bisecting fixing commit since f69d02e37a85645aa90d18cacfff36dba370f797
building syzkaller on 06ed56cd22e24a55c40d152880b66b108834c8f2
testing commit f69d02e37a85645aa90d18cacfff36dba370f797 with gcc (GCC) 10.2.1 20210217
kernel signature: aa7d4ad725f000c35c1c8e33689f2d93709166b07fa13410ce1e6ec6817bf8b4
run #0: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #1: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #2: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #3: crashed: SYZFAIL: wrong response packet
run #4: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #5: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #6: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #7: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #8: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #9: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #10: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #11: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #12: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #13: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #14: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #15: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #16: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #17: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #18: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #19: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
testing current HEAD d93a0d43e3d0ba9e19387be4dae4a8d5b175a8d7
testing commit d93a0d43e3d0ba9e19387be4dae4a8d5b175a8d7 with gcc (GCC) 10.2.1 20210217
kernel signature: 207d2128c5f6867ede4efd525aee6433c4962f24cdf974bcee49c4c6b241bb2b
run #0: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #1: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #2: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #3: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #4: crashed: SYZFAIL: wrong response packet
run #5: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #6: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #7: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #8: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
run #9: crashed: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
revisions tested: 2, total time: 23m39.759689079s (build: 15m59.594376426s, test: 7m6.167072853s)
the crash still happens on HEAD
commit msg: Merge tag 'block-5.12-2021-04-02' of git://git.kernel.dk/linux-block
crash: WARNING in carl9170_usb_submit_cmd_urb/usb_submit_urb
------------[ cut here ]------------
usb 4-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 8615 at drivers/usb/core/urb.c:493 usb_submit_urb+0x9fb/0x1270 drivers/usb/core/urb.c:493
Modules linked in:

CPU: 0 PID: 8615 Comm: kworker/0:6 Not tainted 5.12.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x9fb/0x1270 drivers/usb/core/urb.c:493
Code: 00 4c 89 5c 24 18 44 89 44 24 10 e8 9f be 25 ff 44 8b 44 24 10 44 89 f9 4c 89 ea 48 89 c6 48 c7 c7 20 e3 3a 89 e8 b0 5d 32 03 <0f> 0b 4c 8b 5c 24 18 e9 bd fa ff ff 48 8d 7d 1c 48 ba 00 00 00 00
RSP: 0018:ffffc90001d3efe0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff88fbb280 RDI: fffff520003a7dee
RBP: ffff8880258ef000 R08: 0000000000000001 R09: ffff8880ba0301a7
R10: ffffed1017406034 R11: 0000000000000001 R12: ffff888027c4bd00
R13: ffff88814194f5f0 R14: 0000000000000001 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055dac0dba8f0 CR3: 0000000010055000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 carl9170_usb_submit_cmd_urb+0x61/0xe0 drivers/net/wireless/ath/carl9170/usb.c:229
 carl9170_usb_disconnect+0x107/0x150 drivers/net/wireless/ath/carl9170/usb.c:1116
 usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458
 __device_release_driver+0x32f/0x660 drivers/base/dd.c:1156
 device_release_driver_internal drivers/base/dd.c:1187 [inline]
 device_release_driver+0x21/0x30 drivers/base/dd.c:1210
 usb_driver_release_interface drivers/usb/core/driver.c:631 [inline]
 usb_forced_unbind_intf+0x12c/0x1c0 drivers/usb/core/driver.c:1121
 usb_reset_device+0x31d/0x860 drivers/usb/core/hub.c:5964
 carl9170_usb_probe+0x43/0xd00 drivers/net/wireless/ath/carl9170/usb.c:1044
 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396
 really_probe+0x1fd/0xc60 drivers/base/dd.c:554
 driver_probe_device+0x1ed/0x380 drivers/base/dd.c:740
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:431
 __device_attach+0x1db/0x400 drivers/base/dd.c:914
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:491
 device_add+0x9eb/0x1ad0 drivers/base/core.c:3242
 usb_set_configuration+0x9fc/0x1750 drivers/usb/core/message.c:2164
 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238
 usb_probe_device+0x98/0x240 drivers/usb/core/driver.c:293
 really_probe+0x1fd/0xc60 drivers/base/dd.c:554
 driver_probe_device+0x1ed/0x380 drivers/base/dd.c:740
 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:431
 __device_attach+0x1db/0x400 drivers/base/dd.c:914
 bus_probe_device+0x19d/0x250 drivers/base/bus.c:491
 device_add+0x9eb/0x1ad0 drivers/base/core.c:3242
 usb_new_device.cold+0x69a/0xee1 drivers/usb/core/hub.c:2555
 hub_port_connect drivers/usb/core/hub.c:5223 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x10a3/0x36b0 drivers/usb/core/hub.c:5591
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294