[   75.569499][   T25] audit: type=1400 audit(1575353209.998:37): avc:  denied  { watch } for  pid=9896 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   75.612275][   T25] audit: type=1400 audit(1575353209.998:38): avc:  denied  { watch } for  pid=9896 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   75.918513][   T25] audit: type=1800 audit(1575353210.348:39): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   75.940567][   T25] audit: type=1800 audit(1575353210.348:40): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   79.115879][   T25] audit: type=1400 audit(1575353213.548:41): avc:  denied  { map } for  pid=9985 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts.
executing program
[   85.700830][   T25] audit: type=1400 audit(1575353220.138:42): avc:  denied  { map } for  pid=9997 comm="syz-executor462" path="/root/syz-executor462889265" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   85.798444][ T9998] ==================================================================
[   85.806736][ T9998] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000
[   85.814059][ T9998] Write of size 8 at addr ffff88809ae61aa8 by task syz-executor462/9998
[   85.822422][ T9998] 
[   85.824739][ T9998] CPU: 0 PID: 9998 Comm: syz-executor462 Not tainted 5.4.0-syzkaller #0
[   85.833103][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.843159][ T9998] Call Trace:
[   85.846436][ T9998]  dump_stack+0x197/0x210
[   85.850749][ T9998]  ? pipe_write+0xe30/0x1000
[   85.855325][ T9998]  print_address_description.constprop.0.cold+0xd4/0x30b
[   85.862351][ T9998]  ? pipe_write+0xe30/0x1000
[   85.866925][ T9998]  ? pipe_write+0xe30/0x1000
[   85.871497][ T9998]  __kasan_report.cold+0x1b/0x41
[   85.876547][ T9998]  ? pipe_write+0xe30/0x1000
[   85.881158][ T9998]  kasan_report+0x12/0x20
[   85.885499][ T9998]  __asan_report_store8_noabort+0x17/0x20
[   85.891204][ T9998]  pipe_write+0xe30/0x1000
[   85.895628][ T9998]  new_sync_write+0x4d3/0x770
[   85.900313][ T9998]  ? new_sync_read+0x800/0x800
[   85.905077][ T9998]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.911427][ T9998]  ? security_file_permission+0x8f/0x380
[   85.917052][ T9998]  __vfs_write+0xe1/0x110
[   85.921373][ T9998]  vfs_write+0x268/0x5d0
[   85.925599][ T9998]  ksys_write+0x220/0x290
[   85.929953][ T9998]  ? __ia32_sys_read+0xb0/0xb0
[   85.934815][ T9998]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   85.940308][ T9998]  ? do_syscall_64+0x26/0x790
[   85.944969][ T9998]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.951024][ T9998]  ? do_syscall_64+0x26/0x790
[   85.955718][ T9998]  __x64_sys_write+0x73/0xb0
[   85.960293][ T9998]  do_syscall_64+0xfa/0x790
[   85.964781][ T9998]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.970687][ T9998] RIP: 0033:0x445879
[   85.974564][ T9998] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   85.994154][ T9998] RSP: 002b:00007f1adc8a8db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.002946][ T9998] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879
[   86.010913][ T9998] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004
[   86.019071][ T9998] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[   86.027081][ T9998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c
[   86.035125][ T9998] R13: 00007fff303618ef R14: 00007f1adc8a99c0 R15: 0000000000000000
[   86.043099][ T9998] 
[   86.045465][ T9998] Allocated by task 10000:
[   86.049869][ T9998]  save_stack+0x23/0x90
[   86.054009][ T9998]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   86.059635][ T9998]  kasan_kmalloc+0x9/0x10
[   86.063951][ T9998]  __kmalloc+0x163/0x770
[   86.068174][ T9998]  pipe_fcntl+0x3f7/0x8e0
[   86.072540][ T9998]  do_fcntl+0x255/0x1030
[   86.076764][ T9998]  __x64_sys_fcntl+0x16d/0x1e0
[   86.081513][ T9998]  do_syscall_64+0xfa/0x790
[   86.085999][ T9998]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.091866][ T9998] 
[   86.094185][ T9998] Freed by task 0:
[   86.097882][ T9998] (stack is not available)
[   86.102272][ T9998] 
[   86.104582][ T9998] The buggy address belongs to the object at ffff88809ae61a80
[   86.104582][ T9998]  which belongs to the cache kmalloc-64 of size 64
[   86.118461][ T9998] The buggy address is located 40 bytes inside of
[   86.118461][ T9998]  64-byte region [ffff88809ae61a80, ffff88809ae61ac0)
[   86.131537][ T9998] The buggy address belongs to the page:
[   86.137192][ T9998] page:ffffea00026b9840 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0
[   86.146305][ T9998] raw: 00fffe0000000200 ffffea00029f2fc8 ffff8880aa401348 ffff8880aa400380
[   86.154887][ T9998] raw: 0000000000000000 ffff88809ae61000 0000000100000020 0000000000000000
[   86.163472][ T9998] page dumped because: kasan: bad access detected
[   86.169897][ T9998] 
[   86.172208][ T9998] Memory state around the buggy address:
[   86.177914][ T9998]  ffff88809ae61980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.185959][ T9998]  ffff88809ae61a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.194004][ T9998] >ffff88809ae61a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   86.202173][ T9998]                                   ^
[   86.207542][ T9998]  ffff88809ae61b00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   86.215589][ T9998]  ffff88809ae61b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   86.223633][ T9998] ==================================================================
[   86.231675][ T9998] Disabling lock debugging due to kernel taint
[   86.238353][ T9998] Kernel panic - not syncing: panic_on_warn set ...
[   86.244942][ T9998] CPU: 0 PID: 9998 Comm: syz-executor462 Tainted: G    B             5.4.0-syzkaller #0
[   86.254633][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.264679][ T9998] Call Trace:
[   86.267953][ T9998]  dump_stack+0x197/0x210
[   86.272265][ T9998]  panic+0x2e3/0x75c
[   86.276141][ T9998]  ? add_taint.cold+0x16/0x16
[   86.280818][ T9998]  ? pipe_write+0xe30/0x1000
[   86.285415][ T9998]  ? preempt_schedule+0x4b/0x60
[   86.290265][ T9998]  ? ___preempt_schedule+0x16/0x18
[   86.295373][ T9998]  ? trace_hardirqs_on+0x5e/0x240
[   86.300386][ T9998]  ? pipe_write+0xe30/0x1000
[   86.304968][ T9998]  end_report+0x47/0x4f
[   86.309115][ T9998]  ? pipe_write+0xe30/0x1000
[   86.313688][ T9998]  __kasan_report.cold+0xe/0x41
[   86.318520][ T9998]  ? pipe_write+0xe30/0x1000
[   86.323239][ T9998]  kasan_report+0x12/0x20
[   86.327592][ T9998]  __asan_report_store8_noabort+0x17/0x20
[   86.333302][ T9998]  pipe_write+0xe30/0x1000
[   86.337701][ T9998]  new_sync_write+0x4d3/0x770
[   86.342359][ T9998]  ? new_sync_read+0x800/0x800
[   86.347248][ T9998]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.353471][ T9998]  ? security_file_permission+0x8f/0x380
[   86.359130][ T9998]  __vfs_write+0xe1/0x110
[   86.363443][ T9998]  vfs_write+0x268/0x5d0
[   86.367668][ T9998]  ksys_write+0x220/0x290
[   86.372072][ T9998]  ? __ia32_sys_read+0xb0/0xb0
[   86.376821][ T9998]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.382278][ T9998]  ? do_syscall_64+0x26/0x790
[   86.386934][ T9998]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.392993][ T9998]  ? do_syscall_64+0x26/0x790
[   86.397654][ T9998]  __x64_sys_write+0x73/0xb0
[   86.402278][ T9998]  do_syscall_64+0xfa/0x790
[   86.406825][ T9998]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.412696][ T9998] RIP: 0033:0x445879
[   86.416584][ T9998] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.436186][ T9998] RSP: 002b:00007f1adc8a8db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.444580][ T9998] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879
[   86.452538][ T9998] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004
[   86.460490][ T9998] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[   86.468451][ T9998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c
[   86.476416][ T9998] R13: 00007fff303618ef R14: 00007f1adc8a99c0 R15: 0000000000000000
[   86.485622][ T9998] Kernel Offset: disabled
[   86.489972][ T9998] Rebooting in 86400 seconds..