Extracting prog: 3m17.972985756s
Minimizing prog: 7m56.612699743s
Simplifying prog options: 0s
Extracting C: 45.577798513s
Simplifying C: 6m35.7905744s


1 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x253, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x241, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0xee, 0x5, "9ba3a369b6e5bfef30d69711364c9c87bb23c65e4baa7eef541527305455e57ec3218e1fe330bb77e670e02111669850cfc561f122a95546c6be62fd8c37a82727ebdf481908b9c152e2082ae1007c885f5a0c7bc4a21d1772d7604f9cf41cee4e338a66350cea49aef577d1398a14c788becb66654eaa592aa31de4c17bb91b2c3b1ec18ea2c30b681c43d17619b30b6ac91867b8620296eead935d9885d2ac7dad1ca4df418ea9ad80fe8affd3ae04320246b2e7b82362a3398648308ea1513b81d300e6c1641964fb3204b53f7abf738c943b0f8e83567780044bbfce0c4abf241e3aec5c60a5e7c7a0ea"}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x253, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x241, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0xee, 0x5, "9ba3a369b6e5bfef30d69711364c9c87bb23c65e4baa7eef541527305455e57ec3218e1fe330bb77e670e02111669850cfc561f122a95546c6be62fd8c37a82727ebdf481908b9c152e2082ae1007c885f5a0c7bc4a21d1772d7604f9cf41cee4e338a66350cea49aef577d1398a14c788becb66654eaa592aa31de4c17bb91b2c3b1ec18ea2c30b681c43d17619b30b6ac91867b8620296eead935d9885d2ac7dad1ca4df418ea9ad80fe8affd3ae04320246b2e7b82362a3398648308ea1513b81d300e6c1641964fb3204b53f7abf738c943b0f8e83567780044bbfce0c4abf241e3aec5c60a5e7c7a0ea"}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x1ea, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d8, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x2, 0x21}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0xee, 0x5, "9ba3a369b6e5bfef30d69711364c9c87bb23c65e4baa7eef541527305455e57ec3218e1fe330bb77e670e02111669850cfc561f122a95546c6be62fd8c37a82727ebdf481908b9c152e2082ae1007c885f5a0c7bc4a21d1772d7604f9cf41cee4e338a66350cea49aef577d1398a14c788becb66654eaa592aa31de4c17bb91b2c3b1ec18ea2c30b681c43d17619b30b6ac91867b8620296eead935d9885d2ac7dad1ca4df418ea9ad80fe8affd3ae04320246b2e7b82362a3398648308ea1513b81d300e6c1641964fb3204b53f7abf738c943b0f8e83567780044bbfce0c4abf241e3aec5c60a5e7c7a0ea"}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x9a, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x88, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0x0, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x167, &(0x7f0000000340)={{0x12, 0x1, 0x200, 0x6, 0xfb, 0x8b, 0x40, 0x1c0, 0xb26f, 0xe084, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x155, 0x2, 0x9, 0x81, 0x40, 0x9, [{{0x9, 0x4, 0x32, 0x7, 0xf, 0x3, 0xd5, 0x22, 0x2, [@generic={0x6b, 0x21, "9980ab1cd4157f86d648cd84046cb0bb3e524f2820495a2d83e938b71bedffab556ec71a92b96891ab047122e09d35675e2afc804eaa9ecf64a855d76121656a8244d22f6f3ac23bc2fb95a2fb6ce5c9b0ddb99374181b0d9a8ad7c0011a40699d049a7015743aafcb"}, @generic={0x2, 0x2}], [{{0x9, 0x5, 0x0, 0x2, 0x40, 0x8, 0x5, 0xf7}}, {{0x9, 0x5, 0x9, 0x1, 0x0, 0x2, 0xb, 0x1}}, {{0x9, 0x5, 0xa, 0x4, 0x3ff, 0x5, 0x9, 0x1, [@generic={0x2, 0x5}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x5, 0x23, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfd, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x3b3}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x55, 0xd, 0x53}}, {{0x9, 0x5, 0x80, 0x10, 0x230, 0x4, 0x7, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x80, 0x6}]}}, {{0x9, 0x5, 0x5, 0x1, 0x200, 0x6, 0x6, 0x5, [@generic={0x2, 0xe}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x4c, 0x7}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x5, 0x57, 0x7}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x4, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x9, 0x40, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x20, 0x7}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x80, 0xd, 0xd, [@generic={0x2, 0xc}]}}, {{0x9, 0x5, 0xd, 0x1a, 0x0, 0xf, 0x57, 0x6, [@generic={0x2, 0x31}, @generic={0x2, 0x23}]}}, {{0x9, 0x5, 0x0, 0x1, 0x40, 0x46, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x3, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x0, 0x10, 0xfc, 0x0, 0x0, [@generic={0x2, 0x22}]}}]}}, {{0x9, 0x4, 0x32, 0x5, 0x0, 0xf7, 0x88, 0xb9, 0x63}}]}}]}}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: UBSAN: array-index-out-of-bounds in usbhid_parse
reproducing took 18m35.954079749s
repro crashed as (corrupted=false):
usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 5-1: Product: syz
usb 5-1: Manufacturer: syz
usb 5-1: SerialNumber: syz
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in drivers/hid/usbhid/hid-core.c:1025:7
index 1 is out of range for type 'struct hid_class_descriptor[1]'
CPU: 0 UID: 0 PID: 1231 Comm: kworker/0:3 Not tainted 6.11.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 usbhid_parse+0x5a7/0xc80 drivers/hid/usbhid/hid-core.c:1025
 hid_add_device+0x132/0x520 drivers/hid/hid-core.c:2831
 usbhid_probe+0xb52/0xec0 drivers/hid/usbhid/hid-core.c:1431
 usb_probe_interface+0x645/0xbb0 drivers/usb/core/driver.c:399
 really_probe+0x2b8/0xad0 drivers/base/dd.c:657
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:799
 driver_probe_device+0x50/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:457
 __device_attach+0x333/0x520 drivers/base/dd.c:1029
 bus_probe_device+0x189/0x260 drivers/base/bus.c:532
 device_add+0x856/0xbf0 drivers/base/core.c:3682
 usb_set_configuration+0x1976/0x1fb0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x88/0x140 drivers/usb/core/generic.c:254
 usb_probe_device+0x1b8/0x380 drivers/usb/core/driver.c:294
 really_probe+0x2b8/0xad0 drivers/base/dd.c:657
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:799
 driver_probe_device+0x50/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:457
 __device_attach+0x333/0x520 drivers/base/dd.c:1029
 bus_probe_device+0x189/0x260 drivers/base/bus.c:532
 device_add+0x856/0xbf0 drivers/base/core.c:3682
 usb_new_device+0x104a/0x19a0 drivers/usb/core/hub.c:2651
 hub_port_connect drivers/usb/core/hub.c:5521 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x2d6d/0x5150 drivers/usb/core/hub.c:5903
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x870/0xd30 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
---[ end trace ]---

final repro crashed as (corrupted=false):
usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 5-1: Product: syz
usb 5-1: Manufacturer: syz
usb 5-1: SerialNumber: syz
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in drivers/hid/usbhid/hid-core.c:1025:7
index 1 is out of range for type 'struct hid_class_descriptor[1]'
CPU: 0 UID: 0 PID: 1231 Comm: kworker/0:3 Not tainted 6.11.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 usbhid_parse+0x5a7/0xc80 drivers/hid/usbhid/hid-core.c:1025
 hid_add_device+0x132/0x520 drivers/hid/hid-core.c:2831
 usbhid_probe+0xb52/0xec0 drivers/hid/usbhid/hid-core.c:1431
 usb_probe_interface+0x645/0xbb0 drivers/usb/core/driver.c:399
 really_probe+0x2b8/0xad0 drivers/base/dd.c:657
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:799
 driver_probe_device+0x50/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:457
 __device_attach+0x333/0x520 drivers/base/dd.c:1029
 bus_probe_device+0x189/0x260 drivers/base/bus.c:532
 device_add+0x856/0xbf0 drivers/base/core.c:3682
 usb_set_configuration+0x1976/0x1fb0 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0x88/0x140 drivers/usb/core/generic.c:254
 usb_probe_device+0x1b8/0x380 drivers/usb/core/driver.c:294
 really_probe+0x2b8/0xad0 drivers/base/dd.c:657
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:799
 driver_probe_device+0x50/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2d6/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x24e/0x2e0 drivers/base/bus.c:457
 __device_attach+0x333/0x520 drivers/base/dd.c:1029
 bus_probe_device+0x189/0x260 drivers/base/bus.c:532
 device_add+0x856/0xbf0 drivers/base/core.c:3682
 usb_new_device+0x104a/0x19a0 drivers/usb/core/hub.c:2651
 hub_port_connect drivers/usb/core/hub.c:5521 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x2d6d/0x5150 drivers/usb/core/hub.c:5903
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x870/0xd30 kernel/workqueue.c:3393
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
---[ end trace ]---