executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [ 1055.743477] refcount_t: underflow; use-after-free.
[ 1055.744172] ------------[ cut here ]------------
[ 1055.744660] WARNING: CPU: 3 PID: 6682 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[ 1055.750189] Kernel panic - not syncing: panic_on_warn set ...
[ 1055.750189] 
[ 1055.751044] CPU: 3 PID: 6682 Comm: syzkaller999040 Not tainted 4.13.0-next-20170905+ #15
[ 1055.752838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[ 1055.753392] Call Trace:
[ 1055.753580]  dump_stack+0x194/0x257
[ 1055.753837]  ? arch_local_irq_restore+0x53/0x53
[ 1055.754172]  panic+0x1e4/0x417
[ 1055.754396]  ? __warn+0x1d9/0x1d9
[ 1055.754635]  ? show_regs_print_info+0x65/0x65
[ 1055.754967]  ? refcount_sub_and_test+0x167/0x1b0
[ 1055.755343]  __warn+0x1c4/0x1d9
[ 1055.755691]  ? refcount_sub_and_test+0x167/0x1b0
[ 1055.756218]  report_bug+0x211/0x2d0
[ 1055.756622]  fixup_bug+0x40/0x90
[ 1055.757015]  do_trap+0x260/0x390
[ 1055.757408]  do_error_trap+0x120/0x390
[ 1055.757821]  ? do_trap+0x390/0x390
[ 1055.758185]  ? refcount_sub_and_test+0x167/0x1b0
[ 1055.758670]  ? vprintk_emit+0x3ea/0x590
[ 1055.759115]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1055.759699]  do_invalid_op+0x1b/0x20
[ 1055.760149]  invalid_op+0x18/0x20
[ 1055.760535] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[ 1055.761150] RSP: 0018:ffff880069d46940 EFLAGS: 00010282
[ 1055.761724] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[ 1055.762342] RDX: 0000000000000026 RSI: 1ffff1000d3a8ce8 RDI: ffffed000d3a8d1c
[ 1055.763067] RBP: ffff880069d469d0 R08: ffff880069d46030 R09: 0000000000000000
[ 1055.763733] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1000d3a8d29
[ 1055.764378] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff88006bfa5264
[ 1055.765006]  ? refcount_inc+0x50/0x50
[ 1055.765359]  ? __sctp_outq_teardown+0xc7d/0x15a0
[ 1055.765749]  ? sctp_association_free+0x2d0/0x930
[ 1055.766191]  ? sctp_do_sm+0x28e7/0x6dd0
[ 1055.766543]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[ 1055.766966]  ? sctp_close+0x3c6/0x980
[ 1055.767321]  ? inet_release+0xed/0x1c0
[ 1055.767680]  sctp_wfree+0x183/0x620
[ 1055.768022]  ? __sctp_write_space+0x910/0x910
[ 1055.768439]  skb_release_head_state+0x124/0x200
[ 1055.768869]  skb_release_all+0x15/0x60
[ 1055.769236]  consume_skb+0x153/0x490
[ 1055.769485]  ? sctp_chunk_put+0x99/0x420
[ 1055.769858]  ? alloc_skb_with_frags+0x710/0x710
[ 1055.770284]  ? sctp_chunk_hold+0x20/0x20
[ 1055.770654]  ? refcount_sub_and_test+0x115/0x1b0
[ 1055.771063]  ? refcount_inc+0x50/0x50
[ 1055.771409]  ? mark_held_locks+0xb2/0x100
[ 1055.771791]  ? sctp_datamsg_put+0x456/0x560
[ 1055.772104]  sctp_chunk_put+0x29c/0x420
[ 1055.772378]  ? sctp_chunk_hold+0x20/0x20
[ 1055.772677]  ? sctp_transport_dst_confirm+0x50/0x50
[ 1055.773023]  sctp_chunk_free+0x53/0x60
[ 1055.773574]  __sctp_outq_teardown+0xc7d/0x15a0
[ 1055.773847]  ? sock_release+0x8d/0x1e0
[ 1055.774084]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[ 1055.774515]  ? unwind_next_frame.part.6+0x1ae/0xc70
[ 1055.774952]  ? unwind_next_frame.part.6+0x1ae/0xc70
[ 1055.775289]  ? unwind_dump+0x4c0/0x4c0
[ 1055.775624]  ? unwind_next_frame.part.6+0x1ae/0xc70
[ 1055.776053]  ? unwind_dump+0x4c0/0x4c0
[ 1055.776399]  ? check_noncircular+0x20/0x20
[ 1055.776743]  ? check_noncircular+0x20/0x20
[ 1055.777110]  ? unwind_get_return_address+0x61/0xa0
[ 1055.777515]  ? __save_stack_trace+0x61/0xd0
[ 1055.777892]  ? check_noncircular+0x20/0x20
[ 1055.778235]  ? print_usage_bug+0x480/0x480
[ 1055.778563]  ? find_held_lock+0x39/0x1d0
[ 1055.778907]  ? lock_downgrade+0x990/0x990
[ 1055.779265]  ? sk_dst_check+0x560/0x560
[ 1055.779621]  ? rcu_read_lock_sched_held+0x108/0x120
[ 1055.780037]  ? lock_release+0xd70/0xd70
[ 1055.780387]  sctp_outq_free+0x15/0x20
[ 1055.780735]  sctp_association_free+0x2d0/0x930
[ 1055.781150]  ? sctp_asconf_queue_teardown+0x700/0x700
[ 1055.781589]  ? sock_def_wakeup+0x222/0x350
[ 1055.781881]  ? sk_dst_check+0x560/0x560
[ 1055.782234]  ? sctp_association_put+0x74/0x2f0
[ 1055.782657]  ? sctp_association_hold+0x20/0x20
[ 1055.783068]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[ 1055.783431]  ? lock_downgrade+0x990/0x990
[ 1055.783808]  ? sctp_sm_lookup_event+0x95/0x3c0
[ 1055.784236]  sctp_do_sm+0x28e7/0x6dd0
[ 1055.784595]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[ 1055.785148]  ? __free_insn_slot+0x5c0/0x5c0
[ 1055.785548]  ? print_usage_bug+0x480/0x480
[ 1055.785942]  ? print_usage_bug+0x480/0x480
[ 1055.786373]  ? find_held_lock+0x39/0x1d0
[ 1055.786758]  ? lock_downgrade+0x990/0x990
[ 1055.787200]  ? skb_dequeue+0x22/0x180
[ 1055.787595]  ? do_raw_spin_trylock+0x190/0x190
[ 1055.788023]  ? mark_held_locks+0xb2/0x100
[ 1055.788413]  ? trace_hardirqs_on+0xd/0x10
[ 1055.788801]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[ 1055.789226]  sctp_close+0x3c6/0x980
[ 1055.789568]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[ 1055.790051]  ? dentry_free+0xcd/0x130
[ 1055.790404]  ? rcu_read_lock_sched_held+0x108/0x120
[ 1055.790866]  ? kmem_cache_free+0x249/0x280
[ 1055.791179]  ? dentry_free+0xd2/0x130
[ 1055.791455]  ? locks_remove_file+0x3fa/0x5a0
[ 1055.791780]  ? fcntl_setlk+0x10d0/0x10d0
[ 1055.792089]  ? __fsnotify_parent+0xb4/0x3a0
[ 1055.792497]  ? ip_mc_drop_socket+0x1ce/0x230
[ 1055.792906]  inet_release+0xed/0x1c0
[ 1055.793252]  sock_release+0x8d/0x1e0
[ 1055.793600]  ? sock_release+0x1e0/0x1e0
[ 1055.793973]  sock_close+0x16/0x20
[ 1055.794531]  __fput+0x333/0x7f0
[ 1055.794841]  ? fput+0x140/0x140
[ 1055.795166]  ? check_same_owner+0x320/0x320
[ 1055.795564]  ? _raw_spin_unlock_irq+0x27/0x70
[ 1055.795885]  ____fput+0x15/0x20
[ 1055.796120]  task_work_run+0x199/0x270
[ 1055.796398]  ? task_work_cancel+0x210/0x210
[ 1055.796796]  ? _raw_spin_unlock+0x22/0x30
[ 1055.797090]  ? switch_task_namespaces+0x87/0xc0
[ 1055.797420]  do_exit+0xa52/0x1b40
[ 1055.797665]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1055.798017]  ? trace_hardirqs_on+0xd/0x10
[ 1055.798314]  ? hrtimer_try_to_cancel+0x11/0x5c0
[ 1055.798639]  ? mm_update_next_owner+0x930/0x930
[ 1055.798977]  ? __hrtimer_get_remaining+0x1c0/0x1c0
[ 1055.799325]  ? check_same_owner+0x320/0x320
[ 1055.799630]  ? lock_downgrade+0x990/0x990
[ 1055.799974]  ? SyS_brk+0x6f0/0x6f0
[ 1055.800305]  ? arch_get_unmapped_area_topdown+0x5f8/0x8a0
[ 1055.800815]  ? __might_sleep+0x95/0x190
[ 1055.801188]  ? do_nanosleep+0x508/0x6f0
[ 1055.801561]  ? schedule_timeout_idle+0x90/0x90
[ 1055.801980]  ? userfaultfd_unmap_prep+0x540/0x540
[ 1055.802422]  ? memset+0x31/0x40
[ 1055.802736]  ? hrtimer_nanosleep+0x2cc/0x860
[ 1055.803147]  ? nanosleep_copyout+0x100/0x100
[ 1055.803548]  ? __might_sleep+0x95/0x190
[ 1055.803913]  ? kasan_check_write+0x14/0x20
[ 1055.804304]  ? _copy_from_user+0x99/0x110
[ 1055.804700]  ? __hrtimer_init+0x140/0x140
[ 1055.805086]  do_group_exit+0x149/0x400
[ 1055.805452]  ? SyS_exit+0x30/0x30
[ 1055.805778]  ? trace_hardirqs_on_caller+0x421/0x5c0
[ 1055.806233]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1055.806686]  SyS_exit_group+0x1d/0x20
[ 1055.807053]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[ 1055.807509] RIP: 0033:0x43c849
[ 1055.807815] RSP: 002b:00000000007efd98 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[ 1055.808530] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 000000000043c849
[ 1055.809230] RDX: 0000000000466d11 RSI: 0000000000000000 RDI: 0000000000000000
[ 1055.809894] RBP: 0000000000000082 R08: 00000000006d21e0 R09: 0000000000000000
[ 1055.810565] R10: 00000000006d21b4 R11: 0000000000000206 R12: 0000000000000000
[ 1055.811239] R13: 0000000000000000 R14: 00007eff9494f9c0 R15: 00007eff9494f700
[ 1055.812103] Dumping ftrace buffer:
[ 1055.812513]    (ftrace buffer empty)
[ 1055.812854] Kernel Offset: disabled
[ 1055.813210] Rebooting in 86400 seconds..