Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts.
2026/06/11 06:38:24 parsed 1 programs
[ 34.977504][ T30] audit: type=1400 audit(1781159904.582:64): avc: denied { node_bind } for pid=293 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 34.998288][ T30] audit: type=1400 audit(1781159904.582:65): avc: denied { module_request } for pid=293 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 35.686366][ T30] audit: type=1400 audit(1781159905.292:66): avc: denied { mounton } for pid=299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 35.687348][ T299] cgroup: Unknown subsys name 'net'
[ 35.709024][ T30] audit: type=1400 audit(1781159905.292:67): avc: denied { mount } for pid=299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 35.736323][ T30] audit: type=1400 audit(1781159905.322:68): avc: denied { unmount } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 35.736470][ T299] cgroup: Unknown subsys name 'devices'
[ 35.854418][ T299] cgroup: Unknown subsys name 'hugetlb'
[ 35.860066][ T299] cgroup: Unknown subsys name 'rlimit'
[ 36.001464][ T30] audit: type=1400 audit(1781159905.602:69): avc: denied { setattr } for pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 36.024707][ T30] audit: type=1400 audit(1781159905.602:70): avc: denied { create } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 36.030464][ T303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 36.045168][ T30] audit: type=1400 audit(1781159905.602:71): avc: denied { write } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 36.073990][ T30] audit: type=1400 audit(1781159905.602:72): avc: denied { read } for pid=299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 36.094511][ T30] audit: type=1400 audit(1781159905.602:73): avc: denied { mounton } for pid=299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 36.108841][ T299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 36.548920][ T305] request_module fs-gadgetfs succeeded, but still no fs?
[ 36.783159][ T323] syz-executor (323) used greatest stack depth: 21664 bytes left
[ 36.812377][ T335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.819464][ T335] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.826934][ T335] device bridge_slave_0 entered promiscuous mode
[ 36.834595][ T335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.841614][ T335] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.849065][ T335] device bridge_slave_1 entered promiscuous mode
[ 36.884307][ T335] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.891358][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 36.898664][ T335] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.905729][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.923501][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 36.931216][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 36.938505][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 36.948078][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 36.956325][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 36.963362][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 36.973356][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 36.981504][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 36.988552][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.000585][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.009825][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.022622][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.035317][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.043380][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.050746][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.058845][ T335] device veth0_vlan entered promiscuous mode
[ 37.069985][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 37.080021][ T335] device veth1_macvtap entered promiscuous mode
[ 37.090071][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 37.100263][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 37.146665][ T335] syz-executor (335) used greatest stack depth: 21472 bytes left
2026/06/11 06:38:27 executed programs: 0
[ 37.608939][ T366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.616040][ T366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.623723][ T366] device bridge_slave_0 entered promiscuous mode
[ 37.630657][ T366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.637745][ T366] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.645205][ T366] device bridge_slave_1 entered promiscuous mode
[ 37.683800][ T366] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.690858][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.698133][ T366] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.705176][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.726364][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 37.733963][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.741141][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 37.750541][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 37.759075][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 37.767443][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 37.774486][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 37.783523][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 37.791840][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 37.800353][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 37.807410][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 37.823254][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 37.831313][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 37.840127][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 37.848297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 37.865945][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 37.874391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 37.887088][ T366] device veth0_vlan entered promiscuous mode
[ 37.894409][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 37.902517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 37.916671][ T366] device veth1_macvtap entered promiscuous mode
[ 37.930261][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 37.937974][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 37.945586][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 37.953817][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 37.961875][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 37.969587][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 37.978098][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 37.986467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 37.994823][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 38.282819][ T339] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 38.564195][ T10] device bridge_slave_1 left promiscuous mode
[ 38.570356][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 38.577933][ T10] device bridge_slave_0 left promiscuous mode
[ 38.584148][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 38.591784][ T10] device veth1_macvtap left promiscuous mode
[ 38.597929][ T10] device veth0_vlan left promiscuous mode
[ 38.662791][ T339] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 38.673727][ T339] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 38.683177][ T339] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 38.692341][ T339] usb 3-1: config 0 descriptor??
[ 39.032777][ T339] usbhid 3-1:0.0: can't add hid device: -71
[ 39.038771][ T339] usbhid: probe of 3-1:0.0 failed with error -71
[ 39.045817][ T339] usb 3-1: USB disconnect, device number 2
[ 39.492814][ T339] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 39.852840][ T339] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 39.866079][ T339] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 39.875317][ T339] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 39.884012][ T339] usb 3-1: config 0 descriptor??
[ 40.802879][ T370] UDC core: couldn't find an available UDC or it's busy: -16
[ 40.810265][ T370] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 40.822767][ T339] aiptek 3-1:0.0: Aiptek using 400 ms programming speed
[ 40.830521][ T339] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input4
[ 41.412725][ C1] ================================================================================
[ 41.422027][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31
[ 41.430618][ C1] index 547 is out of range for type 'const int[34]'
[ 41.437297][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 41.444303][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 41.454345][ C1] Call Trace:
[ 41.457624][ C1]
[ 41.460481][ C1] __dump_stack+0x21/0x30
[ 41.464829][ C1] dump_stack_lvl+0x110/0x170
[ 41.469506][ C1] ? show_regs_print_info+0x20/0x20
[ 41.474693][ C1] dump_stack+0x15/0x20
[ 41.478835][ C1] ubsan_epilogue+0xe/0x40
[ 41.483251][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 41.488960][ C1] ? _raw_spin_lock+0x94/0xf0
[ 41.493800][ C1] aiptek_irq+0x208d/0x29b0
[ 41.498292][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 41.504174][ C1] ? kcov_remote_start+0xe5/0x350
[ 41.509187][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 41.514020][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 41.519378][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 41.524573][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 41.529407][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 41.535284][ C1] dummy_timer+0x8be/0x30e0
[ 41.539771][ C1] ? update_blocked_averages+0xf50/0xf50
[ 41.545403][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.550587][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.555772][ C1] call_timer_fn+0x38/0x290
[ 41.560260][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.565446][ C1] __run_timers+0x650/0x9e0
[ 41.569952][ C1] ? calc_index+0x200/0x200
[ 41.574447][ C1] ? sched_clock_cpu+0x18/0x3c0
[ 41.579282][ C1] run_timer_softirq+0x6a/0xf0
[ 41.584039][ C1] handle_softirqs+0x250/0x560
[ 41.588789][ C1] __irq_exit_rcu+0x52/0xf0
[ 41.593276][ C1] irq_exit_rcu+0x9/0x10
[ 41.597512][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 41.603145][ C1]
[ 41.606062][ C1]
[ 41.608975][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.614949][ C1] RIP: 0010:default_idle+0xf/0x20
[ 41.619962][ C1] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 41.639557][ C1] RSP: 0018:ffffc90000157db8 EFLAGS: 00000246
[ 41.645627][ C1] RAX: 0000000000004ce4 RBX: ffff88810030bb40 RCX: 0000000000004ce4
[ 41.653591][ C1] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 41.661545][ C1] RBP: ffffc90000157db8 R08: ffff8881f7138c73 R09: 1ffff1103ee2718e
[ 41.669513][ C1] R10: dffffc0000000000 R11: ffffed103ee2718f R12: 0000000000000000
[ 41.677478][ C1] R13: 1ffff11020061768 R14: dffffc0000000000 R15: dffffc0000000000
[ 41.685438][ C1] arch_cpu_idle+0xa/0x10
[ 41.689753][ C1] default_idle_call+0x71/0x1d0
[ 41.694587][ C1] do_idle+0x217/0x620
[ 41.698648][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 41.703834][ C1] cpu_startup_entry+0x18/0x20
[ 41.708592][ C1] start_secondary+0x2e6/0x3a0
[ 41.713339][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 41.719223][ C1]
[ 41.722226][ C1] ================================================================================
[ 41.731494][ C1] ==================================================================
[ 41.739535][ C1] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x20ab/0x29b0
[ 41.747063][ C1] Read of size 4 at addr ffffffff857f35ec by task swapper/1/0
[ 41.754503][ C1]
[ 41.756812][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 41.763829][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 41.773872][ C1] Call Trace:
[ 41.777146][ C1]
[ 41.779993][ C1] __dump_stack+0x21/0x30
[ 41.784421][ C1] dump_stack_lvl+0x110/0x170
[ 41.789088][ C1] ? show_regs_print_info+0x20/0x20
[ 41.794275][ C1] ? load_image+0x3e0/0x3e0
[ 41.798777][ C1] print_address_description+0x7f/0x2c0
[ 41.804311][ C1] ? aiptek_irq+0x20ab/0x29b0
[ 41.808978][ C1] kasan_report+0xf1/0x140
[ 41.813390][ C1] ? aiptek_irq+0x20ab/0x29b0
[ 41.818052][ C1] __asan_report_load4_noabort+0x14/0x20
[ 41.823670][ C1] aiptek_irq+0x20ab/0x29b0
[ 41.828160][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 41.833954][ C1] ? kcov_remote_start+0xe5/0x350
[ 41.838966][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 41.843803][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 41.849158][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 41.854340][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 41.859182][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 41.865075][ C1] dummy_timer+0x8be/0x30e0
[ 41.869572][ C1] ? update_blocked_averages+0xf50/0xf50
[ 41.875212][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.880399][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.885591][ C1] call_timer_fn+0x38/0x290
[ 41.890091][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 41.895276][ C1] __run_timers+0x650/0x9e0
[ 41.899785][ C1] ? calc_index+0x200/0x200
[ 41.904276][ C1] ? sched_clock_cpu+0x18/0x3c0
[ 41.909116][ C1] run_timer_softirq+0x6a/0xf0
[ 41.913879][ C1] handle_softirqs+0x250/0x560
[ 41.918630][ C1] __irq_exit_rcu+0x52/0xf0
[ 41.923150][ C1] irq_exit_rcu+0x9/0x10
[ 41.927384][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 41.933004][ C1]
[ 41.935924][ C1]
[ 41.938846][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.944846][ C1] RIP: 0010:default_idle+0xf/0x20
[ 41.949862][ C1] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 41.969659][ C1] RSP: 0018:ffffc90000157db8 EFLAGS: 00000246
[ 41.975725][ C1] RAX: 0000000000004ce4 RBX: ffff88810030bb40 RCX: 0000000000004ce4
[ 41.983702][ C1] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 41.991663][ C1] RBP: ffffc90000157db8 R08: ffff8881f7138c73 R09: 1ffff1103ee2718e
[ 41.999619][ C1] R10: dffffc0000000000 R11: ffffed103ee2718f R12: 0000000000000000
[ 42.007578][ C1] R13: 1ffff11020061768 R14: dffffc0000000000 R15: dffffc0000000000
[ 42.015538][ C1] arch_cpu_idle+0xa/0x10
[ 42.019859][ C1] default_idle_call+0x71/0x1d0
[ 42.024702][ C1] do_idle+0x217/0x620
[ 42.028770][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 42.033954][ C1] cpu_startup_entry+0x18/0x20
[ 42.038718][ C1] start_secondary+0x2e6/0x3a0
[ 42.043469][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 42.049347][ C1]
[ 42.052361][ C1]
[ 42.054667][ C1] The buggy address belongs to the variable:
[ 42.060634][ C1] .str.60+0xc/0x20
[ 42.064428][ C1]
[ 42.066738][ C1] Memory state around the buggy address:
[ 42.072347][ C1] ffffffff857f3480: f9 f9 f9 f9 06 f9 f9 f9 00 01 f9 f9 04 f9 f9 f9
[ 42.080390][ C1] ffffffff857f3500: 00 f9 f9 f9 06 f9 f9 f9 07 f9 f9 f9 06 f9 f9 f9
[ 42.088459][ C1] >ffffffff857f3580: 00 04 f9 f9 05 f9 f9 f9 00 03 f9 f9 00 03 f9 f9
[ 42.096510][ C1] ^
[ 42.103955][ C1] ffffffff857f3600: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[ 42.112012][ C1] ffffffff857f3680: 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 01 f9 f9 f9
[ 42.120070][ C1] ==================================================================
[ 42.128123][ C1] Disabling lock debugging due to kernel taint
[ 42.134268][ C1] ================================================================================
[ 42.143658][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30
[ 42.152242][ C1] index 548 is out of range for type 'const int[34]'
[ 42.158897][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 42.167295][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 42.177340][ C1] Call Trace:
[ 42.180612][ C1]
[ 42.183457][ C1] __dump_stack+0x21/0x30
[ 42.187790][ C1] dump_stack_lvl+0x110/0x170
[ 42.192452][ C1] ? show_regs_print_info+0x20/0x20
[ 42.197648][ C1] ? _raw_spin_lock_irqsave+0xc2/0x130
[ 42.203097][ C1] ? __kasan_check_read+0x11/0x20
[ 42.208107][ C1] dump_stack+0x15/0x20
[ 42.212256][ C1] ubsan_epilogue+0xe/0x40
[ 42.216661][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 42.222373][ C1] aiptek_irq+0x1f6d/0x29b0
[ 42.226865][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80
[ 42.232662][ C1] __usb_hcd_giveback_urb+0x333/0x4f0
[ 42.238054][ C1] usb_hcd_giveback_urb+0x119/0x410
[ 42.243250][ C1] ? _raw_spin_unlock+0x4d/0x70
[ 42.248114][ C1] ? usb_hcd_unlink_urb_from_ep+0x10e/0x120
[ 42.253991][ C1] dummy_timer+0x8be/0x30e0
[ 42.258481][ C1] ? update_blocked_averages+0xf50/0xf50
[ 42.264108][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 42.269293][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 42.274479][ C1] call_timer_fn+0x38/0x290
[ 42.278972][ C1] ? dummy_free_streams+0x5b0/0x5b0
[ 42.284172][ C1] __run_timers+0x650/0x9e0
[ 42.288666][ C1] ? calc_index+0x200/0x200
[ 42.293152][ C1] ? sched_clock_cpu+0x18/0x3c0
[ 42.297987][ C1] run_timer_softirq+0x6a/0xf0
[ 42.302733][ C1] handle_softirqs+0x250/0x560
[ 42.307483][ C1] __irq_exit_rcu+0x52/0xf0
[ 42.311968][ C1] irq_exit_rcu+0x9/0x10
[ 42.316195][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 42.321811][ C1]
[ 42.324741][ C1]
[ 42.327665][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.333650][ C1] RIP: 0010:default_idle+0xf/0x20
[ 42.338760][ C1] Code: ff 4c 89 f7 e8 a2 a1 f4 fc e9 3d ff ff ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 55 48 89 e5 66 90 0f 00 2d e3 a1 50 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
[ 42.358354][ C1] RSP: 0018:ffffc90000157db8 EFLAGS: 00000246
[ 42.364412][ C1] RAX: 0000000000004ce4 RBX: ffff88810030bb40 RCX: 0000000000004ce4
[ 42.372372][ C1] RDX: 0000000000000001 RSI: ffffffff8563ad60 RDI: ffffffff8563ad20
[ 42.380532][ C1] RBP: ffffc90000157db8 R08: ffff8881f7138c73 R09: 1ffff1103ee2718e
[ 42.388491][ C1] R10: dffffc0000000000 R11: ffffed103ee2718f R12: 0000000000000000
[ 42.396474][ C1] R13: 1ffff11020061768 R14: dffffc0000000000 R15: dffffc0000000000
[ 42.404445][ C1] arch_cpu_idle+0xa/0x10
[ 42.408776][ C1] default_idle_call+0x71/0x1d0
[ 42.413613][ C1] do_idle+0x217/0x620
[ 42.417669][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 42.422852][ C1] cpu_startup_entry+0x18/0x20
[ 42.427600][ C1] start_secondary+0x2e6/0x3a0
[ 42.432351][ C1] secondary_startup_64_no_verify+0xb1/0xbb
[ 42.438229][ C1]
[ 42.441237][ C1] ================================================================================
[ 42.454226][ T42] usb 3-1: USB disconnect, device number 3