INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.6' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 37.738189] refcount_t: underflow; use-after-free. [ 37.743272] ------------[ cut here ]------------ [ 37.748398] WARNING: CPU: 0 PID: 3005 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0 [ 37.757102] Kernel panic - not syncing: panic_on_warn set ... [ 37.757102] [ 37.764457] CPU: 0 PID: 3005 Comm: syzkaller282233 Not tainted 4.13.0-mm1+ #7 [ 37.771702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.781033] Call Trace: [ 37.783603] dump_stack+0x194/0x257 [ 37.787217] ? arch_local_irq_restore+0x53/0x53 [ 37.791874] panic+0x1e4/0x417 [ 37.795045] ? __warn+0x1d9/0x1d9 [ 37.798478] ? show_regs_print_info+0x65/0x65 [ 37.802963] ? refcount_sub_and_test+0x167/0x1b0 [ 37.807692] __warn+0x1c4/0x1d9 [ 37.810945] ? refcount_sub_and_test+0x167/0x1b0 [ 37.815684] report_bug+0x211/0x2d0 [ 37.819294] fixup_bug+0x40/0x90 [ 37.822637] do_trap+0x260/0x390 [ 37.825987] do_error_trap+0x120/0x390 [ 37.829962] ? do_trap+0x390/0x390 [ 37.833477] ? refcount_sub_and_test+0x167/0x1b0 [ 37.838217] ? vprintk_emit+0x3ea/0x590 [ 37.842176] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.847000] do_invalid_op+0x1b/0x20 [ 37.850688] invalid_op+0x18/0x20 [ 37.854114] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 37.859449] RSP: 0018:ffff8801cf6ce840 EFLAGS: 00010282 [ 37.864810] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000 [ 37.872075] RDX: 0000000000000026 RSI: 1ffff10039ed9cc8 RDI: ffffed0039ed9cfc [ 37.879319] RBP: ffff8801cf6ce8d0 R08: ffff8801cf6cdf30 R09: 0000000000000000 [ 37.886589] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039ed9d09 [ 37.893835] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d3e9ea64 [ 37.901107] ? refcount_inc+0x50/0x50 [ 37.904884] ? __sctp_outq_teardown+0xc7d/0x15a0 [ 37.909613] ? sctp_association_free+0x2d0/0x930 [ 37.914339] ? sctp_do_sm+0x28e7/0x6dd0 [ 37.918285] ? sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 37.923013] ? sctp_close+0x3c6/0x980 [ 37.926786] ? inet_release+0xed/0x1c0 [ 37.930652] sctp_wfree+0x183/0x620 [ 37.934252] ? __sctp_write_space+0x910/0x910 [ 37.938732] skb_release_head_state+0x124/0x200 [ 37.943377] skb_release_all+0x15/0x60 [ 37.947237] consume_skb+0x153/0x490 [ 37.950923] ? sctp_chunk_put+0x99/0x420 [ 37.954958] ? alloc_skb_with_frags+0x710/0x710 [ 37.959617] ? sctp_chunk_hold+0x20/0x20 [ 37.963654] ? refcount_sub_and_test+0x115/0x1b0 [ 37.968383] ? refcount_inc+0x50/0x50 [ 37.972157] ? mark_held_locks+0xb2/0x100 [ 37.976280] ? sctp_datamsg_put+0x456/0x560 [ 37.980582] sctp_chunk_put+0x29c/0x420 [ 37.984538] ? sctp_chunk_hold+0x20/0x20 [ 37.988587] ? sctp_transport_dst_confirm+0x50/0x50 [ 37.993579] ? find_held_lock+0x39/0x1d0 [ 37.997637] sctp_chunk_free+0x53/0x60 [ 38.001501] __sctp_outq_teardown+0xc7d/0x15a0 [ 38.006067] ? sctp_inq_set_th_handler+0x1b0/0x1b0 [ 38.010979] ? do_raw_spin_trylock+0x190/0x190 [ 38.015542] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 38.020532] ? unwind_dump+0x4c0/0x4c0 [ 38.024393] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 38.029390] ? trace_hardirqs_off+0xd/0x10 [ 38.033602] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 38.038685] ? try_to_wake_up+0x115/0x1850 [ 38.042899] ? check_noncircular+0x20/0x20 [ 38.047113] ? migrate_swap_stop+0x970/0x970 [ 38.051497] ? __save_stack_trace+0x61/0xd0 [ 38.055796] ? check_noncircular+0x20/0x20 [ 38.060017] ? find_held_lock+0x39/0x1d0 [ 38.064064] ? lock_downgrade+0x990/0x990 [ 38.068197] ? find_held_lock+0x39/0x1d0 [ 38.072246] ? sk_dst_check+0x560/0x560 [ 38.076199] ? lock_downgrade+0x990/0x990 [ 38.080324] ? lock_release+0xd70/0xd70 [ 38.084303] sctp_outq_free+0x15/0x20 [ 38.088081] sctp_association_free+0x2d0/0x930 [ 38.092641] ? sctp_asconf_queue_teardown+0x700/0x700 [ 38.097805] ? sock_def_wakeup+0x222/0x350 [ 38.102014] ? sk_dst_check+0x560/0x560 [ 38.105966] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.110956] ? trace_hardirqs_on+0xd/0x10 [ 38.115081] ? __wake_up+0x3f/0x50 [ 38.118601] sctp_do_sm+0x28e7/0x6dd0 [ 38.122389] ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0 [ 38.128421] ? save_stack_trace+0x16/0x20 [ 38.132550] ? print_usage_bug+0x480/0x480 [ 38.136760] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 38.141757] ? print_usage_bug+0x480/0x480 [ 38.145971] ? find_held_lock+0x39/0x1d0 [ 38.150018] ? lock_downgrade+0x990/0x990 [ 38.154145] ? skb_dequeue+0x22/0x180 [ 38.157923] ? do_raw_spin_trylock+0x190/0x190 [ 38.162484] ? mark_held_locks+0xb2/0x100 [ 38.166614] ? trace_hardirqs_on+0xd/0x10 [ 38.170743] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 38.175303] sctp_close+0x3c6/0x980 [ 38.178915] ? sctp_apply_peer_addr_params+0xf30/0xf30 [ 38.184171] ? is_bpf_text_address+0xa4/0x120 [ 38.188660] ? __kernel_text_address+0xae/0xe0 [ 38.193237] ? unwind_get_return_address+0x61/0xa0 [ 38.198167] ? locks_remove_file+0x3fa/0x5a0 [ 38.202573] ? fcntl_setlk+0x10d0/0x10d0 [ 38.206632] ? __fsnotify_parent+0xb4/0x3a0 [ 38.210939] ? ip_mc_drop_socket+0x1ce/0x230 [ 38.215327] inet_release+0xed/0x1c0 [ 38.219023] sock_release+0x8d/0x1e0 [ 38.222716] ? sock_release+0x1e0/0x1e0 [ 38.226664] sock_close+0x16/0x20 [ 38.230094] __fput+0x333/0x7f0 [ 38.233355] ? fput+0x140/0x140 [ 38.236612] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.241088] ____fput+0x15/0x20 [ 38.244344] task_work_run+0x199/0x270 [ 38.248210] ? task_work_cancel+0x210/0x210 [ 38.252513] ? pgtable_bad+0x110/0x110 [ 38.256383] get_signal+0x143d/0x17e0 [ 38.260166] ? downgrade_write+0x150/0x150 [ 38.264382] ? bad_area+0x69/0x80 [ 38.267813] ? check_noncircular+0x20/0x20 [ 38.272029] ? ptrace_notify+0x130/0x130 [ 38.276065] ? do_page_fault+0xee/0x720 [ 38.280109] ? __do_page_fault+0xb60/0xb60 [ 38.284322] ? do_page_fault+0xee/0x720 [ 38.288273] ? __do_page_fault+0xb60/0xb60 [ 38.292486] ? find_held_lock+0x39/0x1d0 [ 38.296539] do_signal+0x94/0x1ee0 [ 38.300061] ? __lock_is_held+0xbc/0x140 [ 38.304100] ? setup_sigcontext+0x7d0/0x7d0 [ 38.308396] ? do_raw_spin_trylock+0x190/0x190 [ 38.312958] ? __put_unused_fd+0x183/0x250 [ 38.317167] ? alloc_fdtable+0x280/0x280 [ 38.321200] ? cpumask_weight.constprop.3+0x45/0x45 [ 38.326193] ? _copy_to_user+0xa2/0xc0 [ 38.330059] ? _raw_spin_unlock+0x22/0x30 [ 38.334179] ? put_unused_fd+0x62/0x70 [ 38.338036] ? fput+0xd2/0x140 [ 38.341205] ? SYSC_accept4+0x4f2/0x850 [ 38.345154] ? exit_to_usermode_loop+0x98/0x300 [ 38.349803] exit_to_usermode_loop+0x224/0x300 [ 38.354361] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 38.359873] ? _raw_spin_unlock_irq+0x27/0x70 [ 38.364340] ? __do_page_fault+0xb60/0xb60 [ 38.368570] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.373587] syscall_return_slowpath+0x42f/0x500 [ 38.378335] ? finish_task_switch+0x1aa/0x740 [ 38.382823] ? prepare_exit_to_usermode+0x2c0/0x2c0 [ 38.387838] ? entry_SYSCALL_64_fastpath+0x91/0xbe [ 38.392768] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.397775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.402543] entry_SYSCALL_64_fastpath+0xbc/0xbe [ 38.407286] RIP: 0033:0x447429 [ 38.410462] RSP: 002b:00007f2f16c55dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002b [ 38.418162] RAX: fffffffffffffff2 RBX: 0000000000000000 RCX: 0000000000447429 [ 38.425408] RDX: 000000002048bffc RSI: 0000000020b52000 RDI: 0000000000000003 [ 38.432661] RBP: 0000000000000000 R08: 00007f2f16c56700 R09: 00007f2f16c56700 [ 38.439905] R10: 00007f2f16c56700 R11: 0000000000000202 R12: 0000000000000000 [ 38.447148] R13: 00000000007efd4f R14: 00007f2f16c569c0 R15: 0000000000000000 [ 38.454592] Dumping ftrace buffer: [ 38.458167] (ftrace buffer empty) [ 38.461854] Kernel Offset: disabled [ 38.465470] Rebooting in 86400 seconds..