INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.15.220' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   30.996776] refcount_t: underflow; use-after-free.
[   30.997655] ------------[ cut here ]------------
[   30.998416] WARNING: CPU: 0 PID: 2984 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   30.999585] Kernel panic - not syncing: panic_on_warn set ...
[   30.999585] 
[   31.000557] CPU: 0 PID: 2984 Comm: syzkaller634860 Not tainted 4.13.0-mm1+ #7
[   31.001526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.002747] Call Trace:
[   31.003108]  dump_stack+0x194/0x257
[   31.003602]  ? arch_local_irq_restore+0x53/0x53
[   31.004241]  panic+0x1e4/0x417
[   31.004676]  ? __warn+0x1d9/0x1d9
[   31.005143]  ? show_regs_print_info+0x65/0x65
[   31.005758]  ? refcount_sub_and_test+0x167/0x1b0
[   31.006395]  __warn+0x1c4/0x1d9
[   31.006843]  ? refcount_sub_and_test+0x167/0x1b0
[   31.007480]  report_bug+0x211/0x2d0
[   31.007980]  fixup_bug+0x40/0x90
[   31.008438]  do_trap+0x260/0x390
[   31.008902]  do_error_trap+0x120/0x390
[   31.009429]  ? do_trap+0x390/0x390
[   31.009910]  ? refcount_sub_and_test+0x167/0x1b0
[   31.010544]  ? vprintk_emit+0x3ea/0x590
[   31.011089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.011740]  do_invalid_op+0x1b/0x20
[   31.012243]  invalid_op+0x18/0x20
[   31.012710] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   31.013436] RSP: 0018:ffff8801ce75e320 EFLAGS: 00010286
[   31.014152] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   31.015107] RDX: 0000000000000026 RSI: 1ffff10039cebc24 RDI: ffffed0039cebc58
[   31.016063] RBP: ffff8801ce75e3b0 R08: ffff8801ce75da10 R09: 0000000000000000
[   31.017017] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039cebc65
[   31.024256] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801ce28ca24
[   31.031520]  ? refcount_inc+0x50/0x50
[   31.035293]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   31.040019]  ? sctp_association_free+0x2d0/0x930
[   31.044764]  ? sctp_do_sm+0x28e7/0x6dd0
[   31.048708]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   31.053433]  ? sctp_close+0x3c6/0x980
[   31.057204]  ? inet_release+0xed/0x1c0
[   31.061071]  sctp_wfree+0x183/0x620
[   31.064677]  ? __sctp_write_space+0x910/0x910
[   31.069148]  skb_release_head_state+0x124/0x200
[   31.073785]  skb_release_all+0x15/0x60
[   31.077640]  consume_skb+0x153/0x490
[   31.081322]  ? sctp_chunk_put+0x99/0x420
[   31.085354]  ? alloc_skb_with_frags+0x710/0x710
[   31.089990]  ? sctp_chunk_hold+0x20/0x20
[   31.094024]  ? refcount_sub_and_test+0x115/0x1b0
[   31.098752]  ? refcount_inc+0x50/0x50
[   31.102523]  ? mark_held_locks+0xb2/0x100
[   31.106644]  ? sctp_datamsg_put+0x456/0x560
[   31.110942]  sctp_chunk_put+0x29c/0x420
[   31.114888]  ? sctp_chunk_hold+0x20/0x20
[   31.118938]  ? sctp_transport_dst_confirm+0x50/0x50
[   31.123926]  ? unwind_dump+0x4c0/0x4c0
[   31.127784]  ? unwind_dump+0x4c0/0x4c0
[   31.131645]  sctp_chunk_free+0x53/0x60
[   31.135501]  __sctp_outq_teardown+0xc7d/0x15a0
[   31.140051]  ? sock_release+0x8d/0x1e0
[   31.143913]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   31.148813]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   31.153798]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   31.158782]  ? unwind_dump+0x4c0/0x4c0
[   31.162635]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   31.167624]  ? unwind_dump+0x4c0/0x4c0
[   31.171492]  ? check_noncircular+0x20/0x20
[   31.175699]  ? check_noncircular+0x20/0x20
[   31.179900]  ? unwind_get_return_address+0x61/0xa0
[   31.184798]  ? __save_stack_trace+0x61/0xd0
[   31.189090]  ? check_noncircular+0x20/0x20
[   31.193296]  ? print_usage_bug+0x480/0x480
[   31.197505]  ? find_held_lock+0x39/0x1d0
[   31.201545]  ? lock_downgrade+0x990/0x990
[   31.205667]  ? sk_dst_check+0x560/0x560
[   31.209609]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.214608]  ? lock_release+0xd70/0xd70
[   31.218816]  sctp_outq_free+0x15/0x20
[   31.222584]  sctp_association_free+0x2d0/0x930
[   31.227138]  ? sctp_asconf_queue_teardown+0x700/0x700
[   31.232294]  ? sock_def_wakeup+0x222/0x350
[   31.236496]  ? sk_dst_check+0x560/0x560
[   31.240439]  ? sctp_association_put+0x74/0x2f0
[   31.244987]  ? sctp_association_hold+0x20/0x20
[   31.249535]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.254692]  ? find_held_lock+0x39/0x1d0
[   31.258720]  ? sctp_sm_lookup_event+0x95/0x3c0
[   31.263272]  sctp_do_sm+0x28e7/0x6dd0
[   31.267052]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   31.273082]  ? print_usage_bug+0x480/0x480
[   31.277285]  ? do_raw_spin_trylock+0x190/0x190
[   31.281834]  ? print_usage_bug+0x480/0x480
[   31.286039]  ? find_held_lock+0x39/0x1d0
[   31.290077]  ? lock_downgrade+0x990/0x990
[   31.294200]  ? skb_dequeue+0x22/0x180
[   31.297973]  ? do_raw_spin_trylock+0x190/0x190
[   31.302526]  ? mark_held_locks+0xb2/0x100
[   31.306648]  ? trace_hardirqs_on+0xd/0x10
[   31.310770]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   31.315322]  sctp_close+0x3c6/0x980
[   31.318928]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   31.324173]  ? dentry_free+0xcd/0x130
[   31.327940]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.332926]  ? kmem_cache_free+0x249/0x280
[   31.337131]  ? dentry_free+0xd2/0x130
[   31.340905]  ? locks_remove_file+0x3fa/0x5a0
[   31.345282]  ? fcntl_setlk+0x10d0/0x10d0
[   31.349314]  ? __fsnotify_parent+0xb4/0x3a0
[   31.353606]  ? ip_mc_drop_socket+0x1ce/0x230
[   31.358168]  inet_release+0xed/0x1c0
[   31.361855]  sock_release+0x8d/0x1e0
[   31.365540]  ? sock_release+0x1e0/0x1e0
[   31.369481]  sock_close+0x16/0x20
[   31.372903]  __fput+0x333/0x7f0
[   31.376156]  ? fput+0x140/0x140
[   31.379409]  ? check_same_owner+0x320/0x320
[   31.383704]  ____fput+0x15/0x20
[   31.386951]  task_work_run+0x199/0x270
[   31.390809]  ? task_work_cancel+0x210/0x210
[   31.395098]  ? free_nsproxy+0x185/0x1f0
[   31.399041]  ? switch_task_namespaces+0xa2/0xc0
[   31.403685]  do_exit+0xa52/0x1b40
[   31.407111]  ? check_noncircular+0x20/0x20
[   31.411314]  ? lock_page_memcg+0x3b0/0x3b0
[   31.415518]  ? __lock_is_held+0xbc/0x140
[   31.419552]  ? mm_update_next_owner+0x930/0x930
[   31.424189]  ? lru_cache_add+0x1c7/0x3a0
[   31.428216]  ? get_mem_cgroup_from_mm+0x710/0x710
[   31.433025]  ? lru_cache_add_file+0x20/0x20
[   31.437325]  ? __lock_acquire+0x732/0x4620
[   31.441531]  ? lock_downgrade+0x990/0x990
[   31.445653]  ? check_noncircular+0x20/0x20
[   31.449858]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   31.455018]  ? do_raw_spin_trylock+0x190/0x190
[   31.459570]  ? lockdep_init_map+0x3d/0x70
[   31.463694]  ? find_held_lock+0x39/0x1d0
[   31.467731]  ? lock_downgrade+0x990/0x990
[   31.471848]  ? recalc_sigpending_tsk+0x117/0x150
[   31.476572]  ? recalc_sigpending+0x103/0x160
[   31.480949]  ? recalc_sigpending_tsk+0x150/0x150
[   31.485670]  ? get_signal+0x397/0x17e0
[   31.489537]  do_group_exit+0x149/0x400
[   31.493391]  ? __lock_is_held+0xbc/0x140
[   31.497420]  ? SyS_exit+0x30/0x30
[   31.500840]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.505303]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.510299]  get_signal+0x7e8/0x17e0
[   31.514009]  ? ptrace_notify+0x130/0x130
[   31.518043]  ? get_unused_fd_flags+0x190/0x190
[   31.522606]  ? __lock_is_held+0xbc/0x140
[   31.526645]  do_signal+0x94/0x1ee0
[   31.530151]  ? __fd_install+0x2f7/0x6a0
[   31.534093]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.538821]  ? get_unused_fd_flags+0x190/0x190
[   31.543372]  ? setup_sigcontext+0x7d0/0x7d0
[   31.547673]  ? copy_user_generic_unrolled+0x89/0xc0
[   31.552658]  ? _copy_to_user+0xa2/0xc0
[   31.556519]  ? fd_install+0x4d/0x60
[   31.560111]  ? fput+0xd2/0x140
[   31.563273]  ? SYSC_accept4+0x4f2/0x850
[   31.567218]  ? exit_to_usermode_loop+0x98/0x300
[   31.571858]  exit_to_usermode_loop+0x224/0x300
[   31.576413]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   31.581917]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.586382]  ? __do_page_fault+0xb60/0xb60
[   31.590586]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.595577]  syscall_return_slowpath+0x42f/0x500
[   31.600301]  ? finish_task_switch+0x1aa/0x740
[   31.604765]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   31.609748]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   31.614655]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.619637]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.624370]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   31.629090] RIP: 0033:0x446889
[   31.632248] RSP: 002b:00007f332687ed08 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[   31.639928] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000000000446889
[   31.647171] RDX: 000000002048bffc RSI: 0000000020b4afe4 RDI: 0000000000000003
[   31.654409] RBP: 0000000000000000 R08: 00007f332687f700 R09: 00007f332687f700
[   31.661647] R10: 00007f332687f700 R11: 0000000000000246 R12: 0000000000000000
[   31.668882] R13: 00000000007efe7f R14: 00007f332687f9c0 R15: 0000000000000000
[   31.676285] Dumping ftrace buffer:
[   31.679843]    (ftrace buffer empty)
[   31.683522] Kernel Offset: disabled
[   31.687121] Rebooting in 86400 seconds..