[   82.498385][   T26] audit: type=1400 audit(1575417546.642:37): avc:  denied  { watch } for  pid=9626 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   82.530681][   T26] audit: type=1400 audit(1575417546.642:38): avc:  denied  { watch } for  pid=9626 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.858534][   T26] audit: type=1800 audit(1575417547.002:39): pid=9537 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   82.881859][   T26] audit: type=1800 audit(1575417547.002:40): pid=9537 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   87.470661][   T26] audit: type=1400 audit(1575417551.612:41): avc:  denied  { map } for  pid=9713 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
executing program
[   94.065455][   T26] audit: type=1400 audit(1575417558.202:42): avc:  denied  { map } for  pid=9725 comm="syz-executor674" path="/root/syz-executor674739043" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   94.144791][ T9725] ==================================================================
[   94.144834][ T9725] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200
[   94.144842][ T9725] Read of size 2 at addr ffffffff8874d458 by task syz-executor674/9725
[   94.144844][ T9725] 
[   94.144854][ T9725] CPU: 1 PID: 9725 Comm: syz-executor674 Not tainted 5.4.0-syzkaller #0
[   94.144859][ T9725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.144862][ T9725] Call Trace:
[   94.144876][ T9725]  dump_stack+0x197/0x210
[   94.144884][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.144897][ T9725]  print_address_description.constprop.0.cold+0x5/0x30b
[   94.144904][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.144913][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.144921][ T9725]  __kasan_report.cold+0x1b/0x41
[   94.144930][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.144939][ T9725]  kasan_report+0x12/0x20
[   94.144948][ T9725]  __asan_report_load2_noabort+0x14/0x20
[   94.144956][ T9725]  vga16fb_imageblit+0x1c8b/0x2200
[   94.144972][ T9725]  soft_cursor+0x4fb/0xa30
[   94.144983][ T9725]  ? __lock_task_sighand+0x125/0x2f0
[   94.144997][ T9725]  bit_cursor+0x12fc/0x1a60
[   94.145009][ T9725]  ? bit_clear+0x530/0x530
[   94.145020][ T9725]  ? find_held_lock+0x35/0x130
[   94.145035][ T9725]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   94.145045][ T9725]  ? get_color+0x225/0x430
[   94.145054][ T9725]  fbcon_cursor+0x487/0x660
[   94.145062][ T9725]  ? bit_clear+0x530/0x530
[   94.145073][ T9725]  hide_cursor+0x9d/0x2b0
[   94.145082][ T9725]  redraw_screen+0x60b/0x7d0
[   94.145090][ T9725]  ? respond_string+0x2c0/0x2c0
[   94.145103][ T9725]  vc_do_resize+0x10c9/0x1460
[   94.145111][ T9725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.145132][ T9725]  ? vc_uniscr_alloc+0xd0/0xd0
[   94.145145][ T9725]  vc_resize+0x4d/0x60
[   94.145154][ T9725]  fbcon_modechanged+0x367/0x790
[   94.145165][ T9725]  fbcon_update_vcs+0x42/0x50
[   94.145173][ T9725]  fb_set_var+0xb32/0xdd0
[   94.145181][ T9725]  ? fb_blank+0x1a0/0x1a0
[   94.145189][ T9725]  ? lock_acquire+0x190/0x410
[   94.145203][ T9725]  ? __mutex_lock+0x458/0x13c0
[   94.145210][ T9725]  ? down+0x70/0x90
[   94.145229][ T9725]  ? do_fb_ioctl+0x335/0x7d0
[   94.145241][ T9725]  do_fb_ioctl+0x390/0x7d0
[   94.145249][ T9725]  ? fb_mmap+0x520/0x520
[   94.145257][ T9725]  ? tomoyo_path_number_perm+0x214/0x520
[   94.145265][ T9725]  ? find_held_lock+0x35/0x130
[   94.145273][ T9725]  ? tomoyo_path_number_perm+0x214/0x520
[   94.145284][ T9725]  ? lock_downgrade+0x920/0x920
[   94.145292][ T9725]  ? lockdep_hardirqs_on+0x421/0x5e0
[   94.145302][ T9725]  ? tomoyo_path_number_perm+0x454/0x520
[   94.145322][ T9725]  ? ___might_sleep+0x163/0x2c0
[   94.145332][ T9725]  fb_ioctl+0xe6/0x130
[   94.145338][ T9725]  ? do_fb_ioctl+0x7d0/0x7d0
[   94.145347][ T9725]  do_vfs_ioctl+0x977/0x14e0
[   94.145357][ T9725]  ? compat_ioctl_preallocate+0x220/0x220
[   94.145365][ T9725]  ? selinux_file_mprotect+0x620/0x620
[   94.145373][ T9725]  ? kmem_cache_free+0x26b/0x320
[   94.145384][ T9725]  ? do_sys_open+0x31d/0x5d0
[   94.145395][ T9725]  ? tomoyo_file_ioctl+0x23/0x30
[   94.145403][ T9725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.145413][ T9725]  ? security_file_ioctl+0x8d/0xc0
[   94.145421][ T9725]  ksys_ioctl+0xab/0xd0
[   94.145431][ T9725]  __x64_sys_ioctl+0x73/0xb0
[   94.145442][ T9725]  do_syscall_64+0xfa/0x790
[   94.145453][ T9725]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.145461][ T9725] RIP: 0033:0x440309
[   94.145471][ T9725] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   94.145475][ T9725] RSP: 002b:00007ffd03727868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.145484][ T9725] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   94.145488][ T9725] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000003
[   94.145493][ T9725] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   94.145498][ T9725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   94.145503][ T9725] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   94.145513][ T9725] 
[   94.145516][ T9725] The buggy address belongs to the variable:
[   94.145523][ T9725]  transl_h+0x38/0x40
[   94.145525][ T9725] 
[   94.145528][ T9725] Memory state around the buggy address:
[   94.145535][ T9725]  ffffffff8874d300: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
[   94.145541][ T9725]  ffffffff8874d380: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   94.145547][ T9725] >ffffffff8874d400: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   94.145550][ T9725]                                                     ^
[   94.145556][ T9725]  ffffffff8874d480: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   94.145562][ T9725]  ffffffff8874d500: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   94.145565][ T9725] ==================================================================
[   94.145568][ T9725] Disabling lock debugging due to kernel taint
[   94.145573][ T9725] Kernel panic - not syncing: panic_on_warn set ...
[   94.145580][ T9725] CPU: 1 PID: 9725 Comm: syz-executor674 Tainted: G    B             5.4.0-syzkaller #0
[   94.145584][ T9725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.145586][ T9725] Call Trace:
[   94.145594][ T9725]  dump_stack+0x197/0x210
[   94.145603][ T9725]  panic+0x2e3/0x75c
[   94.145610][ T9725]  ? add_taint.cold+0x16/0x16
[   94.145621][ T9725]  ? trace_hardirqs_on+0x67/0x240
[   94.145628][ T9725]  ? trace_hardirqs_on+0x5e/0x240
[   94.145636][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.145643][ T9725]  end_report+0x47/0x4f
[   94.145650][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.145656][ T9725]  __kasan_report.cold+0xe/0x41
[   94.145664][ T9725]  ? vga16fb_imageblit+0x1c8b/0x2200
[   94.145672][ T9725]  kasan_report+0x12/0x20
[   94.145679][ T9725]  __asan_report_load2_noabort+0x14/0x20
[   94.145686][ T9725]  vga16fb_imageblit+0x1c8b/0x2200
[   94.145697][ T9725]  soft_cursor+0x4fb/0xa30
[   94.145705][ T9725]  ? __lock_task_sighand+0x125/0x2f0
[   94.145715][ T9725]  bit_cursor+0x12fc/0x1a60
[   94.145724][ T9725]  ? bit_clear+0x530/0x530
[   94.145732][ T9725]  ? find_held_lock+0x35/0x130
[   94.145742][ T9725]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   94.145749][ T9725]  ? get_color+0x225/0x430
[   94.145757][ T9725]  fbcon_cursor+0x487/0x660
[   94.145764][ T9725]  ? bit_clear+0x530/0x530
[   94.145772][ T9725]  hide_cursor+0x9d/0x2b0
[   94.145779][ T9725]  redraw_screen+0x60b/0x7d0
[   94.145786][ T9725]  ? respond_string+0x2c0/0x2c0
[   94.145794][ T9725]  vc_do_resize+0x10c9/0x1460
[   94.145802][ T9725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.145813][ T9725]  ? vc_uniscr_alloc+0xd0/0xd0
[   94.145822][ T9725]  vc_resize+0x4d/0x60
[   94.145829][ T9725]  fbcon_modechanged+0x367/0x790
[   94.145838][ T9725]  fbcon_update_vcs+0x42/0x50
[   94.145844][ T9725]  fb_set_var+0xb32/0xdd0
[   94.145851][ T9725]  ? fb_blank+0x1a0/0x1a0
[   94.145857][ T9725]  ? lock_acquire+0x190/0x410
[   94.145866][ T9725]  ? __mutex_lock+0x458/0x13c0
[   94.145872][ T9725]  ? down+0x70/0x90
[   94.145884][ T9725]  ? do_fb_ioctl+0x335/0x7d0
[   94.145892][ T9725]  do_fb_ioctl+0x390/0x7d0
[   94.145898][ T9725]  ? fb_mmap+0x520/0x520
[   94.145905][ T9725]  ? tomoyo_path_number_perm+0x214/0x520
[   94.145912][ T9725]  ? find_held_lock+0x35/0x130
[   94.145919][ T9725]  ? tomoyo_path_number_perm+0x214/0x520
[   94.145927][ T9725]  ? lock_downgrade+0x920/0x920
[   94.145934][ T9725]  ? lockdep_hardirqs_on+0x421/0x5e0
[   94.145941][ T9725]  ? tomoyo_path_number_perm+0x454/0x520
[   94.145953][ T9725]  ? ___might_sleep+0x163/0x2c0
[   94.145961][ T9725]  fb_ioctl+0xe6/0x130
[   94.145966][ T9725]  ? do_fb_ioctl+0x7d0/0x7d0
[   94.145973][ T9725]  do_vfs_ioctl+0x977/0x14e0
[   94.145981][ T9725]  ? compat_ioctl_preallocate+0x220/0x220
[   94.145987][ T9725]  ? selinux_file_mprotect+0x620/0x620
[   94.145994][ T9725]  ? kmem_cache_free+0x26b/0x320
[   94.146001][ T9725]  ? do_sys_open+0x31d/0x5d0
[   94.146009][ T9725]  ? tomoyo_file_ioctl+0x23/0x30
[   94.146017][ T9725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   94.146024][ T9725]  ? security_file_ioctl+0x8d/0xc0
[   94.146031][ T9725]  ksys_ioctl+0xab/0xd0
[   94.146038][ T9725]  __x64_sys_ioctl+0x73/0xb0
[   94.146046][ T9725]  do_syscall_64+0xfa/0x790
[   94.146055][ T9725]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   94.146060][ T9725] RIP: 0033:0x440309
[   94.146066][ T9725] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   94.146070][ T9725] RSP: 002b:00007ffd03727868 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   94.146077][ T9725] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   94.146081][ T9725] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000003
[   94.146085][ T9725] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   94.146089][ T9725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   94.146093][ T9725] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   94.147647][ T9725] Kernel Offset: disabled
[   95.030180][ T9725] Rebooting in 86400 seconds..