bisecting fixing commit since e0756cfc7d7cd08c98a53b6009c091a3f6a50be6
building syzkaller on 2bd9619f762176527aaf28fb26e4a08b614b55df
testing commit e0756cfc7d7cd08c98a53b6009c091a3f6a50be6 with gcc (GCC) 10.2.1 20210217
kernel signature: bceed644d4144440c16bb030018786db490d0abb833b2748d16e15eea66bd3b5
all runs: crashed: WARNING in hif_usb_send/usb_submit_urb
testing current HEAD 6b00bc639f1f2beeff3595e1bab9faaa51d23b01
testing commit 6b00bc639f1f2beeff3595e1bab9faaa51d23b01 with gcc (GCC) 10.2.1 20210217
kernel signature: 0fc3881cc2a053069b63008441ed295f52a825f98edc151ef614a20eb5ebcaa8
all runs: crashed: WARNING in hif_usb_send/usb_submit_urb
revisions tested: 2, total time: 23m36.069085494s (build: 14m8.177555561s, test: 8m47.184802386s)
the crash still happens on HEAD
commit msg: Merge tag 'dmaengine-fix-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
crash: WARNING in hif_usb_send/usb_submit_urb
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 10085 at drivers/usb/core/urb.c:493 usb_submit_urb+0x9fb/0x1270 drivers/usb/core/urb.c:493
Modules linked in:
CPU: 0 PID: 10085 Comm: kworker/0:6 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
RIP: 0010:usb_submit_urb+0x9fb/0x1270 drivers/usb/core/urb.c:493
Code: 00 4c 89 5c 24 18 44 89 44 24 10 e8 ef 2d 24 ff 44 8b 44 24 10 44 89 f9 4c 89 ea 48 89 c6 48 c7 c7 e0 97 3a 89 e8 1a 45 35 03 <0f> 0b 4c 8b 5c 24 18 e9 bd fa ff ff 48 8d 7d 1c 48 ba 00 00 00 00
RSP: 0018:ffffc9000a787858 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff520014f0efd
RBP: ffff888025abd000 R08: 0000000000000001 R09: ffff8880ba01fa5b
R10: ffffed1017403f4b R11: 3a312d3120627375 R12: ffff8880137cff00
R13: ffff88801c66dc80 R14: 0000000000000001 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa91f1c4000 CR3: 0000000028cb7000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]
 hif_usb_send+0x42a/0xd50 drivers/net/wireless/ath/ath9k/hif_usb.c:479
 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
 htc_connect_service+0x697/0x970 drivers/net/wireless/ath/ath9k/htc_hst.c:275
 ath9k_wmi_connect+0xcc/0x190 drivers/net/wireless/ath/ath9k/wmi.c:267
 ath9k_init_htc_services.constprop.0+0xaf/0x540 drivers/net/wireless/ath/ath9k/htc_drv_init.c:146
 ath9k_htc_probe_device+0x237/0x1d80 drivers/net/wireless/ath/ath9k/htc_drv_init.c:960
 ath9k_htc_hw_init+0x8/0x20 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x23b/0x4d0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x126/0x230 drivers/base/firmware_loader/main.c:1081
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2276
 worker_thread+0x598/0xf80 kernel/workqueue.c:2422
 kthread+0x36f/0x450 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294