[   94.001845][   T27] audit: type=1400 audit(1578560412.429:37): avc:  denied  { watch } for  pid=10357 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   94.026298][   T27] audit: type=1400 audit(1578560412.429:38): avc:  denied  { watch } for  pid=10357 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting O[   94.282521][   T27] audit: type=1800 audit(1578560412.709:39): pid=10262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
penBSD Secure Sh[   94.309113][   T27] audit: type=1800 audit(1578560412.719:40): pid=10262 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
ell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   98.626438][   T27] audit: type=1400 audit(1578560417.059:41): avc:  denied  { map } for  pid=10439 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
[  105.302199][   T27] audit: type=1400 audit(1578560423.729:42): avc:  denied  { map } for  pid=10451 comm="syz-executor700" path="/root/syz-executor700255058" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  105.332359][T10452] IPVS: ftp: loaded support on port[0] = 21
[  105.391737][T10452] chnl_net:caif_netlink_parms(): no params data found
[  105.423983][T10452] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.431759][T10452] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.439995][T10452] device bridge_slave_0 entered promiscuous mode
[  105.449413][T10452] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.456876][T10452] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.464560][T10452] device bridge_slave_1 entered promiscuous mode
[  105.483604][T10452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.495063][T10452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.514473][T10452] team0: Port device team_slave_0 added
[  105.522877][T10452] team0: Port device team_slave_1 added
[  105.577813][T10452] device hsr_slave_0 entered promiscuous mode
[  105.645306][T10452] device hsr_slave_1 entered promiscuous mode
[  105.754509][   T27] audit: type=1400 audit(1578560424.179:43): avc:  denied  { create } for  pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  105.763866][T10452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.782724][   T27] audit: type=1400 audit(1578560424.189:44): avc:  denied  { write } for  pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  105.812376][   T27] audit: type=1400 audit(1578560424.189:45): avc:  denied  { read } for  pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  105.897988][T10452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.958072][T10452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.017967][T10452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.078607][T10452] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.085944][T10452] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.093624][T10452] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.100738][T10452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.143918][T10452] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.159047][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  106.170232][ T2675] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.179011][ T2675] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.188101][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  106.201637][T10452] 8021q: adding VLAN 0 to HW filter on device team0
[  106.212724][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  106.221730][ T3074] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.229053][ T3074] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.240818][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  106.250322][ T2675] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.257451][ T2675] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.276251][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  106.284762][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  106.306649][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  106.315863][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  106.324649][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  106.336404][T10452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  106.355737][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  106.363256][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  106.377506][T10452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.398268][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  106.408328][ T3074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  106.429768][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  106.438720][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  106.448398][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
executing program
[  106.456332][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  106.466118][T10452] device veth0_vlan entered promiscuous mode
[  106.478029][T10452] device veth1_vlan entered promiscuous mode
[  106.494110][   T27] audit: type=1400 audit(1578560424.919:46): avc:  denied  { open } for  pid=10452 comm="syz-executor700" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
[  106.587163][T10454] ==================================================================
[  106.587231][T10454] BUG: KASAN: null-ptr-deref in insert_char+0x206/0x400
[  106.587243][T10454] Read of size 4294967294 at addr 0000000000000010 by task syz-executor700/10454
[  106.587246][T10454] 
[  106.587259][T10454] CPU: 0 PID: 10454 Comm: syz-executor700 Not tainted 5.5.0-rc5-syzkaller #0
[  106.587266][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.587270][T10454] Call Trace:
[  106.587284][T10454]  dump_stack+0x197/0x210
[  106.587295][T10454]  ? insert_char+0x206/0x400
[  106.587306][T10454]  ? insert_char+0x206/0x400
[  106.587320][T10454]  __kasan_report.cold+0x5/0x41
[  106.587333][T10454]  ? insert_char+0x206/0x400
[  106.587345][T10454]  kasan_report+0x12/0x20
[  106.587357][T10454]  check_memory_region+0x134/0x1a0
[  106.587369][T10454]  memmove+0x24/0x50
[  106.587386][T10454]  insert_char+0x206/0x400
[  106.587420][T10454]  do_con_trol+0x41a6/0x61b0
[  106.587442][T10454]  ? reset_palette+0x190/0x190
[  106.587459][T10454]  ? __kasan_check_read+0x11/0x20
[  106.587482][T10454]  ? __atomic_notifier_call_chain+0xf8/0x1a0
[  106.587504][T10454]  do_con_write.part.0+0xfd9/0x1ef0
[  106.587536][T10454]  ? do_con_trol+0x61b0/0x61b0
[  106.587551][T10454]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  106.587562][T10454]  ? add_wait_queue+0x112/0x170
[  106.587574][T10454]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  106.587593][T10454]  ? trace_hardirqs_on+0x67/0x240
[  106.587613][T10454]  con_write+0x46/0xd0
[  106.587632][T10454]  n_tty_write+0x40e/0x1080
[  106.587662][T10454]  ? n_tty_read+0x1bf0/0x1bf0
[  106.587677][T10454]  ? prepare_to_wait_exclusive+0x320/0x320
[  106.587698][T10454]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  106.587714][T10454]  ? _copy_from_user+0x12c/0x1a0
[  106.587732][T10454]  tty_write+0x496/0x7f0
[  106.587750][T10454]  ? n_tty_read+0x1bf0/0x1bf0
[  106.587770][T10454]  __vfs_write+0x8a/0x110
[  106.587783][T10454]  ? put_tty_driver+0x20/0x20
[  106.587799][T10454]  vfs_write+0x268/0x5d0
[  106.587818][T10454]  ksys_write+0x14f/0x290
[  106.587835][T10454]  ? __ia32_sys_read+0xb0/0xb0
[  106.587853][T10454]  ? do_syscall_64+0x26/0x790
[  106.587866][T10454]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.587880][T10454]  ? do_syscall_64+0x26/0x790
[  106.587898][T10454]  __x64_sys_write+0x73/0xb0
[  106.587916][T10454]  do_syscall_64+0xfa/0x790
[  106.587933][T10454]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.587944][T10454] RIP: 0033:0x447b99
[  106.587959][T10454] Code: e8 cc 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  106.587967][T10454] RSP: 002b:00007ff82cd33db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.587981][T10454] RAX: ffffffffffffffda RBX: 00000000006ddc28 RCX: 0000000000447b99
[  106.587989][T10454] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
[  106.587997][T10454] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000
[  106.588005][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c
[  106.588013][T10454] R13: 00007ffff0ce099f R14: 00007ff82cd349c0 R15: 0000000000000000
[  106.588033][T10454] ==================================================================
[  106.588038][T10454] Disabling lock debugging due to kernel taint
[  106.588044][T10454] Kernel panic - not syncing: panic_on_warn set ...
[  106.588058][T10454] CPU: 0 PID: 10454 Comm: syz-executor700 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  106.588065][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.588068][T10454] Call Trace:
[  106.588080][T10454]  dump_stack+0x197/0x210
[  106.588095][T10454]  panic+0x2e3/0x75c
[  106.588107][T10454]  ? add_taint.cold+0x16/0x16
[  106.588125][T10454]  ? trace_hardirqs_on+0x67/0x240
[  106.588137][T10454]  ? trace_hardirqs_on+0x5e/0x240
[  106.588152][T10454]  ? insert_char+0x206/0x400
[  106.588165][T10454]  end_report+0x47/0x4f
[  106.588178][T10454]  ? insert_char+0x206/0x400
[  106.588189][T10454]  __kasan_report.cold+0xe/0x41
[  106.588201][T10454]  ? insert_char+0x206/0x400
[  106.588215][T10454]  kasan_report+0x12/0x20
[  106.588228][T10454]  check_memory_region+0x134/0x1a0
[  106.588240][T10454]  memmove+0x24/0x50
[  106.588254][T10454]  insert_char+0x206/0x400
[  106.588271][T10454]  do_con_trol+0x41a6/0x61b0
[  106.588288][T10454]  ? reset_palette+0x190/0x190
[  106.588302][T10454]  ? __kasan_check_read+0x11/0x20
[  106.588318][T10454]  ? __atomic_notifier_call_chain+0xf8/0x1a0
[  106.588337][T10454]  do_con_write.part.0+0xfd9/0x1ef0
[  106.588358][T10454]  ? do_con_trol+0x61b0/0x61b0
[  106.588370][T10454]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  106.588380][T10454]  ? add_wait_queue+0x112/0x170
[  106.588397][T10454]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  106.588412][T10454]  ? trace_hardirqs_on+0x67/0x240
[  106.588426][T10454]  con_write+0x46/0xd0
[  106.588441][T10454]  n_tty_write+0x40e/0x1080
[  106.588462][T10454]  ? n_tty_read+0x1bf0/0x1bf0
[  106.588476][T10454]  ? prepare_to_wait_exclusive+0x320/0x320
[  106.588493][T10454]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  106.588507][T10454]  ? _copy_from_user+0x12c/0x1a0
[  106.588522][T10454]  tty_write+0x496/0x7f0
[  106.588538][T10454]  ? n_tty_read+0x1bf0/0x1bf0
[  106.588551][T10454]  __vfs_write+0x8a/0x110
[  106.588564][T10454]  ? put_tty_driver+0x20/0x20
[  106.588576][T10454]  vfs_write+0x268/0x5d0
[  106.588590][T10454]  ksys_write+0x14f/0x290
[  106.588604][T10454]  ? __ia32_sys_read+0xb0/0xb0
[  106.588619][T10454]  ? do_syscall_64+0x26/0x790
[  106.588631][T10454]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.588644][T10454]  ? do_syscall_64+0x26/0x790
[  106.588658][T10454]  __x64_sys_write+0x73/0xb0
[  106.588673][T10454]  do_syscall_64+0xfa/0x790
[  106.588689][T10454]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  106.588697][T10454] RIP: 0033:0x447b99
[  106.588710][T10454] Code: e8 cc 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  106.588718][T10454] RSP: 002b:00007ff82cd33db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  106.588730][T10454] RAX: ffffffffffffffda RBX: 00000000006ddc28 RCX: 0000000000447b99
[  106.588738][T10454] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
[  106.588745][T10454] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000
[  106.588753][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c
[  106.588761][T10454] R13: 00007ffff0ce099f R14: 00007ff82cd349c0 R15: 0000000000000000
[  106.590158][T10454] Kernel Offset: disabled
[  107.235092][T10454] Rebooting in 86400 seconds..