[   73.073131][   T27] audit: type=1400 audit(1575686358.677:37): avc:  denied  { watch } for  pid=9628 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   73.115264][   T27] audit: type=1400 audit(1575686358.677:38): avc:  denied  { watch } for  pid=9628 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.256168][   T27] audit: type=1800 audit(1575686358.857:39): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   73.278118][   T27] audit: type=1800 audit(1575686358.857:40): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   75.840492][   T27] audit: type=1400 audit(1575686361.437:41): avc:  denied  { map } for  pid=9713 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts.
executing program
[   83.593994][   T27] audit: type=1400 audit(1575686369.197:42): avc:  denied  { map } for  pid=9725 comm="syz-executor187" path="/root/syz-executor187756444" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   83.623273][ T9725] sp0: Synchronizing with TNC
[   83.630243][  T362] ==================================================================
[   83.638445][  T362] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x23b/0x270
[   83.646334][  T362] Write of size 1 at addr ffff8880967b904e by task kworker/u4:5/362
[   83.654304][  T362] 
[   83.656641][  T362] CPU: 1 PID: 362 Comm: kworker/u4:5 Not tainted 5.4.0-syzkaller #0
[   83.664611][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.674674][  T362] Workqueue: events_unbound flush_to_ldisc
[   83.680477][  T362] Call Trace:
[   83.683766][  T362]  dump_stack+0x197/0x210
[   83.688104][  T362]  ? decode_data.part.0+0x23b/0x270
[   83.693311][  T362]  print_address_description.constprop.0.cold+0xd4/0x30b
[   83.700332][  T362]  ? decode_data.part.0+0x23b/0x270
[   83.705534][  T362]  ? decode_data.part.0+0x23b/0x270
[   83.710735][  T362]  __kasan_report.cold+0x1b/0x41
[   83.715706][  T362]  ? decode_data.part.0+0x23b/0x270
[   83.721016][  T362]  kasan_report+0x12/0x20
[   83.725349][  T362]  __asan_report_store1_noabort+0x17/0x20
[   83.731211][  T362]  decode_data.part.0+0x23b/0x270
[   83.736246][  T362]  sixpack_receive_buf+0xde4/0x1420
[   83.741448][  T362]  ? sixpack_close+0x250/0x250
[   83.746215][  T362]  tty_ldisc_receive_buf+0x15f/0x1c0
[   83.751498][  T362]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   83.757743][  T362]  tty_port_default_receive_buf+0x7d/0xb0
[   83.763484][  T362]  flush_to_ldisc+0x222/0x390
[   83.768172][  T362]  process_one_work+0x9af/0x1740
[   83.773117][  T362]  ? pwq_dec_nr_in_flight+0x320/0x320
[   83.778485][  T362]  ? lock_acquire+0x190/0x410
[   83.783174][  T362]  worker_thread+0x98/0xe40
[   83.787679][  T362]  ? trace_hardirqs_on+0x67/0x240
[   83.792714][  T362]  kthread+0x361/0x430
[   83.796790][  T362]  ? process_one_work+0x1740/0x1740
[   83.801990][  T362]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   83.807711][  T362]  ret_from_fork+0x24/0x30
[   83.812137][  T362] 
[   83.814458][  T362] Allocated by task 9725:
[   83.818783][  T362]  save_stack+0x23/0x90
[   83.822936][  T362]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   83.828561][  T362]  kasan_kmalloc+0x9/0x10
[   83.832886][  T362]  __kmalloc_node+0x4e/0x70
[   83.837387][  T362]  kvmalloc_node+0x68/0x100
[   83.841883][  T362]  alloc_netdev_mqs+0x98/0xde0
[   83.846641][  T362]  sixpack_open+0x104/0xaaf
[   83.851154][  T362]  tty_ldisc_open.isra.0+0xa3/0x110
[   83.856350][  T362]  tty_set_ldisc+0x30e/0x6b0
[   83.860941][  T362]  tty_ioctl+0xe8d/0x14f0
[   83.865270][  T362]  do_vfs_ioctl+0x977/0x14e0
[   83.869943][  T362]  ksys_ioctl+0xab/0xd0
[   83.874100][  T362]  __x64_sys_ioctl+0x73/0xb0
[   83.878689][  T362]  do_syscall_64+0xfa/0x790
[   83.883199][  T362]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.889340][  T362] 
[   83.891660][  T362] Freed by task 9495:
[   83.895618][  T362]  save_stack+0x23/0x90
[   83.899748][  T362]  __kasan_slab_free+0x102/0x150
[   83.904662][  T362]  kasan_slab_free+0xe/0x10
[   83.909141][  T362]  kfree+0x10a/0x2c0
[   83.913013][  T362]  tomoyo_init_log+0x15c1/0x2070
[   83.917924][  T362]  tomoyo_supervisor+0x33f/0xef0
[   83.922837][  T362]  tomoyo_env_perm+0x18e/0x210
[   83.927574][  T362]  tomoyo_find_next_domain+0x1354/0x1f6c
[   83.933181][  T362]  tomoyo_bprm_check_security+0x124/0x1a0
[   83.938873][  T362]  security_bprm_check+0x63/0xb0
[   83.943783][  T362]  search_binary_handler+0x71/0x570
[   83.948958][  T362]  __do_execve_file.isra.0+0x1329/0x22b0
[   83.954583][  T362]  __x64_sys_execve+0x8f/0xc0
[   83.959241][  T362]  do_syscall_64+0xfa/0x790
[   83.963731][  T362]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.969591][  T362] 
[   83.971895][  T362] The buggy address belongs to the object at ffff8880967b8000
[   83.971895][  T362]  which belongs to the cache kmalloc-4k of size 4096
[   83.985923][  T362] The buggy address is located 78 bytes to the right of
[   83.985923][  T362]  4096-byte region [ffff8880967b8000, ffff8880967b9000)
[   83.999684][  T362] The buggy address belongs to the page:
[   84.005306][  T362] page:ffffea000259ee00 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[   84.016210][  T362] raw: 00fffe0000010200 ffffea0002899908 ffffea0002440c88 ffff8880aa402000
[   84.024771][  T362] raw: 0000000000000000 ffff8880967b8000 0000000100000001 0000000000000000
[   84.033325][  T362] page dumped because: kasan: bad access detected
[   84.039706][  T362] 
[   84.042010][  T362] Memory state around the buggy address:
[   84.047622][  T362]  ffff8880967b8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.055668][  T362]  ffff8880967b8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.063702][  T362] >ffff8880967b9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.071734][  T362]                                               ^
[   84.078118][  T362]  ffff8880967b9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.086160][  T362]  ffff8880967b9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   84.094193][  T362] ==================================================================
[   84.102229][  T362] Disabling lock debugging due to kernel taint
[   84.109241][  T362] Kernel panic - not syncing: panic_on_warn set ...
[   84.115850][  T362] CPU: 1 PID: 362 Comm: kworker/u4:5 Tainted: G    B             5.4.0-syzkaller #0
[   84.125189][  T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.135246][  T362] Workqueue: events_unbound flush_to_ldisc
[   84.141032][  T362] Call Trace:
[   84.144302][  T362]  dump_stack+0x197/0x210
[   84.148782][  T362]  panic+0x2e3/0x75c
[   84.152652][  T362]  ? add_taint.cold+0x16/0x16
[   84.157301][  T362]  ? decode_data.part.0+0x23b/0x270
[   84.162470][  T362]  ? preempt_schedule+0x4b/0x60
[   84.167295][  T362]  ? ___preempt_schedule+0x16/0x18
[   84.172398][  T362]  ? trace_hardirqs_on+0x5e/0x240
[   84.177406][  T362]  ? decode_data.part.0+0x23b/0x270
[   84.182579][  T362]  end_report+0x47/0x4f
[   84.186707][  T362]  ? decode_data.part.0+0x23b/0x270
[   84.191885][  T362]  __kasan_report.cold+0xe/0x41
[   84.196719][  T362]  ? decode_data.part.0+0x23b/0x270
[   84.201915][  T362]  kasan_report+0x12/0x20
[   84.206233][  T362]  __asan_report_store1_noabort+0x17/0x20
[   84.211924][  T362]  decode_data.part.0+0x23b/0x270
[   84.216924][  T362]  sixpack_receive_buf+0xde4/0x1420
[   84.222115][  T362]  ? sixpack_close+0x250/0x250
[   84.226856][  T362]  tty_ldisc_receive_buf+0x15f/0x1c0
[   84.232116][  T362]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.238423][  T362]  tty_port_default_receive_buf+0x7d/0xb0
[   84.244119][  T362]  flush_to_ldisc+0x222/0x390
[   84.248772][  T362]  process_one_work+0x9af/0x1740
[   84.253686][  T362]  ? pwq_dec_nr_in_flight+0x320/0x320
[   84.259028][  T362]  ? lock_acquire+0x190/0x410
[   84.263691][  T362]  worker_thread+0x98/0xe40
[   84.268175][  T362]  ? trace_hardirqs_on+0x67/0x240
[   84.273174][  T362]  kthread+0x361/0x430
[   84.277230][  T362]  ? process_one_work+0x1740/0x1740
[   84.282751][  T362]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[   84.288463][  T362]  ret_from_fork+0x24/0x30
[   84.294477][  T362] Kernel Offset: disabled
[   84.298814][  T362] Rebooting in 86400 seconds..