[   34.504176][   T26] audit: type=1800 audit(1551229359.678:27): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   34.524463][   T26] audit: type=1800 audit(1551229359.678:28): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.271869][   T26] audit: type=1800 audit(1551229360.518:29): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.297001][   T26] audit: type=1800 audit(1551229360.518:30): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.169' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   71.997015][ T7594] page:ffffea00024ae440 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   72.006042][ T7594] flags: 0x1fffc0000000000()
[   72.010727][ T7594] raw: 01fffc0000000000 ffffea0002219888 ffffea000239af48 0000000000000000
[   72.019656][ T7594] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   72.028584][ T7594] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   72.036634][ T7594] ------------[ cut here ]------------
[   72.042075][ T7594] kernel BUG at include/linux/mm.h:579!
[   72.047680][ T7594] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   72.053738][ T7594] CPU: 0 PID: 7594 Comm: syz-executor127 Not tainted 5.0.0-rc8-next-20190226 #43
[   72.062815][ T7594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.072854][ T7594] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[   72.079153][ T7594] Code: bd ff 4c 89 e7 e8 90 43 db ff e8 bb 29 bd ff 5b 41 5c 41 5d 5d c3 e8 af 29 bd ff 48 c7 c6 20 98 75 87 4c 89 e7 e8 c0 db e4 ff <0f> 0b e8 99 29 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 e8 f8
[   72.098731][ T7594] RSP: 0018:ffff88808fb17920 EFLAGS: 00010293
[   72.104769][ T7594] RAX: ffff888096832040 RBX: ffffea00024ae474 RCX: 0000000000000000
[   72.112714][ T7594] RDX: 0000000000000000 RSI: ffffffff81982852 RDI: ffffea00024ae478
[   72.120661][ T7594] RBP: ffff88808fb17938 R08: 000000000000003e R09: ffffed1015d05011
[   72.128608][ T7594] R10: ffffed1015d05010 R11: ffff8880ae828087 R12: ffffea00024ae440
[   72.136554][ T7594] R13: 0000000000000000 R14: ffff888091ae7080 R15: ffff88808e70e040
[   72.144506][ T7594] FS:  0000000001686880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   72.153414][ T7594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.160081][ T7594] CR2: 0000000020f50f90 CR3: 00000000978ca000 CR4: 00000000001406f0
[   72.168034][ T7594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.175980][ T7594] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.183925][ T7594] Call Trace:
[   72.187195][ T7594]  iter_file_splice_write+0x7d1/0xbe0
[   72.192543][ T7594]  ? atime_needs_update+0x5f0/0x5f0
[   72.197724][ T7594]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[   72.203706][ T7594]  ? rw_verify_area+0x118/0x360
[   72.208538][ T7594]  ? page_cache_pipe_buf_confirm+0x2b0/0x2b0
[   72.214503][ T7594]  direct_splice_actor+0x126/0x1a0
[   72.219603][ T7594]  splice_direct_to_actor+0x369/0x970
[   72.224951][ T7594]  ? generic_pipe_buf_nosteal+0x10/0x10
[   72.230482][ T7594]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   72.236697][ T7594]  ? do_splice_to+0x190/0x190
[   72.241351][ T7594]  ? rw_verify_area+0x118/0x360
[   72.246178][ T7594]  do_splice_direct+0x1da/0x2a0
[   72.251011][ T7594]  ? splice_direct_to_actor+0x970/0x970
[   72.256546][ T7594]  ? rw_verify_area+0x118/0x360
[   72.261377][ T7594]  do_sendfile+0x597/0xd00
[   72.265773][ T7594]  ? do_compat_pwritev64+0x1c0/0x1c0
[   72.271041][ T7594]  ? __fget_light+0x1a9/0x230
[   72.275702][ T7594]  __x64_sys_sendfile64+0x1dd/0x220
[   72.280881][ T7594]  ? __ia32_sys_sendfile+0x230/0x230
[   72.286147][ T7594]  ? do_syscall_64+0x26/0x610
[   72.290801][ T7594]  ? lockdep_hardirqs_on+0x418/0x5d0
[   72.296065][ T7594]  ? trace_hardirqs_on+0x67/0x230
[   72.301067][ T7594]  do_syscall_64+0x103/0x610
[   72.305686][ T7594]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   72.311560][ T7594] RIP: 0033:0x443d29
[   72.315587][ T7594] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.335177][ T7594] RSP: 002b:00007fff806e1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   72.343648][ T7594] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443d29
[   72.351608][ T7594] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[   72.359691][ T7594] RBP: 00000000006ce018 R08: 00000000004002e0 R09: 00000000004002e0
[   72.367657][ T7594] R10: 0000000102000000 R11: 0000000000000246 R12: 0000000000401a30
[   72.376116][ T7594] R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
[   72.384244][ T7594] Modules linked in:
[   72.388409][ T7594] ---[ end trace ffcf9dbbb4c1b884 ]---
[   72.393904][ T7594] RIP: 0010:generic_pipe_buf_release+0x120/0x160
[   72.400215][ T7594] Code: bd ff 4c 89 e7 e8 90 43 db ff e8 bb 29 bd ff 5b 41 5c 41 5d 5d c3 e8 af 29 bd ff 48 c7 c6 20 98 75 87 4c 89 e7 e8 c0 db e4 ff <0f> 0b e8 99 29 bd ff 4d 8d 65 ff e9 3d ff ff ff 48 89 df e8 e8 f8
[   72.420061][ T7594] RSP: 0018:ffff88808fb17920 EFLAGS: 00010293
[   72.426224][ T7594] RAX: ffff888096832040 RBX: ffffea00024ae474 RCX: 0000000000000000
[   72.434212][ T7594] RDX: 0000000000000000 RSI: ffffffff81982852 RDI: ffffea00024ae478
[   72.442208][ T7594] RBP: ffff88808fb17938 R08: 000000000000003e R09: ffffed1015d05011
[   72.450168][ T7594] R10: ffffed1015d05010 R11: ffff8880ae828087 R12: ffffea00024ae440
[   72.458175][ T7594] R13: 0000000000000000 R14: ffff888091ae7080 R15: ffff88808e70e040
[   72.466344][ T7594] FS:  0000000001686880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   72.475346][ T7594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.482028][ T7594] CR2: 0000000020f50f90 CR3: 00000000978ca000 CR4: 00000000001406f0
[   72.489990][ T7594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.497995][ T7594] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.505978][ T7594] Kernel panic - not syncing: Fatal exception
[   72.512713][ T7594] Kernel Offset: disabled
[   72.517042][ T7594] Rebooting in 86400 seconds..