[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context[   37.621440] audit: type=1800 audit(1569173156.643:33): pid=7398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
 maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c[   37.649174] audit: type=1800 audit(1569173156.643:34): pid=7398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.611612] audit: type=1400 audit(1569173160.633:35): avc:  denied  { map } for  pid=7573 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
executing program
[   76.000845] audit: type=1400 audit(1569173195.023:36): avc:  denied  { map } for  pid=7585 comm="syz-executor174" path="/root/syz-executor174260536" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   76.035167] ==================================================================
[   76.043185] BUG: KASAN: use-after-free in wait_consider_task+0x1b51/0x3910
[   76.051638] Read of size 4 at addr ffff88808597c8ac by task syz-executor174/7585
[   76.060274] 
[   76.061976] CPU: 0 PID: 7585 Comm: syz-executor174 Not tainted 4.19.75 #0
[   76.069557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.079381] Call Trace:
[   76.082164]  dump_stack+0x172/0x1f0
[   76.086086]  ? wait_consider_task+0x1b51/0x3910
[   76.091001]  print_address_description.cold+0x7c/0x20d
[   76.096518]  ? wait_consider_task+0x1b51/0x3910
[   76.101985]  kasan_report.cold+0x8c/0x2ba
[   76.106257]  __asan_report_load4_noabort+0x14/0x20
[   76.111477]  wait_consider_task+0x1b51/0x3910
[   76.116251]  ? lockdep_hardirqs_on+0x415/0x5d0
[   76.121030]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   76.126922]  ? add_wait_queue+0x112/0x170
[   76.131926]  ? release_task+0x1630/0x1630
[   76.136647]  ? lock_acquire+0x16f/0x3f0
[   76.142265]  ? do_wait+0x3aa/0x9d0
[   76.146252]  ? kasan_check_write+0x14/0x20
[   76.151000]  do_wait+0x439/0x9d0
[   76.154375]  ? wait_consider_task+0x3910/0x3910
[   76.159449]  kernel_wait4+0x171/0x290
[   76.163266]  ? __ia32_sys_waitid+0x140/0x140
[   76.167936]  ? task_stopped_code+0x180/0x180
[   76.172597]  __do_sys_wait4+0x147/0x160
[   76.176883]  ? kernel_wait4+0x290/0x290
[   76.180987]  ? _copy_to_user+0xc9/0x120
[   76.185114]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.190988]  ? put_timespec64+0xda/0x140
[   76.195152]  ? nsecs_to_jiffies+0x30/0x30
[   76.199458]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.205383]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.210479]  ? do_syscall_64+0x26/0x620
[   76.214759]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.220839]  ? do_syscall_64+0x26/0x620
[   76.224958]  __x64_sys_wait4+0x97/0xf0
[   76.229213]  do_syscall_64+0xfd/0x620
[   76.233316]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.238671] RIP: 0033:0x40110a
[   76.242164] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 ce 15 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   76.262943] RSP: 002b:00007fff18bfc8c8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   76.272208] RAX: ffffffffffffffda RBX: 0000000000001da2 RCX: 000000000040110a
[   76.280608] RDX: 0000000040000001 RSI: 00007fff18bfc8d4 RDI: ffffffffffffffff
[   76.288319] RBP: 00000000000128bb R08: 0000000000000000 R09: 000055555670f880
[   76.295985] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020c0
[   76.304803] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   76.312882] 
[   76.314799] Allocated by task 7585:
[   76.318724]  save_stack+0x45/0xd0
[   76.322308]  kasan_kmalloc+0xce/0xf0
[   76.326148]  kasan_slab_alloc+0xf/0x20
[   76.330159]  kmem_cache_alloc_node+0x144/0x710
[   76.334865]  copy_process.part.0+0x1ce0/0x7a30
[   76.339797]  _do_fork+0x257/0xfd0
[   76.343829]  __x64_sys_clone+0xbf/0x150
[   76.347971]  do_syscall_64+0xfd/0x620
[   76.352002]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.357194] 
[   76.358816] Freed by task 0:
[   76.361840]  save_stack+0x45/0xd0
[   76.365475]  __kasan_slab_free+0x102/0x150
[   76.370116]  kasan_slab_free+0xe/0x10
[   76.374330]  kmem_cache_free+0x86/0x260
[   76.378323]  free_task+0xdd/0x120
[   76.381872]  __put_task_struct+0x20f/0x4c0
[   76.386479]  finish_task_switch+0x52b/0x780
[   76.391193]  __schedule+0x86e/0x1dc0
[   76.395152]  schedule_idle+0x58/0x80
[   76.398877]  do_idle+0x192/0x560
[   76.402426]  cpu_startup_entry+0xc8/0xe0
[   76.406938]  start_secondary+0x3e8/0x5b0
[   76.411704]  secondary_startup_64+0xa4/0xb0
[   76.416235] 
[   76.417869] The buggy address belongs to the object at ffff88808597c440
[   76.417869]  which belongs to the cache task_struct of size 6080
[   76.431055] The buggy address is located 1132 bytes inside of
[   76.431055]  6080-byte region [ffff88808597c440, ffff88808597dc00)
[   76.444980] The buggy address belongs to the page:
[   76.450780] page:ffffea0002165f00 count:1 mapcount:0 mapping:ffff88812c26d800 index:0x0 compound_mapcount: 0
[   76.461974] flags: 0x1fffc0000008100(slab|head)
[   76.467101] raw: 01fffc0000008100 ffffea0002160408 ffffea0002819708 ffff88812c26d800
[   76.477115] raw: 0000000000000000 ffff88808597c440 0000000100000001 0000000000000000
[   76.485606] page dumped because: kasan: bad access detected
[   76.491964] 
[   76.493592] Memory state around the buggy address:
[   76.498702]  ffff88808597c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.507152]  ffff88808597c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.514740] >ffff88808597c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.522472]                                   ^
[   76.527382]  ffff88808597c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.535871]  ffff88808597c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.544240] ==================================================================
[   76.552528] Disabling lock debugging due to kernel taint
[   76.559095] Kernel panic - not syncing: panic_on_warn set ...
[   76.559095] 
[   76.567728] CPU: 0 PID: 7585 Comm: syz-executor174 Tainted: G    B             4.19.75 #0
[   76.578119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.588605] Call Trace:
[   76.591477]  dump_stack+0x172/0x1f0
[   76.595508]  ? wait_consider_task+0x1b51/0x3910
[   76.601366]  panic+0x263/0x507
[   76.605192]  ? __warn_printk+0xf3/0xf3
[   76.609185]  ? retint_kernel+0x2d/0x2d
[   76.613744]  ? trace_hardirqs_on+0x5e/0x220
[   76.618589]  ? wait_consider_task+0x1b51/0x3910
[   76.624469]  kasan_end_report+0x47/0x4f
[   76.630244]  kasan_report.cold+0xa9/0x2ba
[   76.634809]  __asan_report_load4_noabort+0x14/0x20
[   76.640854]  wait_consider_task+0x1b51/0x3910
[   76.645787]  ? lockdep_hardirqs_on+0x415/0x5d0
[   76.650612]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   76.656458]  ? add_wait_queue+0x112/0x170
[   76.661648]  ? release_task+0x1630/0x1630
[   76.666106]  ? lock_acquire+0x16f/0x3f0
[   76.670772]  ? do_wait+0x3aa/0x9d0
[   76.674509]  ? kasan_check_write+0x14/0x20
[   76.679049]  do_wait+0x439/0x9d0
[   76.682506]  ? wait_consider_task+0x3910/0x3910
[   76.687268]  kernel_wait4+0x171/0x290
[   76.691304]  ? __ia32_sys_waitid+0x140/0x140
[   76.695887]  ? task_stopped_code+0x180/0x180
[   76.701162]  __do_sys_wait4+0x147/0x160
[   76.705667]  ? kernel_wait4+0x290/0x290
[   76.710303]  ? _copy_to_user+0xc9/0x120
[   76.715023]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.721249]  ? put_timespec64+0xda/0x140
[   76.725878]  ? nsecs_to_jiffies+0x30/0x30
[   76.730479]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.735413]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.741319]  ? do_syscall_64+0x26/0x620
[   76.746493]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.752085]  ? do_syscall_64+0x26/0x620
[   76.757543]  __x64_sys_wait4+0x97/0xf0
[   76.761655]  do_syscall_64+0xfd/0x620
[   76.765625]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.772262] RIP: 0033:0x40110a
[   76.775731] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 ce 15 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   76.796858] RSP: 002b:00007fff18bfc8c8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   76.804665] RAX: ffffffffffffffda RBX: 0000000000001da2 RCX: 000000000040110a
[   76.813027] RDX: 0000000040000001 RSI: 00007fff18bfc8d4 RDI: ffffffffffffffff
[   76.821520] RBP: 00000000000128bb R08: 0000000000000000 R09: 000055555670f880
[   76.830877] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020c0
[   76.839504] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   76.850427] Kernel Offset: disabled
[   76.854862] Rebooting in 86400 seconds..