[   74.239047][   T27] audit: type=1400 audit(1575432926.759:37): avc:  denied  { watch } for  pid=9740 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   74.279111][   T27] audit: type=1400 audit(1575432926.799:38): avc:  denied  { watch } for  pid=9740 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2232 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   74.469483][   T27] audit: type=1800 audit(1575432926.999:39): pid=9648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   74.491718][   T27] audit: type=1800 audit(1575432926.999:40): pid=9648 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   78.066952][   T27] audit: type=1400 audit(1575432930.589:41): avc:  denied  { map } for  pid=9823 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.1.30' (ECDSA) to the list of known hosts.
executing program
[   84.629990][   T27] audit: type=1400 audit(1575432937.159:42): avc:  denied  { map } for  pid=9835 comm="syz-executor695" path="/root/syz-executor695284770" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   84.708429][ T9835] ==================================================================
[   84.708474][ T9835] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200
[   84.708482][ T9835] Read of size 2 at addr ffffffff8874d458 by task syz-executor695/9835
[   84.708485][ T9835] 
[   84.708494][ T9835] CPU: 1 PID: 9835 Comm: syz-executor695 Not tainted 5.4.0-syzkaller #0
[   84.708499][ T9835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.708502][ T9835] Call Trace:
[   84.708516][ T9835]  dump_stack+0x197/0x210
[   84.708524][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.708537][ T9835]  print_address_description.constprop.0.cold+0x5/0x30b
[   84.708544][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.708552][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.708560][ T9835]  __kasan_report.cold+0x1b/0x41
[   84.708570][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.708579][ T9835]  kasan_report+0x12/0x20
[   84.708589][ T9835]  __asan_report_load2_noabort+0x14/0x20
[   84.708597][ T9835]  vga16fb_imageblit+0x1c8b/0x2200
[   84.708619][ T9835]  soft_cursor+0x4fb/0xa30
[   84.708630][ T9835]  ? __lock_task_sighand+0x125/0x2f0
[   84.708643][ T9835]  bit_cursor+0x12fc/0x1a60
[   84.708656][ T9835]  ? bit_clear+0x530/0x530
[   84.708667][ T9835]  ? find_held_lock+0x35/0x130
[   84.708682][ T9835]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   84.708691][ T9835]  ? get_color+0x225/0x430
[   84.708701][ T9835]  fbcon_cursor+0x487/0x660
[   84.708709][ T9835]  ? bit_clear+0x530/0x530
[   84.708721][ T9835]  hide_cursor+0x9d/0x2b0
[   84.708729][ T9835]  redraw_screen+0x60b/0x7d0
[   84.708738][ T9835]  ? respond_string+0x2c0/0x2c0
[   84.708750][ T9835]  vc_do_resize+0x10c9/0x1460
[   84.708758][ T9835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.708774][ T9835]  ? vc_uniscr_alloc+0xd0/0xd0
[   84.708787][ T9835]  vc_resize+0x4d/0x60
[   84.708796][ T9835]  fbcon_modechanged+0x367/0x790
[   84.708808][ T9835]  fbcon_update_vcs+0x42/0x50
[   84.708815][ T9835]  fb_set_var+0xb32/0xdd0
[   84.708823][ T9835]  ? fb_blank+0x1a0/0x1a0
[   84.708835][ T9835]  ? ___preempt_schedule+0x16/0x18
[   84.708847][ T9835]  ? __mutex_lock+0xf73/0x13c0
[   84.708854][ T9835]  ? down+0x70/0x90
[   84.708873][ T9835]  ? do_fb_ioctl+0x335/0x7d0
[   84.708885][ T9835]  do_fb_ioctl+0x390/0x7d0
[   84.708892][ T9835]  ? fb_mmap+0x520/0x520
[   84.708900][ T9835]  ? tomoyo_path_number_perm+0x214/0x520
[   84.708909][ T9835]  ? find_held_lock+0x35/0x130
[   84.708917][ T9835]  ? tomoyo_path_number_perm+0x214/0x520
[   84.708928][ T9835]  ? lock_downgrade+0x920/0x920
[   84.708935][ T9835]  ? lockdep_hardirqs_on+0x421/0x5e0
[   84.708945][ T9835]  ? tomoyo_path_number_perm+0x454/0x520
[   84.708965][ T9835]  ? ___might_sleep+0x163/0x2c0
[   84.708975][ T9835]  fb_ioctl+0xe6/0x130
[   84.708981][ T9835]  ? do_fb_ioctl+0x7d0/0x7d0
[   84.708990][ T9835]  do_vfs_ioctl+0x977/0x14e0
[   84.709000][ T9835]  ? compat_ioctl_preallocate+0x220/0x220
[   84.709008][ T9835]  ? selinux_file_mprotect+0x620/0x620
[   84.709016][ T9835]  ? kmem_cache_free+0x26b/0x320
[   84.709027][ T9835]  ? do_sys_open+0x31d/0x5d0
[   84.709037][ T9835]  ? tomoyo_file_ioctl+0x23/0x30
[   84.709046][ T9835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.709054][ T9835]  ? security_file_ioctl+0x8d/0xc0
[   84.709063][ T9835]  ksys_ioctl+0xab/0xd0
[   84.709072][ T9835]  __x64_sys_ioctl+0x73/0xb0
[   84.709082][ T9835]  do_syscall_64+0xfa/0x790
[   84.709093][ T9835]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.709101][ T9835] RIP: 0033:0x440309
[   84.709111][ T9835] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.709115][ T9835] RSP: 002b:00007ffd2332fb38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.709123][ T9835] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   84.709128][ T9835] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   84.709132][ T9835] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   84.709137][ T9835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   84.709141][ T9835] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   84.709152][ T9835] 
[   84.709154][ T9835] The buggy address belongs to the variable:
[   84.709162][ T9835]  transl_h+0x38/0x40
[   84.709164][ T9835] 
[   84.709167][ T9835] Memory state around the buggy address:
[   84.709175][ T9835]  ffffffff8874d300: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
[   84.709185][ T9835]  ffffffff8874d380: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   84.709191][ T9835] >ffffffff8874d400: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   84.709195][ T9835]                                                     ^
[   84.709200][ T9835]  ffffffff8874d480: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   84.709206][ T9835]  ffffffff8874d500: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   84.709209][ T9835] ==================================================================
[   84.709212][ T9835] Disabling lock debugging due to kernel taint
[   84.709282][ T9835] Kernel panic - not syncing: panic_on_warn set ...
[   84.709294][ T9835] CPU: 1 PID: 9835 Comm: syz-executor695 Tainted: G    B             5.4.0-syzkaller #0
[   84.709306][ T9835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.709315][ T9835] Call Trace:
[   84.709329][ T9835]  dump_stack+0x197/0x210
[   84.709345][ T9835]  panic+0x2e3/0x75c
[   84.709358][ T9835]  ? add_taint.cold+0x16/0x16
[   84.709372][ T9835]  ? retint_kernel+0x2b/0x2b
[   84.709389][ T9835]  ? trace_hardirqs_on+0x5e/0x240
[   84.709404][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.709417][ T9835]  end_report+0x47/0x4f
[   84.709431][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.709444][ T9835]  __kasan_report.cold+0xe/0x41
[   84.709458][ T9835]  ? vga16fb_imageblit+0x1c8b/0x2200
[   84.709471][ T9835]  kasan_report+0x12/0x20
[   84.709485][ T9835]  __asan_report_load2_noabort+0x14/0x20
[   84.709499][ T9835]  vga16fb_imageblit+0x1c8b/0x2200
[   84.709516][ T9835]  soft_cursor+0x4fb/0xa30
[   84.709530][ T9835]  ? __lock_task_sighand+0x125/0x2f0
[   84.709546][ T9835]  bit_cursor+0x12fc/0x1a60
[   84.709561][ T9835]  ? bit_clear+0x530/0x530
[   84.709576][ T9835]  ? find_held_lock+0x35/0x130
[   84.709592][ T9835]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   84.709606][ T9835]  ? get_color+0x225/0x430
[   84.709620][ T9835]  fbcon_cursor+0x487/0x660
[   84.709633][ T9835]  ? bit_clear+0x530/0x530
[   84.709648][ T9835]  hide_cursor+0x9d/0x2b0
[   84.709661][ T9835]  redraw_screen+0x60b/0x7d0
[   84.709674][ T9835]  ? respond_string+0x2c0/0x2c0
[   84.709688][ T9835]  vc_do_resize+0x10c9/0x1460
[   84.709702][ T9835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.709724][ T9835]  ? vc_uniscr_alloc+0xd0/0xd0
[   84.709738][ T9835]  vc_resize+0x4d/0x60
[   84.709798][ T9835]  fbcon_modechanged+0x367/0x790
[   84.709813][ T9835]  fbcon_update_vcs+0x42/0x50
[   84.709825][ T9835]  fb_set_var+0xb32/0xdd0
[   84.709838][ T9835]  ? fb_blank+0x1a0/0x1a0
[   84.709853][ T9835]  ? ___preempt_schedule+0x16/0x18
[   84.709867][ T9835]  ? __mutex_lock+0xf73/0x13c0
[   84.709880][ T9835]  ? down+0x70/0x90
[   84.709903][ T9835]  ? do_fb_ioctl+0x335/0x7d0
[   84.709917][ T9835]  do_fb_ioctl+0x390/0x7d0
[   84.709929][ T9835]  ? fb_mmap+0x520/0x520
[   84.709942][ T9835]  ? tomoyo_path_number_perm+0x214/0x520
[   84.709956][ T9835]  ? find_held_lock+0x35/0x130
[   84.709969][ T9835]  ? tomoyo_path_number_perm+0x214/0x520
[   84.709983][ T9835]  ? lock_downgrade+0x920/0x920
[   84.709996][ T9835]  ? lockdep_hardirqs_on+0x421/0x5e0
[   84.710010][ T9835]  ? tomoyo_path_number_perm+0x454/0x520
[   84.710033][ T9835]  ? ___might_sleep+0x163/0x2c0
[   84.710046][ T9835]  fb_ioctl+0xe6/0x130
[   84.710058][ T9835]  ? do_fb_ioctl+0x7d0/0x7d0
[   84.710071][ T9835]  do_vfs_ioctl+0x977/0x14e0
[   84.710085][ T9835]  ? compat_ioctl_preallocate+0x220/0x220
[   84.710098][ T9835]  ? selinux_file_mprotect+0x620/0x620
[   84.710111][ T9835]  ? kmem_cache_free+0x26b/0x320
[   84.710125][ T9835]  ? do_sys_open+0x31d/0x5d0
[   84.710139][ T9835]  ? tomoyo_file_ioctl+0x23/0x30
[   84.710153][ T9835]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   84.710168][ T9835]  ? security_file_ioctl+0x8d/0xc0
[   84.710181][ T9835]  ksys_ioctl+0xab/0xd0
[   84.710194][ T9835]  __x64_sys_ioctl+0x73/0xb0
[   84.710209][ T9835]  do_syscall_64+0xfa/0x790
[   84.710224][ T9835]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.710236][ T9835] RIP: 0033:0x440309
[   84.710256][ T9835] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.710261][ T9835] RSP: 002b:00007ffd2332fb38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.710269][ T9835] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   84.710274][ T9835] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   84.710279][ T9835] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   84.710284][ T9835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   84.710289][ T9835] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   84.712026][ T9835] Kernel Offset: disabled
[   85.585684][ T9835] Rebooting in 86400 seconds..