WARNING in hif_usb_send/usb_submit

WARNING in hif_usb_send/usb_submit_urb
Status: upstream: reported C repro on 2020/10/05 10:59
Reported-by: syzbot+f5378bcf0f0cab45c1c6@syzkaller.appspotmail.com
First crash: 21d, last: 2h24m

duplicates (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
WARNING in handle_bug/usb_submit_urb	C			1	21d	21d	0/17	closed as dup on 2020/10/05 14:54

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/10/10 01:08	17m	stern@rowland.harvard.edu	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.9-rc8	OK
2020/10/10 00:49	5m	stern@rowland.harvard.edu	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v5.9-rc8	error
2020/10/09 18:55	5m	stern@rowland.harvard.edu	patch	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 6c8cf369	error

Sample crash report:

usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 1 PID: 72 at drivers/usb/core/urb.c:493 usb_submit_urb+0xce2/0x14e0 drivers/usb/core/urb.c:493
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 72 Comm: kworker/1:2 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x107/0x16e lib/dump_stack.c:118
 panic+0x2cb/0x702 kernel/panic.c:231
 __warn.cold+0x20/0x44 kernel/panic.c:600
 report_bug+0x1bd/0x210 lib/bug.c:198
 handle_bug+0x41/0x80 arch/x86/kernel/traps.c:234
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:usb_submit_urb+0xce2/0x14e0 drivers/usb/core/urb.c:493
Code: 84 04 03 00 00 e8 3e 98 c6 fd 4c 89 ef e8 66 b6 12 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 20 b3 5d 86 e8 d0 ba 9a fd <0f> 0b e9 c6 f8 ff ff e8 12 98 c6 fd 48 81 c5 40 06 00 00 e9 f2 f7
RSP: 0018:ffff8881d4757808 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: ffff8881d4ffe500 RSI: ffffffff8129efa3 RDI: ffffed103a8eaef3
RBP: ffff8881cde7d800 R08: 0000000000000001 R09: ffff8881db32f50f
R10: 0000000000000000 R11: 0000000000003754 R12: 0000000000000001
R13: ffff8881d1edd0a0 R14: ffff8881d9bc9320 R15: ffff8881d9ba8600
 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
 hif_usb_send+0x4c1/0xcf0 drivers/net/wireless/ath/ath9k/hif_usb.c:470
 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
 htc_connect_service+0x705/0xa00 drivers/net/wireless/ath/ath9k/htc_hst.c:275
 ath9k_wmi_connect+0xc9/0x190 drivers/net/wireless/ath/ath9k/wmi.c:268
 ath9k_init_htc_services.constprop.0+0xb3/0x640 drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
 ath9k_htc_probe_device+0x25f/0x1e10 drivers/net/wireless/ath/ath9k/htc_drv_init.c:962
 ath9k_htc_hw_init+0x31/0x60 drivers/net/wireless/ath/ath9k/htc_hst.c:501
 ath9k_hif_usb_firmware_cb+0x274/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1220
 request_firmware_work_func+0x126/0x250 drivers/base/firmware_loader/main.c:1006
 process_one_work+0x94c/0x15f0 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x392/0x470 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (12):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci2-upstream-usb	2020/10/09 14:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	6c8cf369	fa79ed2a	.config	log	report	syz	C		eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, stern@rowland.harvard.edu, tiwai@suse.de
ci2-upstream-usb	2020/10/26 09:56	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	3650b228	a7aac492	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, tiwai@suse.de
ci2-upstream-usb	2020/10/23 19:25	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	270315b8	2bb6666c	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, tiwai@suse.de
ci2-upstream-usb	2020/10/22 20:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	270315b8	4e740c00	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, tiwai@suse.de
ci2-upstream-usb	2020/10/22 00:05	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	270315b8	be6b1582	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, tiwai@suse.de
ci2-upstream-usb	2020/10/21 09:27	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	270315b8	e761439e	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, tiwai@suse.de
ci2-upstream-usb	2020/10/15 20:32	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	726eb70e	6e262c73	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, tiwai@suse.de
ci2-upstream-usb	2020/10/15 18:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	726eb70e	63869021	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, stern@rowland.harvard.edu, tiwai@suse.de
ci2-upstream-usb	2020/10/15 08:30	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	93578a25	63869021	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, oneukum@suse.com, tiwai@suse.de
ci2-upstream-usb	2020/10/13 20:18	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	93578a25	fc7735a2	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, tiwai@suse.de
ci2-upstream-usb	2020/10/09 14:09	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	6c8cf369	fa79ed2a	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, tiwai@suse.de
ci2-upstream-usb	2020/10/05 09:54	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	168ae5a7	5ef9c291	.config	log	report			info	eli.billauer@gmail.com, gregkh@linuxfoundation.org, gustavoars@kernel.org, ingrassia@epigenesys.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, stern@rowland.harvard.edu, tiwai@suse.de