Extracting prog: 2m17.719460678s
Minimizing prog: 18m16.439773078s
Simplifying prog options: 3m36.692711691s
Extracting C: 53.525985929s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-ioctl$EVIOCGBITSW-ioctl$EVIOCGBITSW-syz_usb_connect-syz_usb_disconnect-syz_usb_control_io$cdc_ncm
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0) (async)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
single: successfully extracted reproducer
found reproducer with 9 syscalls
minimizing guilty program
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-ioctl$EVIOCGBITSW-ioctl$EVIOCGBITSW-syz_usb_connect-syz_usb_disconnect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0) (async)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)
syz_usb_disconnect(0xffffffffffffffff)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-ioctl$EVIOCGBITSW-ioctl$EVIOCGBITSW-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0) (async)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-ioctl$EVIOCGBITSW-ioctl$EVIOCGBITSW
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0) (async)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0)

program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-ioctl$EVIOCGBITSW-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5460, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_ep_write$ath9k_ep1-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e15", @ANYRESOCT=0x0])
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$evdev-syz_usb_connect
detailed listing:
executing program 0:
syz_open_dev$evdev(0x0, 0x9, 0x8000) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=49.806594948s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
program did not crash
simplifying guilty program options
testing program (duration=49.806594948s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
extracting C reproducer
testing compiled C program (duration=49.806594948s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
program did not crash
testing program (duration=49.806594948s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
testing program (duration=49.806594948s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
testing program (duration=49.806594948s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa1, 0xd8, 0xff, 0x20, 0xcf2, 0x6250, 0x4642, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x4, 0x10, 0x0, [{{0x9, 0x4, 0x36, 0x10, 0x2, 0xc7, 0x3, 0xe8, 0x8, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

program crashed: WARNING in usb_stor_msg_common/usb_submit_urb
validation run: crashed=true
reproducing took 30m28.45711144s
repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff88814d3e2800 submitted while active
WARNING: drivers/usb/core/urb.c:379 at usb_submit_urb+0xfbe/0x1830 drivers/usb/core/urb.c:379, CPU#0: usb-storage/5995
Modules linked in:
CPU: 0 UID: 0 PID: 5995 Comm: usb-storage Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:usb_submit_urb+0xfbe/0x1830 drivers/usb/core/urb.c:379
Code: 44 89 f2 e8 34 b4 fd f9 e9 13 fc ff ff e8 0a 17 91 fa c6 05 a9 ab 7d 08 01 90 48 c7 c7 00 49 36 8c 48 89 de e8 b3 b4 54 fa 90 <0f> 0b 90 90 e9 ba f0 ff ff e8 e4 16 91 fa eb 11 e8 dd 16 91 fa bd
RSP: 0018:ffffc900033f7330 EFLAGS: 00010246
RAX: 8c24179e59ab8700 RBX: ffff88814d3e2800 RCX: ffff888030f65a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffc900033f74f8 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3a428 R12: dffffc0000000000
R13: ffff888028b04f60 R14: ffff88814d3e2808 R15: 0000000000000c00
FS:  0000000000000000(0000) GS:ffff8881259e6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe9443dfe0 CR3: 0000000033bee000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 usb_stor_msg_common+0x27c/0x4b0 drivers/usb/storage/transport.c:143
 usb_stor_bulk_transfer_buf+0x151/0x2a0 drivers/usb/storage/transport.c:395
 ene_send_scsi_cmd+0x10d/0x5f0 drivers/usb/storage/ene_ub6250.c:502
 ene_get_card_type drivers/usb/storage/ene_ub6250.c:1843 [inline]
 ene_init+0x14f/0x380 drivers/usb/storage/ene_ub6250.c:2197
 ene_transport+0x39b6/0x4660 drivers/usb/storage/ene_ub6250.c:2310
 usb_stor_invoke_transport+0x107/0x19c0 drivers/usb/storage/transport.c:611
 usb_stor_control_thread+0x450/0x8e0 drivers/usb/storage/usb.c:462
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff88814d3e2800 submitted while active
WARNING: drivers/usb/core/urb.c:379 at usb_submit_urb+0xfbe/0x1830 drivers/usb/core/urb.c:379, CPU#0: usb-storage/5995
Modules linked in:
CPU: 0 UID: 0 PID: 5995 Comm: usb-storage Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:usb_submit_urb+0xfbe/0x1830 drivers/usb/core/urb.c:379
Code: 44 89 f2 e8 34 b4 fd f9 e9 13 fc ff ff e8 0a 17 91 fa c6 05 a9 ab 7d 08 01 90 48 c7 c7 00 49 36 8c 48 89 de e8 b3 b4 54 fa 90 <0f> 0b 90 90 e9 ba f0 ff ff e8 e4 16 91 fa eb 11 e8 dd 16 91 fa bd
RSP: 0018:ffffc900033f7330 EFLAGS: 00010246
RAX: 8c24179e59ab8700 RBX: ffff88814d3e2800 RCX: ffff888030f65a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffc900033f74f8 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3a428 R12: dffffc0000000000
R13: ffff888028b04f60 R14: ffff88814d3e2808 R15: 0000000000000c00
FS:  0000000000000000(0000) GS:ffff8881259e6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe9443dfe0 CR3: 0000000033bee000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 usb_stor_msg_common+0x27c/0x4b0 drivers/usb/storage/transport.c:143
 usb_stor_bulk_transfer_buf+0x151/0x2a0 drivers/usb/storage/transport.c:395
 ene_send_scsi_cmd+0x10d/0x5f0 drivers/usb/storage/ene_ub6250.c:502
 ene_get_card_type drivers/usb/storage/ene_ub6250.c:1843 [inline]
 ene_init+0x14f/0x380 drivers/usb/storage/ene_ub6250.c:2197
 ene_transport+0x39b6/0x4660 drivers/usb/storage/ene_ub6250.c:2310
 usb_stor_invoke_transport+0x107/0x19c0 drivers/usb/storage/transport.c:611
 usb_stor_control_thread+0x450/0x8e0 drivers/usb/storage/usb.c:462
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>