[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.545328] audit: type=1400 audit(1602891817.855:8): avc: denied { execmem } for pid=6502 comm="syz-executor575" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.546941] ================================================================================ [ 40.573911] UBSAN: Undefined behaviour in drivers/usb/gadget/udc/dummy_hcd.c:2302:33 [ 40.581811] shift exponent 16403 is too large for 32-bit type 'int' [ 40.588221] CPU: 0 PID: 6502 Comm: syz-executor575 Not tainted 4.19.150-syzkaller #0 [ 40.596112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.606190] Call Trace: [ 40.608788] dump_stack+0x22c/0x33e [ 40.612408] ubsan_epilogue+0xe/0x3a [ 40.616127] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.622258] ? do_raw_spin_lock+0xcb/0x220 [ 40.626493] dummy_hub_control.cold+0x1a/0xbf [ 40.630988] usb_hcd_submit_urb+0xb7e/0x20d0 [ 40.635381] ? dummy_stop+0x70/0x70 [ 40.638990] ? unlink1+0x500/0x500 [ 40.642511] ? ksys_ioctl+0x9b/0xc0 [ 40.646119] ? __x64_sys_ioctl+0x6f/0xb0 [ 40.650161] ? do_syscall_64+0xf9/0x670 [ 40.654127] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.659486] ? do_syscall_64+0xf9/0x670 [ 40.663441] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.668796] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.673800] usb_submit_urb+0xba2/0x13b0 [ 40.677848] usb_start_wait_urb+0x108/0x2b0 [ 40.682148] ? usb_api_blocking_completion+0xa0/0xa0 [ 40.687256] ? __kmalloc+0x436/0x4f0 [ 40.690965] ? memset+0x20/0x40 [ 40.694242] usb_control_msg+0x31c/0x4a0 [ 40.698285] ? usb_start_wait_urb+0x2b0/0x2b0 [ 40.702763] ? __mutex_add_waiter+0x160/0x160 [ 40.707255] ? snoop_urb+0x64/0x2c0 [ 40.710863] proc_control+0x360/0x6d0 [ 40.714650] ? proc_do_submiturb+0x3af0/0x3af0 [ 40.719211] ? lock_acquire+0x170/0x3f0 [ 40.723171] ? check_preemption_disabled+0x41/0x2b0 [ 40.728183] usbdev_do_ioctl+0x15fc/0x3580 [ 40.732428] ? proc_bulk+0x700/0x700 [ 40.736161] ? avc_ss_reset+0x170/0x170 [ 40.740119] ? __kasan_slab_free+0x186/0x1f0 [ 40.744513] ? kmem_cache_free+0x7f/0x2b0 [ 40.748642] ? putname+0xe1/0x130 [ 40.752074] ? do_sys_open+0x2ba/0x520 [ 40.755957] ? do_syscall_64+0xf9/0x670 [ 40.759915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.765278] ? mark_held_locks+0xf0/0xf0 [ 40.769321] ? find_held_lock+0x2d/0x110 [ 40.773366] ? debug_check_no_obj_freed+0x201/0x482 [ 40.778365] ? lock_downgrade+0x750/0x750 [ 40.782494] ? usbdev_compat_ioctl+0x30/0x30 [ 40.786892] usbdev_ioctl+0x21/0x30 [ 40.790505] do_vfs_ioctl+0xcdb/0x12e0 [ 40.794380] ? selinux_file_ioctl+0x44f/0x5e0 [ 40.798865] ? ioctl_preallocate+0x200/0x200 [ 40.803308] ? selinux_parse_skb.constprop.0+0x1f0/0x1f0 [ 40.808781] ? follow_managed+0xf0/0xa70 [ 40.812858] ? putname+0xe1/0x130 [ 40.816294] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.821295] ? putname+0xe1/0x130 [ 40.824737] ksys_ioctl+0x9b/0xc0 [ 40.828173] __x64_sys_ioctl+0x6f/0xb0 [ 40.832044] do_syscall_64+0xf9/0x670 [ 40.835829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.840998] RIP: 0033:0x443f29 [ 40.844177] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.863075] RSP: 002b:00007ffe9a1496f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.870775] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443f29 [ 40.878039] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 40.885310] RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0 [ 40.892573] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401bb0 [ 40.899826] R13: 0000000000401c40 R14: 0000000000000000 R15: 0000000000000000 [ 40.907083] ================================================================================