Extracting prog: 14m24.136920701s
Minimizing prog: 3h27m56.15886852s
Simplifying prog options: 0s
Extracting C: 2m47.003021706s
Simplifying C: 42m24.424710614s


30 programs, 3 VMs, timeouts [6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-syz_genetlink_get_family_id$ipvs-sendmsg$IPVS_CMD_SET_INFO-sendmsg$NFT_BATCH-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0xb4, r1, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x401}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xd6f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_FLAGS={0x0, 0xf, 0x5ea}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@empty}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x46}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x3, 0x8, 0x80000001}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000002878a2c60000000200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route-socket$packet-setsockopt$packet_tx_ring-mmap-futex-openat$sndseq-bpf$PROG_LOAD-socket-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS-writev-signalfd4-socket$inet6_tcp-syz_open_procfs-fcntl$dupfd-open_tree-close_range-socket$igmp-open$dir-fanotify_mark-setsockopt$SO_TIMESTAMP-getsockopt$SO_TIMESTAMP-socket-mq_getsetattr-socket-setsockopt$netlink_NETLINK_TX_RING-socket$netlink-sendmsg$nl_route-socket$nl_netfilter
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe"], 0x24}}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req={0x0, 0x16d, 0x0, 0x3}, 0x10)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0)
futex(0x0, 0xb, 0x0, 0x0, &(0x7f0000004000), 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x505e81)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x4e}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xcb, &(0x7f0000000300)=""/203, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x90)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, &(0x7f0000000180))
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000000c0), &(0x7f0000000080)=0xfe7c)
writev(r2, &(0x7f0000000440)=[{&(0x7f00000002c0)="f3810844e6b3f8759295095a5b5a9cbbc563f9fe9a9d17297ab6f5a4", 0x1c}], 0x1)
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
r7 = fcntl$dupfd(r6, 0x0, r6)
open_tree(r7, &(0x7f0000000000)='./mnt\x00', 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
r9 = open$dir(&(0x7f0000000080)='./mnt\x00', 0x420000, 0x1c9)
fanotify_mark(r7, 0x1ff, 0x8002020, r9, &(0x7f00000000c0)='./mnt\x00')
setsockopt$SO_TIMESTAMP(r8, 0x1, 0x1d, &(0x7f0000000040)=0x7, 0x4)
getsockopt$SO_TIMESTAMP(r8, 0x1, 0x3f, 0x0, &(0x7f0000000000))
socket(0x28, 0x7, 0x0)
mq_getsetattr(r4, 0x0, 0x0)
r10 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000100)={0x8604}, 0x10)
socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x1c}}, 0x20008844)
socket$nl_netfilter(0x10, 0x3, 0xc)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat-pwrite64-sendfile-pselect6-execveat-setsockopt$inet6_int
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000080)='=', 0x1, 0x800b5eb)
sendfile(0xffffffffffffffff, r6, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1100)
setsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x0, 0x0, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
single: successfully extracted reproducer
found reproducer with 27 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat-pwrite64-sendfile-pselect6-execveat
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000080)='=', 0x1, 0x800b5eb)
sendfile(0xffffffffffffffff, r6, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1100)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat-pwrite64-sendfile-pselect6
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000080)='=', 0x1, 0x800b5eb)
sendfile(0xffffffffffffffff, r6, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat-pwrite64-sendfile
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000080)='=', 0x1, 0x800b5eb)
sendfile(0xffffffffffffffff, r6, 0x0, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat-pwrite64
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000080)='=', 0x1, 0x800b5eb)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4-openat
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4-signalfd4
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)
signalfd4(r5, &(0x7f0000000140), 0x8, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range-signalfd4
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000180), 0x8, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
io_uring_setup(0x3367, &(0x7f00000000c0))
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_disconnect-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r4)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_open_dev$evdev-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r4, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-io_uring_setup-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = io_uring_setup(0x3367, &(0x7f00000000c0))
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-ioctl$TCFLSH-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-openat$binderfs_ctrl-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs2/binder-control\x00', 0x2, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-ioctl$KVM_CREATE_VCPU-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-ioctl$TIOCSETD-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-openat$ptmx-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r2, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={r1, 0x0, 0x0}, 0x20)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r2, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_CREATE-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x0, 0x1014}, 0x48)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-syz_open_dev$usbfs-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bind$inet6-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x2fd, 0x0, 0x10, 0x0, 0x0})
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
detailed listing:
executing program 0:
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program crashed: WARNING in wdm_rxwork/usb_submit_urb
simplifying C reproducer
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program did not crash
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program did not crash
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program did not crash
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program crashed: WARNING in wdm_rxwork/usb_submit_urb
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program did not crash
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bind$inet6-syz_open_dev$usbfs-ioctl$USBDEVFS_CONTROL-bpf$MAP_GET_NEXT_KEY-syz_open_dev$evdev-syz_usb_disconnect-syz_usb_connect$cdc_ncm-ioctl$EVIOCRMFF-syz_open_dev$char_usb-close_range
program crashed: WARNING in wdm_rxwork/usb_submit_urb
reproducing took 4h27m31.72353781s
repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff88801a2dbe00 submitted while active
WARNING: CPU: 1 PID: 25 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x18c0 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 1 PID: 25 Comm: kworker/1:0 Not tainted 6.10.0-rc4-syzkaller-00301-g5f583a3162ff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Workqueue: events wdm_rxwork
RIP: 0010:usb_submit_urb+0x1039/0x18c0 drivers/usb/core/urb.c:379
Code: 00 eb 66 e8 39 54 7a fa e9 79 f0 ff ff e8 2f 54 7a fa c6 05 a5 f9 7b 08 01 90 48 c7 c7 80 92 6d 8c 4c 89 ee e8 18 84 3c fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 09 54 7a fa eb 12 e8 02 54 7a fa 41
RSP: 0018:ffffc900001f7ae8 EFLAGS: 00010246
RAX: 0fc794dbbb627200 RBX: 0000000000000cc0 RCX: ffff888017af1e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88801a2dbe08 R08: ffffffff81585822 R09: fffffbfff1c39994
R10: dffffc0000000000 R11: fffffbfff1c39994 R12: 1ffff11004658b12
R13: ffff88801a2dbe00 R14: dffffc0000000000 R15: ffff8880232c5828
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fab993e765c CR3: 00000000796ec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 wdm_rxwork+0x116/0x1f0 drivers/usb/class/cdc-wdm.c:989
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
URB ffff88801a2dbe00 submitted while active
WARNING: CPU: 1 PID: 25 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x18c0 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 1 PID: 25 Comm: kworker/1:0 Not tainted 6.10.0-rc4-syzkaller-00301-g5f583a3162ff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Workqueue: events wdm_rxwork
RIP: 0010:usb_submit_urb+0x1039/0x18c0 drivers/usb/core/urb.c:379
Code: 00 eb 66 e8 39 54 7a fa e9 79 f0 ff ff e8 2f 54 7a fa c6 05 a5 f9 7b 08 01 90 48 c7 c7 80 92 6d 8c 4c 89 ee e8 18 84 3c fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 09 54 7a fa eb 12 e8 02 54 7a fa 41
RSP: 0018:ffffc900001f7ae8 EFLAGS: 00010246
RAX: 0fc794dbbb627200 RBX: 0000000000000cc0 RCX: ffff888017af1e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88801a2dbe08 R08: ffffffff81585822 R09: fffffbfff1c39994
R10: dffffc0000000000 R11: fffffbfff1c39994 R12: 1ffff11004658b12
R13: ffff88801a2dbe00 R14: dffffc0000000000 R15: ffff8880232c5828
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fab993e765c CR3: 00000000796ec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 wdm_rxwork+0x116/0x1f0 drivers/usb/class/cdc-wdm.c:989
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>