Extracting prog: 2m35.689835288s
Minimizing prog: 6m33.772715728s
Simplifying prog options: 0s
Extracting C: 1m13.570514839s
Simplifying C: 25m37.807285772s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x253, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x241, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0xee, 0x5, "9ba3a369b6e5bfef30d69711364c9c87bb23c65e4baa7eef541527305455e57ec3218e1fe330bb77e670e02111669850cfc561f122a95546c6be62fd8c37a82727ebdf481908b9c152e2082ae1007c885f5a0c7bc4a21d1772d7604f9cf41cee4e338a66350cea49aef577d1398a14c788becb66654eaa592aa31de4c17bb91b2c3b1ec18ea2c30b681c43d17619b30b6ac91867b8620296eead935d9885d2ac7dad1ca4df418ea9ad80fe8affd3ae04320246b2e7b82362a3398648308ea1513b81d300e6c1641964fb3204b53f7abf738c943b0f8e83567780044bbfce0c4abf241e3aec5c60a5e7c7a0ea"}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
testing program (duration=55.016037838s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=55.016037838s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x1ea, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d8, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x2, 0x21}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0xee, 0x5, "9ba3a369b6e5bfef30d69711364c9c87bb23c65e4baa7eef541527305455e57ec3218e1fe330bb77e670e02111669850cfc561f122a95546c6be62fd8c37a82727ebdf481908b9c152e2082ae1007c885f5a0c7bc4a21d1772d7604f9cf41cee4e338a66350cea49aef577d1398a14c788becb66654eaa592aa31de4c17bb91b2c3b1ec18ea2c30b681c43d17619b30b6ac91867b8620296eead935d9885d2ac7dad1ca4df418ea9ad80fe8affd3ae04320246b2e7b82362a3398648308ea1513b81d300e6c1641964fb3204b53f7abf738c943b0f8e83567780044bbfce0c4abf241e3aec5c60a5e7c7a0ea"}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
testing program (duration=55.016037838s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x9a, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x88, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0x0, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
testing program (duration=55.016037838s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x167, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x155, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0x2, 0x5}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=55.016037838s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
simplifying C reproducer
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in corrupted
a never seen crash title: UBSAN: array-index-out-of-bounds in corrupted, ignore
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in corrupted
a never seen crash title: UBSAN: array-index-out-of-bounds in corrupted, ignore
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=55.016037838s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
reproducing took 36m0.840371248s
repro crashed as (corrupted=false):
usb 1-1: New USB device found, idVendor=01c0, idProduct=b26f, bcdDevice=e0.84
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in drivers/hid/usbhid/hid-core.c:1026:7
index 1 is out of range for type 'struct hid_class_descriptor[1]'
CPU: 1 UID: 0 PID: 3695 Comm: kworker/1:2 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 usbhid_parse+0x4ec/0xbd0 drivers/hid/usbhid/hid-core.c:1026
 hid_add_device+0x125/0x540 drivers/hid/hid-core.c:2874
 usbhid_probe+0xe13/0x12a0 drivers/hid/usbhid/hid-core.c:1432
 usb_probe_interface+0x641/0xbc0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26a/0x9a0 drivers/base/dd.c:657
 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799
 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:462
 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029
 bus_probe_device+0x185/0x260 drivers/base/bus.c:537
 device_add+0x7b6/0xb50 drivers/base/core.c:3692
 usb_set_configuration+0x1a87/0x20e0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c1/0x390 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26a/0x9a0 drivers/base/dd.c:657
 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799
 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:462
 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029
 bus_probe_device+0x185/0x260 drivers/base/bus.c:537
 device_add+0x7b6/0xb50 drivers/base/core.c:3692
 usb_new_device+0xa39/0x16c0 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2941/0x4a00 drivers/usb/core/hub.c:5913
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---

final repro crashed as (corrupted=false):
usb 1-1: New USB device found, idVendor=01c0, idProduct=b26f, bcdDevice=e0.84
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1: Product: syz
usb 1-1: Manufacturer: syz
usb 1-1: SerialNumber: syz
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in drivers/hid/usbhid/hid-core.c:1026:7
index 1 is out of range for type 'struct hid_class_descriptor[1]'
CPU: 1 UID: 0 PID: 3695 Comm: kworker/1:2 Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:231
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:453
 usbhid_parse+0x4ec/0xbd0 drivers/hid/usbhid/hid-core.c:1026
 hid_add_device+0x125/0x540 drivers/hid/hid-core.c:2874
 usbhid_probe+0xe13/0x12a0 drivers/hid/usbhid/hid-core.c:1432
 usb_probe_interface+0x641/0xbc0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26a/0x9a0 drivers/base/dd.c:657
 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799
 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:462
 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029
 bus_probe_device+0x185/0x260 drivers/base/bus.c:537
 device_add+0x7b6/0xb50 drivers/base/core.c:3692
 usb_set_configuration+0x1a87/0x20e0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c1/0x390 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26a/0x9a0 drivers/base/dd.c:657
 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799
 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:462
 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029
 bus_probe_device+0x185/0x260 drivers/base/bus.c:537
 device_add+0x7b6/0xb50 drivers/base/core.c:3692
 usb_new_device+0xa39/0x16c0 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5531 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5671 [inline]
 port_event drivers/usb/core/hub.c:5831 [inline]
 hub_event+0x2941/0x4a00 drivers/usb/core/hub.c:5913
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---