/base/core.c:3664
 usb_new_device+0x874/0x1188 drivers/usb/core/hub.c:2575
 hub_port_connect drivers/usb/core/hub.c:5355 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
 port_event drivers/usb/core/hub.c:5655 [inline]
 hub_event+0x1c7c/0x37b8 drivers/usb/core/hub.c:5737
 process_one_work+0x6c4/0x117c kernel/workqueue.c:2289
 worker_thread+0x7dc/0xe2c kernel/workqueue.c:2436
 kthread+0x210/0x28c kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 2086970
hardirqs last  enabled at (2086969): [<ffff800008221e7c>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (2086969): [<ffff800008221e7c>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (2086970): [<ffff800010e4bf3c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (2086962): [<ffff800008020d2c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (2086962): [<ffff800008020d2c>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (2086893): [<ffff8000080298a0>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
 (null): radio-mr800 - initialization failed
radio-mr800: probe of 1-1:6.199 failed with error -71
usbhid 1-1:6.199: couldn't find an input interrupt endpoint