Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.319946] audit: type=1800 audit(1569432410.786:33): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   39.347585] audit: type=1800 audit(1569432410.786:34): pid=7395 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   40.821618] audit: type=1400 audit(1569432412.286:35): avc:  denied  { map } for  pid=7568 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts.
[   58.896738] audit: type=1400 audit(1569432430.366:36): avc:  denied  { map } for  pid=7580 comm="syz-executor387" path="/root/syz-executor387991359" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   58.917351] IPVS: ftp: loaded support on port[0] = 21
[   58.974776] chnl_net:caif_netlink_parms(): no params data found
[   59.004465] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.011356] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.018531] device bridge_slave_0 entered promiscuous mode
[   59.026153] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.032519] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.039625] device bridge_slave_1 entered promiscuous mode
[   59.055998] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   59.064859] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   59.080906] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   59.088629] team0: Port device team_slave_0 added
[   59.094057] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   59.101515] team0: Port device team_slave_1 added
[   59.106775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   59.113975] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   59.167052] device hsr_slave_0 entered promiscuous mode
[   59.235028] device hsr_slave_1 entered promiscuous mode
[   59.275247] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   59.282179] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   59.295913] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.302338] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.309307] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.315707] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.347234] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   59.353343] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.361401] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.370188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.389285] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.396565] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.403581] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   59.415710] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   59.421784] 8021q: adding VLAN 0 to HW filter on device team0
[   59.431448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.439202] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.445579] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.455104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.463051] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.469468] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.486424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   59.494163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   59.502011] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.510314] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   59.521540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   59.532118] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   59.538254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   59.545975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.557864] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   59.569515] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.676464] ==================================================================
[   59.683920] BUG: KASAN: use-after-free in pids_release+0x228/0x250
[   59.690241] Read of size 8 at addr ffff8880769f1288 by task syz-executor387/7580
[   59.697774] 
[   59.699393] CPU: 1 PID: 7580 Comm: syz-executor387 Not tainted 4.19.75 #0
[   59.706302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.715638] Call Trace:
[   59.718226]  dump_stack+0x172/0x1f0
[   59.721840]  ? pids_release+0x228/0x250
[   59.725812]  print_address_description.cold+0x7c/0x20d
[   59.731074]  ? pids_release+0x228/0x250
[   59.735034]  kasan_report.cold+0x8c/0x2ba
[   59.739169]  __asan_report_load8_noabort+0x14/0x20
[   59.744093]  pids_release+0x228/0x250
[   59.747879]  cgroup_release+0x101/0x4a0
[   59.751834]  ? proc_tid_base_readdir+0x30/0x30
[   59.756399]  ? cgroup_exit+0x520/0x520
[   59.760284]  ? kasan_check_read+0x11/0x20
[   59.764419]  release_task+0x194/0x1630
[   59.768292]  ? _raw_spin_unlock_irq+0x28/0x90
[   59.772772]  ? lockdep_hardirqs_on+0x415/0x5d0
[   59.777341]  ? trace_hardirqs_on+0x67/0x220
[   59.781651]  wait_consider_task+0x2c95/0x3910
[   59.786303]  ? release_task+0x1630/0x1630
[   59.790443]  ? lock_acquire+0x16f/0x3f0
[   59.794442]  ? do_wait+0x3aa/0x9d0
[   59.797983]  ? kasan_check_write+0x14/0x20
[   59.802208]  do_wait+0x439/0x9d0
[   59.805564]  ? wait_consider_task+0x3910/0x3910
[   59.810223]  kernel_wait4+0x171/0x290
[   59.814020]  ? __ia32_sys_waitid+0x140/0x140
[   59.818423]  ? task_stopped_code+0x180/0x180
[   59.822818]  ? find_held_lock+0x35/0x130
[   59.826879]  ? __do_page_fault+0x676/0xe90
[   59.831101]  __do_sys_wait4+0x147/0x160
[   59.835065]  ? kernel_wait4+0x290/0x290
[   59.839030]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   59.844553]  ? up_read+0x1a/0x110
[   59.847992]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   59.853510]  ? __do_page_fault+0x484/0xe90
[   59.857734]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   59.862472]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   59.867212]  ? do_syscall_64+0x26/0x620
[   59.871170]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.876520]  ? do_syscall_64+0x26/0x620
[   59.880482]  __x64_sys_wait4+0x97/0xf0
[   59.884353]  do_syscall_64+0xfd/0x620
[   59.888143]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.893313] RIP: 0033:0x40200a
[   59.896589] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 2e 8b 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   59.915478] RSP: 002b:00007fff74411b58 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   59.923185] RAX: ffffffffffffffda RBX: 0000000000001d9d RCX: 000000000040200a
[   59.930439] RDX: 0000000040000000 RSI: 00007fff74411b64 RDI: ffffffffffffffff
[   59.937694] RBP: 00000000006d3018 R08: 0000000000000000 R09: 0000555556c36880
[   59.944966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402fc0
[   59.952246] R13: 0000000000403050 R14: 0000000000000000 R15: 0000000000000000
[   59.959771] 
[   59.961385] Allocated by task 7580:
[   59.965011]  save_stack+0x45/0xd0
[   59.968458]  kasan_kmalloc+0xce/0xf0
[   59.972154]  kasan_slab_alloc+0xf/0x20
[   59.976023]  kmem_cache_alloc_node+0x144/0x710
[   59.980608]  copy_process.part.0+0x1ce0/0x7a30
[   59.985170]  _do_fork+0x257/0xfd0
[   59.988604]  __x64_sys_clone+0xbf/0x150
[   59.992558]  do_syscall_64+0xfd/0x620
[   59.996343]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.001509] 
[   60.003129] Freed by task 0:
[   60.006135]  save_stack+0x45/0xd0
[   60.009570]  __kasan_slab_free+0x102/0x150
[   60.013786]  kasan_slab_free+0xe/0x10
[   60.017570]  kmem_cache_free+0x86/0x260
[   60.021527]  free_task+0xdd/0x120
[   60.024977]  __put_task_struct+0x20f/0x4c0
[   60.029213]  finish_task_switch+0x52b/0x780
[   60.033538]  __schedule+0x86e/0x1dc0
[   60.037239]  schedule_idle+0x58/0x80
[   60.040951]  do_idle+0x192/0x560
[   60.044301]  cpu_startup_entry+0xc8/0xe0
[   60.048348]  rest_init+0x219/0x222
[   60.051870]  start_kernel+0x88c/0x8c5
[   60.055672]  x86_64_start_reservations+0x29/0x2b
[   60.060425]  x86_64_start_kernel+0x77/0x7b
[   60.064646]  secondary_startup_64+0xa4/0xb0
[   60.068950] 
[   60.070583] The buggy address belongs to the object at ffff8880769f01c0
[   60.070583]  which belongs to the cache task_struct of size 6080
[   60.083353] The buggy address is located 4296 bytes inside of
[   60.083353]  6080-byte region [ffff8880769f01c0, ffff8880769f1980)
[   60.095384] The buggy address belongs to the page:
[   60.100313] page:ffffea0001da7c00 count:1 mapcount:0 mapping:ffff88812c26d800 index:0x0 compound_mapcount: 0
[   60.110274] flags: 0x1fffc0000008100(slab|head)
[   60.114930] raw: 01fffc0000008100 ffffea00022a8b88 ffffea0001e23008 ffff88812c26d800
[   60.122802] raw: 0000000000000000 ffff8880769f01c0 0000000100000001 0000000000000000
[   60.130662] page dumped because: kasan: bad access detected
[   60.136363] 
[   60.137972] Memory state around the buggy address:
[   60.142887]  ffff8880769f1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.150230]  ffff8880769f1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.157589] >ffff8880769f1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.164928]                       ^
[   60.168536]  ffff8880769f1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.175885]  ffff8880769f1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.183221] ==================================================================
[   60.190573] Disabling lock debugging due to kernel taint
[   60.197385] Kernel panic - not syncing: panic_on_warn set ...
[   60.197385] 
[   60.204776] CPU: 1 PID: 7580 Comm: syz-executor387 Tainted: G    B             4.19.75 #0
[   60.213095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.222432] Call Trace:
[   60.225010]  dump_stack+0x172/0x1f0
[   60.228621]  ? pids_release+0x228/0x250
[   60.232576]  panic+0x263/0x507
[   60.235752]  ? __warn_printk+0xf3/0xf3
[   60.239641]  ? pids_release+0x228/0x250
[   60.243619]  ? preempt_schedule+0x4b/0x60
[   60.247781]  ? ___preempt_schedule+0x16/0x18
[   60.252181]  ? trace_hardirqs_on+0x5e/0x220
[   60.256487]  ? pids_release+0x228/0x250
[   60.260445]  kasan_end_report+0x47/0x4f
[   60.264412]  kasan_report.cold+0xa9/0x2ba
[   60.268549]  __asan_report_load8_noabort+0x14/0x20
[   60.273462]  pids_release+0x228/0x250
[   60.277248]  cgroup_release+0x101/0x4a0
[   60.281204]  ? proc_tid_base_readdir+0x30/0x30
[   60.285773]  ? cgroup_exit+0x520/0x520
[   60.289657]  ? kasan_check_read+0x11/0x20
[   60.293787]  release_task+0x194/0x1630
[   60.297698]  ? _raw_spin_unlock_irq+0x28/0x90
[   60.302181]  ? lockdep_hardirqs_on+0x415/0x5d0
[   60.306749]  ? trace_hardirqs_on+0x67/0x220
[   60.311054]  wait_consider_task+0x2c95/0x3910
[   60.315551]  ? release_task+0x1630/0x1630
[   60.319680]  ? lock_acquire+0x16f/0x3f0
[   60.323635]  ? do_wait+0x3aa/0x9d0
[   60.327161]  ? kasan_check_write+0x14/0x20
[   60.331395]  do_wait+0x439/0x9d0
[   60.334791]  ? wait_consider_task+0x3910/0x3910
[   60.339466]  kernel_wait4+0x171/0x290
[   60.343267]  ? __ia32_sys_waitid+0x140/0x140
[   60.347663]  ? task_stopped_code+0x180/0x180
[   60.352062]  ? find_held_lock+0x35/0x130
[   60.356112]  ? __do_page_fault+0x676/0xe90
[   60.360331]  __do_sys_wait4+0x147/0x160
[   60.364289]  ? kernel_wait4+0x290/0x290
[   60.368246]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   60.373766]  ? up_read+0x1a/0x110
[   60.377204]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   60.382725]  ? __do_page_fault+0x484/0xe90
[   60.386944]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.391693]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.396432]  ? do_syscall_64+0x26/0x620
[   60.400403]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.405792]  ? do_syscall_64+0x26/0x620
[   60.409749]  __x64_sys_wait4+0x97/0xf0
[   60.413619]  do_syscall_64+0xfd/0x620
[   60.417409]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.422595] RIP: 0033:0x40200a
[   60.425774] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 2e 8b 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   60.444657] RSP: 002b:00007fff74411b58 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   60.452351] RAX: ffffffffffffffda RBX: 0000000000001d9d RCX: 000000000040200a
[   60.459608] RDX: 0000000040000000 RSI: 00007fff74411b64 RDI: ffffffffffffffff
[   60.466878] RBP: 00000000006d3018 R08: 0000000000000000 R09: 0000555556c36880
[   60.474813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402fc0
[   60.482080] R13: 0000000000403050 R14: 0000000000000000 R15: 0000000000000000
[   60.490529] Kernel Offset: disabled
[   60.494158] Rebooting in 86400 seconds..