[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.512176] audit: type=1400 audit(1600986584.944:8): avc: denied { execmem } for pid=6484 comm="syz-executor125" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.514713] ================================================================================ [ 41.542369] UBSAN: Undefined behaviour in drivers/usb/gadget/udc/dummy_hcd.c:2302:33 [ 41.550649] shift exponent 16403 is too large for 32-bit type 'int' [ 41.557316] CPU: 1 PID: 6484 Comm: syz-executor125 Not tainted 4.19.147-syzkaller #0 [ 41.565709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.575626] Call Trace: [ 41.578233] dump_stack+0x22c/0x33e [ 41.582024] ubsan_epilogue+0xe/0x3a [ 41.585889] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 41.592097] ? do_raw_spin_lock+0xcb/0x220 [ 41.596594] dummy_hub_control.cold+0x1a/0xbf [ 41.601841] usb_hcd_submit_urb+0xb7e/0x20d0 [ 41.606965] ? dummy_stop+0x70/0x70 [ 41.610645] ? unlink1+0x500/0x500 [ 41.614278] ? ksys_ioctl+0x9b/0xc0 [ 41.618065] ? __x64_sys_ioctl+0x6f/0xb0 [ 41.622673] ? do_syscall_64+0xf9/0x670 [ 41.627354] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.636068] ? do_syscall_64+0xf9/0x670 [ 41.640188] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.645761] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.650849] usb_submit_urb+0xba2/0x13b0 [ 41.655149] usb_start_wait_urb+0x108/0x2b0 [ 41.659531] ? usb_api_blocking_completion+0xa0/0xa0 [ 41.664650] ? __kmalloc+0x436/0x4f0 [ 41.668509] ? memset+0x20/0x40 [ 41.671829] usb_control_msg+0x31c/0x4a0 [ 41.675911] ? usb_start_wait_urb+0x2b0/0x2b0 [ 41.680581] ? __mutex_add_waiter+0x160/0x160 [ 41.685666] ? snoop_urb+0x64/0x2c0 [ 41.689391] proc_control+0x360/0x6d0 [ 41.693218] ? proc_do_submiturb+0x3af0/0x3af0 [ 41.698880] ? lock_acquire+0x170/0x3f0 [ 41.703249] ? check_preemption_disabled+0x41/0x2b0 [ 41.710043] usbdev_do_ioctl+0x15fc/0x3580 [ 41.714471] ? proc_bulk+0x700/0x700 [ 41.718196] ? avc_ss_reset+0x170/0x170 [ 41.722581] ? __kasan_slab_free+0x186/0x1f0 [ 41.727208] ? kmem_cache_free+0x7f/0x2b0 [ 41.731895] ? putname+0xe1/0x130 [ 41.735356] ? do_sys_open+0x2ba/0x520 [ 41.739250] ? do_syscall_64+0xf9/0x670 [ 41.743399] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.748952] ? mark_held_locks+0xf0/0xf0 [ 41.753388] ? find_held_lock+0x2d/0x110 [ 41.757749] ? debug_check_no_obj_freed+0x201/0x482 [ 41.763543] ? lock_downgrade+0x750/0x750 [ 41.767918] ? usbdev_compat_ioctl+0x30/0x30 [ 41.772530] usbdev_ioctl+0x21/0x30 [ 41.776925] do_vfs_ioctl+0xcdb/0x12e0 [ 41.780963] ? selinux_file_ioctl+0x44f/0x5e0 [ 41.786186] ? ioctl_preallocate+0x200/0x200 [ 41.790699] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 41.797017] ? walk_component+0xc00/0xda0 [ 41.801223] ? putname+0xe1/0x130 [ 41.805118] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.810370] ? putname+0xe1/0x130 [ 41.814130] ksys_ioctl+0x9b/0xc0 [ 41.817610] __x64_sys_ioctl+0x6f/0xb0 [ 41.821557] do_syscall_64+0xf9/0x670 [ 41.826099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.832369] RIP: 0033:0x443f29 [ 41.836395] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.857213] RSP: 002b:00007ffc739c8088 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.865400] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f29 [ 41.873500] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 41.881133] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 41.889088] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401bb0 [ 41.897294] R13: 0000000000401c40 R14: 0000000000000000 R15: 0000000000000000 [ 41.905211] ================================================================================