INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-0,10.128.0.5' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.350116] refcount_t: underflow; use-after-free.
[   31.350971] ------------[ cut here ]------------
[   31.351789] WARNING: CPU: 0 PID: 2922 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   31.352991] Kernel panic - not syncing: panic_on_warn set ...
[   31.352991] 
[   31.353997] CPU: 0 PID: 2922 Comm: syzkaller973168 Not tainted 4.13.0-rc4+ #1
[   31.354964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.356238] Call Trace:
[   31.356613]  dump_stack+0x194/0x257
[   31.357140]  ? arch_local_irq_restore+0x53/0x53
[   31.357774]  panic+0x1e4/0x417
[   31.358283]  ? __warn+0x1d9/0x1d9
[   31.358754]  ? show_regs_print_info+0x65/0x65
[   31.359394]  ? refcount_sub_and_test+0x167/0x1b0
[   31.360024]  __warn+0x1c4/0x1d9
[   31.360466]  ? refcount_sub_and_test+0x167/0x1b0
[   31.361137]  report_bug+0x211/0x2d0
[   31.361702]  fixup_bug+0x40/0x90
[   31.362196]  do_trap+0x260/0x390
[   31.362675]  do_error_trap+0x120/0x390
[   31.363219]  ? do_trap+0x390/0x390
[   31.363698]  ? refcount_sub_and_test+0x167/0x1b0
[   31.364369]  ? vprintk_emit+0x3ea/0x590
[   31.364910]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.365558]  do_invalid_op+0x1b/0x20
[   31.366095]  invalid_op+0x1e/0x30
[   31.366560] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   31.367282] RSP: 0018:ffff8801d3be6310 EFLAGS: 00010282
[   31.367992] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   31.368964] RDX: 0000000000000026 RSI: 1ffff1003a77cc22 RDI: ffffed003a77cc56
[   31.369935] RBP: ffff8801d3be63a0 R08: 0000000000000001 R09: 0000000000000000
[   31.370887] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a77cc63
[   31.378125] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d1927a3c
[   31.385384]  ? refcount_inc+0x50/0x50
[   31.389151]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   31.393873]  ? sctp_association_free+0x2d0/0x930
[   31.398596]  ? sctp_do_sm+0x28e7/0x6d90
[   31.402535]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   31.407260]  ? sctp_close+0x3c6/0x980
[   31.411028]  ? inet_release+0xed/0x1c0
[   31.414898]  sctp_wfree+0x183/0x620
[   31.418497]  ? __sctp_write_space+0x910/0x910
[   31.422966]  skb_release_head_state+0x124/0x200
[   31.427606]  skb_release_all+0x15/0x60
[   31.431464]  consume_skb+0x153/0x490
[   31.435147]  ? sctp_chunk_put+0x99/0x420
[   31.439175]  ? alloc_skb_with_frags+0x710/0x710
[   31.443810]  ? sctp_chunk_hold+0x20/0x20
[   31.447844]  ? refcount_sub_and_test+0x115/0x1b0
[   31.452569]  ? refcount_inc+0x50/0x50
[   31.456345]  ? mark_held_locks+0xaf/0x100
[   31.460461]  ? sctp_datamsg_put+0x456/0x560
[   31.464754]  sctp_chunk_put+0x29c/0x420
[   31.468696]  ? sctp_chunk_hold+0x20/0x20
[   31.472727]  ? sctp_transport_dst_confirm+0x50/0x50
[   31.477715]  ? noop_count+0x40/0x40
[   31.481316]  sctp_chunk_free+0x53/0x60
[   31.485173]  __sctp_outq_teardown+0xc7d/0x15a0
[   31.489730]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   31.494627]  ? lock_downgrade+0x990/0x990
[   31.498745]  ? lock_release+0xa40/0xa40
[   31.502690]  ? __free_insn_slot+0x5c0/0x5c0
[   31.507193]  ? update_stack_state+0x700/0x700
[   31.511655]  ? print_usage_bug+0x480/0x480
[   31.515866]  ? is_bpf_text_address+0xa4/0x120
[   31.520327]  ? __kernel_text_address+0xae/0xe0
[   31.524882]  ? unwind_get_return_address+0x61/0xa0
[   31.529795]  ? __save_stack_trace+0x7e/0xd0
[   31.534092]  ? check_noncircular+0x20/0x20
[   31.538293]  ? print_usage_bug+0x480/0x480
[   31.542493]  ? SOFTIRQ_verbose+0x10/0x10
[   31.546527]  ? save_stack_trace+0x16/0x20
[   31.550641]  ? save_trace+0x11f/0x350
[   31.554414]  ? lock_acquire+0x1d5/0x580
[   31.558351]  ? lock_acquire+0x1d5/0x580
[   31.562295]  ? lock_timer_base+0x1a3/0x2b0
[   31.566500]  ? find_held_lock+0x35/0x1d0
[   31.570546]  ? sock_def_wakeup+0x1f9/0x350
[   31.574751]  ? lock_downgrade+0x990/0x990
[   31.578868]  ? lock_release+0xa40/0xa40
[   31.582816]  sctp_outq_free+0x15/0x20
[   31.586583]  sctp_association_free+0x2d0/0x930
[   31.591136]  ? sctp_asconf_queue_teardown+0x700/0x700
[   31.596295]  ? sock_def_wakeup+0x222/0x350
[   31.600500]  ? sk_dst_check+0x560/0x560
[   31.604443]  ? sctp_association_put+0x74/0x2f0
[   31.609004]  ? sctp_association_hold+0x20/0x20
[   31.613556]  ? print_usage_bug+0x480/0x480
[   31.617769]  ? sctp_sm_lookup_event+0x95/0x3c0
[   31.622331]  sctp_do_sm+0x28e7/0x6d90
[   31.626103]  ? check_noncircular+0x20/0x20
[   31.630317]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   31.636347]  ? print_usage_bug+0x480/0x480
[   31.640549]  ? exit_to_usermode_loop+0x21c/0x2d0
[   31.645270]  ? syscall_return_slowpath+0x3a7/0x450
[   31.650169]  ? print_usage_bug+0x480/0x480
[   31.654369]  ? find_held_lock+0x35/0x1d0
[   31.658414]  ? find_held_lock+0x35/0x1d0
[   31.662536]  ? skb_dequeue+0x12a/0x180
[   31.666395]  ? lock_downgrade+0x990/0x990
[   31.670521]  ? do_raw_spin_trylock+0x190/0x190
[   31.675076]  ? mark_held_locks+0xaf/0x100
[   31.679198]  ? trace_hardirqs_on+0xd/0x10
[   31.683337]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   31.687893]  sctp_close+0x3c6/0x980
[   31.691496]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   31.696741]  ? unwind_get_return_address+0x61/0xa0
[   31.701640]  ? retint_kernel+0x10/0x10
[   31.705497]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.710482]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.715213]  ? retint_kernel+0x10/0x10
[   31.719073]  ? ip_mc_drop_socket+0x1ce/0x230
[   31.723453]  inet_release+0xed/0x1c0
[   31.727138]  inet6_release+0x50/0x70
[   31.730822]  sock_release+0x8d/0x1e0
[   31.734504]  ? sock_release+0x1e0/0x1e0
[   31.738485]  sock_close+0x16/0x20
[   31.741910]  __fput+0x327/0x7e0
[   31.745162]  ? fput+0x140/0x140
[   31.748412]  ? do_raw_spin_trylock+0x190/0x190
[   31.752969]  ? check_same_owner+0x320/0x320
[   31.757265]  ____fput+0x15/0x20
[   31.760518]  task_work_run+0x18a/0x260
[   31.764381]  ? task_work_cancel+0x210/0x210
[   31.768682]  ? _raw_spin_unlock+0x22/0x30
[   31.772801]  ? switch_task_namespaces+0x87/0xc0
[   31.777444]  do_exit+0xa32/0x1b10
[   31.780867]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.786035]  ? print_usage_bug+0x480/0x480
[   31.790250]  ? exit_notify+0xb10/0xb10
[   31.794108]  ? check_noncircular+0x20/0x20
[   31.798313]  ? check_noncircular+0x20/0x20
[   31.802522]  ? find_held_lock+0x35/0x1d0
[   31.806556]  ? find_held_lock+0x35/0x1d0
[   31.810601]  ? check_noncircular+0x20/0x20
[   31.814807]  ? check_noncircular+0x20/0x20
[   31.819012]  ? lock_downgrade+0x990/0x990
[   31.823136]  ? do_raw_spin_trylock+0x190/0x190
[   31.827689]  ? reacquire_held_locks+0x1fd/0x3d0
[   31.832322]  ? mark_held_locks+0xaf/0x100
[   31.836435]  ? reacquire_held_locks+0x1fd/0x3d0
[   31.841072]  ? check_noncircular+0x20/0x20
[   31.845275]  ? find_held_lock+0x35/0x1d0
[   31.849312]  ? release_sock+0x1d4/0x2a0
[   31.853261]  ? lock_downgrade+0x990/0x990
[   31.857375]  ? lock_downgrade+0x990/0x990
[   31.861503]  ? find_held_lock+0x35/0x1d0
[   31.865542]  ? get_signal+0x855/0x17e0
[   31.869398]  ? lock_downgrade+0x990/0x990
[   31.873523]  do_group_exit+0x149/0x400
[   31.877379]  ? __lock_is_held+0xb6/0x140
[   31.881409]  ? SyS_exit+0x30/0x30
[   31.884834]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.889301]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.894289]  get_signal+0x7e8/0x17e0
[   31.897994]  ? ptrace_notify+0x130/0x130
[   31.902021]  ? inet_autobind+0x1f/0x180
[   31.905963]  ? __local_bh_enable_ip+0x9d/0x160
[   31.910514]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.915498]  ? release_sock+0x1d4/0x2a0
[   31.919438]  ? trace_hardirqs_on+0xd/0x10
[   31.923553]  ? __local_bh_enable_ip+0x9d/0x160
[   31.928106]  ? _raw_spin_unlock_bh+0x30/0x40
[   31.932482]  ? release_sock+0x1d4/0x2a0
[   31.936426]  ? trace_hardirqs_on+0xd/0x10
[   31.940546]  do_signal+0x94/0x1ee0
[   31.944070]  ? inet_sendmsg+0x11f/0x5e0
[   31.948008]  ? inet_sendmsg+0x126/0x5e0
[   31.951947]  ? __might_sleep+0x95/0x190
[   31.955891]  ? setup_sigcontext+0x7d0/0x7d0
[   31.960177]  ? selinux_socket_sendmsg+0x36/0x40
[   31.964815]  ? security_socket_sendmsg+0x89/0xb0
[   31.969545]  ? inet_recvmsg+0x5f0/0x5f0
[   31.973490]  ? sock_sendmsg+0x4f/0x110
[   31.977347]  ? fput+0xd2/0x140
[   31.980512]  ? SYSC_sendto+0x40d/0x5a0
[   31.984376]  ? SYSC_connect+0x470/0x470
[   31.988322]  ? find_held_lock+0x35/0x1d0
[   31.992359]  ? exit_to_usermode_loop+0x98/0x2d0
[   31.997004]  exit_to_usermode_loop+0x21c/0x2d0
[   32.001558]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   32.007068]  ? down_read_trylock+0xdb/0x170
[   32.011359]  ? __do_page_fault+0x2b8/0xb60
[   32.015565]  syscall_return_slowpath+0x3a7/0x450
[   32.020288]  ? prepare_exit_to_usermode+0x220/0x220
[   32.025273]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   32.030169]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.035150]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.039890]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   32.044610] RIP: 0033:0x445469
[   32.047763] RSP: 002b:00007f841a455db8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   32.055437] RAX: 0000000000000006 RBX: 0000000000000000 RCX: 0000000000445469
[   32.062671] RDX: 0000000000000006 RSI: 0000000020aa7000 RDI: 0000000000000003
[   32.069912] RBP: 0000000000000000 R08: 0000000020aa7000 R09: 000000000000001c
[   32.077149] R10: 0000000000008000 R11: 0000000000000212 R12: 0000000000000000
[   32.084385] R13: 00007ffff441b15f R14: 00007f841a4569c0 R15: 0000000000000000
[   32.092019] Dumping ftrace buffer:
[   32.095575]    (ftrace buffer empty)
[   32.099254] Kernel Offset: disabled
[   32.102847] Rebooting in 86400 seconds..