last executing test programs:
1.778904457s ago: executing program 0 (id=1):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000096231b06e53f07080000002a900683"], 0x0}, 0x0)
1.778092727s ago: executing program 1 (id=2):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x74, &(0x7f0000000180)={[{0x70, 0x4e00, "2438c516cb379b62135f439e779b0cf87a5822783608780baed25d89e1fbed1fca7b7519f7743e7a52a8f94e1f498e58dc9d9c50c44be88c447c8e9345e801b59f9009caebf213441e97386f898e732f5389b1ffa2a1b20e475c9c50319c44010766d1c90f310a567cd40718053f127e"}]})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000")
1.756603428s ago: executing program 2 (id=3):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110010000004058040350"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$uac1(0x3, 0xae, &(0x7f0000000640)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x582, 0x114, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9c, 0x3, 0x1, 0x1, 0x10, 0x2, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x29}, [@mixer_unit={0xb, 0x24, 0x4, 0x2, 0x6, "2974f2ee440a"}, @processing_unit={0x9, 0x24, 0x7, 0x3, 0x1, 0x74, '/Y'}, @feature_unit={0xb, 0x24, 0x6, 0x6, 0x1, 0x2, [0x1, 0x9], 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0xd8, 0x1, 0x9, 0x2, 'y`4'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x1, 0x1, 0xd, 0xcb, "dc"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x3, 0x4, 0x7, 0x50, "18"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x7, 0x6, 0x7, {0x7, 0x25, 0x1, 0x4, 0xf7, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x3, 0x1, 0x77, {0x7, 0x25, 0x1, 0xc, 0x8, 0x8}}}}}}}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x74, &(0x7f00000005c0)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x6, 0x28, 0x5, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "78e780e8244c"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x0, 0x7, 0x8a}, {0x6, 0x24, 0x1a, 0xff, 0x20}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x7, 0x1, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x5d, 0x2, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x5, 0x1, 0x5}}}}}}}]}}, &(0x7f0000001080)={0xa, &(0x7f0000000c00)={0xa, 0x6, 0x250, 0x6, 0xf9, 0xc, 0xff, 0x9}, 0xc, &(0x7f0000000c40)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x1a, 0x6, 0x6, 0xffff}]}, 0x7, [{0x0, 0x0}, {0x4b, &(0x7f0000000d00)=@string={0x4b, 0x3, "b4b0230a9348ffa72903a575f1abd0a54cf1ab443fad6bd301e502e78edccb065bbd9e20ffc3afd13e674e063ea436a7a20cd5720caf9da594a4d50b9deb1fdf81174ed0b6f30b42ba"}}, {0x2, &(0x7f0000000d80)=@string={0x2}}, {0x2f, &(0x7f0000000e80)=@string={0x2f, 0x3, "77eac0df262d25edc884e880554c98234c8a0bde50a30675c9850cc09c3f4903af007ca34b9b015720b8703fd4"}}, {0x4, &(0x7f0000000ec0)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0x455}}, {0x0, 0x0}]})
syz_usb_ep_write(r0, 0x81, 0xffffffffffffff6d, &(0x7f0000000100)="019a18370cfb661ba08c228ce6ca19b6a99a071ca34c72c891f8a260fa00000080977dae8d64a30e92cd51117c4a71e26518e804c00058e6c7c0c363027251668bb650d90000000000")
1.741449198s ago: executing program 3 (id=4):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000008700cb6f000000000000109022400010000000009040000010300020009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000400)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000000), 0x64, 0x100)
ioctl$HIDIOCSFEATURE(r2, 0xc0404806, &(0x7f0000000080))
syz_usb_connect(0x6, 0x36, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r3, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800000800000007)
write$char_usb(r3, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r4, &(0x7f0000000000)=""/188, 0xbc)
syz_usb_connect$cdc_ncm(0x5, 0x6e, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0xa, 0xc0043)
ioctl$EVIOCGMASK(r5, 0x4020940d, &(0x7f0000000000)={0x15, 0x0, 0x0})
syz_usb_disconnect(r0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="01015709a96bf04b9493e13630cb6abc53f14fddff10161c800063"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000b80)=ANY=[], 0x0)
0s ago: executing program 0 (id=5):
r0 = syz_usb_connect(0x0, 0xaf, &(0x7f0000000100)=ANY=[@ANYBLOB="12014101217ad620e71a039008440102030109029d00010000100009044a020288dcb20009050602000202000a090582"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000440)={0x0, 0x31, 0x8, "362ce48c3b6e0b08"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x371, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts.
[ 18.863447][ T36] audit: type=1400 audit(1781346874.469:64): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 18.864623][ T287] cgroup: Unknown subsys name 'net'
[ 18.866532][ T36] audit: type=1400 audit(1781346874.469:65): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 18.870285][ T36] audit: type=1400 audit(1781346874.469:66): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 18.871058][ T287] cgroup: Unknown subsys name 'devices'
[ 18.951088][ T287] cgroup: Unknown subsys name 'hugetlb'
[ 18.956702][ T287] cgroup: Unknown subsys name 'rlimit'
[ 19.050343][ T36] audit: type=1400 audit(1781346874.659:67): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 19.073558][ T36] audit: type=1400 audit(1781346874.659:68): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 19.080039][ T289] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 19.098353][ T36] audit: type=1400 audit(1781346874.659:69): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 19.128029][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 19.130064][ T36] audit: type=1400 audit(1781346874.709:70): avc: denied { relabelto } for pid=289 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 19.164737][ T36] audit: type=1400 audit(1781346874.709:71): avc: denied { write } for pid=289 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 19.190394][ T36] audit: type=1400 audit(1781346874.729:72): avc: denied { read } for pid=287 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 19.215972][ T36] audit: type=1400 audit(1781346874.729:73): avc: denied { open } for pid=287 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 20.072323][ T295] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.079431][ T295] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.086491][ T295] bridge_slave_0: entered allmulticast mode
[ 20.092972][ T295] bridge_slave_0: entered promiscuous mode
[ 20.100507][ T295] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.107539][ T295] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.114612][ T295] bridge_slave_1: entered allmulticast mode
[ 20.120821][ T295] bridge_slave_1: entered promiscuous mode
[ 20.185478][ T296] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.192609][ T296] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.199733][ T296] bridge_slave_0: entered allmulticast mode
[ 20.205889][ T296] bridge_slave_0: entered promiscuous mode
[ 20.215366][ T296] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.222531][ T296] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.229687][ T296] bridge_slave_1: entered allmulticast mode
[ 20.235847][ T296] bridge_slave_1: entered promiscuous mode
[ 20.252965][ T294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.260042][ T294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.267105][ T294] bridge_slave_0: entered allmulticast mode
[ 20.273393][ T294] bridge_slave_0: entered promiscuous mode
[ 20.288910][ T294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.296023][ T294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.303212][ T294] bridge_slave_1: entered allmulticast mode
[ 20.309456][ T294] bridge_slave_1: entered promiscuous mode
[ 20.321303][ T297] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.328360][ T297] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.335469][ T297] bridge_slave_0: entered allmulticast mode
[ 20.341761][ T297] bridge_slave_0: entered promiscuous mode
[ 20.348151][ T297] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.355297][ T297] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.362456][ T297] bridge_slave_1: entered allmulticast mode
[ 20.368614][ T297] bridge_slave_1: entered promiscuous mode
[ 20.488201][ T295] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.495277][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.502577][ T295] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.509606][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.546270][ T296] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.553355][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.560628][ T296] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.567641][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.577782][ T297] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.584855][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.592138][ T297] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.599157][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.623442][ T294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.630523][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.637776][ T294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.644853][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.654793][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.662112][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.669238][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.677051][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.684681][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.692218][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.699828][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 20.707064][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 20.722080][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.729339][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.736846][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.743895][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.780625][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.787688][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.806317][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.813414][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.821389][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 20.828409][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 20.836134][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.843198][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.858181][ T295] veth0_vlan: entered promiscuous mode
[ 20.867486][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.874552][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.882394][ T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 20.889452][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 20.927864][ T296] veth0_vlan: entered promiscuous mode
[ 20.949155][ T297] veth0_vlan: entered promiscuous mode
[ 20.956318][ T295] veth1_macvtap: entered promiscuous mode
[ 20.963517][ T296] veth1_macvtap: entered promiscuous mode
[ 20.978849][ T297] veth1_macvtap: entered promiscuous mode
[ 20.994917][ T294] veth0_vlan: entered promiscuous mode
[ 21.024317][ T294] veth1_macvtap: entered promiscuous mode
[ 21.045768][ T296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 21.319518][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 21.339515][ T45] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 21.339567][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 21.349585][ T312] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 21.491012][ T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 21.491010][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 21.491051][ T45] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 21.503101][ T10] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 21.513085][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 21.522057][ T9] usb 1-1: Using ep0 maxpacket: 16
[ 21.534014][ T312] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 21.539274][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 21.544689][ T312] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 21.554707][ T10] usb 2-1: config 0 descriptor??
[ 21.562309][ T45] usb 3-1: config 0 descriptor??
[ 21.572226][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 21.577240][ T312] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 21.584404][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 21.594890][ T312] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 21.604108][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 21.611754][ T312] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 21.636515][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 21.647164][ T312] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 21.659185][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 21.670499][ T312] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 21.678278][ T9] usb 1-1: config 0 descriptor??
[ 21.684217][ T312] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 21.696828][ T312] usb 4-1: Product: syz
[ 21.701356][ T312] usb 4-1: Manufacturer: syz
[ 21.707019][ T324] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 21.714821][ T312] cdc_wdm 4-1:1.0: skipping garbage
[ 21.720114][ T312] cdc_wdm 4-1:1.0: skipping garbage
[ 21.725926][ T312] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 21.731879][ T312] cdc_wdm 4-1:1.0: Unknown control protocol
[ 21.774488][ T10] usbhid 2-1:0.0: can't add hid device: -71
[ 21.780547][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 21.790705][ T10] usb 2-1: USB disconnect, device number 2
[ 21.795322][ T45] usbhid 3-1:0.0: can't add hid device: -71
[ 21.802520][ T45] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 21.812747][ T45] usb 3-1: USB disconnect, device number 2
[ 21.923696][ T324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 21.932306][ T324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 21.941734][ T324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 21.950506][ T324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 21.959584][ T312] usb 4-1: USB disconnect, device number 2
[ 22.093625][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.100940][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.108167][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.115443][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.122682][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.129908][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.137117][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.144434][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.151674][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.158868][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.166184][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.173441][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.180724][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.187940][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.195169][ T9] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0
[ 22.204235][ T9] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0001/input/input4
[ 22.219518][ T45] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 22.239401][ T67] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 22.277431][ T9] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 22.328513][ T312] usb 1-1: USB disconnect, device number 2
[ 22.380627][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 22.391593][ T45] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 22.400740][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 22.409439][ T328] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 22.417181][ T45] usb 2-1: config 0 descriptor??
[ 22.422305][ T67] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 22.433517][ T67] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 22.443325][ T67] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 22.451923][ T67] usb 3-1: config 0 descriptor??
[ 22.580447][ T328] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 22.589165][ T328] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 22.599954][ T328] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 22.608971][ T328] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 22.620692][ T328] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 22.632111][ T328] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 22.644489][ T328] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 22.653572][ T328] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 22.661644][ T328] usb 4-1: Product: syz
[ 22.665816][ T328] usb 4-1: Manufacturer: syz
[ 22.671482][ T324] raw-gadget.5 gadget.3: fail, usb_ep_enable returned -22
[ 22.679247][ T328] cdc_wdm 4-1:1.0: skipping garbage
[ 22.684640][ T328] cdc_wdm 4-1:1.0: skipping garbage
[ 22.690345][ T328] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 22.696251][ T328] cdc_wdm 4-1:1.0: Unknown control protocol
[ 22.880798][ T9] usb 4-1: USB disconnect, device number 3
[ 23.079429][ T328] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 23.229407][ T328] usb 1-1: Using ep0 maxpacket: 32
[ 23.235718][ T328] usb 1-1: config 0 has an invalid interface number: 74 but max is 0
[ 23.243888][ T328] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 23.254085][ T328] usb 1-1: config 0 has no interface number 0
[ 23.260427][ T45] aiptek 2-1:0.0: Aiptek using 400 ms programming speed
[ 23.267781][ T45] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5
[ 23.276865][ T328] usb 1-1: config 0 interface 74 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 23.287059][ T67] aiptek 3-1:0.0: Aiptek using 400 ms programming speed
[ 23.288319][ T320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 23.294254][ T328] usb 1-1: config 0 interface 74 has no altsetting 0
[ 23.304123][ T320] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 23.310955][ T67] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6
[ 23.319780][ C0] ------------[ cut here ]------------
[ 23.331160][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:724:31
[ 23.335379][ T328] usb 1-1: New USB device found, idVendor=1ae7, idProduct=9003, bcdDevice=44.08
[ 23.339751][ C0] index 63 is out of range for type 'const int[34]'
[ 23.339792][ C0] CPU: 0 UID: 0 PID: 321 Comm: udevd Not tainted syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba
[ 23.339817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 23.339838][ C0] Call Trace:
[ 23.339845][ C0]
[ 23.339852][ C0] __dump_stack+0x21/0x30
[ 23.339893][ C0] dump_stack_lvl+0x140/0x1c0
[ 23.339922][ C0] ? __cfi_dump_stack_lvl+0x10/0x10
[ 23.339951][ C0] ? input_event_dispose+0x2f5/0x6d0
[ 23.339973][ C0] dump_stack+0x19/0x20
[ 23.340007][ C0] ubsan_epilogue+0xe/0x40
[ 23.340027][ C0] __ubsan_handle_out_of_bounds+0xe8/0xf0
[ 23.340059][ C0] aiptek_irq+0x234e/0x2a00
[ 23.340080][ C0] __usb_hcd_giveback_urb+0x375/0x540
[ 23.340103][ C0] usb_hcd_giveback_urb+0x11b/0x410
[ 23.340123][ C0] dummy_timer+0x816/0x4300
[ 23.340154][ C0] ? __cfi_dummy_timer+0x10/0x10
[ 23.340175][ C0] ? timerqueue_del+0xd7/0x130
[ 23.340200][ C0] ? __hrtimer_run_queues+0x2c4/0x8e0
[ 23.340229][ C0] ? __cfi_dummy_timer+0x10/0x10
[ 23.340250][ C0] __hrtimer_run_queues+0x3ab/0x8e0
[ 23.340280][ C0] ? hrtimer_interrupt+0xf00/0xf00
[ 23.340306][ C0] ? read_tsc+0xd/0x20
[ 23.340332][ C0] ? ktime_get_update_offsets_now+0x3c0/0x3e0
[ 23.340358][ C0] hrtimer_run_softirq+0x159/0x560
[ 23.340377][ C0] ? irqtime_account_irq+0x51/0x1c0
[ 23.340405][ C0] handle_softirqs+0x1aa/0x630
[ 23.340425][ C0] ? irqtime_account_irq+0x51/0x1c0
[ 23.340452][ C0] __irq_exit_rcu+0x47/0xb0
[ 23.340472][ C0] irq_exit_rcu+0xd/0x30
[ 23.340490][ C0] sysvec_apic_timer_interrupt+0x82/0x90
[ 23.340512][ C0]
[ 23.340519][ C0]
[ 23.340526][ C0] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 23.340547][ C0] RIP: 0010:stack_trace_consume_entry+0x2e/0x2a0
[ 23.340574][ C0] Code: 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 20 48 ba 00 00 00 00 00 fc ff df 4c 8d 47 10 4c 89 c3 48 c1 eb 03 0f b6 04 13 <84> c0 0f 85 14 01 00 00 44 8b 57 10 4c 8d 4f 08 4d 89 cd 49 c1 ed
[ 23.340589][ C0] RSP: 0018:ffffc9000b79f8d0 EFLAGS: 00000a02
[ 23.340616][ C0] RAX: 0000000000000000 RBX: 1ffff920016f3f3e RCX: 1ffff920016f3f00
[ 23.340631][ C0] RDX: dffffc0000000000 RSI: ffffffff8175ee1a RDI: ffffc9000b79f9e0
[ 23.340646][ C0] RBP: ffffc9000b79f918 R08: ffffc9000b79f9f0 R09: 0000000000000000
[ 23.340660][ C0] R10: 0000000000000000 R11: ffffffff8175ee80 R12: ffff88810d770000
[ 23.340674][ C0] R13: 0000000000000000 R14: ffffffff8175ee80 R15: ffffc9000b79f928
[ 23.340688][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 23.340711][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 23.340735][ C0] ? stack_trace_save+0xaa/0x100
[ 23.340758][ C0] ? __kernel_text_address+0x11/0x40
[ 23.340785][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 23.340808][ C0] arch_stack_walk+0x129/0x170
[ 23.340828][ C0] ? stack_trace_save+0xaa/0x100
[ 23.340851][ C0] stack_trace_save+0xaa/0x100
[ 23.340875][ C0] ? __cfi_stack_trace_save+0x10/0x10
[ 23.340899][ C0] ? kasan_save_track+0x4f/0x80
[ 23.340922][ C0] ? __kmalloc_cache_noprof+0x23c/0x470
[ 23.340965][ C0] ? kernfs_iop_get_link+0x75/0x6d0
[ 23.340984][ C0] ? vfs_readlink+0x182/0x3a0
[ 23.341009][ C0] ? do_readlinkat+0x223/0x520
[ 23.341034][ C0] ? __x64_sys_readlink+0x83/0xa0
[ 23.341059][ C0] ? x64_sys_call+0x155b/0x2ee0
[ 23.341078][ C0] ? do_syscall_64+0x57/0xf0
[ 23.341105][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 23.341135][ C0] kasan_save_track+0x3e/0x80
[ 23.341164][ C0] kasan_save_free_info+0x4a/0x60
[ 23.341183][ C0] __kasan_slab_free+0x5f/0x80
[ 23.341205][ C0] kfree+0x158/0x440
[ 23.341223][ C0] ? kfree_link+0x19/0x30
[ 23.341249][ C0] ? _copy_to_user+0x7d/0xa0
[ 23.341268][ C0] kfree_link+0x19/0x30
[ 23.341294][ C0] ? __cfi_kfree_link+0x10/0x10
[ 23.341321][ C0] vfs_readlink+0x1d5/0x3a0
[ 23.341341][ C0] ? __cfi_vfs_readlink+0x10/0x10
[ 23.341360][ C0] ? __cfi_kfree_link+0x10/0x10
[ 23.341387][ C0] ? touch_atime+0x1b3/0x470
[ 23.341413][ C0] ? bpf_lsm_inode_readlink+0xd/0x20
[ 23.341437][ C0] do_readlinkat+0x223/0x520
[ 23.341463][ C0] ? cp_old_stat+0x4d0/0x4d0
[ 23.341490][ C0] ? __kasan_check_read+0x15/0x20
[ 23.341510][ C0] __x64_sys_readlink+0x83/0xa0
[ 23.341534][ C0] x64_sys_call+0x155b/0x2ee0
[ 23.341554][ C0] do_syscall_64+0x57/0xf0
[ 23.341580][ C0] ? clear_bhb_loop+0x50/0xa0
[ 23.341600][ C0] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 23.341629][ C0] RIP: 0033:0x7f7a76d153a7
[ 23.341655][ C0] Code: 00 00 90 48 83 ec 10 48 63 ff 45 31 c9 45 31 c0 6a 00 31 c9 e8 8a 20 f9 ff 48 83 c4 18 c3 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 21 ba 0d 00 f7 d8 64 89 02 48
[ 23.341670][ C0] RSP: 002b:00007ffd0d36bd28 EFLAGS: 00000202 ORIG_RAX: 0000000000000059
[ 23.341692][ C0] RAX: ffffffffffffffda RBX: 00007ffd0d36c570 RCX: 00007f7a76d153a7
[ 23.341707][ C0] RDX: 0000000000000400 RSI: 00007ffd0d36c130 RDI: 00007ffd0d36bd30
[ 23.341720][ C0] RBP: 0000000000000200 R08: 00005584b7f50c29 R09: 0000000000000000
[ 23.341734][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd0d36bd30
[ 23.341747][ C0] R13: 00007ffd0d36c130 R14: 00005584b7f53ca4 R15: 00005584b7f53bcc
[ 23.341764][ C0]
[ 23.341772][ C0] ---[ end trace ]---
[ 23.353781][ T328] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 23.637840][ C0] aiptek 2-1:0.0: aiptek_irq - usb_submit_urb failed with result -19
[ 23.640006][ T328] usb 1-1: Product: syz
[ 23.645068][ T9] usb 2-1: USB disconnect, device number 3
[ 23.649862][ T328] usb 1-1: Manufacturer: syz
[ 23.900207][ T328] usb 1-1: SerialNumber: syz
[ 23.906203][ T328] usb 1-1: config 0 descriptor??
[ 23.919942][ C1] ------------[ cut here ]------------
[ 23.925427][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31
[ 23.933997][ C1] index 1319 is out of range for type 'const int[34]'
[ 23.940751][ C1] CPU: 1 UID: 0 PID: 111 Comm: udevd Not tainted syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba
[ 23.940770][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 23.940778][ C1] Call Trace:
[ 23.940783][ C1]
[ 23.940788][ C1] __dump_stack+0x21/0x30
[ 23.940811][ C1] dump_stack_lvl+0x140/0x1c0
[ 23.940826][ C1] ? __cfi_dump_stack_lvl+0x10/0x10
[ 23.940842][ C1] ? do_syscall_64+0x57/0xf0
[ 23.940859][ C1] dump_stack+0x19/0x20
[ 23.940873][ C1] ubsan_epilogue+0xe/0x40
[ 23.940895][ C1] __ubsan_handle_out_of_bounds+0xe8/0xf0
[ 23.940913][ C1] ? __kasan_check_write+0x18/0x20
[ 23.940926][ C1] aiptek_irq+0x20cb/0x2a00
[ 23.940938][ C1] ? kcov_remote_start+0x1d3/0x3c0
[ 23.940962][ C1] __usb_hcd_giveback_urb+0x375/0x540
[ 23.940987][ C1] usb_hcd_giveback_urb+0x11b/0x410
[ 23.940997][ C1] dummy_timer+0x816/0x4300
[ 23.941013][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 23.941025][ C1] ? timerqueue_del+0xd7/0x130
[ 23.941038][ C1] ? __hrtimer_run_queues+0x2c4/0x8e0
[ 23.941054][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 23.941065][ C1] __hrtimer_run_queues+0x3ab/0x8e0
[ 23.941081][ C1] ? hrtimer_interrupt+0xf00/0xf00
[ 23.941101][ C1] ? read_tsc+0xd/0x20
[ 23.941116][ C1] ? ktime_get_update_offsets_now+0x3c0/0x3e0
[ 23.941129][ C1] hrtimer_run_softirq+0x159/0x560
[ 23.941139][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 23.941156][ C1] handle_softirqs+0x1aa/0x630
[ 23.941169][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 23.941184][ C1] __irq_exit_rcu+0x47/0xb0
[ 23.941195][ C1] irq_exit_rcu+0xd/0x30
[ 23.941206][ C1] sysvec_apic_timer_interrupt+0x82/0x90
[ 23.941218][ C1]
[ 23.941222][ C1]
[ 23.941225][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 23.941237][ C1] RIP: 0010:ktime_get_ts64+0xa/0x3f0
[ 23.941250][ C1] Code: 41 5f 5d e9 98 08 33 04 cc 0f 1f 80 00 00 00 00 b8 f0 97 ad d3 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 48 83 e4 e0 48 81 ec 80 00 00 00 48 89 fb 65
[ 23.941259][ C1] RSP: 0018:ffffc90000e5fe28 EFLAGS: 00000206
[ 23.941270][ C1] RAX: 0000000000000bb8 RBX: 0000000000000003 RCX: 0000000000000000
[ 23.941277][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90000e5fe80
[ 23.941283][ C1] RBP: ffffc90000e5fe30 R08: ffffc90000e5fe8f R09: 0000000000000000
[ 23.941291][ C1] R10: ffffc90000e5fe80 R11: fffff520001cbfd2 R12: ffffc90000e5fea0
[ 23.941298][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920001cbfcc
[ 23.941307][ C1] __x64_sys_epoll_wait+0x178/0x230
[ 23.941321][ C1] ? __cfi___x64_sys_epoll_wait+0x10/0x10
[ 23.941335][ C1] ? __kasan_check_read+0x15/0x20
[ 23.941345][ C1] x64_sys_call+0x2be4/0x2ee0
[ 23.941355][ C1] do_syscall_64+0x57/0xf0
[ 23.941369][ C1] ? clear_bhb_loop+0x50/0xa0
[ 23.941379][ C1] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 23.941396][ C1] RIP: 0033:0x7f7a76ca7407
[ 23.941405][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 23.941414][ C1] RSP: 002b:00007ffd0d3712e0 EFLAGS: 00000202 ORIG_RAX: 00000000000000e8
[ 23.941424][ C1] RAX: ffffffffffffffda RBX: 00007f7a77384880 RCX: 00007f7a76ca7407
[ 23.941431][ C1] RDX: 0000000000000008 RSI: 00007ffd0d371440 RDI: 000000000000000b
[ 23.941438][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 23.941444][ C1] R10: 0000000000000bb8 R11: 0000000000000202 R12: 0000000000000000
[ 23.941450][ C1] R13: 00005584b7f67100 R14: 0000000000000000 R15: 0000000000000000
[ 23.941458][ C1]
[ 23.941462][ C1] ---[ end trace ]---
[ 24.306438][ C1] ==================================================================
[ 24.314509][ C1] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x20e9/0x2a00
[ 24.322042][ C1] Read of size 4 at addr ffffffff8670ff5c by task udevd/111
[ 24.329330][ C1]
[ 24.331648][ C1] CPU: 1 UID: 0 PID: 111 Comm: udevd Not tainted syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba
[ 24.331664][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 24.331672][ C1] Call Trace:
[ 24.331677][ C1]
[ 24.331682][ C1] __dump_stack+0x21/0x30
[ 24.331702][ C1] dump_stack_lvl+0x140/0x1c0
[ 24.331717][ C1] ? __cfi_dump_stack_lvl+0x10/0x10
[ 24.331731][ C1] ? __cfi__printk+0x10/0x10
[ 24.331745][ C1] print_address_description+0x71/0x210
[ 24.331760][ C1] print_report+0x4a/0x70
[ 24.331773][ C1] kasan_report+0x162/0x1a0
[ 24.331787][ C1] ? aiptek_irq+0x20e9/0x2a00
[ 24.331798][ C1] ? aiptek_irq+0x20e9/0x2a00
[ 24.331807][ C1] __asan_report_load4_noabort+0x18/0x20
[ 24.331819][ C1] aiptek_irq+0x20e9/0x2a00
[ 24.331829][ C1] ? kcov_remote_start+0x1d3/0x3c0
[ 24.331842][ C1] __usb_hcd_giveback_urb+0x375/0x540
[ 24.331856][ C1] usb_hcd_giveback_urb+0x11b/0x410
[ 24.331866][ C1] dummy_timer+0x816/0x4300
[ 24.331883][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 24.331895][ C1] ? timerqueue_del+0xd7/0x130
[ 24.331909][ C1] ? __hrtimer_run_queues+0x2c4/0x8e0
[ 24.331925][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 24.331937][ C1] __hrtimer_run_queues+0x3ab/0x8e0
[ 24.331955][ C1] ? hrtimer_interrupt+0xf00/0xf00
[ 24.331970][ C1] ? read_tsc+0xd/0x20
[ 24.331985][ C1] ? ktime_get_update_offsets_now+0x3c0/0x3e0
[ 24.331999][ C1] hrtimer_run_softirq+0x159/0x560
[ 24.332009][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 24.332026][ C1] handle_softirqs+0x1aa/0x630
[ 24.332037][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 24.332052][ C1] __irq_exit_rcu+0x47/0xb0
[ 24.332062][ C1] irq_exit_rcu+0xd/0x30
[ 24.332072][ C1] sysvec_apic_timer_interrupt+0x82/0x90
[ 24.332084][ C1]
[ 24.332088][ C1]
[ 24.332092][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 24.332104][ C1] RIP: 0010:ktime_get_ts64+0xa/0x3f0
[ 24.332117][ C1] Code: 41 5f 5d e9 98 08 33 04 cc 0f 1f 80 00 00 00 00 b8 f0 97 ad d3 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 48 83 e4 e0 48 81 ec 80 00 00 00 48 89 fb 65
[ 24.332127][ C1] RSP: 0018:ffffc90000e5fe28 EFLAGS: 00000206
[ 24.332145][ C1] RAX: 0000000000000bb8 RBX: 0000000000000003 RCX: 0000000000000000
[ 24.332158][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90000e5fe80
[ 24.332171][ C1] RBP: ffffc90000e5fe30 R08: ffffc90000e5fe8f R09: 0000000000000000
[ 24.332183][ C1] R10: ffffc90000e5fe80 R11: fffff520001cbfd2 R12: ffffc90000e5fea0
[ 24.332192][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920001cbfcc
[ 24.332201][ C1] __x64_sys_epoll_wait+0x178/0x230
[ 24.332217][ C1] ? __cfi___x64_sys_epoll_wait+0x10/0x10
[ 24.332231][ C1] ? __kasan_check_read+0x15/0x20
[ 24.332242][ C1] x64_sys_call+0x2be4/0x2ee0
[ 24.332253][ C1] do_syscall_64+0x57/0xf0
[ 24.332266][ C1] ? clear_bhb_loop+0x50/0xa0
[ 24.332277][ C1] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 24.332293][ C1] RIP: 0033:0x7f7a76ca7407
[ 24.332303][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 24.332311][ C1] RSP: 002b:00007ffd0d3712e0 EFLAGS: 00000202 ORIG_RAX: 00000000000000e8
[ 24.332322][ C1] RAX: ffffffffffffffda RBX: 00007f7a77384880 RCX: 00007f7a76ca7407
[ 24.332331][ C1] RDX: 0000000000000008 RSI: 00007ffd0d371440 RDI: 000000000000000b
[ 24.332338][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 24.332344][ C1] R10: 0000000000000bb8 R11: 0000000000000202 R12: 0000000000000000
[ 24.332350][ C1] R13: 00005584b7f67100 R14: 0000000000000000 R15: 0000000000000000
[ 24.332359][ C1]
[ 24.332362][ C1]
[ 24.378409][ T9] usb 3-1: USB disconnect, device number 3
[ 24.383797][ C1] The buggy address belongs to the variable:
[ 24.383809][ C1] .str.7+0x1c/0x20
[ 24.383831][ C1]
[ 24.383835][ C1] The buggy address belongs to the physical page:
[ 24.383858][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x670f
[ 24.734716][ C1] flags: 0x4000(reserved|zone=0)
[ 24.739646][ C1] raw: 0000000000004000 ffffea000019c3c8 ffffea000019c3c8 0000000000000000
[ 24.748209][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 24.756769][ C1] page dumped because: kasan: bad access detected
[ 24.763192][ C1] page_owner info is not present (never set?)
[ 24.769261][ C1]
[ 24.771568][ C1] Memory state around the buggy address:
[ 24.777179][ C1] ffffffff8670fe00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 f9 f9 f9 f9
[ 24.785229][ C1] ffffffff8670fe80: 00 00 00 00 06 f9 f9 f9 00 04 f9 f9 00 00 00 00
[ 24.793277][ C1] >ffffffff8670ff00: 00 f9 f9 f9 00 07 f9 f9 00 02 f9 f9 00 00 00 00
[ 24.801330][ C1] ^
[ 24.808251][ C1] ffffffff8670ff80: 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
[ 24.816301][ C1] ffffffff86710000: f9 f9 f9 f9 07 f9 f9 f9 00 00 00 00 00 00 00 00
[ 24.824341][ C1] ==================================================================
[ 24.832388][ C1] Disabling lock debugging due to kernel taint
[ 24.838611][ C1] ------------[ cut here ]------------
[ 24.844048][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30
[ 24.852617][ C1] index 1320 is out of range for type 'const int[34]'
[ 24.859363][ C1] CPU: 1 UID: 0 PID: 111 Comm: udevd Tainted: G B syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba
[ 24.859383][ C1] Tainted: [B]=BAD_PAGE
[ 24.859386][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 24.859393][ C1] Call Trace:
[ 24.859398][ C1]
[ 24.859403][ C1] __dump_stack+0x21/0x30
[ 24.859423][ C1] dump_stack_lvl+0x140/0x1c0
[ 24.859437][ C1] ? __cfi_dump_stack_lvl+0x10/0x10
[ 24.859452][ C1] ? input_event_dispose+0x2f5/0x6d0
[ 24.859465][ C1] dump_stack+0x19/0x20
[ 24.859478][ C1] ubsan_epilogue+0xe/0x40
[ 24.859489][ C1] __ubsan_handle_out_of_bounds+0xe8/0xf0
[ 24.859507][ C1] aiptek_irq+0x1f85/0x2a00
[ 24.859523][ C1] __usb_hcd_giveback_urb+0x375/0x540
[ 24.859535][ C1] usb_hcd_giveback_urb+0x11b/0x410
[ 24.859546][ C1] dummy_timer+0x816/0x4300
[ 24.859562][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 24.859577][ C1] ? timerqueue_del+0xd7/0x130
[ 24.859591][ C1] ? __hrtimer_run_queues+0x2c4/0x8e0
[ 24.859607][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 24.859618][ C1] __hrtimer_run_queues+0x3ab/0x8e0
[ 24.859634][ C1] ? hrtimer_interrupt+0xf00/0xf00
[ 24.859649][ C1] ? read_tsc+0xd/0x20
[ 24.859663][ C1] ? ktime_get_update_offsets_now+0x3c0/0x3e0
[ 24.859677][ C1] hrtimer_run_softirq+0x159/0x560
[ 24.859687][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 24.859703][ C1] handle_softirqs+0x1aa/0x630
[ 24.859715][ C1] ? irqtime_account_irq+0x51/0x1c0
[ 24.859730][ C1] __irq_exit_rcu+0x47/0xb0
[ 24.859740][ C1] irq_exit_rcu+0xd/0x30
[ 24.859750][ C1] sysvec_apic_timer_interrupt+0x82/0x90
[ 24.859763][ C1]
[ 24.859766][ C1]
[ 24.859770][ C1] asm_sysvec_apic_timer_interrupt+0x1f/0x30
[ 24.859781][ C1] RIP: 0010:ktime_get_ts64+0xa/0x3f0
[ 24.859794][ C1] Code: 41 5f 5d e9 98 08 33 04 cc 0f 1f 80 00 00 00 00 b8 f0 97 ad d3 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 48 83 e4 e0 48 81 ec 80 00 00 00 48 89 fb 65
[ 24.859811][ C1] RSP: 0018:ffffc90000e5fe28 EFLAGS: 00000206
[ 24.859822][ C1] RAX: 0000000000000bb8 RBX: 0000000000000003 RCX: 0000000000000000
[ 24.859829][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90000e5fe80
[ 24.859842][ C1] RBP: ffffc90000e5fe30 R08: ffffc90000e5fe8f R09: 0000000000000000
[ 24.859851][ C1] R10: ffffc90000e5fe80 R11: fffff520001cbfd2 R12: ffffc90000e5fea0
[ 24.859865][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920001cbfcc
[ 24.859882][ C1] __x64_sys_epoll_wait+0x178/0x230
[ 24.859912][ C1] ? __cfi___x64_sys_epoll_wait+0x10/0x10
[ 24.859927][ C1] ? __kasan_check_read+0x15/0x20
[ 24.859939][ C1] x64_sys_call+0x2be4/0x2ee0
[ 24.859949][ C1] do_syscall_64+0x57/0xf0
[ 24.859964][ C1] ? clear_bhb_loop+0x50/0xa0
[ 24.859974][ C1] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 24.859990][ C1] RIP: 0033:0x7f7a76ca7407
[ 24.860000][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 24.860008][ C1] RSP: 002b:00007ffd0d3712e0 EFLAGS: 00000202 ORIG_RAX: 00000000000000e8
[ 24.860022][ C1] RAX: ffffffffffffffda RBX: 00007f7a77384880 RCX: 00007f7a76ca7407
[ 24.860029][ C1] RDX: 0000000000000008 RSI: 00007ffd0d371440 RDI: 000000000000000b
[ 24.860036][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 24.860042][ C1] R10: 0000000000000bb8 R11: 0000000000000202 R12: 0000000000000000
[ 24.860049][ C1] R13: 00005584b7f67100 R14: 0000000000000000 R15: 0000000000000000
[ 24.860057][ C1]
[ 24.860061][ C1] ---[ end trace ]---
[ 25.217348][ C1] aiptek 3-1:0.0: aiptek_irq - usb_submit_urb failed with result -19
[ 25.229748][ T36] kauditd_printk_skb: 27 callbacks suppressed
[ 25.229764][ T36] audit: type=1400 audit(1781346880.829:101): avc: denied { read } for pid=93 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 25.257659][ T36] audit: type=1400 audit(1781346880.829:102): avc: denied { search } for pid=93 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 25.279171][ T36] audit: type=1400 audit(1781346880.829:103): avc: denied { write } for pid=93 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 25.300509][ T36] audit: type=1400 audit(1781346880.829:104): avc: denied { add_name } for pid=93 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 25.321093][ T36] audit: type=1400 audit(1781346880.839:105): avc: denied { create } for pid=93 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 25.341590][ T36] audit: type=1400 audit(1781346880.839:106): avc: denied { append open } for pid=93 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 25.364510][ T36] audit: type=1400 audit(1781346880.839:107): avc: denied { getattr } for pid=93 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 26.198018][ T9] usb 1-1: USB disconnect, device number 3