Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts.
2026/06/10 14:27:05 parsed 1 programs
[ 21.718405][ T24] audit: type=1400 audit(1781101625.550:64): avc: denied { node_bind } for pid=287 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 21.727198][ T24] audit: type=1400 audit(1781101625.550:65): avc: denied { create } for pid=287 comm="syz-execprog" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 21.733530][ T24] audit: type=1400 audit(1781101625.550:66): avc: denied { module_request } for pid=287 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 22.348280][ T24] audit: type=1400 audit(1781101626.180:67): avc: denied { mounton } for pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 22.349198][ T293] cgroup: Unknown subsys name 'net'
[ 22.376267][ T24] audit: type=1400 audit(1781101626.180:68): avc: denied { mount } for pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 22.398584][ T293] cgroup: Unknown subsys name 'devices'
[ 22.398633][ T24] audit: type=1400 audit(1781101626.210:69): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 22.546254][ T293] cgroup: Unknown subsys name 'hugetlb'
[ 22.551881][ T293] cgroup: Unknown subsys name 'rlimit'
[ 22.664441][ T24] audit: type=1400 audit(1781101626.490:70): avc: denied { setattr } for pid=293 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 22.687996][ T24] audit: type=1400 audit(1781101626.490:71): avc: denied { create } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 22.689780][ T298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 22.708604][ T24] audit: type=1400 audit(1781101626.490:72): avc: denied { write } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 22.737409][ T24] audit: type=1400 audit(1781101626.490:73): avc: denied { read } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 22.758589][ T293] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 23.239555][ T302] request_module fs-gadgetfs succeeded, but still no fs?
[ 23.249177][ T302] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[ 23.455397][ T321] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.462721][ T321] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.470132][ T321] device bridge_slave_0 entered promiscuous mode
[ 23.477225][ T321] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.484265][ T321] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.491731][ T321] device bridge_slave_1 entered promiscuous mode
[ 23.524173][ T321] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.531234][ T321] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.538532][ T321] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.545613][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.562611][ T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.570003][ T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.577398][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 23.585856][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.594373][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.602778][ T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.609836][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.619129][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.627376][ T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.634384][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.646140][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.655168][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 23.668769][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 23.679507][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 23.687684][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 23.695394][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 23.704074][ T321] device veth0_vlan entered promiscuous mode
[ 23.713384][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 23.722601][ T321] device veth1_macvtap entered promiscuous mode
[ 23.731659][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 23.742567][ T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/06/10 14:27:08 executed programs: 0
[ 24.290377][ T366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.297574][ T366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.305174][ T366] device bridge_slave_0 entered promiscuous mode
[ 24.312137][ T366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.319328][ T366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.326907][ T366] device bridge_slave_1 entered promiscuous mode
[ 24.364095][ T366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.371322][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.378622][ T366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.385678][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.405540][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.413175][ T7] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.420461][ T7] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.429102][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.437389][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.444440][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.456678][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 24.465235][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.473336][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.480372][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.491049][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 24.499221][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.512421][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 24.520709][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.532852][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 24.541226][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.550445][ T9] device bridge_slave_1 left promiscuous mode
[ 24.556729][ T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.564098][ T9] device bridge_slave_0 left promiscuous mode
[ 24.570481][ T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.578314][ T9] device veth1_macvtap left promiscuous mode
[ 24.584410][ T9] device veth0_vlan left promiscuous mode
[ 24.638796][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 24.646774][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.655032][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.662421][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.670780][ T366] device veth0_vlan entered promiscuous mode
[ 24.680349][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 24.688620][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.697611][ T366] device veth1_macvtap entered promiscuous mode
[ 24.706625][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 24.714307][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 24.722666][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.731917][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 24.740267][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.024723][ T333] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 25.384834][ T333] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 25.395869][ T333] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 25.405203][ T333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 25.415169][ T333] usb 3-1: config 0 descriptor??
[ 25.754766][ T333] usbhid 3-1:0.0: can't add hid device: -71
[ 25.760862][ T333] usbhid: probe of 3-1:0.0 failed with error -71
[ 25.768121][ T333] usb 3-1: USB disconnect, device number 2
[ 26.254767][ T333] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 26.625097][ T333] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 26.636049][ T333] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 26.645089][ T333] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 26.653834][ T333] usb 3-1: config 0 descriptor??
[ 27.564882][ T370] udc-core: couldn't find an available UDC or it's busy
[ 27.571834][ T370] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 27.585243][ T333] aiptek 3-1:0.0: Aiptek using 400 ms programming speed
[ 27.593024][ T333] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input4
[ 28.174691][ C1] ================================================================================
[ 28.184007][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31
[ 28.192678][ C1] index 547 is out of range for type 'const int[34]'
[ 28.199338][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 28.206343][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 28.216382][ C1] Call Trace:
[ 28.219660][ C1]
[ 28.222581][ C1] __dump_stack+0x21/0x24
[ 28.226907][ C1] dump_stack_lvl+0x1a7/0x208
[ 28.231610][ C1] ? show_regs_print_info+0x18/0x18
[ 28.236810][ C1] dump_stack+0x15/0x1c
[ 28.240952][ C1] ubsan_epilogue+0xe/0x40
[ 28.245354][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 28.251054][ C1] aiptek_irq+0x1fdf/0x2860
[ 28.255568][ C1] ? debug_smp_processor_id+0x17/0x20
[ 28.260920][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 28.266708][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 28.271545][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 28.276913][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 28.282099][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 28.286941][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 28.292821][ C1] dummy_timer+0x8be/0x30e0
[ 28.297319][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.302513][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.307713][ C1] call_timer_fn+0x38/0x290
[ 28.312197][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.317390][ C1] __run_timers+0x650/0x9e0
[ 28.321874][ C1] ? calc_index+0x200/0x200
[ 28.326359][ C1] ? sched_clock_cpu+0x1b/0x3d0
[ 28.331187][ C1] run_timer_softirq+0x6a/0xf0
[ 28.335944][ C1] __do_softirq+0x255/0x563
[ 28.340428][ C1] asm_call_irq_on_stack+0xf/0x20
[ 28.345444][ C1]
[ 28.348367][ C1] do_softirq_own_stack+0x60/0x80
[ 28.353455][ C1] __irq_exit_rcu+0x128/0x150
[ 28.358110][ C1] irq_exit_rcu+0x9/0x10
[ 28.362431][ C1] sysvec_apic_timer_interrupt+0xbf/0xe0
[ 28.368049][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 28.374006][ C1] RIP: 0010:default_idle+0x12/0x20
[ 28.379098][ C1] Code: 44 2a 00 00 49 bd 00 00 00 00 00 fc ff df e9 67 ff ff ff e8 d0 f7 fa ff 55 48 89 e5 0f 1f 44 00 00 0f 00 2d b0 f6 61 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 48 89 e5 41 57 41 56
[ 28.398691][ C1] RSP: 0018:ffffc90000107db8 EFLAGS: 00000256
[ 28.404922][ C1] RAX: ffff8881f7100000 RBX: ffff8881002962c0 RCX: 0000000000007c5e
[ 28.413121][ C1] RDX: 0000000000000001 RSI: ffffffff85409040 RDI: ffffffff85409000
[ 28.421076][ C1] RBP: ffffc90000107db8 R08: ffff8881f71573d3 R09: 1ffff1103ee2ae7a
[ 28.429032][ C1] R10: dffffc0000000000 R11: ffffed103ee2ae7b R12: 0000000000000000
[ 28.436992][ C1] R13: 1ffff11020052c58 R14: dffffc0000000000 R15: dffffc0000000000
[ 28.444955][ C1] arch_cpu_idle+0xa/0x10
[ 28.449279][ C1] default_idle_call+0x71/0x1d0
[ 28.454113][ C1] do_idle+0x368/0x620
[ 28.458166][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 28.463344][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 28.469134][ C1] cpu_startup_entry+0x18/0x20
[ 28.474027][ C1] start_secondary+0x2e9/0x3a0
[ 28.478785][ C1] secondary_startup_64_no_verify+0xad/0xbb
[ 28.484758][ C1] ================================================================================
[ 28.494037][ C1] ==================================================================
[ 28.502086][ C1] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x1ffd/0x2860
[ 28.509808][ C1] Read of size 4 at addr ffffffff855b380c by task swapper/1/0
[ 28.517246][ C1]
[ 28.519580][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 28.527116][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 28.537270][ C1] Call Trace:
[ 28.540555][ C1]
[ 28.543399][ C1] __dump_stack+0x21/0x24
[ 28.547739][ C1] dump_stack_lvl+0x1a7/0x208
[ 28.552409][ C1] ? show_regs_print_info+0x18/0x18
[ 28.557598][ C1] ? thaw_kernel_threads+0x220/0x220
[ 28.562870][ C1] print_address_description+0x7f/0x2c0
[ 28.568420][ C1] ? aiptek_irq+0x1ffd/0x2860
[ 28.573098][ C1] kasan_report+0xe2/0x130
[ 28.577498][ C1] ? aiptek_irq+0x1ffd/0x2860
[ 28.582352][ C1] __asan_report_load4_noabort+0x14/0x20
[ 28.587986][ C1] aiptek_irq+0x1ffd/0x2860
[ 28.592494][ C1] ? debug_smp_processor_id+0x17/0x20
[ 28.597848][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 28.603674][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 28.608614][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 28.613979][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 28.619193][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 28.624045][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 28.630199][ C1] dummy_timer+0x8be/0x30e0
[ 28.634706][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.639886][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.645096][ C1] call_timer_fn+0x38/0x290
[ 28.649695][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 28.654906][ C1] __run_timers+0x650/0x9e0
[ 28.659391][ C1] ? calc_index+0x200/0x200
[ 28.663874][ C1] ? sched_clock_cpu+0x1b/0x3d0
[ 28.668712][ C1] run_timer_softirq+0x6a/0xf0
[ 28.673457][ C1] __do_softirq+0x255/0x563
[ 28.677964][ C1] asm_call_irq_on_stack+0xf/0x20
[ 28.682967][ C1]
[ 28.685891][ C1] do_softirq_own_stack+0x60/0x80
[ 28.690897][ C1] __irq_exit_rcu+0x128/0x150
[ 28.695565][ C1] irq_exit_rcu+0x9/0x10
[ 28.699804][ C1] sysvec_apic_timer_interrupt+0xbf/0xe0
[ 28.705449][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 28.711514][ C1] RIP: 0010:default_idle+0x12/0x20
[ 28.716619][ C1] Code: 44 2a 00 00 49 bd 00 00 00 00 00 fc ff df e9 67 ff ff ff e8 d0 f7 fa ff 55 48 89 e5 0f 1f 44 00 00 0f 00 2d b0 f6 61 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 48 89 e5 41 57 41 56
[ 28.736323][ C1] RSP: 0018:ffffc90000107db8 EFLAGS: 00000256
[ 28.742390][ C1] RAX: ffff8881f7100000 RBX: ffff8881002962c0 RCX: 0000000000007c5e
[ 28.750353][ C1] RDX: 0000000000000001 RSI: ffffffff85409040 RDI: ffffffff85409000
[ 28.758319][ C1] RBP: ffffc90000107db8 R08: ffff8881f71573d3 R09: 1ffff1103ee2ae7a
[ 28.766302][ C1] R10: dffffc0000000000 R11: ffffed103ee2ae7b R12: 0000000000000000
[ 28.774270][ C1] R13: 1ffff11020052c58 R14: dffffc0000000000 R15: dffffc0000000000
[ 28.782256][ C1] arch_cpu_idle+0xa/0x10
[ 28.786608][ C1] default_idle_call+0x71/0x1d0
[ 28.791462][ C1] do_idle+0x368/0x620
[ 28.795524][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 28.800717][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 28.806522][ C1] cpu_startup_entry+0x18/0x20
[ 28.811296][ C1] start_secondary+0x2e9/0x3a0
[ 28.816058][ C1] secondary_startup_64_no_verify+0xad/0xbb
[ 28.821942][ C1]
[ 28.824262][ C1] The buggy address belongs to the variable:
[ 28.830256][ C1] .str.57+0xc/0x20
[ 28.834050][ C1]
[ 28.836365][ C1] Memory state around the buggy address:
[ 28.841989][ C1] ffffffff855b3700: 04 f9 f9 f9 00 f9 f9 f9 06 f9 f9 f9 07 f9 f9 f9
[ 28.850193][ C1] ffffffff855b3780: 06 f9 f9 f9 00 04 f9 f9 05 f9 f9 f9 00 03 f9 f9
[ 28.858344][ C1] >ffffffff855b3800: 00 03 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9
[ 28.866487][ C1] ^
[ 28.870804][ C1] ffffffff855b3880: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[ 28.878861][ C1] ffffffff855b3900: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
[ 28.886913][ C1] ==================================================================
[ 28.895044][ C1] Disabling lock debugging due to kernel taint
[ 28.901189][ C1] ================================================================================
[ 28.910452][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30
[ 28.919019][ C1] index 548 is out of range for type 'const int[34]'
[ 28.925682][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 28.934169][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 28.944215][ C1] Call Trace:
[ 28.947486][ C1]
[ 28.950337][ C1] __dump_stack+0x21/0x24
[ 28.954656][ C1] dump_stack_lvl+0x1a7/0x208
[ 28.959325][ C1] ? show_regs_print_info+0x18/0x18
[ 28.964515][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130
[ 28.970139][ C1] ? __kasan_check_read+0x11/0x20
[ 28.975238][ C1] dump_stack+0x15/0x1c
[ 28.979484][ C1] ubsan_epilogue+0xe/0x40
[ 28.983909][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 28.989745][ C1] aiptek_irq+0x1ebf/0x2860
[ 28.994238][ C1] ? debug_smp_processor_id+0x17/0x20
[ 29.000036][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 29.005834][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 29.010677][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 29.016039][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 29.021231][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 29.026073][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 29.031957][ C1] dummy_timer+0x8be/0x30e0
[ 29.036460][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 29.041648][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 29.046839][ C1] call_timer_fn+0x38/0x290
[ 29.051333][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 29.056521][ C1] __run_timers+0x650/0x9e0
[ 29.061019][ C1] ? calc_index+0x200/0x200
[ 29.065531][ C1] ? sched_clock_cpu+0x1b/0x3d0
[ 29.070380][ C1] run_timer_softirq+0x6a/0xf0
[ 29.075138][ C1] __do_softirq+0x255/0x563
[ 29.079633][ C1] asm_call_irq_on_stack+0xf/0x20
[ 29.084645][ C1]
[ 29.087580][ C1] do_softirq_own_stack+0x60/0x80
[ 29.092597][ C1] __irq_exit_rcu+0x128/0x150
[ 29.097269][ C1] irq_exit_rcu+0x9/0x10
[ 29.101510][ C1] sysvec_apic_timer_interrupt+0xbf/0xe0
[ 29.107133][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 29.113103][ C1] RIP: 0010:default_idle+0x12/0x20
[ 29.118204][ C1] Code: 44 2a 00 00 49 bd 00 00 00 00 00 fc ff df e9 67 ff ff ff e8 d0 f7 fa ff 55 48 89 e5 0f 1f 44 00 00 0f 00 2d b0 f6 61 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 48 89 e5 41 57 41 56
[ 29.137814][ C1] RSP: 0018:ffffc90000107db8 EFLAGS: 00000256
[ 29.143964][ C1] RAX: ffff8881f7100000 RBX: ffff8881002962c0 RCX: 0000000000007c5e
[ 29.151939][ C1] RDX: 0000000000000001 RSI: ffffffff85409040 RDI: ffffffff85409000
[ 29.159899][ C1] RBP: ffffc90000107db8 R08: ffff8881f71573d3 R09: 1ffff1103ee2ae7a
[ 29.167862][ C1] R10: dffffc0000000000 R11: ffffed103ee2ae7b R12: 0000000000000000
[ 29.175822][ C1] R13: 1ffff11020052c58 R14: dffffc0000000000 R15: dffffc0000000000
[ 29.183792][ C1] arch_cpu_idle+0xa/0x10
[ 29.188118][ C1] default_idle_call+0x71/0x1d0
[ 29.192968][ C1] do_idle+0x368/0x620
[ 29.197029][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 29.202233][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 29.208046][ C1] cpu_startup_entry+0x18/0x20
[ 29.212801][ C1] start_secondary+0x2e9/0x3a0
[ 29.217557][ C1] secondary_startup_64_no_verify+0xad/0xbb
[ 29.223440][ C1] ================================================================================
[ 29.241745][ T394] usb 3-1: USB disconnect, device number 3
[ 29.244658][ C1] aiptek 3-1:0.0: aiptek_irq - usb_submit_urb failed with result -19