INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.15.214' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.591870] refcount_t: underflow; use-after-free.
[   34.592767] ------------[ cut here ]------------
[   34.593579] WARNING: CPU: 0 PID: 2991 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   34.594748] Kernel panic - not syncing: panic_on_warn set ...
[   34.594748] 
[   34.595723] CPU: 0 PID: 2991 Comm: syzkaller165824 Not tainted 4.13.0-mm1+ #7
[   34.596699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.597921] Call Trace:
[   34.598286]  dump_stack+0x194/0x257
[   34.598784]  ? arch_local_irq_restore+0x53/0x53
[   34.599425]  panic+0x1e4/0x417
[   34.599863]  ? __warn+0x1d9/0x1d9
[   34.600331]  ? show_regs_print_info+0x65/0x65
[   34.600947]  ? refcount_sub_and_test+0x167/0x1b0
[   34.601584]  __warn+0x1c4/0x1d9
[   34.602031]  ? refcount_sub_and_test+0x167/0x1b0
[   34.602670]  report_bug+0x211/0x2d0
[   34.603172]  fixup_bug+0x40/0x90
[   34.603632]  do_trap+0x260/0x390
[   34.604115]  do_error_trap+0x120/0x390
[   34.604637]  ? vprintk_emit+0x49b/0x590
[   34.605179]  ? do_trap+0x390/0x390
[   34.605661]  ? refcount_sub_and_test+0x167/0x1b0
[   34.606298]  ? vprintk_emit+0x3ea/0x590
[   34.606843]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.607497]  do_invalid_op+0x1b/0x20
[   34.608001]  invalid_op+0x18/0x20
[   34.608471] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   34.609182] RSP: 0018:ffff8801ce57ecd8 EFLAGS: 00010282
[   34.609900] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   34.610855] RDX: 0000000000000026 RSI: 1ffff10039cafd5b RDI: ffffed0039cafd8f
[   34.611813] RBP: ffff8801ce57ed68 R08: ffff8801ce57e3c8 R09: 0000000000000000
[   34.618017] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039cafd9c
[   34.625261] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d4346a24
[   34.632522]  ? refcount_sub_and_test+0x167/0x1b0
[   34.637251]  ? refcount_inc+0x50/0x50
[   34.641023]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   34.645762]  ? sctp_association_free+0x2d0/0x930
[   34.650488]  ? sctp_do_sm+0x28e7/0x6dd0
[   34.654433]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.659158]  ? sctp_close+0x3c6/0x980
[   34.662929]  ? inet_release+0xed/0x1c0
[   34.666794]  sctp_wfree+0x183/0x620
[   34.670393]  ? __sctp_write_space+0x910/0x910
[   34.674866]  skb_release_head_state+0x124/0x200
[   34.679520]  skb_release_all+0x15/0x60
[   34.683379]  consume_skb+0x153/0x490
[   34.687063]  ? sctp_chunk_put+0x99/0x420
[   34.691096]  ? alloc_skb_with_frags+0x710/0x710
[   34.695749]  ? sctp_chunk_hold+0x20/0x20
[   34.699787]  ? refcount_sub_and_test+0x115/0x1b0
[   34.704513]  ? refcount_inc+0x50/0x50
[   34.708283]  ? mark_held_locks+0xb2/0x100
[   34.712404]  ? sctp_datamsg_put+0x456/0x560
[   34.716704]  sctp_chunk_put+0x29c/0x420
[   34.720660]  ? sctp_chunk_hold+0x20/0x20
[   34.724697]  ? sctp_transport_dst_confirm+0x50/0x50
[   34.729685]  ? find_held_lock+0x39/0x1d0
[   34.733728]  sctp_chunk_free+0x53/0x60
[   34.737590]  __sctp_outq_teardown+0xc7d/0x15a0
[   34.742144]  ? check_noncircular+0x20/0x20
[   34.746358]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   34.751271]  ? do_raw_spin_trylock+0x190/0x190
[   34.755823]  ? do_raw_spin_trylock+0x190/0x190
[   34.760393]  ? trace_hardirqs_off+0xd/0x10
[   34.764599]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   34.769674]  ? try_to_wake_up+0x115/0x1850
[   34.773882]  ? check_noncircular+0x20/0x20
[   34.778091]  ? migrate_swap_stop+0x970/0x970
[   34.782472]  ? check_noncircular+0x20/0x20
[   34.786686]  ? find_held_lock+0x39/0x1d0
[   34.790737]  ? lock_downgrade+0x990/0x990
[   34.794855]  ? find_held_lock+0x39/0x1d0
[   34.798894]  ? sk_dst_check+0x560/0x560
[   34.802839]  ? lock_downgrade+0x990/0x990
[   34.806967]  ? lock_release+0xd70/0xd70
[   34.810919]  sctp_outq_free+0x15/0x20
[   34.814694]  sctp_association_free+0x2d0/0x930
[   34.819252]  ? sctp_asconf_queue_teardown+0x700/0x700
[   34.824420]  ? sock_def_wakeup+0x222/0x350
[   34.828625]  ? sk_dst_check+0x560/0x560
[   34.832572]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.837558]  ? trace_hardirqs_on+0xd/0x10
[   34.841685]  ? __wake_up+0x3f/0x50
[   34.845199]  sctp_do_sm+0x28e7/0x6dd0
[   34.848992]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   34.855021]  ? save_stack_trace+0x16/0x20
[   34.859144]  ? print_usage_bug+0x480/0x480
[   34.863353]  ? print_usage_bug+0x480/0x480
[   34.867564]  ? find_held_lock+0x39/0x1d0
[   34.871613]  ? lock_downgrade+0x990/0x990
[   34.875740]  ? skb_dequeue+0x22/0x180
[   34.879518]  ? do_raw_spin_trylock+0x190/0x190
[   34.884076]  ? mark_held_locks+0xb2/0x100
[   34.888200]  ? trace_hardirqs_on+0xd/0x10
[   34.892322]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.896878]  sctp_close+0x3c6/0x980
[   34.900487]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   34.905741]  ? release_sock+0x74/0x2a0
[   34.909612]  ? locks_remove_file+0x3fa/0x5a0
[   34.913995]  ? fcntl_setlk+0x10d0/0x10d0
[   34.918030]  ? __fsnotify_parent+0xb4/0x3a0
[   34.922321]  ? ip_mc_drop_socket+0x1ce/0x230
[   34.926704]  inet_release+0xed/0x1c0
[   34.930395]  sock_release+0x8d/0x1e0
[   34.934078]  ? sock_release+0x1e0/0x1e0
[   34.938019]  sock_close+0x16/0x20
[   34.941441]  __fput+0x333/0x7f0
[   34.944696]  ? fput+0x140/0x140
[   34.947945]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.952413]  ____fput+0x15/0x20
[   34.955662]  task_work_run+0x199/0x270
[   34.959519]  ? task_work_cancel+0x210/0x210
[   34.963806]  ? SYSC_accept4+0x4f2/0x850
[   34.967751]  ? exit_to_usermode_loop+0x98/0x300
[   34.972394]  exit_to_usermode_loop+0x2a6/0x300
[   34.976947]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   34.982451]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.986914]  ? __do_page_fault+0xb60/0xb60
[   34.991118]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.996107]  syscall_return_slowpath+0x42f/0x500
[   35.000829]  ? finish_task_switch+0x1aa/0x740
[   35.005294]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   35.010278]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   35.015177]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.020163]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.024892]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   35.029613] RIP: 0033:0x445d39
[   35.032770] RSP: 002b:00007f51bbe5bdc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002b
[   35.040448] RAX: ffffffffffffff99 RBX: 0000000000000000 RCX: 0000000000445d39
[   35.047686] RDX: 0000000020ffd000 RSI: 0000000020ffc000 RDI: 0000000000000003
[   35.054924] RBP: 0000000000000000 R08: 00007f51bbe5c700 R09: 00007f51bbe5c700
[   35.062163] R10: 00007f51bbe5c700 R11: 0000000000000202 R12: 0000000000000000
[   35.069401] R13: 00007ffd6026213f R14: 00007f51bbe5c9c0 R15: 0000000000000000
[   35.077117] Dumping ftrace buffer:
[   35.080661]    (ftrace buffer empty)
[   35.084342] Kernel Offset: disabled
[   35.087946] Rebooting in 86400 seconds..