Extracting prog: 1m15.432545808s
Minimizing prog: 3m46.215362592s
Simplifying prog options: 1m47.388832346s
Extracting C: 29.936497137s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)

program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=35.771732215s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
program did not crash
simplifying guilty program options
testing program (duration=35.771732215s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
extracting C reproducer
testing compiled C program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
program did not crash
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
testing program (duration=35.771732215s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe6b}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
reproducing took 11m10.24126736s
repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff8880298ce600 submitted while active
WARNING: CPU: 3 PID: 6127 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1519/0x1770 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 3 UID: 0 PID: 6127 Comm: usb-storage Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:usb_submit_urb+0x1519/0x1770 drivers/usb/core/urb.c:379
Code: fd eb cb bb fe ff ff ff e9 96 f3 ff ff e8 df f5 79 fa c6 05 15 32 52 09 01 90 48 c7 c7 00 0f 74 8c 48 89 de e8 e8 9c 38 fa 90 <0f> 0b 90 90 e9 ac fe ff ff bb f8 ff ff ff e9 66 f3 ff ff 48 89 ef
RSP: 0018:ffffc900041976e8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880298ce600 RCX: ffffffff817a4388
RDX: ffff888027bac880 RSI: ffffffff817a4395 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888035c24e90
R13: ffff888035c24e08 R14: ffffc900041977a8 R15: ffff8880298ce600
FS:  0000000000000000(0000) GS:ffff8880d69b1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005604661ae550 CR3: 00000000517df000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 usb_stor_msg_common+0x23f/0x560 drivers/usb/storage/transport.c:143
 usb_stor_bulk_transfer_buf+0x17c/0x410 drivers/usb/storage/transport.c:395
 ene_send_scsi_cmd+0x130/0x610 drivers/usb/storage/ene_ub6250.c:502
 ene_init drivers/usb/storage/ene_ub6250.c:2197 [inline]
 ene_transport+0x13fd/0x37f0 drivers/usb/storage/ene_ub6250.c:2310
 usb_stor_invoke_transport+0xeb/0x1570 drivers/usb/storage/transport.c:611
 usb_stor_control_thread+0x5eb/0xb00 drivers/usb/storage/usb.c:462
 kthread+0x3c2/0x780 kernel/kthread.c:463
 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff8880298ce600 submitted while active
WARNING: CPU: 3 PID: 6127 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1519/0x1770 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 3 UID: 0 PID: 6127 Comm: usb-storage Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:usb_submit_urb+0x1519/0x1770 drivers/usb/core/urb.c:379
Code: fd eb cb bb fe ff ff ff e9 96 f3 ff ff e8 df f5 79 fa c6 05 15 32 52 09 01 90 48 c7 c7 00 0f 74 8c 48 89 de e8 e8 9c 38 fa 90 <0f> 0b 90 90 e9 ac fe ff ff bb f8 ff ff ff e9 66 f3 ff ff 48 89 ef
RSP: 0018:ffffc900041976e8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff8880298ce600 RCX: ffffffff817a4388
RDX: ffff888027bac880 RSI: ffffffff817a4395 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888035c24e90
R13: ffff888035c24e08 R14: ffffc900041977a8 R15: ffff8880298ce600
FS:  0000000000000000(0000) GS:ffff8880d69b1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005604661ae550 CR3: 00000000517df000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 usb_stor_msg_common+0x23f/0x560 drivers/usb/storage/transport.c:143
 usb_stor_bulk_transfer_buf+0x17c/0x410 drivers/usb/storage/transport.c:395
 ene_send_scsi_cmd+0x130/0x610 drivers/usb/storage/ene_ub6250.c:502
 ene_init drivers/usb/storage/ene_ub6250.c:2197 [inline]
 ene_transport+0x13fd/0x37f0 drivers/usb/storage/ene_ub6250.c:2310
 usb_stor_invoke_transport+0xeb/0x1570 drivers/usb/storage/transport.c:611
 usb_stor_control_thread+0x5eb/0xb00 drivers/usb/storage/usb.c:462
 kthread+0x3c2/0x780 kernel/kthread.c:463
 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>