[   83.482878][   T27] audit: type=1400 audit(1577389145.023:37): avc:  denied  { watch } for  pid=10107 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   83.527611][   T27] audit: type=1400 audit(1577389145.063:38): avc:  denied  { watch } for  pid=10107 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   83.702910][   T27] audit: type=1800 audit(1577389145.243:39): pid=10012 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   83.725287][   T27] audit: type=1800 audit(1577389145.243:40): pid=10012 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   86.156916][   T27] audit: type=1400 audit(1577389147.703:41): avc:  denied  { map } for  pid=10190 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts.
[   92.806354][   T27] audit: type=1400 audit(1577389154.353:42): avc:  denied  { map } for  pid=10202 comm="syz-executor964" path="/root/syz-executor964955889" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   92.836300][T10203] IPVS: ftp: loaded support on port[0] = 21
executing program
[   92.866848][   T27] audit: type=1400 audit(1577389154.403:43): avc:  denied  { create } for  pid=10203 comm="syz-executor964" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   92.891886][   T27] audit: type=1400 audit(1577389154.413:44): avc:  denied  { write } for  pid=10203 comm="syz-executor964" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   92.917088][T10205] ==================================================================
[   92.917370][   T27] audit: type=1400 audit(1577389154.413:45): avc:  denied  { read } for  pid=10203 comm="syz-executor964" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   92.925263][T10205] BUG: KASAN: global-out-of-bounds in precalculate_color+0x2154/0x2480
[   92.925281][T10205] Read of size 1 at addr ffffffff88b3d3f9 by task vivid-000-vid-c/10205
[   92.925285][T10205] 
[   92.925304][T10205] CPU: 0 PID: 10205 Comm: vivid-000-vid-c Not tainted 5.5.0-rc3-syzkaller #0
[   92.925312][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.925317][T10205] Call Trace:
[   92.925335][T10205]  dump_stack+0x197/0x210
[   92.925352][T10205]  ? precalculate_color+0x2154/0x2480
[   92.925373][T10205]  print_address_description.constprop.0.cold+0x5/0x30b
[   92.925388][T10205]  ? precalculate_color+0x2154/0x2480
[   92.925404][T10205]  ? precalculate_color+0x2154/0x2480
[   92.925418][T10205]  __kasan_report.cold+0x1b/0x41
[   92.925442][T10205]  ? color_to_ycbcr.isra.0+0x350/0x660
[   93.028486][T10205]  ? precalculate_color+0x2154/0x2480
[   93.033867][T10205]  kasan_report+0x12/0x20
[   93.038283][T10205]  __asan_report_load1_noabort+0x14/0x20
[   93.044078][T10205]  precalculate_color+0x2154/0x2480
[   93.049289][T10205]  ? color_to_ycbcr.isra.0+0x660/0x660
[   93.054738][T10205]  tpg_recalc+0x561/0x2850
[   93.059150][T10205]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   93.065719][T10205]  ? tpg_get_color.isra.0+0x300/0x300
[   93.071070][T10205]  ? unwind_next_frame.part.0+0x1a9/0xa20
[   93.076771][T10205]  ? vb2_vmalloc_vaddr+0x37/0x50
[   93.081706][T10205]  tpg_calc_text_basep+0xa1/0x290
[   93.086715][T10205]  vivid_fillbuff+0x1a5f/0x3af0
[   93.091560][T10205]  ? __kasan_check_read+0x11/0x20
[   93.096589][T10205]  ? vivid_grab_controls+0x380/0x380
[   93.101856][T10205]  ? find_held_lock+0x35/0x130
[   93.106613][T10205]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[   93.112579][T10205]  ? lock_downgrade+0x920/0x920
[   93.117492][T10205]  ? rwlock_bug.part.0+0x90/0x90
[   93.122478][T10205]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[   93.128128][T10205]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[   93.133845][T10205]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[   93.139728][T10205]  ? lock_downgrade+0x920/0x920
[   93.144560][T10205]  ? lock_acquire+0x190/0x410
[   93.149243][T10205]  vivid_thread_vid_cap+0x5d8/0xa60
[   93.154443][T10205]  kthread+0x361/0x430
[   93.158501][T10205]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[   93.164467][T10205]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   93.170173][T10205]  ret_from_fork+0x24/0x30
[   93.174572][T10205] 
[   93.176911][T10205] The buggy address belongs to the variable:
[   93.182875][T10205]  kbd_keycodes+0x119/0x760
[   93.187355][T10205] 
[   93.189662][T10205] Memory state around the buggy address:
[   93.195282][T10205]  ffffffff88b3d280: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   93.203320][T10205]  ffffffff88b3d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.211357][T10205] >ffffffff88b3d380: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
[   93.219393][T10205]                                                                 ^
[   93.227347][T10205]  ffffffff88b3d400: 00 00 00 00 07 fa fa fa fa fa fa fa 00 00 00 00
[   93.235403][T10205]  ffffffff88b3d480: 00 fa fa fa fa fa fa fa 02 fa fa fa fa fa fa fa
[   93.243443][T10205] ==================================================================
[   93.251494][T10205] Disabling lock debugging due to kernel taint
[   93.258973][T10205] Kernel panic - not syncing: panic_on_warn set ...
[   93.265570][T10205] CPU: 0 PID: 10205 Comm: vivid-000-vid-c Tainted: G    B             5.5.0-rc3-syzkaller #0
[   93.275693][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   93.285736][T10205] Call Trace:
[   93.289007][T10205]  dump_stack+0x197/0x210
[   93.293324][T10205]  panic+0x2e3/0x75c
[   93.297196][T10205]  ? add_taint.cold+0x16/0x16
[   93.301861][T10205]  ? precalculate_color+0x2154/0x2480
[   93.307215][T10205]  ? preempt_schedule+0x4b/0x60
[   93.312053][T10205]  ? ___preempt_schedule+0x16/0x18
[   93.317154][T10205]  ? trace_hardirqs_on+0x5e/0x240
[   93.322423][T10205]  ? precalculate_color+0x2154/0x2480
[   93.327772][T10205]  end_report+0x47/0x4f
[   93.331906][T10205]  ? precalculate_color+0x2154/0x2480
[   93.337259][T10205]  __kasan_report.cold+0xe/0x41
[   93.342100][T10205]  ? color_to_ycbcr.isra.0+0x350/0x660
[   93.347537][T10205]  ? precalculate_color+0x2154/0x2480
[   93.352893][T10205]  kasan_report+0x12/0x20
[   93.357206][T10205]  __asan_report_load1_noabort+0x14/0x20
[   93.362873][T10205]  precalculate_color+0x2154/0x2480
[   93.368082][T10205]  ? color_to_ycbcr.isra.0+0x660/0x660
[   93.373545][T10205]  tpg_recalc+0x561/0x2850
[   93.377992][T10205]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   93.384583][T10205]  ? tpg_get_color.isra.0+0x300/0x300
[   93.389968][T10205]  ? unwind_next_frame.part.0+0x1a9/0xa20
[   93.395674][T10205]  ? vb2_vmalloc_vaddr+0x37/0x50
[   93.400601][T10205]  tpg_calc_text_basep+0xa1/0x290
[   93.405612][T10205]  vivid_fillbuff+0x1a5f/0x3af0
[   93.410445][T10205]  ? __kasan_check_read+0x11/0x20
[   93.415456][T10205]  ? vivid_grab_controls+0x380/0x380
[   93.420715][T10205]  ? find_held_lock+0x35/0x130
[   93.425456][T10205]  ? vivid_thread_vid_cap_tick+0x112f/0x2210
[   93.431417][T10205]  ? lock_downgrade+0x920/0x920
[   93.436352][T10205]  ? rwlock_bug.part.0+0x90/0x90
[   93.441266][T10205]  ? v4l2_ctrl_request_setup+0x46c/0xb30
[   93.446947][T10205]  vivid_thread_vid_cap_tick+0x8cf/0x2210
[   93.452756][T10205]  ? vivid_thread_vid_cap_tick+0x8cf/0x2210
[   93.458684][T10205]  ? lock_downgrade+0x920/0x920
[   93.463516][T10205]  ? lock_acquire+0x190/0x410
[   93.468180][T10205]  vivid_thread_vid_cap+0x5d8/0xa60
[   93.473358][T10205]  kthread+0x361/0x430
[   93.477406][T10205]  ? vivid_thread_vid_cap_tick+0x2210/0x2210
[   93.483359][T10205]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   93.489055][T10205]  ret_from_fork+0x24/0x30
[   93.494897][T10205] Kernel Offset: disabled
[   93.499221][T10205] Rebooting in 86400 seconds..