Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.713381] audit: type=1800 audit(1544588746.215:33): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   33.736198] audit: type=1800 audit(1544588746.215:34): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.950417] audit: type=1400 audit(1544588750.455:35): avc:  denied  { map } for  pid=6258 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
executing program
[   44.700765] audit: type=1400 audit(1544588757.205:36): avc:  denied  { map } for  pid=6271 comm="syz-executor778" path="/root/syz-executor778426799" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.002709] ==================================================================
[   45.010235] BUG: KASAN: use-after-free in tipc_group_bc_cong+0x327/0x3f0
[   45.017102] Read of size 2 at addr ffff8881c6042a74 by task syz-executor778/6274
[   45.024626] 
[   45.026242] CPU: 0 PID: 6274 Comm: syz-executor778 Not tainted 4.20.0-rc6+ #151
[   45.033669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.043013] Call Trace:
[   45.045591]  dump_stack+0x244/0x39d
[   45.049207]  ? dump_stack_print_info.cold.1+0x20/0x20
[   45.054378]  ? printk+0xa7/0xcf
[   45.057645]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   45.062386]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   45.067479]  print_address_description.cold.7+0x9/0x1ff
[   45.072827]  kasan_report.cold.8+0x242/0x309
[   45.077225]  ? tipc_group_bc_cong+0x327/0x3f0
[   45.081706]  __asan_report_load2_noabort+0x14/0x20
[   45.086638]  tipc_group_bc_cong+0x327/0x3f0
[   45.090944]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   45.096034]  ? tipc_group_cong+0x5d0/0x5d0
[   45.100255]  ? remove_wait_queue+0x1a6/0x360
[   45.104649]  ? add_wait_queue+0x2b0/0x2b0
[   45.108781]  ? __local_bh_enable_ip+0x160/0x260
[   45.113445]  tipc_send_group_bcast+0x50a/0xd90
[   45.118063]  ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0
[   45.123073]  ? __init_waitqueue_head+0x150/0x150
[   45.127813]  ? refill_pi_state_cache.part.8+0x310/0x310
[   45.133171]  ? mark_held_locks+0x130/0x130
[   45.137400]  ? avc_has_perm+0x469/0x7e0
[   45.141358]  ? lock_downgrade+0x900/0x900
[   45.145494]  ? check_preemption_disabled+0x48/0x280
[   45.150500]  __tipc_sendmsg+0xeec/0x1d40
[   45.154546]  ? rcu_softirq_qs+0x20/0x20
[   45.158512]  ? tipc_sendmcast+0xf50/0xf50
[   45.162644]  ? zap_class+0x640/0x640
[   45.166343]  ? print_usage_bug+0xc0/0xc0
[   45.170388]  ? find_held_lock+0x36/0x1c0
[   45.174444]  ? find_held_lock+0x36/0x1c0
[   45.178494]  ? mark_held_locks+0xc7/0x130
[   45.182632]  ? __local_bh_enable_ip+0x160/0x260
[   45.187295]  ? __local_bh_enable_ip+0x160/0x260
[   45.191951]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   45.196517]  ? trace_hardirqs_on+0xbd/0x310
[   45.200836]  ? lock_release+0xa00/0xa00
[   45.204804]  ? lock_sock_nested+0xe2/0x120
[   45.209028]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.214123]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.219649]  ? check_preemption_disabled+0x48/0x280
[   45.224649]  ? lock_sock_nested+0x9a/0x120
[   45.228868]  ? lock_sock_nested+0x9a/0x120
[   45.233105]  ? __local_bh_enable_ip+0x160/0x260
[   45.237791]  tipc_sendmsg+0x50/0x70
[   45.241401]  ? __tipc_sendmsg+0x1d40/0x1d40
[   45.245715]  sock_sendmsg+0xd5/0x120
[   45.249416]  ___sys_sendmsg+0x7fd/0x930
[   45.253377]  ? find_held_lock+0x36/0x1c0
[   45.257431]  ? copy_msghdr_from_user+0x580/0x580
[   45.262174]  ? __fd_install+0x2b5/0x8f0
[   45.266141]  ? check_preemption_disabled+0x48/0x280
[   45.271148]  ? __fget_light+0x2e9/0x430
[   45.275111]  ? fget_raw+0x20/0x20
[   45.278568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.284115]  ? __fd_install+0x2f9/0x8f0
[   45.288081]  ? get_unused_fd_flags+0x1a0/0x1a0
[   45.292665]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.298187]  ? sockfd_lookup_light+0xc5/0x160
[   45.302669]  __sys_sendmsg+0x11d/0x280
[   45.306544]  ? __ia32_sys_shutdown+0x80/0x80
[   45.310946]  ? __x64_sys_futex+0x47f/0x6a0
[   45.315184]  ? do_syscall_64+0x9a/0x820
[   45.319154]  ? do_syscall_64+0x9a/0x820
[   45.323219]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.328331]  __x64_sys_sendmsg+0x78/0xb0
[   45.332445]  do_syscall_64+0x1b9/0x820
[   45.336336]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   45.341777]  ? syscall_return_slowpath+0x5e0/0x5e0
[   45.346717]  ? trace_hardirqs_on_caller+0x310/0x310
[   45.351737]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   45.356751]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   45.363407]  ? __switch_to_asm+0x40/0x70
[   45.367452]  ? __switch_to_asm+0x34/0x70
[   45.371522]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.376360]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.381542] RIP: 0033:0x446389
[   45.384839] Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   45.403740] RSP: 002b:00007fb7f3d24db8 EFLAGS: 00000297 ORIG_RAX: 000000000000002e
[   45.411445] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000446389
[   45.418706] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005
[   45.425963] RBP: 00000000006dac30 R08: 0000000000000000 R09: 0000000000000000
[   45.433225] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac3c
[   45.440487] R13: 00007fff7938cd9f R14: 00007fb7f3d259c0 R15: 00000000006dad2c
[   45.447752] 
[   45.449370] Allocated by task 6275:
[   45.452985]  save_stack+0x43/0xd0
[   45.456424]  kasan_kmalloc+0xc7/0xe0
[   45.460125]  kmem_cache_alloc_trace+0x152/0x750
[   45.464788]  tipc_group_create+0x152/0xa70
[   45.469017]  tipc_setsockopt+0x2d1/0xd70
[   45.473062]  __sys_setsockopt+0x1ba/0x3c0
[   45.477218]  __x64_sys_setsockopt+0xbe/0x150
[   45.481622]  do_syscall_64+0x1b9/0x820
[   45.485500]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.490672] 
[   45.492284] Freed by task 6275:
[   45.495558]  save_stack+0x43/0xd0
[   45.498999]  __kasan_slab_free+0x102/0x150
[   45.503219]  kasan_slab_free+0xe/0x10
[   45.507006]  kfree+0xcf/0x230
[   45.510098]  tipc_group_delete+0x2e4/0x3f0
[   45.514324]  tipc_sk_leave+0x113/0x220
[   45.518196]  tipc_setsockopt+0x97d/0xd70
[   45.522246]  __sys_setsockopt+0x1ba/0x3c0
[   45.526666]  __x64_sys_setsockopt+0xbe/0x150
[   45.531083]  do_syscall_64+0x1b9/0x820
[   45.534963]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.540140] 
[   45.541766] The buggy address belongs to the object at ffff8881c6042a00
[   45.541766]  which belongs to the cache kmalloc-192 of size 192
[   45.554430] The buggy address is located 116 bytes inside of
[   45.554430]  192-byte region [ffff8881c6042a00, ffff8881c6042ac0)
[   45.566409] The buggy address belongs to the page:
[   45.571328] page:ffffea0007181080 count:1 mapcount:0 mapping:ffff8881da800040 index:0xffff8881c6042400
[   45.580761] flags: 0x2fffc0000000200(slab)
[   45.584982] raw: 02fffc0000000200 ffffea0007184248 ffffea000711b2c8 ffff8881da800040
[   45.592851] raw: ffff8881c6042400 ffff8881c6042000 000000010000000b 0000000000000000
[   45.600716] page dumped because: kasan: bad access detected
[   45.606411] 
[   45.608021] Memory state around the buggy address:
[   45.612936]  ffff8881c6042900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.620281]  ffff8881c6042980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   45.627624] >ffff8881c6042a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.634966]                                                              ^
[   45.642052]  ffff8881c6042a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   45.649412]  ffff8881c6042b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.657312] ==================================================================
[   45.664725] Disabling lock debugging due to kernel taint
[   45.670296] Kernel panic - not syncing: panic_on_warn set ...
[   45.676283] CPU: 0 PID: 6274 Comm: syz-executor778 Tainted: G    B             4.20.0-rc6+ #151
[   45.685109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.694446] Call Trace:
[   45.697029]  dump_stack+0x244/0x39d
[   45.700658]  ? dump_stack_print_info.cold.1+0x20/0x20
[   45.705837]  panic+0x2ad/0x55c
[   45.709126]  ? add_taint.cold.5+0x16/0x16
[   45.713270]  ? preempt_schedule+0x4d/0x60
[   45.717417]  ? ___preempt_schedule+0x16/0x18
[   45.721817]  ? trace_hardirqs_on+0xb4/0x310
[   45.726132]  kasan_end_report+0x47/0x4f
[   45.730092]  kasan_report.cold.8+0x76/0x309
[   45.734398]  ? tipc_group_bc_cong+0x327/0x3f0
[   45.738879]  __asan_report_load2_noabort+0x14/0x20
[   45.743794]  tipc_group_bc_cong+0x327/0x3f0
[   45.748097]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   45.753269]  ? tipc_group_cong+0x5d0/0x5d0
[   45.757509]  ? remove_wait_queue+0x1a6/0x360
[   45.761908]  ? add_wait_queue+0x2b0/0x2b0
[   45.766112]  ? __local_bh_enable_ip+0x160/0x260
[   45.770793]  tipc_send_group_bcast+0x50a/0xd90
[   45.775371]  ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0
[   45.780378]  ? __init_waitqueue_head+0x150/0x150
[   45.785144]  ? refill_pi_state_cache.part.8+0x310/0x310
[   45.790504]  ? mark_held_locks+0x130/0x130
[   45.794742]  ? avc_has_perm+0x469/0x7e0
[   45.798708]  ? lock_downgrade+0x900/0x900
[   45.802855]  ? check_preemption_disabled+0x48/0x280
[   45.807861]  __tipc_sendmsg+0xeec/0x1d40
[   45.811908]  ? rcu_softirq_qs+0x20/0x20
[   45.815869]  ? tipc_sendmcast+0xf50/0xf50
[   45.820100]  ? zap_class+0x640/0x640
[   45.823817]  ? print_usage_bug+0xc0/0xc0
[   45.827954]  ? find_held_lock+0x36/0x1c0
[   45.832023]  ? find_held_lock+0x36/0x1c0
[   45.836084]  ? mark_held_locks+0xc7/0x130
[   45.840219]  ? __local_bh_enable_ip+0x160/0x260
[   45.844873]  ? __local_bh_enable_ip+0x160/0x260
[   45.849531]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   45.854097]  ? trace_hardirqs_on+0xbd/0x310
[   45.858400]  ? lock_release+0xa00/0xa00
[   45.862367]  ? lock_sock_nested+0xe2/0x120
[   45.866591]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.871687]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.877223]  ? check_preemption_disabled+0x48/0x280
[   45.882223]  ? lock_sock_nested+0x9a/0x120
[   45.886537]  ? lock_sock_nested+0x9a/0x120
[   45.890770]  ? __local_bh_enable_ip+0x160/0x260
[   45.895431]  tipc_sendmsg+0x50/0x70
[   45.899057]  ? __tipc_sendmsg+0x1d40/0x1d40
[   45.903382]  sock_sendmsg+0xd5/0x120
[   45.907087]  ___sys_sendmsg+0x7fd/0x930
[   45.911055]  ? find_held_lock+0x36/0x1c0
[   45.915111]  ? copy_msghdr_from_user+0x580/0x580
[   45.919951]  ? __fd_install+0x2b5/0x8f0
[   45.923912]  ? check_preemption_disabled+0x48/0x280
[   45.928913]  ? __fget_light+0x2e9/0x430
[   45.932878]  ? fget_raw+0x20/0x20
[   45.936319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.941972]  ? __fd_install+0x2f9/0x8f0
[   45.945939]  ? get_unused_fd_flags+0x1a0/0x1a0
[   45.950525]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.956055]  ? sockfd_lookup_light+0xc5/0x160
[   45.960537]  __sys_sendmsg+0x11d/0x280
[   45.964412]  ? __ia32_sys_shutdown+0x80/0x80
[   45.968805]  ? __x64_sys_futex+0x47f/0x6a0
[   45.973034]  ? do_syscall_64+0x9a/0x820
[   45.977003]  ? do_syscall_64+0x9a/0x820
[   45.981083]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.986188]  __x64_sys_sendmsg+0x78/0xb0
[   45.990244]  do_syscall_64+0x1b9/0x820
[   45.994240]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   45.999595]  ? syscall_return_slowpath+0x5e0/0x5e0
[   46.004514]  ? trace_hardirqs_on_caller+0x310/0x310
[   46.009520]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   46.014647]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   46.021307]  ? __switch_to_asm+0x40/0x70
[   46.025354]  ? __switch_to_asm+0x34/0x70
[   46.029403]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.034243]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.039427] RIP: 0033:0x446389
[   46.042611] Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   46.061604] RSP: 002b:00007fb7f3d24db8 EFLAGS: 00000297 ORIG_RAX: 000000000000002e
[   46.069305] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 0000000000446389
[   46.076657] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005
[   46.083909] RBP: 00000000006dac30 R08: 0000000000000000 R09: 0000000000000000
[   46.091164] R10: 0000000000000000 R11: 0000000000000297 R12: 00000000006dac3c
[   46.098420] R13: 00007fff7938cd9f R14: 00007fb7f3d259c0 R15: 00000000006dad2c
[   46.106809] Kernel Offset: disabled
[   46.110589] Rebooting in 86400 seconds..