Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   68.393862][   T26] kauditd_printk_skb: 5 callbacks suppressed
[   68.393875][   T26] audit: type=1800 audit(1559150846.539:33): pid=9308 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   68.423960][   T26] audit: type=1800 audit(1559150846.539:34): pid=9308 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   72.083300][   T26] audit: type=1400 audit(1559150850.229:35): avc:  denied  { map } for  pid=9484 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
executing program
[   78.559520][   T26] audit: type=1400 audit(1559150856.699:36): avc:  denied  { map } for  pid=9496 comm="syz-executor023" path="/root/syz-executor023748933" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   78.595947][ T9497] IPVS: ftp: loaded support on port[0] = 21
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   78.663775][ T9507] ==================================================================
[   78.672093][ T9507] BUG: KASAN: use-after-free in napi_gro_frags+0xc6f/0xd10
[   78.679658][ T9507] Read of size 2 at addr ffff88809484840c by task syz-executor023/9507
[   78.688590][ T9507] 
[   78.691049][ T9507] CPU: 0 PID: 9507 Comm: syz-executor023 Not tainted 5.2.0-rc2+ #5
[   78.699170][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.709683][ T9507] Call Trace:
[   78.712998][ T9507]  dump_stack+0x172/0x1f0
[   78.717334][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   78.722297][ T9507]  print_address_description.cold+0x7c/0x20d
[   78.728426][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   78.733274][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   78.738128][ T9507]  __kasan_report.cold+0x1b/0x40
[   78.743180][ T9507]  ? __kasan_slab_free+0x140/0x150
[   78.748375][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   78.753220][ T9507]  kasan_report+0x12/0x20
[   78.757549][ T9507]  __asan_report_load_n_noabort+0xf/0x20
[   78.763253][ T9507]  napi_gro_frags+0xc6f/0xd10
[   78.767931][ T9507]  tun_get_user+0x2f3c/0x3ff0
[   78.772757][ T9507]  ? tun_device_event+0xee0/0xee0
[   78.777850][ T9507]  ? tun_get+0x171/0x290
[   78.782112][ T9507]  ? lock_downgrade+0x880/0x880
[   78.787092][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.793334][ T9507]  ? kasan_check_read+0x11/0x20
[   78.806120][ T9507]  tun_chr_write_iter+0xbd/0x156
[   78.811081][ T9507]  do_iter_readv_writev+0x5f8/0x8f0
[   78.816302][ T9507]  ? no_seek_end_llseek_size+0x70/0x70
[   78.821936][ T9507]  ? rw_verify_area+0x126/0x360
[   78.826784][ T9507]  do_iter_write+0x184/0x610
[   78.831461][ T9507]  ? dup_iter+0x260/0x260
[   78.835890][ T9507]  vfs_writev+0x1b3/0x2f0
[   78.840219][ T9507]  ? vfs_iter_write+0xb0/0xb0
[   78.845010][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.851490][ T9507]  ? __handle_mm_fault+0x7cb/0x3eb0
[   78.856837][ T9507]  ? __do_page_fault+0x623/0xda0
[   78.862120][ T9507]  ? __do_page_fault+0x623/0xda0
[   78.867241][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.874080][ T9507]  ? __fget_light+0x1a9/0x230
[   78.878788][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.885357][ T9507]  do_writev+0x15b/0x330
[   78.889659][ T9507]  ? vfs_writev+0x2f0/0x2f0
[   78.894196][ T9507]  ? do_syscall_64+0x26/0x680
[   78.899050][ T9507]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.905561][ T9507]  ? do_syscall_64+0x26/0x680
[   78.910559][ T9507]  __x64_sys_writev+0x75/0xb0
[   78.915336][ T9507]  do_syscall_64+0xfd/0x680
[   78.919852][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.925881][ T9507] RIP: 0033:0x441cd0
[   78.929819][ T9507] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   78.949877][ T9507] RSP: 002b:00007ffff2579c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   78.958562][ T9507] RAX: ffffffffffffffda RBX: 00007ffff2579c60 RCX: 0000000000441cd0
[   78.966666][ T9507] RDX: 0000000000000003 RSI: 00007ffff2579c80 RDI: 00000000000000f0
[   78.974671][ T9507] RBP: 00007ffff2579c80 R08: 00007ffff2579cb0 R09: 0000000000000003
[   78.983661][ T9507] R10: 0000000000000d77 R11: 0000000000000246 R12: 0000000000013338
[   78.991843][ T9507] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   79.000562][ T9507] 
[   79.002915][ T9507] The buggy address belongs to the page:
[   79.008567][ T9507] page:ffffea0002521200 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0
[   79.018505][ T9507] flags: 0x1fffc0000000000()
[   79.023102][ T9507] raw: 01fffc0000000000 ffffea00022a8608 ffff88812fffc878 0000000000000000
[   79.031698][ T9507] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[   79.040297][ T9507] page dumped because: kasan: bad access detected
[   79.046846][ T9507] 
[   79.049210][ T9507] Memory state around the buggy address:
[   79.054960][ T9507]  ffff888094848300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.063027][ T9507]  ffff888094848380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.071472][ T9507] >ffff888094848400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.079764][ T9507]                       ^
[   79.084109][ T9507]  ffff888094848480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.092645][ T9507]  ffff888094848500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.108771][ T9507] ==================================================================
[   79.117554][ T9507] Disabling lock debugging due to kernel taint
[   79.124211][ T9507] Kernel panic - not syncing: panic_on_warn set ...
[   79.131136][ T9507] CPU: 0 PID: 9507 Comm: syz-executor023 Tainted: G    B             5.2.0-rc2+ #5
[   79.141016][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.151645][ T9507] Call Trace:
[   79.154949][ T9507]  dump_stack+0x172/0x1f0
[   79.159661][ T9507]  panic+0x2cb/0x744
[   79.163847][ T9507]  ? __warn_printk+0xf3/0xf3
[   79.168836][ T9507]  ? trace_hardirqs_on+0x5e/0x220
[   79.174123][ T9507]  ? trace_hardirqs_on+0x5e/0x220
[   79.179433][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   79.184413][ T9507]  end_report+0x47/0x4f
[   79.188644][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   79.193815][ T9507]  __kasan_report.cold+0xe/0x40
[   79.198702][ T9507]  ? __kasan_slab_free+0x140/0x150
[   79.204051][ T9507]  ? napi_gro_frags+0xc6f/0xd10
[   79.209230][ T9507]  kasan_report+0x12/0x20
[   79.213674][ T9507]  __asan_report_load_n_noabort+0xf/0x20
[   79.219473][ T9507]  napi_gro_frags+0xc6f/0xd10
[   79.224506][ T9507]  tun_get_user+0x2f3c/0x3ff0
[   79.229191][ T9507]  ? tun_device_event+0xee0/0xee0
[   79.234316][ T9507]  ? tun_get+0x171/0x290
[   79.238581][ T9507]  ? lock_downgrade+0x880/0x880
[   79.243678][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   79.250510][ T9507]  ? kasan_check_read+0x11/0x20
[   79.255473][ T9507]  tun_chr_write_iter+0xbd/0x156
[   79.260503][ T9507]  do_iter_readv_writev+0x5f8/0x8f0
[   79.265938][ T9507]  ? no_seek_end_llseek_size+0x70/0x70
[   79.271786][ T9507]  ? rw_verify_area+0x126/0x360
[   79.276860][ T9507]  do_iter_write+0x184/0x610
[   79.281791][ T9507]  ? dup_iter+0x260/0x260
[   79.286142][ T9507]  vfs_writev+0x1b3/0x2f0
[   79.290795][ T9507]  ? vfs_iter_write+0xb0/0xb0
[   79.295489][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   79.301865][ T9507]  ? __handle_mm_fault+0x7cb/0x3eb0
[   79.307413][ T9507]  ? __do_page_fault+0x623/0xda0
[   79.312661][ T9507]  ? __do_page_fault+0x623/0xda0
[   79.317755][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   79.324082][ T9507]  ? __fget_light+0x1a9/0x230
[   79.328862][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   79.335202][ T9507]  do_writev+0x15b/0x330
[   79.339522][ T9507]  ? vfs_writev+0x2f0/0x2f0
[   79.344031][ T9507]  ? do_syscall_64+0x26/0x680
[   79.349063][ T9507]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.355140][ T9507]  ? do_syscall_64+0x26/0x680
[   79.360009][ T9507]  __x64_sys_writev+0x75/0xb0
[   79.364917][ T9507]  do_syscall_64+0xfd/0x680
[   79.369894][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   79.376106][ T9507] RIP: 0033:0x441cd0
[   79.380578][ T9507] Code: 05 48 3d 01 f0 ff ff 0f 83 9d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 93 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00
[   79.401098][ T9507] RSP: 002b:00007ffff2579c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   79.409902][ T9507] RAX: ffffffffffffffda RBX: 00007ffff2579c60 RCX: 0000000000441cd0
[   79.418294][ T9507] RDX: 0000000000000003 RSI: 00007ffff2579c80 RDI: 00000000000000f0
[   79.426483][ T9507] RBP: 00007ffff2579c80 R08: 00007ffff2579cb0 R09: 0000000000000003
[   79.435983][ T9507] R10: 0000000000000d77 R11: 0000000000000246 R12: 0000000000013338
[   79.445111][ T9507] R13: 0000000000402b60 R14: 0000000000000000 R15: 0000000000000000
[   79.455662][ T9507] Kernel Offset: disabled
[   79.460101][ T9507] Rebooting in 86400 seconds..