INIT: Entering runlevel: 2

[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.0.20' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
executing program
syzkaller login: [   40.093749] refcount_t: underflow; use-after-free.
[   40.098837] ------------[ cut here ]------------
[   40.103795] WARNING: CPU: 1 PID: 3012 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   40.112991] Kernel panic - not syncing: panic_on_warn set ...
[   40.112991] 
[   40.120341] CPU: 1 PID: 3012 Comm: syzkaller962801 Not tainted 4.13.0-mm1+ #7
[   40.127596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.136927] Call Trace:
[   40.139491]  dump_stack+0x194/0x257
[   40.143095]  ? arch_local_irq_restore+0x53/0x53
[   40.147747]  panic+0x1e4/0x417
[   40.150912]  ? __warn+0x1d9/0x1d9
[   40.154333]  ? show_regs_print_info+0x65/0x65
[   40.158814]  ? refcount_sub_and_test+0x167/0x1b0
[   40.163541]  __warn+0x1c4/0x1d9
[   40.166937]  ? refcount_sub_and_test+0x167/0x1b0
[   40.171666]  report_bug+0x211/0x2d0
[   40.175270]  fixup_bug+0x40/0x90
[   40.178614]  do_trap+0x260/0x390
[   40.181960]  do_error_trap+0x120/0x390
[   40.185816]  ? vprintk_emit+0x49b/0x590
[   40.189763]  ? do_trap+0x390/0x390
[   40.193276]  ? refcount_sub_and_test+0x167/0x1b0
[   40.198000]  ? vprintk_emit+0x3ea/0x590
[   40.201953]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.206773]  do_invalid_op+0x1b/0x20
[   40.210462]  invalid_op+0x18/0x20
[   40.213883] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   40.219220] RSP: 0018:ffff8801ce176d18 EFLAGS: 00010286
[   40.224560] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   40.231803] RDX: 0000000000000026 RSI: 1ffff10039c2ed63 RDI: ffffed0039c2ed97
[   40.239053] RBP: ffff8801ce176da8 R08: ffff8801ce176408 R09: 0000000000000000
[   40.246306] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039c2eda4
[   40.253560] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801ce677a24
[   40.260828]  ? refcount_sub_and_test+0x167/0x1b0
[   40.265563]  ? refcount_inc+0x50/0x50
[   40.269349]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   40.274074]  ? sctp_association_free+0x2d0/0x930
[   40.278798]  ? sctp_close+0x332/0x980
[   40.282569]  ? inet_release+0xed/0x1c0
[   40.286429]  ? sock_release+0x8d/0x1e0
[   40.290284]  ? sock_close+0x16/0x20
[   40.293889]  sctp_wfree+0x183/0x620
[   40.297489]  ? __sctp_write_space+0x910/0x910
[   40.301963]  skb_release_head_state+0x124/0x200
[   40.306613]  skb_release_all+0x15/0x60
[   40.310475]  consume_skb+0x153/0x490
[   40.314187]  ? sctp_chunk_put+0x99/0x420
[   40.318223]  ? alloc_skb_with_frags+0x710/0x710
[   40.322864]  ? sctp_chunk_hold+0x20/0x20
[   40.326904]  ? refcount_sub_and_test+0x115/0x1b0
[   40.331649]  ? refcount_inc+0x50/0x50
[   40.335429]  ? mark_held_locks+0xb2/0x100
[   40.339553]  ? sctp_datamsg_put+0x456/0x560
[   40.343853]  sctp_chunk_put+0x29c/0x420
[   40.347807]  ? sctp_chunk_hold+0x20/0x20
[   40.351851]  ? sctp_transport_dst_confirm+0x50/0x50
[   40.356853]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.362035]  sctp_chunk_free+0x53/0x60
[   40.365899]  __sctp_outq_teardown+0xc7d/0x15a0
[   40.370453]  ? find_held_lock+0x39/0x1d0
[   40.374492]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   40.379390]  ? __lock_acquire+0x732/0x4620
[   40.383596]  ? lock_downgrade+0x990/0x990
[   40.387716]  ? sock_destroy_inode+0x56/0x70
[   40.392015]  ? find_held_lock+0x39/0x1d0
[   40.396058]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.401219]  ? lock_downgrade+0x990/0x990
[   40.405352]  ? bpf_prog_alloc+0x310/0x310
[   40.409475]  ? __bpf_address_lookup+0x2b0/0x2b0
[   40.414131]  ? check_noncircular+0x20/0x20
[   40.418348]  ? lock_release+0xd70/0xd70
[   40.422292]  ? check_noncircular+0x20/0x20
[   40.426495]  ? __free_insn_slot+0x5c0/0x5c0
[   40.430788]  ? print_usage_bug+0x480/0x480
[   40.434994]  ? print_usage_bug+0x480/0x480
[   40.439200]  ? find_held_lock+0x39/0x1d0
[   40.443241]  ? lock_downgrade+0x990/0x990
[   40.447366]  ? skb_dequeue+0x22/0x180
[   40.451146]  sctp_outq_free+0x15/0x20
[   40.454919]  sctp_association_free+0x2d0/0x930
[   40.459477]  ? sctp_asconf_queue_teardown+0x700/0x700
[   40.464641]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   40.469718]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.474711]  ? trace_hardirqs_on+0xd/0x10
[   40.478832]  ? skb_dequeue+0x12a/0x180
[   40.482693]  ? sctp_queue_purge_ulpevents+0x98/0xc0
[   40.487685]  sctp_close+0x332/0x980
[   40.491292]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   40.496546]  ? dentry_free+0xcd/0x130
[   40.500322]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.506157]  ? kmem_cache_free+0x249/0x280
[   40.510382]  ? dentry_free+0xd2/0x130
[   40.514170]  ? locks_remove_file+0x3fa/0x5a0
[   40.518553]  ? fcntl_setlk+0x10d0/0x10d0
[   40.522597]  ? __fsnotify_parent+0xb4/0x3a0
[   40.526890]  ? ip_mc_drop_socket+0x1ce/0x230
[   40.531280]  inet_release+0xed/0x1c0
[   40.534972]  sock_release+0x8d/0x1e0
[   40.538672]  ? sock_release+0x1e0/0x1e0
[   40.542641]  sock_close+0x16/0x20
[   40.546076]  __fput+0x333/0x7f0
[   40.549344]  ? fput+0x140/0x140
[   40.552601]  ? check_same_owner+0x320/0x320
[   40.556898]  ? _raw_spin_unlock_irq+0x27/0x70
[   40.561373]  ____fput+0x15/0x20
[   40.564628]  task_work_run+0x199/0x270
[   40.568488]  ? task_work_cancel+0x210/0x210
[   40.572780]  ? _raw_spin_unlock+0x22/0x30
[   40.576897]  ? switch_task_namespaces+0x87/0xc0
[   40.581545]  do_exit+0xa52/0x1b40
[   40.584972]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.589958]  ? trace_hardirqs_on+0xd/0x10
[   40.594086]  ? hrtimer_try_to_cancel+0x31/0x5c0
[   40.598726]  ? mm_update_next_owner+0x930/0x930
[   40.603371]  ? __hrtimer_get_remaining+0x1c0/0x1c0
[   40.608280]  ? check_same_owner+0x320/0x320
[   40.612571]  ? _do_fork+0x2f5/0xfe0
[   40.616178]  ? __might_sleep+0x95/0x190
[   40.620139]  ? do_nanosleep+0x508/0x6f0
[   40.624103]  ? schedule_timeout_idle+0x90/0x90
[   40.628673]  ? memset+0x31/0x40
[   40.631933]  ? hrtimer_nanosleep+0x2cc/0x860
[   40.636322]  ? nanosleep_copyout+0x100/0x100
[   40.640705]  ? __might_sleep+0x95/0x190
[   40.644662]  ? kasan_check_write+0x14/0x20
[   40.648868]  ? _copy_from_user+0x99/0x110
[   40.652999]  ? __hrtimer_init+0x140/0x140
[   40.657136]  ? syscall_return_slowpath+0x500/0x500
[   40.662064]  do_group_exit+0x149/0x400
[   40.665934]  ? SyS_exit+0x30/0x30
[   40.669361]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.674348]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.679087]  SyS_exit_group+0x1d/0x20
[   40.682871]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.687598] RIP: 0033:0x44b819
[   40.690760] RSP: 002b:00007ffe33bea708 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   40.698444] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000044b819
[   40.705696] RDX: 0000000000477611 RSI: 0000000000000000 RDI: 0000000000000000
[   40.713027] RBP: 0000000000000082 R08: 00000000006dc1c0 R09: 0000000000000000
[   40.720268] R10: 00000000006dc144 R11: 0000000000000202 R12: 0000000000000000
[   40.727513] R13: 00007ffe33bea6af R14: 00007fb4057b19c0 R15: 0000000000000000
[   40.734922] Dumping ftrace buffer:
[   40.738534]    (ftrace buffer empty)
[   40.742226] Kernel Offset: disabled
[   40.745842] Rebooting in 86400 seconds..