Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.136625] audit: type=1800 audit(1569276022.643:33): pid=7266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   36.159464] audit: type=1800 audit(1569276022.643:34): pid=7266 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.109279] audit: type=1400 audit(1569276027.613:35): avc:  denied  { map } for  pid=7442 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
executing program
[   47.543325] audit: type=1400 audit(1569276034.053:36): avc:  denied  { map } for  pid=7454 comm="syz-executor820" path="/root/syz-executor820483971" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   47.582342] ==================================================================
[   47.589782] BUG: KASAN: use-after-free in wait_consider_task+0x1b51/0x3910
[   47.596781] Read of size 4 at addr ffff88808f2d4a2c by task syz-executor820/7454
[   47.604438] 
[   47.606057] CPU: 0 PID: 7454 Comm: syz-executor820 Not tainted 4.19.75 #0
[   47.613000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.622337] Call Trace:
[   47.625015]  dump_stack+0x172/0x1f0
[   47.628630]  ? wait_consider_task+0x1b51/0x3910
[   47.633297]  print_address_description.cold+0x7c/0x20d
[   47.638561]  ? wait_consider_task+0x1b51/0x3910
[   47.643214]  kasan_report.cold+0x8c/0x2ba
[   47.647349]  __asan_report_load4_noabort+0x14/0x20
[   47.652285]  wait_consider_task+0x1b51/0x3910
[   47.656761]  ? lockdep_hardirqs_on+0x415/0x5d0
[   47.661331]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   47.666425]  ? add_wait_queue+0x112/0x170
[   47.670556]  ? release_task+0x1630/0x1630
[   47.674686]  ? lock_acquire+0x16f/0x3f0
[   47.678642]  ? do_wait+0x3aa/0x9d0
[   47.682169]  ? kasan_check_write+0x14/0x20
[   47.686389]  do_wait+0x439/0x9d0
[   47.689741]  ? wait_consider_task+0x3910/0x3910
[   47.694395]  kernel_wait4+0x171/0x290
[   47.698178]  ? __ia32_sys_waitid+0x140/0x140
[   47.702577]  ? task_stopped_code+0x180/0x180
[   47.706973]  __do_sys_wait4+0x147/0x160
[   47.710928]  ? kernel_wait4+0x290/0x290
[   47.714883]  ? _copy_to_user+0xc9/0x120
[   47.718841]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.724360]  ? put_timespec64+0xda/0x140
[   47.728402]  ? nsecs_to_jiffies+0x30/0x30
[   47.732539]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.737275]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   47.742010]  ? do_syscall_64+0x26/0x620
[   47.745983]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.751326]  ? do_syscall_64+0x26/0x620
[   47.755299]  __x64_sys_wait4+0x97/0xf0
[   47.759169]  do_syscall_64+0xfd/0x620
[   47.762956]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.768128] RIP: 0033:0x40110a
[   47.771308] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 ce 15 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   47.790191] RSP: 002b:00007ffcd57d2818 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   47.797965] RAX: ffffffffffffffda RBX: 0000000000001d1f RCX: 000000000040110a
[   47.805227] RDX: 0000000040000001 RSI: 00007ffcd57d2824 RDI: ffffffffffffffff
[   47.812481] RBP: 000000000000b9ac R08: 0000000000000000 R09: 000055555676d880
[   47.819733] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020c0
[   47.826983] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   47.834330] 
[   47.835937] Allocated by task 7454:
[   47.839651]  save_stack+0x45/0xd0
[   47.843084]  kasan_kmalloc+0xce/0xf0
[   47.846787]  kasan_slab_alloc+0xf/0x20
[   47.850656]  kmem_cache_alloc_node+0x144/0x710
[   47.855219]  copy_process.part.0+0x1ce0/0x7a30
[   47.859779]  _do_fork+0x257/0xfd0
[   47.863212]  __x64_sys_clone+0xbf/0x150
[   47.867178]  do_syscall_64+0xfd/0x620
[   47.870959]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.876124] 
[   47.877742] Freed by task 0:
[   47.880746]  save_stack+0x45/0xd0
[   47.884191]  __kasan_slab_free+0x102/0x150
[   47.888430]  kasan_slab_free+0xe/0x10
[   47.892210]  kmem_cache_free+0x86/0x260
[   47.896180]  free_task+0xdd/0x120
[   47.899624]  __put_task_struct+0x20f/0x4c0
[   47.903841]  finish_task_switch+0x52b/0x780
[   47.908145]  __schedule+0x86e/0x1dc0
[   47.911842]  schedule_idle+0x58/0x80
[   47.915536]  do_idle+0x192/0x560
[   47.919423]  cpu_startup_entry+0xc8/0xe0
[   47.923476]  start_secondary+0x3e8/0x5b0
[   47.927521]  secondary_startup_64+0xa4/0xb0
[   47.931819] 
[   47.933434] The buggy address belongs to the object at ffff88808f2d45c0
[   47.933434]  which belongs to the cache task_struct of size 6080
[   47.946164] The buggy address is located 1132 bytes inside of
[   47.946164]  6080-byte region [ffff88808f2d45c0, ffff88808f2d5d80)
[   47.958196] The buggy address belongs to the page:
[   47.963108] page:ffffea00023cb500 count:1 mapcount:0 mapping:ffff88812c26d800 index:0x0 compound_mapcount: 0
[   47.973062] flags: 0x1fffc0000008100(slab|head)
[   47.977716] raw: 01fffc0000008100 ffffea0002541708 ffffea0002420b08 ffff88812c26d800
[   47.985646] raw: 0000000000000000 ffff88808f2d45c0 0000000100000001 0000000000000000
[   47.993509] page dumped because: kasan: bad access detected
[   47.999196] 
[   48.000816] Memory state around the buggy address:
[   48.005744]  ffff88808f2d4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.013082]  ffff88808f2d4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.020425] >ffff88808f2d4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.027770]                                   ^
[   48.032422]  ffff88808f2d4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.039801]  ffff88808f2d4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.047177] ==================================================================
[   48.054518] Disabling lock debugging due to kernel taint
[   48.060082] Kernel panic - not syncing: panic_on_warn set ...
[   48.060082] 
[   48.067480] CPU: 0 PID: 7454 Comm: syz-executor820 Tainted: G    B             4.19.75 #0
[   48.075771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.085117] Call Trace:
[   48.087688]  dump_stack+0x172/0x1f0
[   48.091301]  ? wait_consider_task+0x1b51/0x3910
[   48.095947]  panic+0x263/0x507
[   48.099119]  ? __warn_printk+0xf3/0xf3
[   48.102986]  ? retint_kernel+0x2d/0x2d
[   48.106855]  ? trace_hardirqs_on+0x5e/0x220
[   48.111157]  ? wait_consider_task+0x1b51/0x3910
[   48.115806]  kasan_end_report+0x47/0x4f
[   48.119758]  kasan_report.cold+0xa9/0x2ba
[   48.123887]  __asan_report_load4_noabort+0x14/0x20
[   48.128792]  wait_consider_task+0x1b51/0x3910
[   48.133267]  ? lockdep_hardirqs_on+0x415/0x5d0
[   48.137827]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   48.142910]  ? add_wait_queue+0x112/0x170
[   48.147053]  ? release_task+0x1630/0x1630
[   48.151180]  ? lock_acquire+0x16f/0x3f0
[   48.155158]  ? do_wait+0x3aa/0x9d0
[   48.158681]  ? kasan_check_write+0x14/0x20
[   48.162894]  do_wait+0x439/0x9d0
[   48.166245]  ? wait_consider_task+0x3910/0x3910
[   48.170893]  kernel_wait4+0x171/0x290
[   48.174673]  ? __ia32_sys_waitid+0x140/0x140
[   48.179061]  ? task_stopped_code+0x180/0x180
[   48.183466]  __do_sys_wait4+0x147/0x160
[   48.187435]  ? kernel_wait4+0x290/0x290
[   48.191389]  ? _copy_to_user+0xc9/0x120
[   48.195344]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   48.200860]  ? put_timespec64+0xda/0x140
[   48.204914]  ? nsecs_to_jiffies+0x30/0x30
[   48.209044]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.213781]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.218515]  ? do_syscall_64+0x26/0x620
[   48.222479]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.227828]  ? do_syscall_64+0x26/0x620
[   48.231848]  __x64_sys_wait4+0x97/0xf0
[   48.235720]  do_syscall_64+0xfd/0x620
[   48.239502]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.244672] RIP: 0033:0x40110a
[   48.247852] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 8b 05 ce 15 2d 00 85 c0 75 36 45 31 d2 48 63 d2 48 63 ff b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 d0 ff ff ff f7
[   48.266738] RSP: 002b:00007ffcd57d2818 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[   48.274427] RAX: ffffffffffffffda RBX: 0000000000001d1f RCX: 000000000040110a
[   48.281695] RDX: 0000000040000001 RSI: 00007ffcd57d2824 RDI: ffffffffffffffff
[   48.288945] RBP: 000000000000b9ac R08: 0000000000000000 R09: 000055555676d880
[   48.296211] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004020c0
[   48.303476] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   48.311960] Kernel Offset: disabled
[   48.315584] Rebooting in 86400 seconds..