[   38.370198] audit: type=1800 audit(1551737952.383:26): pid=7707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.400207] audit: type=1800 audit(1551737952.383:27): pid=7707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   38.424741] audit: type=1800 audit(1551737952.383:28): pid=7707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.366641] audit: type=1800 audit(1551737953.413:29): pid=7707 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
syzkaller login: [   46.710729] IPVS: ftp: loaded support on port[0] = 21
[   46.768029] chnl_net:caif_netlink_parms(): no params data found
[   46.798629] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.805693] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.812912] device bridge_slave_0 entered promiscuous mode
[   46.820683] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.827100] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.834241] device bridge_slave_1 entered promiscuous mode
[   46.849101] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   46.858565] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   46.875608] team0: Port device team_slave_0 added
[   46.882388] team0: Port device team_slave_1 added
[   46.961380] device hsr_slave_0 entered promiscuous mode
[   47.010192] device hsr_slave_1 entered promiscuous mode
[   47.086624] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.093128] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.100356] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.106709] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.136442] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.147998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.157328] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.166115] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.173328] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   47.184415] 8021q: adding VLAN 0 to HW filter on device team0
[   47.193501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.201448] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.207798] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.228818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   47.239138] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.251949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.260408] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.266789] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.274524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
executing program
[   47.282245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.289976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.297609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.305264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   47.312276] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.327331] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.691394] page:ffffea00025dfa00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0
[   47.699963] flags: 0x1fffc0000000000()
[   47.703878] raw: 01fffc0000000000 ffffea00025f6208 ffff88812fffc878 0000000000000000
[   47.711812] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[   47.719744] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   47.727003] ------------[ cut here ]------------
[   47.731757] kernel BUG at include/linux/mm.h:546!
[   47.736694] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   47.742064] CPU: 0 PID: 7872 Comm: syz-executor445 Not tainted 5.0.0-rc7+ #95
[   47.749329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.758793] RIP: 0010:skb_release_data+0x5a5/0x7b0
[   47.763711] Code: f0 fe ff e9 b6 fb ff ff e8 38 b9 01 fc 4c 8d 63 ff e9 c8 fc ff ff e8 2a b9 01 fc 48 c7 c6 80 c2 fe 87 4c 89 e7 e8 bb c6 2a fc <0f> 0b e8 14 b9 01 fc 4d 8d 66 0e 48 b8 00 00 00 00 00 fc ff df 4c
[   47.782606] RSP: 0018:ffff888086a0f708 EFLAGS: 00010293
[   47.787955] RAX: ffff8880a3590440 RBX: ffffea00025dfa34 RCX: 0000000000000000
[   47.795213] RDX: 0000000000000000 RSI: ffffffff81990662 RDI: ffffea00025dfa38
[   47.802471] RBP: ffff888086a0f770 R08: 000000000000003e R09: ffffed1015d03ef9
[   47.809737] R10: ffffed1015d03ef8 R11: ffff8880ae81f7c7 R12: ffffea00025dfa00
[   47.817005] R13: ffff8880a4398c40 R14: 0000000000000001 R15: dffffc0000000000
[   47.824268] FS:  00007fba67236700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   47.832479] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   47.838350] CR2: 00007fba67235e78 CR3: 0000000099c9f000 CR4: 00000000001406f0
[   47.845606] Call Trace:
[   47.848196]  skb_release_all+0x4d/0x60
[   47.852081]  __kfree_skb+0x16/0x30
[   47.855610]  tcp_write_queue_purge+0x253/0x7d0
[   47.860183]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.865708]  tcp_disconnect+0x402/0x1890
[   47.869774]  ? lock_sock_nested+0xe2/0x120
[   47.874008]  tcp_close+0xe37/0x10c0
[   47.877623]  ? _raw_spin_unlock_bh+0x31/0x40
[   47.882029]  tls_sk_proto_close+0x40d/0x7a0
[   47.886353]  ? debug_object_activate+0x2c8/0x4f0
[   47.891098]  ? tcp_check_oom+0x560/0x560
[   47.895144]  ? tls_push_sg+0x6b0/0x6b0
[   47.899019]  ? ip_mc_drop_socket+0x211/0x270
[   47.903415]  ? __sock_release+0x89/0x2b0
[   47.907481]  inet_release+0x105/0x1f0
[   47.911272]  inet6_release+0x53/0x80
[   47.914972]  __sock_release+0xd3/0x2b0
[   47.923320]  ? __sock_release+0x2b0/0x2b0
[   47.927459]  sock_close+0x1b/0x30
[   47.930901]  __fput+0x2df/0x8d0
[   47.934166]  ____fput+0x16/0x20
[   47.937429]  task_work_run+0x14a/0x1c0
[   47.941307]  do_exit+0x92c/0x2fd0
[   47.944758]  ? get_signal+0x331/0x1d50
[   47.948634]  ? mm_update_next_owner+0x660/0x660
[   47.953317]  ? kasan_check_read+0x11/0x20
[   47.957454]  ? _raw_spin_unlock_irq+0x28/0x90
[   47.962047]  ? get_signal+0x331/0x1d50
[   47.966166]  ? _raw_spin_unlock_irq+0x28/0x90
[   47.970667]  do_group_exit+0x135/0x370
[   47.974647]  get_signal+0x399/0x1d50
[   47.978352]  ? trace_hardirqs_on+0x67/0x230
[   47.982662]  ? release_sock+0x158/0x1c0
[   47.986629]  do_signal+0x87/0x1940
[   47.990178]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   47.995711]  ? fput+0x128/0x1a0
[   47.998980]  ? __sys_connect+0x12d/0x330
[   48.003036]  ? setup_sigcontext+0x7d0/0x7d0
[   48.007351]  ? exit_to_usermode_loop+0x43/0x2c0
[   48.012006]  ? do_syscall_64+0x52d/0x610
[   48.016058]  ? exit_to_usermode_loop+0x43/0x2c0
[   48.020822]  ? lockdep_hardirqs_on+0x415/0x5d0
[   48.025402]  ? trace_hardirqs_on+0x67/0x230
[   48.029726]  exit_to_usermode_loop+0x244/0x2c0
[   48.034308]  do_syscall_64+0x52d/0x610
[   48.038194]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.043370] RIP: 0033:0x447589
[   48.046561] Code: 6e 4d 6f 64 65 00 69 43 75 72 72 4f 66 66 73 00 69 4d 61 78 46 69 6c 65 53 69 7a 65 00 69 4d 61 78 46 69 6c 65 73 00 69 46 69 <6c> 65 4e 75 6d 44 69 67 69 74 73 00 62 44 65 6c 65 74 65 4f 6e 43
[   48.065458] RSP: 002b:00007fba67235d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   48.073157] RAX: fffffffffffffe00 RBX: 00000000006ddc68 RCX: 0000000000447589
[   48.080416] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006ddc68
[   48.087691] RBP: 00000000006ddc60 R08: 0000000000000000 R09: 0000000000000000
[   48.094958] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc6c
[   48.102229] R13: 0030656c69662f2e R14: 0000000000000000 R15: 0000000000000000
[   48.109494] Modules linked in:
[   48.113229] ---[ end trace 3c84b12f07d7d40a ]---
[   48.118244] RIP: 0010:skb_release_data+0x5a5/0x7b0
[   48.123230] Code: f0 fe ff e9 b6 fb ff ff e8 38 b9 01 fc 4c 8d 63 ff e9 c8 fc ff ff e8 2a b9 01 fc 48 c7 c6 80 c2 fe 87 4c 89 e7 e8 bb c6 2a fc <0f> 0b e8 14 b9 01 fc 4d 8d 66 0e 48 b8 00 00 00 00 00 fc ff df 4c
[   48.142191] RSP: 0018:ffff888086a0f708 EFLAGS: 00010293
[   48.147547] RAX: ffff8880a3590440 RBX: ffffea00025dfa34 RCX: 0000000000000000
[   48.155098] RDX: 0000000000000000 RSI: ffffffff81990662 RDI: ffffea00025dfa38
[   48.162398] RBP: ffff888086a0f770 R08: 000000000000003e R09: ffffed1015d03ef9
[   48.169717] R10: ffffed1015d03ef8 R11: ffff8880ae81f7c7 R12: ffffea00025dfa00
[   48.176990] R13: ffff8880a4398c40 R14: 0000000000000001 R15: dffffc0000000000
[   48.184300] FS:  00007fba67236700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   48.192606] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   48.198476] CR2: 00007fba67235e78 CR3: 0000000099c9f000 CR4: 00000000001406f0
[   48.205794] Kernel panic - not syncing: Fatal exception
[   48.211918] Kernel Offset: disabled
[   48.215542] Rebooting in 86400 seconds..