Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.351048][   T25] kauditd_printk_skb: 7 callbacks suppressed
[   73.351059][   T25] audit: type=1800 audit(1575351903.131:39): pid=9549 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   73.380074][   T25] audit: type=1800 audit(1575351903.131:40): pid=9549 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   75.532908][   T25] audit: type=1400 audit(1575351905.311:41): avc:  denied  { map } for  pid=9727 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts.
executing program
[   82.060017][   T25] audit: type=1400 audit(1575351911.831:42): avc:  denied  { map } for  pid=9739 comm="syz-executor002" path="/root/syz-executor002139020" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   82.159871][ T9741] ==================================================================
[   82.168087][ T9741] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000
[   82.175352][ T9741] Write of size 8 at addr ffff888093faed28 by task syz-executor002/9741
[   82.183660][ T9741] 
[   82.186006][ T9741] CPU: 0 PID: 9741 Comm: syz-executor002 Not tainted 5.4.0-syzkaller #0
[   82.194325][ T9741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.204367][ T9741] Call Trace:
[   82.207653][ T9741]  dump_stack+0x197/0x210
[   82.212016][ T9741]  ? pipe_write+0xe30/0x1000
[   82.216604][ T9741]  print_address_description.constprop.0.cold+0xd4/0x30b
[   82.223612][ T9741]  ? pipe_write+0xe30/0x1000
[   82.228185][ T9741]  ? pipe_write+0xe30/0x1000
[   82.232755][ T9741]  __kasan_report.cold+0x1b/0x41
[   82.237681][ T9741]  ? pipe_write+0xe30/0x1000
[   82.242267][ T9741]  kasan_report+0x12/0x20
[   82.246581][ T9741]  __asan_report_store8_noabort+0x17/0x20
[   82.252292][ T9741]  pipe_write+0xe30/0x1000
[   82.256850][ T9741]  new_sync_write+0x4d3/0x770
[   82.261510][ T9741]  ? new_sync_read+0x800/0x800
[   82.266265][ T9741]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.272500][ T9741]  ? security_file_permission+0x8f/0x380
[   82.278122][ T9741]  __vfs_write+0xe1/0x110
[   82.282438][ T9741]  vfs_write+0x268/0x5d0
[   82.286709][ T9741]  ksys_write+0x220/0x290
[   82.291022][ T9741]  ? __ia32_sys_read+0xb0/0xb0
[   82.295770][ T9741]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   82.301211][ T9741]  ? do_syscall_64+0x26/0x790
[   82.305869][ T9741]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.311929][ T9741]  ? do_syscall_64+0x26/0x790
[   82.316590][ T9741]  __x64_sys_write+0x73/0xb0
[   82.321167][ T9741]  do_syscall_64+0xfa/0x790
[   82.325653][ T9741]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.331526][ T9741] RIP: 0033:0x4466c9
[   82.335398][ T9741] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.354991][ T9741] RSP: 002b:00007f46cd364db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.363384][ T9741] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9
[   82.371342][ T9741] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004
[   82.379296][ T9741] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
[   82.387290][ T9741] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
[   82.395245][ T9741] R13: 00007fffda5c440f R14: 00007f46cd3659c0 R15: 20c49ba5e353f7cf
[   82.403221][ T9741] 
[   82.405540][ T9741] Allocated by task 9743:
[   82.409856][ T9741]  save_stack+0x23/0x90
[   82.413999][ T9741]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   82.419627][ T9741]  kasan_kmalloc+0x9/0x10
[   82.423951][ T9741]  __kmalloc+0x163/0x770
[   82.428179][ T9741]  pipe_fcntl+0x3f7/0x8e0
[   82.432493][ T9741]  do_fcntl+0x255/0x1030
[   82.436716][ T9741]  __x64_sys_fcntl+0x16d/0x1e0
[   82.441459][ T9741]  do_syscall_64+0xfa/0x790
[   82.445947][ T9741]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.451810][ T9741] 
[   82.454123][ T9741] Freed by task 3987:
[   82.458165][ T9741]  save_stack+0x23/0x90
[   82.462307][ T9741]  __kasan_slab_free+0x102/0x150
[   82.467221][ T9741]  kasan_slab_free+0xe/0x10
[   82.471714][ T9741]  kfree+0x10a/0x2c0
[   82.475596][ T9741]  __vunmap+0x6a5/0x9b0
[   82.479728][ T9741]  __vfree+0x41/0xd0
[   82.483600][ T9741]  vfree+0x5f/0x90
[   82.487302][ T9741]  n_tty_close+0xc3/0x130
[   82.491661][ T9741]  tty_ldisc_close.isra.0+0x119/0x1a0
[   82.497010][ T9741]  tty_ldisc_kill+0x9c/0x160
[   82.501588][ T9741]  tty_ldisc_release+0xe9/0x2b0
[   82.506416][ T9741]  tty_release_struct+0x1b/0x50
[   82.511250][ T9741]  tty_release+0xbcb/0xe90
[   82.515647][ T9741]  __fput+0x2ff/0x890
[   82.519692][ T9741]  ____fput+0x16/0x20
[   82.523654][ T9741]  task_work_run+0x145/0x1c0
[   82.528223][ T9741]  exit_to_usermode_loop+0x316/0x380
[   82.533528][ T9741]  do_syscall_64+0x676/0x790
[   82.538098][ T9741]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.543962][ T9741] 
[   82.546270][ T9741] The buggy address belongs to the object at ffff888093faed00
[   82.546270][ T9741]  which belongs to the cache kmalloc-64 of size 64
[   82.560206][ T9741] The buggy address is located 40 bytes inside of
[   82.560206][ T9741]  64-byte region [ffff888093faed00, ffff888093faed40)
[   82.573297][ T9741] The buggy address belongs to the page:
[   82.578914][ T9741] page:ffffea00024feb80 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0
[   82.588006][ T9741] raw: 00fffe0000000200 ffffea000234ce88 ffffea00028219c8 ffff8880aa400380
[   82.596610][ T9741] raw: 0000000000000000 ffff888093fae000 0000000100000020 0000000000000000
[   82.605176][ T9741] page dumped because: kasan: bad access detected
[   82.611577][ T9741] 
[   82.613885][ T9741] Memory state around the buggy address:
[   82.619495][ T9741]  ffff888093faec00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   82.627541][ T9741]  ffff888093faec80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   82.635580][ T9741] >ffff888093faed00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   82.643617][ T9741]                                   ^
[   82.648996][ T9741]  ffff888093faed80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   82.657039][ T9741]  ffff888093faee00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   82.665078][ T9741] ==================================================================
[   82.673127][ T9741] Disabling lock debugging due to kernel taint
[   82.679511][ T9741] Kernel panic - not syncing: panic_on_warn set ...
[   82.686100][ T9741] CPU: 0 PID: 9741 Comm: syz-executor002 Tainted: G    B             5.4.0-syzkaller #0
[   82.695788][ T9741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.705819][ T9741] Call Trace:
[   82.709095][ T9741]  dump_stack+0x197/0x210
[   82.713402][ T9741]  panic+0x2e3/0x75c
[   82.717290][ T9741]  ? add_taint.cold+0x16/0x16
[   82.721949][ T9741]  ? pipe_write+0xe30/0x1000
[   82.726518][ T9741]  ? preempt_schedule+0x4b/0x60
[   82.731346][ T9741]  ? ___preempt_schedule+0x16/0x18
[   82.736436][ T9741]  ? trace_hardirqs_on+0x5e/0x240
[   82.741436][ T9741]  ? pipe_write+0xe30/0x1000
[   82.746012][ T9741]  end_report+0x47/0x4f
[   82.750143][ T9741]  ? pipe_write+0xe30/0x1000
[   82.754747][ T9741]  __kasan_report.cold+0xe/0x41
[   82.759574][ T9741]  ? pipe_write+0xe30/0x1000
[   82.764144][ T9741]  kasan_report+0x12/0x20
[   82.768451][ T9741]  __asan_report_store8_noabort+0x17/0x20
[   82.774146][ T9741]  pipe_write+0xe30/0x1000
[   82.778542][ T9741]  new_sync_write+0x4d3/0x770
[   82.783206][ T9741]  ? new_sync_read+0x800/0x800
[   82.787961][ T9741]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   82.794181][ T9741]  ? security_file_permission+0x8f/0x380
[   82.799789][ T9741]  __vfs_write+0xe1/0x110
[   82.804103][ T9741]  vfs_write+0x268/0x5d0
[   82.808326][ T9741]  ksys_write+0x220/0x290
[   82.812636][ T9741]  ? __ia32_sys_read+0xb0/0xb0
[   82.817378][ T9741]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   82.822832][ T9741]  ? do_syscall_64+0x26/0x790
[   82.827488][ T9741]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.833534][ T9741]  ? do_syscall_64+0x26/0x790
[   82.838192][ T9741]  __x64_sys_write+0x73/0xb0
[   82.842763][ T9741]  do_syscall_64+0xfa/0x790
[   82.847253][ T9741]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.853127][ T9741] RIP: 0033:0x4466c9
[   82.857011][ T9741] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   82.876596][ T9741] RSP: 002b:00007f46cd364db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.884986][ T9741] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 00000000004466c9
[   82.892938][ T9741] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004
[   82.900886][ T9741] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
[   82.908835][ T9741] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
[   82.916787][ T9741] R13: 00007fffda5c440f R14: 00007f46cd3659c0 R15: 20c49ba5e353f7cf
[   82.926037][ T9741] Kernel Offset: disabled
[   82.930363][ T9741] Rebooting in 86400 seconds..