syzkaller
syzkaller login: [ 13.192843][ T28] kauditd_printk_skb: 48 callbacks suppressed
[ 13.192856][ T28] audit: type=1400 audit(1781104454.233:59): avc: denied { transition } for pid=226 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.196718][ T28] audit: type=1400 audit(1781104454.233:60): avc: denied { noatsecure } for pid=226 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.199377][ T28] audit: type=1400 audit(1781104454.233:61): avc: denied { write } for pid=226 comm="sh" path="pipe:[14685]" dev="pipefs" ino=14685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 13.202488][ T28] audit: type=1400 audit(1781104454.233:62): avc: denied { rlimitinh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.204977][ T28] audit: type=1400 audit(1781104454.233:63): avc: denied { siginh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.80' (ED25519) to the list of known hosts.
2026/06/10 15:14:23 parsed 1 programs
[ 22.045726][ T28] audit: type=1400 audit(1781104463.083:64): avc: denied { node_bind } for pid=296 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 22.066827][ T28] audit: type=1400 audit(1781104463.083:65): avc: denied { module_request } for pid=296 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 22.752633][ T28] audit: type=1400 audit(1781104463.793:66): avc: denied { mounton } for pid=302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 22.753640][ T302] cgroup: Unknown subsys name 'net'
[ 22.775256][ T28] audit: type=1400 audit(1781104463.793:67): avc: denied { mount } for pid=302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 22.802475][ T28] audit: type=1400 audit(1781104463.823:68): avc: denied { unmount } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 22.802607][ T302] cgroup: Unknown subsys name 'devices'
[ 22.948728][ T302] cgroup: Unknown subsys name 'hugetlb'
[ 22.954303][ T302] cgroup: Unknown subsys name 'rlimit'
[ 23.060610][ T28] audit: type=1400 audit(1781104464.103:69): avc: denied { setattr } for pid=302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 23.083744][ T28] audit: type=1400 audit(1781104464.103:70): avc: denied { create } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.102489][ T306] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 23.104259][ T28] audit: type=1400 audit(1781104464.103:71): avc: denied { write } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.132824][ T28] audit: type=1400 audit(1781104464.103:72): avc: denied { read } for pid=302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 23.152968][ T28] audit: type=1400 audit(1781104464.103:73): avc: denied { mounton } for pid=302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 23.178550][ T302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 23.790862][ T310] request_module fs-gadgetfs succeeded, but still no fs?
[ 24.009753][ T320] syz-executor (320) used greatest stack depth: 22400 bytes left
[ 24.143271][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.150455][ T347] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.157882][ T347] device bridge_slave_0 entered promiscuous mode
[ 24.165245][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.172274][ T347] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.179611][ T347] device bridge_slave_1 entered promiscuous mode
[ 24.215352][ T347] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.222376][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.229628][ T347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.236634][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.253487][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.261198][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.268414][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.283897][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.291972][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.298993][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.306424][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.314656][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.321679][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.329057][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.343374][ T347] device veth0_vlan entered promiscuous mode
[ 24.349753][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.358103][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.365936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.373616][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.381018][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.391694][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.403056][ T347] device veth1_macvtap entered promiscuous mode
[ 24.411611][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.421168][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 24.448350][ T347] syz-executor (347) used greatest stack depth: 21984 bytes left
2026/06/10 15:14:25 executed programs: 0
[ 24.904723][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.911916][ T372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.919284][ T372] device bridge_slave_0 entered promiscuous mode
[ 24.929244][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.936253][ T372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.943557][ T372] device bridge_slave_1 entered promiscuous mode
[ 24.977416][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.984436][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.991701][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.998720][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.006492][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.013669][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.034088][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 25.041905][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.050285][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 25.058701][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.066746][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.073777][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.082123][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 25.090931][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.099087][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.106084][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.120544][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 25.128604][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.137167][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 25.145386][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.161771][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 25.170093][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.180348][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 25.188342][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.196213][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 25.203634][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 25.214794][ T372] device veth0_vlan entered promiscuous mode
[ 25.223847][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 25.231898][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.244581][ T372] device veth1_macvtap entered promiscuous mode
[ 25.252936][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 25.260471][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 25.268885][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.280806][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 25.288952][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.577400][ T222] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 25.758393][ T222] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 25.769302][ T222] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 25.778360][ T222] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 25.787358][ T222] usb 3-1: config 0 descriptor??
[ 25.967984][ T8] device bridge_slave_1 left promiscuous mode
[ 25.974081][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.981568][ T8] device bridge_slave_0 left promiscuous mode
[ 25.987755][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.996590][ T222] usbhid 3-1:0.0: can't add hid device: -71
[ 26.002572][ T222] usbhid: probe of 3-1:0.0 failed with error -71
[ 26.002645][ T8] device veth1_macvtap left promiscuous mode
[ 26.009568][ T222] usb 3-1: USB disconnect, device number 2
[ 26.016819][ T8] device veth0_vlan left promiscuous mode
[ 26.587304][ T222] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[ 26.768259][ T222] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 26.779139][ T222] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.40
[ 26.788182][ T222] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 26.796660][ T222] usb 3-1: config 0 descriptor??
[ 27.617702][ T222] aiptek 3-1:0.0: Aiptek using 400 ms programming speed
[ 27.625231][ T222] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input4
[ 27.679695][ C1] ================================================================================
[ 27.688963][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:741:31
[ 27.697523][ C1] index 4775 is out of range for type 'const int[34]'
[ 27.704254][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 27.711248][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 27.721290][ C1] Call Trace:
[ 27.724544][ C1]
[ 27.727361][ C1] __dump_stack+0x21/0x24
[ 27.731677][ C1] dump_stack_lvl+0x110/0x170
[ 27.736328][ C1] ? __cfi_dump_stack_lvl+0x8/0x8
[ 27.741325][ C1] dump_stack+0x15/0x24
[ 27.745457][ C1] ubsan_epilogue+0xe/0x40
[ 27.749963][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 27.755663][ C1] ? __kasan_check_write+0x14/0x20
[ 27.760747][ C1] aiptek_irq+0x208d/0x29b0
[ 27.765226][ C1] ? kcov_remote_start+0xe8/0x370
[ 27.770226][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 27.775054][ C1] __usb_hcd_giveback_urb+0x364/0x520
[ 27.780398][ C1] usb_hcd_giveback_urb+0x11c/0x410
[ 27.785571][ C1] dummy_timer+0x88c/0x3070
[ 27.790054][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 27.794966][ C1] ? timerqueue_del+0xd3/0x120
[ 27.799701][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 27.804612][ C1] __hrtimer_run_queues+0x3bb/0x8e0
[ 27.809784][ C1] ? hrtimer_interrupt+0x8c0/0x8c0
[ 27.814881][ C1] hrtimer_run_softirq+0x19b/0x260
[ 27.819967][ C1] handle_softirqs+0x1d7/0x600
[ 27.824702][ C1] ? irqtime_account_irq+0xc4/0x240
[ 27.829875][ C1] __irq_exit_rcu+0x52/0xf0
[ 27.834350][ C1] irq_exit_rcu+0x9/0x10
[ 27.838565][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 27.844175][ C1]
[ 27.847080][ C1]
[ 27.849984][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 27.855939][ C1] RIP: 0010:default_idle+0xf/0x20
[ 27.860941][ C1] Code: 37 e3 b4 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 f3 63 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 27.880526][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 27.886576][ C1] RAX: ffff8881f6f00000 RBX: ffff888100330000 RCX: be45b475e3e0d600
[ 27.894524][ C1] RDX: 0000000000000001 RSI: ffffffff85ca8e00 RDI: ffffffff85ca8dc0
[ 27.902469][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916
[ 27.910419][ C1] R10: 0000000000000000 R11: ffffffff85023e50 R12: dffffc0000000000
[ 27.918363][ C1] R13: 0000000000000001 R14: ffff888100330000 R15: dffffc0000000000
[ 27.926307][ C1] ? __cfi_default_idle+0x10/0x10
[ 27.931310][ C1] arch_cpu_idle+0x1c/0x20
[ 27.935700][ C1] default_idle_call+0x71/0x1d0
[ 27.940522][ C1] do_idle+0x354/0x640
[ 27.944562][ C1] ? irqentry_exit+0x30/0x40
[ 27.949126][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 27.954295][ C1] cpu_startup_entry+0x43/0x60
[ 27.959029][ C1] start_secondary+0x119/0x120
[ 27.963765][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 27.969632][ C1]
[ 27.972633][ C1] ================================================================================
[ 27.981886][ C1] ==================================================================
[ 27.989914][ C1] BUG: KASAN: global-out-of-bounds in aiptek_irq+0x20ab/0x29b0
[ 27.997429][ C1] Read of size 4 at addr ffffffff85e6f19c by task swapper/1/0
[ 28.004855][ C1]
[ 28.007154][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 28.014148][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 28.024175][ C1] Call Trace:
[ 28.027449][ C1]
[ 28.030276][ C1] __dump_stack+0x21/0x24
[ 28.034582][ C1] dump_stack_lvl+0x110/0x170
[ 28.039231][ C1] ? __cfi_dump_stack_lvl+0x8/0x8
[ 28.044227][ C1] ? _printk+0xda/0x128
[ 28.048354][ C1] ? aiptek_irq+0x20ab/0x29b0
[ 28.053003][ C1] print_address_description+0x71/0x200
[ 28.058524][ C1] print_report+0x4a/0x60
[ 28.062822][ C1] kasan_report+0x122/0x150
[ 28.067298][ C1] ? aiptek_irq+0x20ab/0x29b0
[ 28.071944][ C1] __asan_report_load4_noabort+0x14/0x20
[ 28.077554][ C1] aiptek_irq+0x20ab/0x29b0
[ 28.082031][ C1] ? kcov_remote_start+0xe8/0x370
[ 28.087032][ C1] ? usb_unanchor_urb+0xa1/0xc0
[ 28.091857][ C1] __usb_hcd_giveback_urb+0x364/0x520
[ 28.097204][ C1] usb_hcd_giveback_urb+0x11c/0x410
[ 28.102373][ C1] dummy_timer+0x88c/0x3070
[ 28.106854][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 28.111761][ C1] ? timerqueue_del+0xd3/0x120
[ 28.116499][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 28.121408][ C1] __hrtimer_run_queues+0x3bb/0x8e0
[ 28.126583][ C1] ? hrtimer_interrupt+0x8c0/0x8c0
[ 28.131668][ C1] hrtimer_run_softirq+0x19b/0x260
[ 28.136766][ C1] handle_softirqs+0x1d7/0x600
[ 28.141504][ C1] ? irqtime_account_irq+0xc4/0x240
[ 28.146679][ C1] __irq_exit_rcu+0x52/0xf0
[ 28.151154][ C1] irq_exit_rcu+0x9/0x10
[ 28.155369][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 28.160975][ C1]
[ 28.163880][ C1]
[ 28.166782][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 28.172738][ C1] RIP: 0010:default_idle+0xf/0x20
[ 28.177735][ C1] Code: 37 e3 b4 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 f3 63 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 28.197313][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 28.203355][ C1] RAX: ffff8881f6f00000 RBX: ffff888100330000 RCX: be45b475e3e0d600
[ 28.211301][ C1] RDX: 0000000000000001 RSI: ffffffff85ca8e00 RDI: ffffffff85ca8dc0
[ 28.219245][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916
[ 28.227190][ C1] R10: 0000000000000000 R11: ffffffff85023e50 R12: dffffc0000000000
[ 28.235131][ C1] R13: 0000000000000001 R14: ffff888100330000 R15: dffffc0000000000
[ 28.243074][ C1] ? __cfi_default_idle+0x10/0x10
[ 28.248076][ C1] arch_cpu_idle+0x1c/0x20
[ 28.252462][ C1] default_idle_call+0x71/0x1d0
[ 28.257285][ C1] do_idle+0x354/0x640
[ 28.261327][ C1] ? irqentry_exit+0x30/0x40
[ 28.265890][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 28.271058][ C1] cpu_startup_entry+0x43/0x60
[ 28.275795][ C1] start_secondary+0x119/0x120
[ 28.280528][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 28.286396][ C1]
[ 28.289387][ C1]
[ 28.291682][ C1] The buggy address belongs to the variable:
[ 28.297623][ C1] .str.3+0x3c/0x60
[ 28.301404][ C1]
[ 28.303700][ C1] The buggy address belongs to the physical page:
[ 28.310076][ C1] page:ffffea0000179bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e6f
[ 28.320116][ C1] flags: 0x1000(reserved|zone=0)
[ 28.325035][ C1] raw: 0000000000001000 ffffea0000179bc8 ffffea0000179bc8 0000000000000000
[ 28.333591][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 28.342141][ C1] page dumped because: kasan: bad access detected
[ 28.348522][ C1] page_owner info is not present (never set?)
[ 28.354552][ C1]
[ 28.356846][ C1] Memory state around the buggy address:
[ 28.362451][ C1] ffffffff85e6f080: 00 00 00 00 00 00 00 00 00 01 f9 f9 04 f9 f9 f9
[ 28.370488][ C1] ffffffff85e6f100: 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00
[ 28.378518][ C1] >ffffffff85e6f180: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 02 f9
[ 28.386546][ C1] ^
[ 28.391366][ C1] ffffffff85e6f200: f9 f9 f9 f9 00 00 00 00 00 00 04 f9 f9 f9 f9 f9
[ 28.399394][ C1] ffffffff85e6f280: 00 00 00 00 00 00 01 f9 f9 f9 f9 f9 00 00 00 02
[ 28.407421][ C1] ==================================================================
[ 28.415448][ C1] Disabling lock debugging due to kernel taint
[ 28.421573][ C1] ================================================================================
[ 28.430816][ C1] UBSAN: array-index-out-of-bounds in drivers/input/tablet/aiptek.c:763:30
[ 28.439370][ C1] index 4776 is out of range for type 'const int[34]'
[ 28.446100][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 28.454565][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 28.464589][ C1] Call Trace:
[ 28.467842][ C1]
[ 28.470662][ C1] __dump_stack+0x21/0x24
[ 28.474965][ C1] dump_stack_lvl+0x110/0x170
[ 28.479614][ C1] ? __cfi_dump_stack_lvl+0x8/0x8
[ 28.484610][ C1] dump_stack+0x15/0x24
[ 28.488740][ C1] ubsan_epilogue+0xe/0x40
[ 28.493129][ C1] __ubsan_handle_out_of_bounds+0xdf/0xf0
[ 28.498823][ C1] aiptek_irq+0x1f6d/0x29b0
[ 28.503297][ C1] __usb_hcd_giveback_urb+0x364/0x520
[ 28.508643][ C1] usb_hcd_giveback_urb+0x11c/0x410
[ 28.513814][ C1] dummy_timer+0x88c/0x3070
[ 28.518296][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 28.523205][ C1] ? timerqueue_del+0xd3/0x120
[ 28.527940][ C1] ? __cfi_dummy_timer+0x10/0x10
[ 28.532850][ C1] __hrtimer_run_queues+0x3bb/0x8e0
[ 28.538027][ C1] ? hrtimer_interrupt+0x8c0/0x8c0
[ 28.543110][ C1] hrtimer_run_softirq+0x19b/0x260
[ 28.548190][ C1] handle_softirqs+0x1d7/0x600
[ 28.552928][ C1] ? irqtime_account_irq+0xc4/0x240
[ 28.558098][ C1] __irq_exit_rcu+0x52/0xf0
[ 28.562573][ C1] irq_exit_rcu+0x9/0x10
[ 28.566786][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 28.572389][ C1]
[ 28.575297][ C1]
[ 28.578199][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 28.584153][ C1] RIP: 0010:default_idle+0xf/0x20
[ 28.589150][ C1] Code: 37 e3 b4 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 f3 63 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 28.608723][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 28.614762][ C1] RAX: ffff8881f6f00000 RBX: ffff888100330000 RCX: be45b475e3e0d600
[ 28.622704][ C1] RDX: 0000000000000001 RSI: ffffffff85ca8e00 RDI: ffffffff85ca8dc0
[ 28.630647][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916
[ 28.633606][ T19] usb 3-1: USB disconnect, device number 3
[ 28.638594][ C1] R10: 0000000000000000 R11: ffffffff85023e50 R12: dffffc0000000000
[ 28.638609][ C1] R13: 0000000000000001 R14: ffff888100330000 R15: dffffc0000000000
[ 28.660283][ C1] ? __cfi_default_idle+0x10/0x10
[ 28.665284][ C1] arch_cpu_idle+0x1c/0x20
[ 28.669679][ C1] default_idle_call+0x71/0x1d0
[ 28.674499][ C1] do_idle+0x354/0x640
[ 28.678537][ C1] ? irqentry_exit+0x30/0x40
[ 28.683095][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 28.688263][ C1] cpu_startup_entry+0x43/0x60
[ 28.692997][ C1] start_secondary+0x119/0x120
[ 28.697733][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 28.703595][ C1]
[ 28.706582][ C1] ================================================================================
[ 28.715853][ C1] aiptek 3-1:0.0: aiptek_irq - usb_submit_urb failed with result -19
[ 28.724307][ T28] kauditd_printk_skb: 34 callbacks suppressed
[ 28.724318][ T28] audit: type=1400 audit(1781104469.673:108): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 28.752271][ T28] audit: type=1400 audit(1781104469.673:109): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1