INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-8,10.128.0.9' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   59.413982] refcount_t: underflow; use-after-free.
[   59.414901] ------------[ cut here ]------------
[   59.415785] WARNING: CPU: 1 PID: 3008 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   59.416976] Kernel panic - not syncing: panic_on_warn set ...
[   59.416976] 
[   59.418030] CPU: 1 PID: 3008 Comm: syzkaller474953 Not tainted 4.13.0-rc4+ #5
[   59.418981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.420198] Call Trace:
[   59.420554]  dump_stack+0x194/0x257
[   59.421045]  ? arch_local_irq_restore+0x53/0x53
[   59.421676]  panic+0x1e4/0x417
[   59.422119]  ? __warn+0x1d9/0x1d9
[   59.422581]  ? show_regs_print_info+0x65/0x65
[   59.423192]  ? refcount_sub_and_test+0x167/0x1b0
[   59.423833]  __warn+0x1c4/0x1d9
[   59.424274]  ? refcount_sub_and_test+0x167/0x1b0
[   59.424906]  report_bug+0x211/0x2d0
[   59.425412]  fixup_bug+0x40/0x90
[   59.425866]  do_trap+0x260/0x390
[   59.426342]  do_error_trap+0x120/0x390
[   59.426906]  ? do_trap+0x390/0x390
[   59.427392]  ? refcount_sub_and_test+0x167/0x1b0
[   59.428049]  ? vprintk_emit+0x3ea/0x590
[   59.428616]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   59.429267]  do_invalid_op+0x1b/0x20
[   59.429785]  invalid_op+0x1e/0x30
[   59.430247] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   59.430952] RSP: 0018:ffff8801d056e310 EFLAGS: 00010282
[   59.431673] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   59.432625] RDX: 0000000000000026 RSI: 1ffff1003a0adc22 RDI: ffffed003a0adc56
[   59.433574] RBP: ffff8801d056e3a0 R08: 0000000000000001 R09: 0000000000000000
[   59.437048] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a0adc63
[   59.444283] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d054da3c
[   59.451547]  ? refcount_inc+0x50/0x50
[   59.455316]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   59.460041]  ? sctp_association_free+0x2d0/0x930
[   59.464769]  ? sctp_do_sm+0x28e7/0x6d90
[   59.468711]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   59.473432]  ? sctp_close+0x3c6/0x980
[   59.477201]  ? inet_release+0xed/0x1c0
[   59.481059]  sctp_wfree+0x183/0x620
[   59.484654]  ? __sctp_write_space+0x910/0x910
[   59.489115]  skb_release_head_state+0x124/0x200
[   59.493771]  skb_release_all+0x15/0x60
[   59.497624]  consume_skb+0x153/0x490
[   59.501300]  ? sctp_chunk_put+0x99/0x420
[   59.505333]  ? alloc_skb_with_frags+0x710/0x710
[   59.509965]  ? sctp_chunk_hold+0x20/0x20
[   59.513996]  ? refcount_sub_and_test+0x115/0x1b0
[   59.518726]  ? refcount_inc+0x50/0x50
[   59.522489]  ? mark_held_locks+0xaf/0x100
[   59.526604]  ? sctp_datamsg_put+0x456/0x560
[   59.530895]  sctp_chunk_put+0x29c/0x420
[   59.534837]  ? sctp_chunk_hold+0x20/0x20
[   59.538869]  ? sctp_transport_dst_confirm+0x50/0x50
[   59.543854]  ? noop_count+0x40/0x40
[   59.547455]  sctp_chunk_free+0x53/0x60
[   59.551308]  __sctp_outq_teardown+0xc7d/0x15a0
[   59.555861]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   59.560757]  ? lock_downgrade+0x990/0x990
[   59.564873]  ? lock_release+0xa40/0xa40
[   59.568816]  ? __free_insn_slot+0x5c0/0x5c0
[   59.573105]  ? update_stack_state+0x700/0x700
[   59.577563]  ? print_usage_bug+0x480/0x480
[   59.581774]  ? is_bpf_text_address+0xa4/0x120
[   59.586240]  ? __kernel_text_address+0xae/0xe0
[   59.590785]  ? unwind_get_return_address+0x61/0xa0
[   59.595681]  ? __save_stack_trace+0x7e/0xd0
[   59.599972]  ? check_noncircular+0x20/0x20
[   59.604171]  ? print_usage_bug+0x480/0x480
[   59.608370]  ? SOFTIRQ_verbose+0x10/0x10
[   59.612392]  ? save_stack_trace+0x16/0x20
[   59.616501]  ? save_trace+0x11f/0x350
[   59.620269]  ? lock_acquire+0x1d5/0x580
[   59.624205]  ? lock_acquire+0x1d5/0x580
[   59.628142]  ? lock_timer_base+0x1a3/0x2b0
[   59.632345]  ? find_held_lock+0x35/0x1d0
[   59.636382]  ? sock_def_wakeup+0x1f9/0x350
[   59.640584]  ? lock_downgrade+0x990/0x990
[   59.644697]  ? lock_release+0xa40/0xa40
[   59.648642]  sctp_outq_free+0x15/0x20
[   59.652408]  sctp_association_free+0x2d0/0x930
[   59.656958]  ? sctp_asconf_queue_teardown+0x700/0x700
[   59.662117]  ? sock_def_wakeup+0x222/0x350
[   59.666320]  ? sk_dst_check+0x560/0x560
[   59.670263]  ? sctp_association_put+0x74/0x2f0
[   59.674810]  ? sctp_association_hold+0x20/0x20
[   59.679356]  ? print_usage_bug+0x480/0x480
[   59.683564]  ? sctp_sm_lookup_event+0x95/0x3c0
[   59.688112]  sctp_do_sm+0x28e7/0x6d90
[   59.691876]  ? check_noncircular+0x20/0x20
[   59.696091]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   59.702117]  ? print_usage_bug+0x480/0x480
[   59.706316]  ? exit_to_usermode_loop+0x224/0x300
[   59.711034]  ? syscall_return_slowpath+0x3a7/0x450
[   59.715930]  ? print_usage_bug+0x480/0x480
[   59.720127]  ? find_held_lock+0x35/0x1d0
[   59.724181]  ? find_held_lock+0x35/0x1d0
[   59.728213]  ? skb_dequeue+0x12a/0x180
[   59.732063]  ? lock_downgrade+0x990/0x990
[   59.736178]  ? do_raw_spin_trylock+0x190/0x190
[   59.740727]  ? mark_held_locks+0xaf/0x100
[   59.744846]  ? trace_hardirqs_on+0xd/0x10
[   59.748966]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   59.753611]  sctp_close+0x3c6/0x980
[   59.757210]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   59.762449]  ? unwind_get_return_address+0x61/0xa0
[   59.767347]  ? trace_hardirqs_off+0xd/0x10
[   59.771547]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   59.776615]  ? check_noncircular+0x20/0x20
[   59.780824]  ? ipv6_sock_ac_close+0x2e8/0x3e0
[   59.785290]  ? ipv6_sock_mc_close+0x148/0x1a0
[   59.789762]  ? ipv6_sock_ac_drop+0x580/0x580
[   59.794137]  ? ip_mc_drop_socket+0x1ce/0x230
[   59.798522]  ? __fsnotify_parent+0xb4/0x3a0
[   59.802812]  inet_release+0xed/0x1c0
[   59.806498]  inet6_release+0x50/0x70
[   59.810176]  sock_release+0x8d/0x1e0
[   59.813854]  ? sock_release+0x1e0/0x1e0
[   59.817791]  sock_close+0x16/0x20
[   59.821218]  __fput+0x327/0x7e0
[   59.824471]  ? fput+0x140/0x140
[   59.827719]  ? do_raw_spin_trylock+0x190/0x190
[   59.832265]  ? check_same_owner+0x320/0x320
[   59.836553]  ____fput+0x15/0x20
[   59.839798]  task_work_run+0x18a/0x260
[   59.843652]  ? task_work_cancel+0x210/0x210
[   59.847939]  ? _raw_spin_unlock+0x22/0x30
[   59.852051]  ? switch_task_namespaces+0x87/0xc0
[   59.856690]  do_exit+0xa3a/0x1b10
[   59.860109]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   59.865267]  ? print_usage_bug+0x480/0x480
[   59.869471]  ? mm_update_next_owner+0x930/0x930
[   59.874104]  ? check_noncircular+0x20/0x20
[   59.878304]  ? check_noncircular+0x20/0x20
[   59.882510]  ? find_held_lock+0x35/0x1d0
[   59.886540]  ? find_held_lock+0x35/0x1d0
[   59.890580]  ? check_noncircular+0x20/0x20
[   59.894781]  ? check_noncircular+0x20/0x20
[   59.898984]  ? lock_downgrade+0x990/0x990
[   59.903101]  ? do_raw_spin_trylock+0x190/0x190
[   59.907650]  ? reacquire_held_locks+0x1fd/0x3d0
[   59.912281]  ? mark_held_locks+0xaf/0x100
[   59.916393]  ? reacquire_held_locks+0x1fd/0x3d0
[   59.921028]  ? check_noncircular+0x20/0x20
[   59.925231]  ? find_held_lock+0x35/0x1d0
[   59.929266]  ? release_sock+0x1d4/0x2a0
[   59.933204]  ? lock_downgrade+0x990/0x990
[   59.937313]  ? lock_downgrade+0x990/0x990
[   59.941430]  ? find_held_lock+0x35/0x1d0
[   59.945466]  ? get_signal+0x855/0x17e0
[   59.949318]  ? lock_downgrade+0x990/0x990
[   59.953437]  do_group_exit+0x149/0x400
[   59.957291]  ? __lock_is_held+0xb6/0x140
[   59.961322]  ? SyS_exit+0x30/0x30
[   59.964748]  ? _raw_spin_unlock_irq+0x27/0x70
[   59.969209]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   59.974195]  get_signal+0x7e8/0x17e0
[   59.977900]  ? ptrace_notify+0x130/0x130
[   59.981928]  ? inet_autobind+0x1f/0x180
[   59.985866]  ? __local_bh_enable_ip+0x9d/0x160
[   59.990414]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   59.995394]  ? release_sock+0x1d4/0x2a0
[   59.999337]  ? trace_hardirqs_on+0xd/0x10
[   60.003456]  ? __local_bh_enable_ip+0x9d/0x160
[   60.008006]  ? _raw_spin_unlock_bh+0x30/0x40
[   60.012380]  ? release_sock+0x1d4/0x2a0
[   60.016330]  ? trace_hardirqs_on+0xd/0x10
[   60.020447]  do_signal+0x94/0x1ee0
[   60.023957]  ? inet_sendmsg+0x11f/0x5e0
[   60.027893]  ? inet_sendmsg+0x126/0x5e0
[   60.031830]  ? __might_sleep+0x95/0x190
[   60.035772]  ? setup_sigcontext+0x7d0/0x7d0
[   60.040060]  ? selinux_socket_sendmsg+0x36/0x40
[   60.044695]  ? security_socket_sendmsg+0x89/0xb0
[   60.049417]  ? inet_recvmsg+0x5f0/0x5f0
[   60.053359]  ? sock_sendmsg+0x4f/0x110
[   60.057213]  ? fput+0xd2/0x140
[   60.060369]  ? SYSC_sendto+0x40d/0x5a0
[   60.064223]  ? SYSC_connect+0x470/0x470
[   60.068166]  ? find_held_lock+0x35/0x1d0
[   60.072200]  ? exit_to_usermode_loop+0x98/0x300
[   60.076844]  exit_to_usermode_loop+0x224/0x300
[   60.081397]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   60.086905]  ? handle_mm_fault+0x4e3/0x940
[   60.091103]  ? down_read_trylock+0xdb/0x170
[   60.095395]  syscall_return_slowpath+0x3a7/0x450
[   60.100118]  ? prepare_exit_to_usermode+0x220/0x220
[   60.105099]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   60.109995]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.114979]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.119705]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   60.124424] RIP: 0033:0x445429
[   60.127581] RSP: 002b:00007fc80a63bdb8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   60.135264] RAX: 00000000000000d1 RBX: 0000000000000000 RCX: 0000000000445429
[   60.142500] RDX: 00000000000000d1 RSI: 0000000020446000 RDI: 0000000000000003
[   60.149739] RBP: 0000000000000000 R08: 0000000020e88000 R09: 0000000000000080
[   60.156974] R10: 0000000000000010 R11: 0000000000000212 R12: 0000000000000000
[   60.164218] R13: 00007ffc2e283b5f R14: 00007fc80a63c9c0 R15: 0000000000000000
[   60.171647] Dumping ftrace buffer:
[   60.175200]    (ftrace buffer empty)
[   60.178965] Kernel Offset: disabled
[   60.182562] Rebooting in 86400 seconds..