[Linux Kernel Bug] general protection fault in snd_fcp_init

[Linux Kernel Bug] general protection fault in snd_fcp_init

[Jiaming Zhang]

Dear Linux kernel developers and maintainers,

We are writing to report a general protection fault discovered in the
sound subsystem with our modified syzkaller. The issue is reproducible
on the latest version of linux (v7.1, commit
8cd9520d35a6c38db6567e97dd93b1f11f185dc6). Below is the KASAN report:

---
input: AT Translated Set 2 keyboard as
/devices/platform/i8042/serio0/input/input1
input: ImExPS/2 Generic Explorer Mouse as
/devices/platform/i8042/serio1/input/input3
faux_driver regulatory: Direct firmware load for regulatory.db failed
with error -2
faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
cfg80211: failed to load regulatory.db
usb 1-1: Using ep0 maxpacket: 32
usb 1-1: unable to get BOS descriptor or descriptor too short
usb 1-1: config 1 has an invalid descriptor of length 0, skipping
remainder of the config
usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
usb 1-1: New USB device found, idVendor=1235, idProduct=821d, bcdDevice= 0.40
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
Oops: general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 UID: 0 PID: 801 Comm: kworker/0:2 Not tainted 7.1.0 #14 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix,
1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_endpoint_num include/uapi/linux/usb/ch9.h:483 [inline]
RIP: 0010:fcp_find_fc_interface sound/usb/fcp.c:1089 [inline]
RIP: 0010:snd_fcp_init+0x42a/0x920 sound/usb/fcp.c:1112
Code: 9a 88 01 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 4d 89
fc 0f 85 bc 03 00 00 44 88 33 49 8d 5d 02 48 89 d8 48 c1 e8 03 <42> 0f
b6 04 20 84 c0 0f 85 c0 03 00 00 44 0f b6 33 41 80 e6 0f 48
RSP: 0018:ffffc9000441e760 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888026b71c00 RSI: 00000000000000ff RDI: ffff888041f68b20
RBP: ffffc9000441e850 R08: 0000000000000003 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1004d6e38b R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888098af7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055efe3be0ff0 CR3: 000000004b5a7000 CR4: 0000000000752ef0
PKRU: 55555554
Call Trace:
 <TASK>
 snd_usb_mixer_apply_create_quirk+0x1579/0x1a70 sound/usb/mixer_quirks.c:4454
 snd_usb_create_mixer+0x1ae6/0x27c0 sound/usb/mixer.c:3802
 usb_audio_probe+0x1892/0x2310 sound/usb/card.c:1035
 usb_probe_interface+0x659/0xc80 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xb10 drivers/base/dd.c:709
 __driver_probe_device+0x1f7/0x420 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:500
 __device_attach+0x2b7/0x430 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12a/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_set_configuration+0x1a5c/0x20f0 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3c0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xb10 drivers/base/dd.c:709
 __driver_probe_device+0x1f7/0x420 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:500
 __device_attach+0x2b7/0x430 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12a/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_new_device+0xb9d/0x1a30 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2885/0x4cf0 drivers/usb/core/hub.c:5953
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb4b/0x1840 kernel/workqueue.c:3397
 worker_thread+0x8a3/0xda0 kernel/workqueue.c:3478
 kthread+0x38a/0x480 kernel/kthread.c:436
 ret_from_fork+0x509/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 0000000000000000 ]---
RIP: 0010:usb_endpoint_num include/uapi/linux/usb/ch9.h:483 [inline]
RIP: 0010:fcp_find_fc_interface sound/usb/fcp.c:1089 [inline]
RIP: 0010:snd_fcp_init+0x42a/0x920 sound/usb/fcp.c:1112
Code: 9a 88 01 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 4d 89
fc 0f 85 bc 03 00 00 44 88 33 49 8d 5d 02 48 89 d8 48 c1 e8 03 <42> 0f
b6 04 20 84 c0 0f 85 c0 03 00 00 44 0f b6 33 41 80 e6 0f 48
RSP: 0018:ffffc9000441e760 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff888026b71c00 RSI: 00000000000000ff RDI: ffff888041f68b20
RBP: ffffc9000441e850 R08: 0000000000000003 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1004d6e38b R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888098af7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005645e3e76808 CR3: 000000000e14a000 CR4: 0000000000752ef0
PKRU: 55555554
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:   88 01                   mov    %al,(%rcx)
   2:   00 00                   add    %al,(%rax)
   4:   48 89 d8                mov    %rbx,%rax
   7:   48 c1 e8 03             shr    $0x3,%rax
   b:   42 0f b6 04 38          movzbl (%rax,%r15,1),%eax
  10:   84 c0                   test   %al,%al
  12:   4d 89 fc                mov    %r15,%r12
  15:   0f 85 bc 03 00 00       jne    0x3d7
  1b:   44 88 33                mov    %r14b,(%rbx)
  1e:   49 8d 5d 02             lea    0x2(%r13),%rbx
  22:   48 89 d8                mov    %rbx,%rax
  25:   48 c1 e8 03             shr    $0x3,%rax
* 29:   42 0f b6 04 20          movzbl (%rax,%r12,1),%eax <-- trapping
instruction
  2e:   84 c0                   test   %al,%al
  30:   0f 85 c0 03 00 00       jne    0x3f6
  36:   44 0f b6 33             movzbl (%rbx),%r14d
  3a:   41 80 e6 0f             and    $0xf,%r14b
  3e:   48                      rex.W
---

The root cause is that the malicious USB device provides a
vendor-specific interface with no endpoint descriptors. During USB
descriptor parsing, no endpoint array is allocated for that alternate
setting, so altsetting->endpoint remains NULL. fcp_find_fc_interface()
does not check bNumEndpoints before calling get_endpoint(..., 0), and
the resulting endpoint descriptor pointer is later dereferenced by
usb_endpoint_num(), leading to null-ptr-deref.

A potential fix is as follows:

```
diff --git a/sound/usb/fcp.c b/sound/usb/fcp.c
index 0fc4d063c48a..c45dbe4d4532 100644
--- a/sound/usb/fcp.c
+++ b/sound/usb/fcp.c
@@ -1083,6 +1083,8 @@ static int fcp_find_fc_interface(struct
usb_mixer_interface *mixer)

        if (desc->bInterfaceClass != 255)
            continue;
+       if (desc->bNumEndpoints < 1)
+           continue;

        epd = get_endpoint(intf->altsetting, 0);
        private->bInterfaceNumber = desc->bInterfaceNumber;
```

On my machine, the reproducer no longer triggers the issue with the
above patch. If this solution is acceptable, we are happy to submit a
formal patch.

The kernel console output, kernel config, syzkaller reproducer, and C
reproducer are also available at google drive:
https://drive.google.com/drive/folders/1hE9rfMe-sNFwcrt_tPLiwzpYD1iJ7Hma?usp=sharing

Please let me know if any further information is required.

Best Regards,
Jiaming Zhang

Re: [Linux Kernel Bug] general protection fault in snd_fcp_init

[Takashi Iwai]

On Thu, 25 Jun 2026 12:24:49 +0200,
Jiaming Zhang wrote:
> 
> Dear Linux kernel developers and maintainers,
> 
> We are writing to report a general protection fault discovered in the
> sound subsystem with our modified syzkaller. The issue is reproducible
> on the latest version of linux (v7.1, commit
> 8cd9520d35a6c38db6567e97dd93b1f11f185dc6). Below is the KASAN report:
> 
> ---
> input: AT Translated Set 2 keyboard as
> /devices/platform/i8042/serio0/input/input1
> input: ImExPS/2 Generic Explorer Mouse as
> /devices/platform/i8042/serio1/input/input3
> faux_driver regulatory: Direct firmware load for regulatory.db failed
> with error -2
> faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
> cfg80211: failed to load regulatory.db
> usb 1-1: Using ep0 maxpacket: 32
> usb 1-1: unable to get BOS descriptor or descriptor too short
> usb 1-1: config 1 has an invalid descriptor of length 0, skipping
> remainder of the config
> usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
> usb 1-1: New USB device found, idVendor=1235, idProduct=821d, bcdDevice= 0.40
> usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
> usb 1-1: Product: syz
> usb 1-1: Manufacturer: syz
> usb 1-1: SerialNumber: syz
> Oops: general protection fault, probably for non-canonical address
> 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
> CPU: 0 UID: 0 PID: 801 Comm: kworker/0:2 Not tainted 7.1.0 #14 PREEMPT(full)
> Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix,
> 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> Workqueue: usb_hub_wq hub_event
> RIP: 0010:usb_endpoint_num include/uapi/linux/usb/ch9.h:483 [inline]
> RIP: 0010:fcp_find_fc_interface sound/usb/fcp.c:1089 [inline]
> RIP: 0010:snd_fcp_init+0x42a/0x920 sound/usb/fcp.c:1112
> Code: 9a 88 01 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 4d 89
> fc 0f 85 bc 03 00 00 44 88 33 49 8d 5d 02 48 89 d8 48 c1 e8 03 <42> 0f
> b6 04 20 84 c0 0f 85 c0 03 00 00 44 0f b6 33 41 80 e6 0f 48
> RSP: 0018:ffffc9000441e760 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
> RDX: ffff888026b71c00 RSI: 00000000000000ff RDI: ffff888041f68b20
> RBP: ffffc9000441e850 R08: 0000000000000003 R09: 0000000000000000
> R10: dffffc0000000000 R11: ffffed1004d6e38b R12: dffffc0000000000
> R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
> FS:  0000000000000000(0000) GS:ffff888098af7000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000055efe3be0ff0 CR3: 000000004b5a7000 CR4: 0000000000752ef0
> PKRU: 55555554
> Call Trace:
>  <TASK>
>  snd_usb_mixer_apply_create_quirk+0x1579/0x1a70 sound/usb/mixer_quirks.c:4454
>  snd_usb_create_mixer+0x1ae6/0x27c0 sound/usb/mixer.c:3802
>  usb_audio_probe+0x1892/0x2310 sound/usb/card.c:1035
>  usb_probe_interface+0x659/0xc80 drivers/usb/core/driver.c:396
>  call_driver_probe drivers/base/dd.c:-1 [inline]
>  really_probe+0x267/0xb10 drivers/base/dd.c:709
>  __driver_probe_device+0x1f7/0x420 drivers/base/dd.c:871
>  driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
>  __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
>  bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:500
>  __device_attach+0x2b7/0x430 drivers/base/dd.c:1101
>  device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
>  bus_probe_device+0x12a/0x220 drivers/base/bus.c:613
>  device_add+0x7e9/0xbb0 drivers/base/core.c:3706
>  usb_set_configuration+0x1a5c/0x20f0 drivers/usb/core/message.c:2268
>  usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
>  usb_probe_device+0x1c4/0x3c0 drivers/usb/core/driver.c:291
>  call_driver_probe drivers/base/dd.c:-1 [inline]
>  really_probe+0x267/0xb10 drivers/base/dd.c:709
>  __driver_probe_device+0x1f7/0x420 drivers/base/dd.c:871
>  driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
>  __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
>  bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:500
>  __device_attach+0x2b7/0x430 drivers/base/dd.c:1101
>  device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
>  bus_probe_device+0x12a/0x220 drivers/base/bus.c:613
>  device_add+0x7e9/0xbb0 drivers/base/core.c:3706
>  usb_new_device+0xb9d/0x1a30 drivers/usb/core/hub.c:2695
>  hub_port_connect drivers/usb/core/hub.c:5567 [inline]
>  hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
>  port_event drivers/usb/core/hub.c:5871 [inline]
>  hub_event+0x2885/0x4cf0 drivers/usb/core/hub.c:5953
>  process_one_work kernel/workqueue.c:3314 [inline]
>  process_scheduled_works+0xb4b/0x1840 kernel/workqueue.c:3397
>  worker_thread+0x8a3/0xda0 kernel/workqueue.c:3478
>  kthread+0x38a/0x480 kernel/kthread.c:436
>  ret_from_fork+0x509/0xb70 arch/x86/kernel/process.c:158
>  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
>  </TASK>
> Modules linked in:
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:usb_endpoint_num include/uapi/linux/usb/ch9.h:483 [inline]
> RIP: 0010:fcp_find_fc_interface sound/usb/fcp.c:1089 [inline]
> RIP: 0010:snd_fcp_init+0x42a/0x920 sound/usb/fcp.c:1112
> Code: 9a 88 01 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 4d 89
> fc 0f 85 bc 03 00 00 44 88 33 49 8d 5d 02 48 89 d8 48 c1 e8 03 <42> 0f
> b6 04 20 84 c0 0f 85 c0 03 00 00 44 0f b6 33 41 80 e6 0f 48
> RSP: 0018:ffffc9000441e760 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
> RDX: ffff888026b71c00 RSI: 00000000000000ff RDI: ffff888041f68b20
> RBP: ffffc9000441e850 R08: 0000000000000003 R09: 0000000000000000
> R10: dffffc0000000000 R11: ffffed1004d6e38b R12: dffffc0000000000
> R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
> FS:  0000000000000000(0000) GS:ffff888098af7000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00005645e3e76808 CR3: 000000000e14a000 CR4: 0000000000752ef0
> PKRU: 55555554
> ----------------
> Code disassembly (best guess), 1 bytes skipped:
>    0:   88 01                   mov    %al,(%rcx)
>    2:   00 00                   add    %al,(%rax)
>    4:   48 89 d8                mov    %rbx,%rax
>    7:   48 c1 e8 03             shr    $0x3,%rax
>    b:   42 0f b6 04 38          movzbl (%rax,%r15,1),%eax
>   10:   84 c0                   test   %al,%al
>   12:   4d 89 fc                mov    %r15,%r12
>   15:   0f 85 bc 03 00 00       jne    0x3d7
>   1b:   44 88 33                mov    %r14b,(%rbx)
>   1e:   49 8d 5d 02             lea    0x2(%r13),%rbx
>   22:   48 89 d8                mov    %rbx,%rax
>   25:   48 c1 e8 03             shr    $0x3,%rax
> * 29:   42 0f b6 04 20          movzbl (%rax,%r12,1),%eax <-- trapping
> instruction
>   2e:   84 c0                   test   %al,%al
>   30:   0f 85 c0 03 00 00       jne    0x3f6
>   36:   44 0f b6 33             movzbl (%rbx),%r14d
>   3a:   41 80 e6 0f             and    $0xf,%r14b
>   3e:   48                      rex.W
> ---
> 
> The root cause is that the malicious USB device provides a
> vendor-specific interface with no endpoint descriptors. During USB
> descriptor parsing, no endpoint array is allocated for that alternate
> setting, so altsetting->endpoint remains NULL. fcp_find_fc_interface()
> does not check bNumEndpoints before calling get_endpoint(..., 0), and
> the resulting endpoint descriptor pointer is later dereferenced by
> usb_endpoint_num(), leading to null-ptr-deref.
> 
> A potential fix is as follows:
> 
> ```
> diff --git a/sound/usb/fcp.c b/sound/usb/fcp.c
> index 0fc4d063c48a..c45dbe4d4532 100644
> --- a/sound/usb/fcp.c
> +++ b/sound/usb/fcp.c
> @@ -1083,6 +1083,8 @@ static int fcp_find_fc_interface(struct
> usb_mixer_interface *mixer)
> 
>         if (desc->bInterfaceClass != 255)
>             continue;
> +       if (desc->bNumEndpoints < 1)
> +           continue;
> 
>         epd = get_endpoint(intf->altsetting, 0);
>         private->bInterfaceNumber = desc->bInterfaceNumber;
> ```
> 
> On my machine, the reproducer no longer triggers the issue with the
> above patch. If this solution is acceptable, we are happy to submit a
> formal patch.
> 
> The kernel console output, kernel config, syzkaller reproducer, and C
> reproducer are also available at google drive:
> https://drive.google.com/drive/folders/1hE9rfMe-sNFwcrt_tPLiwzpYD1iJ7Hma?usp=sharing
> 
> Please let me know if any further information is required.

The patch looks reasonable.  Could you just submit a proper patch?


thanks,

Takashi

[PATCH] ALSA: FCP: Fix NULL pointer dereference in interface lookup

[Jiaming Zhang]

A malformed USB device can provide a vendor-specific interface without
any endpoint descriptors. fcp_find_fc_interface() currently selects the
first vendor-specific interface and reads endpoint 0 from it, without
checking whether the interface actually has any endpoints.

When bNumEndpoints is zero, no endpoint array is allocated for the parsed
alternate setting, so get_endpoint(..., 0) yields an invalid endpoint
descriptor pointer. Dereferencing it through usb_endpoint_num() then
triggers a NULL pointer dereference.

Skip vendor-specific interfaces that do not have any endpoints.

Fixes: 46757a3e7d50 ("ALSA: FCP: Add Focusrite Control Protocol driver")
Reported-by: Jiaming Zhang <r772577952@gmail.com>
Closes: https://lore.kernel.org/lkml/CANypQFb1EHj0xX8bA1WxSOSK-5xca6ZNKzOQcp12=s=puY7VFw@mail.gmail.com/
Signed-off-by: Jiaming Zhang <r772577952@gmail.com>
---
 sound/usb/fcp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sound/usb/fcp.c b/sound/usb/fcp.c
index ea746bdb36ff..6f5dcd35e1d4 100644
--- a/sound/usb/fcp.c
+++ b/sound/usb/fcp.c
@@ -1083,6 +1083,8 @@ static int fcp_find_fc_interface(struct usb_mixer_interface *mixer)
 
 		if (desc->bInterfaceClass != 255)
 			continue;
+		if (desc->bNumEndpoints < 1)
+			continue;
 
 		epd = get_endpoint(intf->altsetting, 0);
 		private->bInterfaceNumber = desc->bInterfaceNumber;

base-commit: ab9de95c9cf952332ab79453b4b5d1bfca8e514f
-- 
2.43.0

Re: [PATCH] ALSA: FCP: Fix NULL pointer dereference in interface lookup

[Takashi Iwai]

On Thu, 25 Jun 2026 15:49:33 +0200,
Jiaming Zhang wrote:
> 
> A malformed USB device can provide a vendor-specific interface without
> any endpoint descriptors. fcp_find_fc_interface() currently selects the
> first vendor-specific interface and reads endpoint 0 from it, without
> checking whether the interface actually has any endpoints.
> 
> When bNumEndpoints is zero, no endpoint array is allocated for the parsed
> alternate setting, so get_endpoint(..., 0) yields an invalid endpoint
> descriptor pointer. Dereferencing it through usb_endpoint_num() then
> triggers a NULL pointer dereference.
> 
> Skip vendor-specific interfaces that do not have any endpoints.
> 
> Fixes: 46757a3e7d50 ("ALSA: FCP: Add Focusrite Control Protocol driver")
> Reported-by: Jiaming Zhang <r772577952@gmail.com>
> Closes: https://lore.kernel.org/lkml/CANypQFb1EHj0xX8bA1WxSOSK-5xca6ZNKzOQcp12=s=puY7VFw@mail.gmail.com/
> Signed-off-by: Jiaming Zhang <r772577952@gmail.com>

Applied now.  Thanks.


Takashi