Extracting prog: 22m55.449513553s
Minimizing prog: 8m19.330166393s
Simplifying prog options: 0s
Extracting C: 56.698970618s
Simplifying C: 11m31.550730472s


extracting reproducer from 24 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syslog
detailed listing:
executing program 0:
syslog(0x2, 0x0, 0x0)

program did not crash
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$uac2
detailed listing:
executing program 0:
syz_usb_connect$uac2(0x3, 0xae, &(0x7f0000000280)=ANY=[@ANYBLOB="12015002000000101e04003040000102030109029c000301004000080b000201032005090400000001012000092401ffff012300030c2403020404fc02030700ff07240c07eb084307240c0680030409040100000102200009040101010102200009240271648425040710240102f1010000000003e207000004090501090002"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a4b990"], 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$uac3
detailed listing:
executing program 0:
syz_usb_connect$uac3(0x3, 0x97, &(0x7f00000000c0)=ANY=[@ANYBLOB="120110010000004035121280400001020301090285000301f51005080b0001012330090904000000010130000a24010f0a00ff07000009040100"], 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
detailed listing:
executing program 1:
syz_usb_connect$uac3(0x3, 0xa7, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0xd8c, 0xc, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x95, 0x3, 0x1, 0x1, 0x40, 0x10, {0x8, 0xb, 0x0, 0x1, 0x1, 0x1, 0x30, 0x7}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x10, 0x31, 0xb}, [@input_terminal={0x14, 0x24, 0x2, 0x4, 0x206, 0x3, 0x5, 0x5, 0x9, 0x8b, 0x1d7, 0x5}, @output_terminal={0x13, 0x24, 0x3, 0x1, 0x101, 0x3, 0x5, 0x4, 0x4, 0x7ff, 0x5, 0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x40, 0xd4, 0x84, {0xa, 0x25, 0x25, 0x0, 0x1, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x210, 0xfa, 0xa, 0x2, {0xa, 0x25, 0x25, 0x889e, 0x5, 0x9}}}}}}}}]}}, 0x0)
executing program 3:
listns(&(0x7f0000000480)={0x20, 0x0, 0x6, 0x20000000}, 0x0, 0x0, 0x0)
executing program 3:
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001964d408861a92e03f53010203010902240001020010030904"], 0x0)
executing program 1:
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x21)
executing program 1:
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000087f2bb4024042c017e22010203010902240001020000000904ae0002c39c2a0009059e02ff03000000090582"], 0x0)
executing program 3:
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='ext2\x00', 0x208000, 0x0)
executing program 3:
syz_usb_connect(0x0, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e010000084101", @ANYBLOB], 0x0)
executing program 1:
syz_usb_connect(0x2, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
executing program 3:
syz_usb_connect$uac1(0x3, 0x72, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0xdba, 0x5000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x60, 0x3, 0x1, 0x42, 0xc0, 0x73, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xff6d, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x6, 0x30, 0x6, {0x7, 0x25, 0x1, 0x4, 0xaf, 0xff64}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x2, 0x6, 0x45, {0x7, 0x25, 0x1, 0xc, 0x3, 0xbc6}}}}}}}}]}}, 0x0)
executing program 0:
socket$tipc(0x1e, 0x7, 0x0)
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000046617210460d11208f820102030109021b0001000000000904"], 0x0)
executing program 1:
listns(0x0, 0x0, 0x0, 0x0)
executing program 1:
syz_usb_connect$uac3(0x3, 0x97, &(0x7f00000000c0)=ANY=[@ANYBLOB="120110010000004035121280400001020301090285000301f51005080b0001012330090904000000010130000a24010f0a00ff07000009040100"], 0x0)
executing program 2:
mount$9p_tcp(&(0x7f0000002940), &(0x7f0000002980)='.\x00', &(0x7f00000029c0), 0x800000, &(0x7f0000002a00)={'trans=tcp,', {'port', 0x3d, 0x4e24}})
executing program 2:
flock(0xffffffffffffffff, 0x3fc0fe33fd5c63f2)
executing program 2:
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f00000000c0)="0100000002", 0x5, 0xffffffffffffffff)
executing program 2:
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0xfffffffc)
executing program 3:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a4b990"], 0x0)
executing program 2:
listns(&(0x7f0000000080)={0x20, 0xf4240, 0xa, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0)
executing program 2:
syz_usb_connect$uac2(0x3, 0xae, &(0x7f0000000280)=ANY=[@ANYBLOB="12015002000000101e04003040000102030109029c000301004000080b000201032005090400000001012000092401ffff012300030c2403020404fc02030700ff07240c07eb084307240c0680030409040100000102200009040101010102200009240271648425040710240102f1010000000003e207000004090501090002"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
executing program 0:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_mode_change={{0x14, 0x6}, {0x3, 0xc9, 0x0, 0x4}}}, 0x9)
executing program 0:
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0xffffffffdf003fff, 0x0)
executing program 0:
timer_create(0x490bf5559153247f, 0x0, &(0x7f0000000200))
executing program 0:
syslog(0x2, 0x0, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 4 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syslog
detailed listing:
executing program 0:
syslog(0x2, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$uac2
detailed listing:
executing program 0:
syz_usb_connect$uac2(0x3, 0xae, &(0x7f0000000280)=ANY=[@ANYBLOB="12015002000000101e04003040000102030109029c000301004000080b000201032005090400000001012000092401ffff012300030c2403020404fc02030700ff07240c07eb084307240c0680030409040100000102200009040101010102200009240271648425040710240102f1010000000003e207000004090501090002"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a4b990"], 0x0)

program crashed: WARNING in __alloc_workqueue
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB], 0x0)

program crashed: WARNING in __alloc_workqueue
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB], 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: WARNING in __alloc_workqueue
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB], 0x0)

program crashed: WARNING in __alloc_workqueue
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB], 0x0)

program crashed: WARNING in __alloc_workqueue
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ba871a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB], 0x0)

program crashed: WARNING in __alloc_workqueue
validation run: crashed=true
reproducing took 50m18.207888469s
repro crashed as (corrupted=false):
usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
workqueue: ath6kl_wq is using neither WQ_PERCPU or WQ_UNBOUND. Setting WQ_PERCPU.
WARNING: kernel/workqueue.c:5856 at __alloc_workqueue+0x1d02/0x2070 kernel/workqueue.c:5855, CPU#0: kworker/0:3/5630
Modules linked in:
CPU: 0 UID: 0 PID: 5630 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
RIP: 0010:__alloc_workqueue+0x1d07/0x2070 kernel/workqueue.c:5855
Code: e9 36 f9 ff ff e8 e9 89 37 00 e9 05 fb ff ff e8 df 89 37 00 e9 92 fb ff ff e8 d5 89 37 00 48 8d 3d 1e b7 43 0e 48 8b 74 24 20 <67> 48 0f b9 3a 81 cd 00 01 00 00 e9 88 e5 ff ff e8 b4 89 37 00 48
RSP: 0018:ffffc90004606bc8 EFLAGS: 00010293
RAX: ffffffff818e312b RBX: 0000000000000000 RCX: ffff8880342dbe00
RDX: 0000000000000000 RSI: ffff8880448f3d68 RDI: ffffffff8fd1e850
RBP: 0000000000000000 R08: ffff8880342dbe00 R09: 0000000000000002
R10: 0000000000000100 R11: 0000000000000102 R12: dffffc0000000000
R13: ffff8880448f3c00 R14: ffffc90004606ce0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a76000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdb09f620f5 CR3: 0000000028f60000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 alloc_workqueue_va kernel/workqueue.c:5950 [inline]
 alloc_workqueue_noprof+0xe3/0x210 kernel/workqueue.c:5966
 ath6kl_usb_create drivers/net/wireless/ath/ath6kl/usb.c:639 [inline]
 ath6kl_usb_probe+0xaa/0x1580 drivers/net/wireless/ath/ath6kl/usb.c:1143
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:706
 __driver_probe_device+0x1e2/0x350 drivers/base/dd.c:868
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:898
 __device_attach_driver+0x270/0x410 drivers/base/dd.c:1026
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1098
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1153
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
 device_add+0x7ec/0xb90 drivers/base/core.c:3772
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:706
 __driver_probe_device+0x1e2/0x350 drivers/base/dd.c:868
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:898
 __device_attach_driver+0x270/0x410 drivers/base/dd.c:1026
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1098
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1153
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
 device_add+0x7ec/0xb90 drivers/base/core.c:3772
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x98b/0x1630 kernel/workqueue.c:3326
 process_scheduled_works kernel/workqueue.c:3409 [inline]
 worker_thread+0xb49/0x1140 kernel/workqueue.c:3490
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	e9 36 f9 ff ff       	jmp    0xfffff93b
   5:	e8 e9 89 37 00       	call   0x3789f3
   a:	e9 05 fb ff ff       	jmp    0xfffffb14
   f:	e8 df 89 37 00       	call   0x3789f3
  14:	e9 92 fb ff ff       	jmp    0xfffffbab
  19:	e8 d5 89 37 00       	call   0x3789f3
  1e:	48 8d 3d 1e b7 43 0e 	lea    0xe43b71e(%rip),%rdi        # 0xe43b743
  25:	48 8b 74 24 20       	mov    0x20(%rsp),%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	81 cd 00 01 00 00    	or     $0x100,%ebp
  35:	e9 88 e5 ff ff       	jmp    0xffffe5c2
  3a:	e8 b4 89 37 00       	call   0x3789f3
  3f:	48                   	rex.W

final repro crashed as (corrupted=false):
usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
------------[ cut here ]------------
workqueue: ath6kl_wq is using neither WQ_PERCPU or WQ_UNBOUND. Setting WQ_PERCPU.
WARNING: kernel/workqueue.c:5856 at __alloc_workqueue+0x1d02/0x2070 kernel/workqueue.c:5855, CPU#0: kworker/0:3/5630
Modules linked in:
CPU: 0 UID: 0 PID: 5630 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
RIP: 0010:__alloc_workqueue+0x1d07/0x2070 kernel/workqueue.c:5855
Code: e9 36 f9 ff ff e8 e9 89 37 00 e9 05 fb ff ff e8 df 89 37 00 e9 92 fb ff ff e8 d5 89 37 00 48 8d 3d 1e b7 43 0e 48 8b 74 24 20 <67> 48 0f b9 3a 81 cd 00 01 00 00 e9 88 e5 ff ff e8 b4 89 37 00 48
RSP: 0018:ffffc90004606bc8 EFLAGS: 00010293
RAX: ffffffff818e312b RBX: 0000000000000000 RCX: ffff8880342dbe00
RDX: 0000000000000000 RSI: ffff8880448f3d68 RDI: ffffffff8fd1e850
RBP: 0000000000000000 R08: ffff8880342dbe00 R09: 0000000000000002
R10: 0000000000000100 R11: 0000000000000102 R12: dffffc0000000000
R13: ffff8880448f3c00 R14: ffffc90004606ce0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a76000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdb09f620f5 CR3: 0000000028f60000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 alloc_workqueue_va kernel/workqueue.c:5950 [inline]
 alloc_workqueue_noprof+0xe3/0x210 kernel/workqueue.c:5966
 ath6kl_usb_create drivers/net/wireless/ath/ath6kl/usb.c:639 [inline]
 ath6kl_usb_probe+0xaa/0x1580 drivers/net/wireless/ath/ath6kl/usb.c:1143
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:706
 __driver_probe_device+0x1e2/0x350 drivers/base/dd.c:868
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:898
 __device_attach_driver+0x270/0x410 drivers/base/dd.c:1026
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1098
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1153
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
 device_add+0x7ec/0xb90 drivers/base/core.c:3772
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:706
 __driver_probe_device+0x1e2/0x350 drivers/base/dd.c:868
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:898
 __device_attach_driver+0x270/0x410 drivers/base/dd.c:1026
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1098
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1153
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:620
 device_add+0x7ec/0xb90 drivers/base/core.c:3772
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x98b/0x1630 kernel/workqueue.c:3326
 process_scheduled_works kernel/workqueue.c:3409 [inline]
 worker_thread+0xb49/0x1140 kernel/workqueue.c:3490
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	e9 36 f9 ff ff       	jmp    0xfffff93b
   5:	e8 e9 89 37 00       	call   0x3789f3
   a:	e9 05 fb ff ff       	jmp    0xfffffb14
   f:	e8 df 89 37 00       	call   0x3789f3
  14:	e9 92 fb ff ff       	jmp    0xfffffbab
  19:	e8 d5 89 37 00       	call   0x3789f3
  1e:	48 8d 3d 1e b7 43 0e 	lea    0xe43b71e(%rip),%rdi        # 0xe43b743
  25:	48 8b 74 24 20       	mov    0x20(%rsp),%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	81 cd 00 01 00 00    	or     $0x100,%ebp
  35:	e9 88 e5 ff ff       	jmp    0xffffe5c2
  3a:	e8 b4 89 37 00       	call   0x3789f3
  3f:	48                   	rex.W