rocess permissive=1
[ 17.072757][ T30] audit: type=1400 audit(1781163122.840:63): avc: denied { siginh } for pid=241 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.22' (ED25519) to the list of known hosts.
2026/06/11 07:32:12 parsed 1 programs
[ 27.102704][ T30] audit: type=1400 audit(1781163132.930:64): avc: denied { node_bind } for pid=293 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 27.124256][ T30] audit: type=1400 audit(1781163132.930:65): avc: denied { module_request } for pid=293 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 28.068141][ T30] audit: type=1400 audit(1781163133.900:66): avc: denied { mounton } for pid=300 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 28.071787][ T300] cgroup: Unknown subsys name 'net'
[ 28.090944][ T30] audit: type=1400 audit(1781163133.900:67): avc: denied { mount } for pid=300 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 28.118195][ T30] audit: type=1400 audit(1781163133.930:68): avc: denied { unmount } for pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 28.118780][ T300] cgroup: Unknown subsys name 'devices'
[ 28.259491][ T300] cgroup: Unknown subsys name 'hugetlb'
[ 28.265149][ T300] cgroup: Unknown subsys name 'rlimit'
[ 28.472574][ T30] audit: type=1400 audit(1781163134.300:69): avc: denied { setattr } for pid=300 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 28.495825][ T30] audit: type=1400 audit(1781163134.300:70): avc: denied { create } for pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 28.516323][ T30] audit: type=1400 audit(1781163134.300:71): avc: denied { write } for pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 28.536614][ T30] audit: type=1400 audit(1781163134.300:72): avc: denied { read } for pid=300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 28.551144][ T303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 28.556930][ T30] audit: type=1400 audit(1781163134.300:73): avc: denied { mounton } for pid=300 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 28.767131][ T300] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 29.199792][ T306] request_module fs-gadgetfs succeeded, but still no fs?
[ 29.269617][ T306] syz-executor (306) used greatest stack depth: 20960 bytes left
[ 29.709193][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.716297][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.724281][ T341] device bridge_slave_0 entered promiscuous mode
[ 29.731476][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.738596][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.746138][ T341] device bridge_slave_1 entered promiscuous mode
[ 29.793608][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.800817][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.808174][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.815213][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.833724][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 29.841657][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.848987][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.860160][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 29.868475][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.875524][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.884646][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 29.892894][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.899970][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.911690][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 29.920978][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 29.934612][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.945542][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.953733][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.961297][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.969327][ T341] device veth0_vlan entered promiscuous mode
[ 29.979520][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.988590][ T341] device veth1_macvtap entered promiscuous mode
[ 29.997725][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.008252][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.039176][ T341] syz-executor (341) used greatest stack depth: 20768 bytes left
2026/06/11 07:32:16 executed programs: 0
[ 30.461690][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.468900][ T368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.476284][ T368] device bridge_slave_0 entered promiscuous mode
[ 30.483418][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.490506][ T368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.498016][ T368] device bridge_slave_1 entered promiscuous mode
[ 30.556363][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.563639][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.570998][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.578074][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.602035][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.610453][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.618024][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.628386][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.636900][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.643986][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.652568][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.660966][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.668078][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.681550][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.690674][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.704517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.716523][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.724971][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.732665][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.741170][ T368] device veth0_vlan entered promiscuous mode
[ 30.751230][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.760744][ T368] device veth1_macvtap entered promiscuous mode
[ 30.770370][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.780792][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.077990][ T60] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 31.259918][ T45] device bridge_slave_1 left promiscuous mode
[ 31.266070][ T45] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.273815][ T45] device bridge_slave_0 left promiscuous mode
[ 31.280145][ T45] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.288522][ T45] device veth1_macvtap left promiscuous mode
[ 31.294588][ T45] device veth0_vlan left promiscuous mode
[ 31.497548][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 31.508570][ T60] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 31.517684][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 31.527050][ T60] usb 3-1: config 0 descriptor??
[ 31.877493][ T60] usbhid 3-1:0.0: can't add hid device: -71
[ 31.883460][ T60] usbhid: probe of 3-1:0.0 failed with error -71
[ 31.890708][ T60] usb 3-1: USB disconnect, device number 2
[ 32.357559][ T60] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 32.737563][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 32.748717][ T60] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 32.757800][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 32.766663][ T60] usb 3-1: config 0 descriptor??
[ 33.687602][ T372] UDC core: couldn't find an available UDC or it's busy: -16
[ 33.695021][ T372] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 33.707485][ T60] aiptek 3-1:0.0: Aiptek using 400 ms programming speed
[ 33.715268][ T60] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input4
[ 34.307488][ C0] ================================================================================
[ 34.316834][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31
[ 34.325424][ C0] index 547 is out of range for type 'const int[34]'
[ 34.332088][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
[ 34.339109][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.349174][ C0] Call Trace:
[ 34.352452][ C0]
[ 34.355295][ C0] __dump_stack+0x21/0x30
[ 34.359641][ C0] dump_stack_lvl+0x110/0x170
[ 34.364324][ C0] ? show_regs_print_info+0x20/0x20
[ 34.369520][ C0] dump_stack+0x15/0x20
[ 34.373717][ C0] ubsan_epilogue+0xe/0x40
[ 34.378156][ C0] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 34.383878][ C0] ? _raw_spin_lock+0x94/0xf0
[ 34.388560][ C0] aiptek_irq+0x208d/0x29b0
[ 34.393067][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 34.398874][ C0] ? kcov_remote_start+0xe5/0x350
[ 34.403896][ C0] ? usb_unanchor_urb+0xa1/0xc0
[ 34.408770][ C0] __usb_hcd_giveback_urb+0x333/0x4f0
[ 34.414149][ C0] usb_hcd_giveback_urb+0x119/0x410
[ 34.419360][ C0] ? _raw_spin_unlock+0x4d/0x70
[ 34.424212][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 34.430140][ C0] dummy_timer+0x8be/0x30e0
[ 34.434646][ C0] ? __this_cpu_preempt_check+0x13/0x20
[ 34.440203][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.445403][ C0] ? __kasan_check_write+0x14/0x20
[ 34.450541][ C0] ? _raw_spin_lock_irqsave+0x130/0x130
[ 34.456099][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.461298][ C0] call_timer_fn+0x38/0x290
[ 34.465801][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.471001][ C0] __run_timers+0x650/0x9e0
[ 34.475508][ C0] ? calc_index+0x200/0x200
[ 34.480014][ C0] ? sched_clock_cpu+0x18/0x3c0
[ 34.484869][ C0] run_timer_softirq+0x6a/0xf0
[ 34.489638][ C0] handle_softirqs+0x250/0x560
[ 34.494410][ C0] __irq_exit_rcu+0x52/0xf0
[ 34.498914][ C0] irq_exit_rcu+0x9/0x10
[ 34.503159][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 34.508790][ C0]
[ 34.511718][ C0]
[ 34.514649][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 34.520630][ C0] RIP: 0010:default_idle+0xf/0x20
[ 34.525660][ C0] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 34.545355][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000246
[ 34.551428][ C0] RAX: 0000000000003674 RBX: ffffffff8661c400 RCX: 0000000000003674
[ 34.559401][ C0] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 34.567391][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e
[ 34.575379][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000
[ 34.583377][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000
[ 34.591380][ C0] arch_cpu_idle+0xa/0x10
[ 34.595725][ C0] default_idle_call+0x71/0x1d0
[ 34.600583][ C0] do_idle+0x217/0x620
[ 34.604654][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 34.609847][ C0] ? radix_tree_lookup+0x248/0x290
[ 34.614962][ C0] ? debug_smp_processor_id+0x17/0x20
[ 34.620338][ C0] cpu_startup_entry+0x18/0x20
[ 34.625101][ C0] rest_init+0x10a/0x130
[ 34.629340][ C0] ? time_init+0x40/0x40
[ 34.633585][ C0] arch_call_rest_init+0xe/0x10
[ 34.638436][ C0] start_kernel+0x46d/0x4e0
[ 34.642961][ C0] x86_64_start_reservations+0x2a/0x30
[ 34.648449][ C0] x86_64_start_kernel+0x5b/0x60
[ 34.653401][ C0] secondary_startup_64_no_verify+0xb1/0xbb
[ 34.659307][ C0]
[ 34.662324][ C0] ================================================================================
[ 34.671610][ C0] ==================================================================
[ 34.679662][ C0] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x20ab/0x29b0
[ 34.687211][ C0] Read of size 4 at addr ffffffff857f35ec by task swapper/0/0
[ 34.694671][ C0]
[ 34.697013][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
[ 34.704037][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 34.714094][ C0] Call Trace:
[ 34.717385][ C0]
[ 34.720244][ C0] __dump_stack+0x21/0x30
[ 34.724585][ C0] dump_stack_lvl+0x110/0x170
[ 34.729269][ C0] ? show_regs_print_info+0x20/0x20
[ 34.734486][ C0] ? load_image+0x3e0/0x3e0
[ 34.738991][ C0] print_address_description+0x7f/0x2c0
[ 34.744626][ C0] ? aiptek_irq+0x20ab/0x29b0
[ 34.749317][ C0] kasan_report+0xf1/0x140
[ 34.753744][ C0] ? aiptek_irq+0x20ab/0x29b0
[ 34.758428][ C0] __asan_report_load4_noabort+0x14/0x20
[ 34.764073][ C0] aiptek_irq+0x20ab/0x29b0
[ 34.768590][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 34.774400][ C0] ? kcov_remote_start+0xe5/0x350
[ 34.779431][ C0] ? usb_unanchor_urb+0xa1/0xc0
[ 34.784290][ C0] __usb_hcd_giveback_urb+0x333/0x4f0
[ 34.789671][ C0] usb_hcd_giveback_urb+0x119/0x410
[ 34.794878][ C0] ? _raw_spin_unlock+0x4d/0x70
[ 34.799745][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 34.805637][ C0] dummy_timer+0x8be/0x30e0
[ 34.810151][ C0] ? __this_cpu_preempt_check+0x13/0x20
[ 34.815712][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.821293][ C0] ? __kasan_check_write+0x14/0x20
[ 34.826440][ C0] ? _raw_spin_lock_irqsave+0x130/0x130
[ 34.832123][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.837326][ C0] call_timer_fn+0x38/0x290
[ 34.841859][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 34.847073][ C0] __run_timers+0x650/0x9e0
[ 34.851584][ C0] ? calc_index+0x200/0x200
[ 34.856086][ C0] ? sched_clock_cpu+0x18/0x3c0
[ 34.860939][ C0] run_timer_softirq+0x6a/0xf0
[ 34.865802][ C0] handle_softirqs+0x250/0x560
[ 34.871179][ C0] __irq_exit_rcu+0x52/0xf0
[ 34.875693][ C0] irq_exit_rcu+0x9/0x10
[ 34.879958][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 34.885607][ C0]
[ 34.888534][ C0]
[ 34.891476][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 34.897550][ C0] RIP: 0010:default_idle+0xf/0x20
[ 34.902597][ C0] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 34.922202][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000246
[ 34.928273][ C0] RAX: 0000000000003674 RBX: ffffffff8661c400 RCX: 0000000000003674
[ 34.936251][ C0] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 34.944224][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e
[ 34.952225][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000
[ 34.960195][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000
[ 34.968180][ C0] arch_cpu_idle+0xa/0x10
[ 34.972521][ C0] default_idle_call+0x71/0x1d0
[ 34.977385][ C0] do_idle+0x217/0x620
[ 34.981486][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 34.986693][ C0] ? radix_tree_lookup+0x248/0x290
[ 34.991807][ C0] ? debug_smp_processor_id+0x17/0x20
[ 34.997195][ C0] cpu_startup_entry+0x18/0x20
[ 35.001961][ C0] rest_init+0x10a/0x130
[ 35.006291][ C0] ? time_init+0x40/0x40
[ 35.010540][ C0] arch_call_rest_init+0xe/0x10
[ 35.015392][ C0] start_kernel+0x46d/0x4e0
[ 35.019899][ C0] x86_64_start_reservations+0x2a/0x30
[ 35.025378][ C0] x86_64_start_kernel+0x5b/0x60
[ 35.030321][ C0] secondary_startup_64_no_verify+0xb1/0xbb
[ 35.036216][ C0]
[ 35.039228][ C0]
[ 35.041563][ C0] The buggy address belongs to the variable:
[ 35.047535][ C0] .str.60+0xc/0x20
[ 35.051360][ C0]
[ 35.053676][ C0] Memory state around the buggy address:
[ 35.059299][ C0] ffffffff857f3480: f9 f9 f9 f9 06 f9 f9 f9 00 01 f9 f9 04 f9 f9 f9
[ 35.067353][ C0] ffffffff857f3500: 00 f9 f9 f9 06 f9 f9 f9 07 f9 f9 f9 06 f9 f9 f9
[ 35.075449][ C0] >ffffffff857f3580: 00 04 f9 f9 05 f9 f9 f9 00 03 f9 f9 00 03 f9 f9
[ 35.083501][ C0] ^
[ 35.090964][ C0] ffffffff857f3600: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[ 35.099032][ C0] ffffffff857f3680: 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 01 f9 f9 f9
[ 35.107087][ C0] ==================================================================
[ 35.115144][ C0] Disabling lock debugging due to kernel taint
[ 35.121289][ C0] ================================================================================
[ 35.130556][ C0] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30
[ 35.139138][ C0] index 548 is out of range for type 'const int[34]'
[ 35.145807][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0
[ 35.154213][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 35.164273][ C0] Call Trace:
[ 35.167569][ C0]
[ 35.170418][ C0] __dump_stack+0x21/0x30
[ 35.174753][ C0] dump_stack_lvl+0x110/0x170
[ 35.179433][ C0] ? show_regs_print_info+0x20/0x20
[ 35.184826][ C0] ? _raw_spin_lock_irqsave+0xc2/0x130
[ 35.190309][ C0] ? __kasan_check_read+0x11/0x20
[ 35.195339][ C0] dump_stack+0x15/0x20
[ 35.199500][ C0] ubsan_epilogue+0xe/0x40
[ 35.203918][ C0] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 35.209643][ C0] aiptek_irq+0x1f6d/0x29b0
[ 35.214152][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 35.219959][ C0] __usb_hcd_giveback_urb+0x333/0x4f0
[ 35.225340][ C0] usb_hcd_giveback_urb+0x119/0x410
[ 35.230533][ C0] ? _raw_spin_unlock+0x4d/0x70
[ 35.235403][ C0] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 35.241305][ C0] dummy_timer+0x8be/0x30e0
[ 35.245806][ C0] ? __this_cpu_preempt_check+0x13/0x20
[ 35.251355][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 35.256551][ C0] ? __kasan_check_write+0x14/0x20
[ 35.261674][ C0] ? _raw_spin_lock_irqsave+0x130/0x130
[ 35.267225][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 35.272421][ C0] call_timer_fn+0x38/0x290
[ 35.276922][ C0] ? dummy_free_streams+0x5b0/0x5b0
[ 35.282119][ C0] __run_timers+0x650/0x9e0
[ 35.286632][ C0] ? calc_index+0x200/0x200
[ 35.291135][ C0] ? sched_clock_cpu+0x18/0x3c0
[ 35.295993][ C0] run_timer_softirq+0x6a/0xf0
[ 35.300761][ C0] handle_softirqs+0x250/0x560
[ 35.305528][ C0] __irq_exit_rcu+0x52/0xf0
[ 35.310040][ C0] irq_exit_rcu+0x9/0x10
[ 35.314468][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 35.320116][ C0]
[ 35.323048][ C0]
[ 35.325975][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 35.332161][ C0] RIP: 0010:default_idle+0xf/0x20
[ 35.337190][ C0] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 35.356791][ C0] RSP: 0018:ffffffff86607d78 EFLAGS: 00000246
[ 35.362858][ C0] RAX: 0000000000003674 RBX: ffffffff8661c400 RCX: 0000000000003674
[ 35.370827][ C0] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 35.378795][ C0] RBP: ffffffff86607d78 R08: ffff8881f7038c73 R09: 1ffff1103ee0718e
[ 35.386769][ C0] R10: dffffc0000000000 R11: ffffed103ee0718f R12: 0000000000000000
[ 35.394744][ C0] R13: 1ffffffff0cc3880 R14: dffffc0000000000 R15: dffffc0000000000
[ 35.402723][ C0] arch_cpu_idle+0xa/0x10
[ 35.407083][ C0] default_idle_call+0x71/0x1d0
[ 35.411936][ C0] do_idle+0x217/0x620
[ 35.416030][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 35.421236][ C0] ? radix_tree_lookup+0x248/0x290
[ 35.426354][ C0] ? debug_smp_processor_id+0x17/0x20
[ 35.431726][ C0] cpu_startup_entry+0x18/0x20
[ 35.436490][ C0] rest_init+0x10a/0x130
[ 35.440732][ C0] ? time_init+0x40/0x40
[ 35.444978][ C0] arch_call_rest_init+0xe/0x10
[ 35.449826][ C0] start_kernel+0x46d/0x4e0
[ 35.454333][ C0] x86_64_start_reservations+0x2a/0x30
[ 35.459792][ C0] x86_64_start_kernel+0x5b/0x60
[ 35.464730][ C0] secondary_startup_64_no_verify+0xb1/0xbb
[ 35.470628][ C0]
[ 35.473650][ C0] ================================================================================
[ 35.497847][ T60] usb 3-1: USB disconnect, device number 3