[   71.880976][   T25] audit: type=1400 audit(1575476922.255:37): avc:  denied  { watch } for  pid=9766 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   71.925720][   T25] audit: type=1400 audit(1575476922.255:38): avc:  denied  { watch } for  pid=9766 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   72.192562][   T25] audit: type=1800 audit(1575476922.565:39): pid=9679 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   72.214257][   T25] audit: type=1800 audit(1575476922.565:40): pid=9679 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   76.856090][   T25] audit: type=1400 audit(1575476927.235:41): avc:  denied  { map } for  pid=9855 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts.
executing program
[   83.424359][   T25] audit: type=1400 audit(1575476933.805:42): avc:  denied  { map } for  pid=9867 comm="syz-executor590" path="/root/syz-executor590597062" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   83.427859][ T9867] ==================================================================
[   83.459857][ T9867] BUG: KASAN: vmalloc-out-of-bounds in kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.468423][ T9867] Write of size 4 at addr ffffc90000d36050 by task syz-executor590/9867
[   83.477612][ T9867] 
[   83.479941][ T9867] CPU: 1 PID: 9867 Comm: syz-executor590 Not tainted 5.4.0-syzkaller #0
[   83.488259][ T9867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.498386][ T9867] Call Trace:
[   83.501701][ T9867]  dump_stack+0x197/0x210
[   83.506023][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.511644][ T9867]  print_address_description.constprop.0.cold+0x5/0x30b
[   83.518577][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.524312][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.529938][ T9867]  __kasan_report.cold+0x1b/0x41
[   83.534864][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b
[   83.540503][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.546242][ T9867]  kasan_report+0x12/0x20
[   83.550562][ T9867]  __asan_report_store4_noabort+0x17/0x20
[   83.556297][ T9867]  kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.561743][ T9867]  ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160
[   83.567576][ T9867]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   83.573844][ T9867]  ? _copy_from_user+0x12c/0x1a0
[   83.578796][ T9867]  kvm_arch_dev_ioctl+0x300/0x4b0
[   83.583814][ T9867]  ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0
[   83.589867][ T9867]  ? tomoyo_path_number_perm+0x454/0x520
[   83.595486][ T9867]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   83.601727][ T9867]  ? tomoyo_path_number_perm+0x25e/0x520
[   83.607648][ T9867]  kvm_dev_ioctl+0x127/0x17d0
[   83.612346][ T9867]  ? kvm_put_kvm+0xcc0/0xcc0
[   83.616936][ T9867]  ? ___might_sleep+0x163/0x2c0
[   83.621851][ T9867]  ? kvm_put_kvm+0xcc0/0xcc0
[   83.626435][ T9867]  do_vfs_ioctl+0x977/0x14e0
[   83.631016][ T9867]  ? compat_ioctl_preallocate+0x220/0x220
[   83.636742][ T9867]  ? selinux_file_mprotect+0x620/0x620
[   83.642190][ T9867]  ? perf_trace_initcall_level+0x370/0x420
[   83.648016][ T9867]  ? do_sys_open+0x31d/0x5d0
[   83.652599][ T9867]  ? tomoyo_file_ioctl+0x23/0x30
[   83.657530][ T9867]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   83.663780][ T9867]  ? security_file_ioctl+0x8d/0xc0
[   83.669012][ T9867]  ksys_ioctl+0xab/0xd0
[   83.673193][ T9867]  __x64_sys_ioctl+0x73/0xb0
[   83.677789][ T9867]  do_syscall_64+0xfa/0x790
[   83.682458][ T9867]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.688461][ T9867] RIP: 0033:0x4401e9
[   83.692347][ T9867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   83.712048][ T9867] RSP: 002b:00007ffcf3d62d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   83.720480][ T9867] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9
[   83.728599][ T9867] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003
[   83.736584][ T9867] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   83.744641][ T9867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70
[   83.752605][ T9867] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000
[   83.761182][ T9867] 
[   83.763594][ T9867] 
[   83.766029][ T9867] Memory state around the buggy address:
[   83.771665][ T9867]  ffffc90000d35f00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   83.780165][ T9867]  ffffc90000d35f80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   83.788337][ T9867] >ffffc90000d36000: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
[   83.796842][ T9867]                                                  ^
[   83.803598][ T9867]  ffffc90000d36080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   83.811800][ T9867]  ffffc90000d36100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[   83.820682][ T9867] ==================================================================
[   83.828877][ T9867] Disabling lock debugging due to kernel taint
[   83.835326][ T9867] Kernel panic - not syncing: panic_on_warn set ...
[   83.842170][ T9867] CPU: 1 PID: 9867 Comm: syz-executor590 Tainted: G    B             5.4.0-syzkaller #0
[   83.851892][ T9867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.861940][ T9867] Call Trace:
[   83.865238][ T9867]  dump_stack+0x197/0x210
[   83.869562][ T9867]  panic+0x2e3/0x75c
[   83.873661][ T9867]  ? add_taint.cold+0x16/0x16
[   83.878348][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.883975][ T9867]  ? preempt_schedule+0x4b/0x60
[   83.888823][ T9867]  ? ___preempt_schedule+0x16/0x18
[   83.893925][ T9867]  ? trace_hardirqs_on+0x5e/0x240
[   83.898951][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.904620][ T9867]  end_report+0x47/0x4f
[   83.909131][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.914875][ T9867]  __kasan_report.cold+0xe/0x41
[   83.919714][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xe1/0xb0b
[   83.925258][ T9867]  ? kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.930886][ T9867]  kasan_report+0x12/0x20
[   83.935478][ T9867]  __asan_report_store4_noabort+0x17/0x20
[   83.941207][ T9867]  kvm_dev_ioctl_get_cpuid+0xad7/0xb0b
[   83.946672][ T9867]  ? kvm_vcpu_ioctl_get_cpuid2+0x160/0x160
[   83.952478][ T9867]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   83.958810][ T9867]  ? _copy_from_user+0x12c/0x1a0
[   83.963869][ T9867]  kvm_arch_dev_ioctl+0x300/0x4b0
[   83.969025][ T9867]  ? kvm_vm_ioctl_check_extension+0x3d0/0x3d0
[   83.975097][ T9867]  ? tomoyo_path_number_perm+0x454/0x520
[   83.980726][ T9867]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   83.987184][ T9867]  ? tomoyo_path_number_perm+0x25e/0x520
[   83.992822][ T9867]  kvm_dev_ioctl+0x127/0x17d0
[   83.997578][ T9867]  ? kvm_put_kvm+0xcc0/0xcc0
[   84.002334][ T9867]  ? ___might_sleep+0x163/0x2c0
[   84.007343][ T9867]  ? kvm_put_kvm+0xcc0/0xcc0
[   84.011927][ T9867]  do_vfs_ioctl+0x977/0x14e0
[   84.016521][ T9867]  ? compat_ioctl_preallocate+0x220/0x220
[   84.022234][ T9867]  ? selinux_file_mprotect+0x620/0x620
[   84.027862][ T9867]  ? perf_trace_initcall_level+0x370/0x420
[   84.033986][ T9867]  ? do_sys_open+0x31d/0x5d0
[   84.038590][ T9867]  ? tomoyo_file_ioctl+0x23/0x30
[   84.043533][ T9867]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.053850][ T9867]  ? security_file_ioctl+0x8d/0xc0
[   84.059222][ T9867]  ksys_ioctl+0xab/0xd0
[   84.063366][ T9867]  __x64_sys_ioctl+0x73/0xb0
[   84.067973][ T9867]  do_syscall_64+0xfa/0x790
[   84.072488][ T9867]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.079238][ T9867] RIP: 0033:0x4401e9
[   84.083518][ T9867] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.103254][ T9867] RSP: 002b:00007ffcf3d62d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.116293][ T9867] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9
[   84.124617][ T9867] RDX: 0000000020000000 RSI: 00000000c008ae09 RDI: 0000000000000003
[   84.133113][ T9867] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   84.142271][ T9867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70
[   84.150508][ T9867] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000
[   84.160419][ T9867] Kernel Offset: disabled
[   84.164778][ T9867] Rebooting in 86400 seconds..