INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-6,10.128.0.19' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.049090] refcount_t: underflow; use-after-free.
[   34.054142] ------------[ cut here ]------------
[   34.059003] WARNING: CPU: 0 PID: 2987 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   34.067682] Kernel panic - not syncing: panic_on_warn set ...
[   34.067682] 
[   34.075019] CPU: 0 PID: 2987 Comm: syzkaller969131 Not tainted 4.14.0-rc2-next-20170929+ #32
[   34.083564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.092892] Call Trace:
[   34.095453]  dump_stack+0x194/0x257
[   34.099057]  ? arch_local_irq_restore+0x53/0x53
[   34.103714]  panic+0x1e4/0x41c
[   34.106880]  ? refcount_error_report+0x214/0x214
[   34.111610]  ? show_regs_print_info+0x65/0x65
[   34.116097]  ? refcount_sub_and_test+0x167/0x1b0
[   34.120828]  __warn+0x1c4/0x1e0
[   34.124084]  ? refcount_sub_and_test+0x167/0x1b0
[   34.128814]  report_bug+0x211/0x2d0
[   34.132422]  fixup_bug+0x40/0x90
[   34.135758]  do_trap+0x260/0x390
[   34.139103]  do_error_trap+0x120/0x390
[   34.142970]  ? do_trap+0x390/0x390
[   34.146486]  ? refcount_sub_and_test+0x167/0x1b0
[   34.151214]  ? vprintk_emit+0x3ea/0x590
[   34.155172]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.159993]  do_invalid_op+0x1b/0x20
[   34.163675]  invalid_op+0x18/0x20
[   34.167110] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   34.172441] RSP: 0018:ffff8801ce2f6440 EFLAGS: 00010282
[   34.177788] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   34.185038] RDX: 0000000000000026 RSI: 1ffff10039c5ec48 RDI: ffffed0039c5ec7c
[   34.192279] RBP: ffff8801ce2f64d0 R08: ffff8801ce2f5b30 R09: 0000000000000000
[   34.199525] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039c5ec89
[   34.206770] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801cf3902a4
[   34.214044]  ? refcount_inc+0x50/0x50
[   34.217820]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   34.222550]  ? sctp_association_free+0x2d0/0x930
[   34.227276]  ? sctp_do_sm+0x28e7/0x6dd0
[   34.231223]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.235948]  ? sctp_close+0x3c6/0x980
[   34.239724]  ? inet_release+0xed/0x1c0
[   34.243589]  sctp_wfree+0x183/0x620
[   34.247232]  ? __sctp_write_space+0x910/0x910
[   34.251701]  skb_release_head_state+0x124/0x200
[   34.256346]  skb_release_all+0x15/0x60
[   34.260204]  consume_skb+0x153/0x490
[   34.263894]  ? sctp_chunk_put+0x99/0x420
[   34.267933]  ? alloc_skb_with_frags+0x710/0x710
[   34.272573]  ? sctp_chunk_hold+0x20/0x20
[   34.276611]  ? refcount_sub_and_test+0x115/0x1b0
[   34.281423]  ? refcount_inc+0x50/0x50
[   34.285192]  ? mark_held_locks+0xb2/0x100
[   34.289315]  ? sctp_datamsg_put+0x456/0x560
[   34.293615]  sctp_chunk_put+0x29c/0x420
[   34.297560]  ? sctp_chunk_hold+0x20/0x20
[   34.301598]  ? sctp_transport_dst_confirm+0x50/0x50
[   34.306592]  ? unwind_dump+0x4c0/0x4c0
[   34.310457]  ? unwind_dump+0x4c0/0x4c0
[   34.314339]  sctp_chunk_free+0x53/0x60
[   34.318200]  __sctp_outq_teardown+0xc7d/0x15a0
[   34.322753]  ? sock_release+0x8d/0x1e0
[   34.326617]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   34.331518]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   34.336508]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   34.341495]  ? unwind_dump+0x4c0/0x4c0
[   34.345355]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   34.350345]  ? unwind_dump+0x4c0/0x4c0
[   34.354225]  ? check_noncircular+0x20/0x20
[   34.358437]  ? check_noncircular+0x20/0x20
[   34.362640]  ? unwind_get_return_address+0x61/0xa0
[   34.367545]  ? __save_stack_trace+0x61/0xd0
[   34.371849]  ? check_noncircular+0x20/0x20
[   34.376060]  ? print_usage_bug+0x480/0x480
[   34.380271]  ? find_held_lock+0x39/0x1d0
[   34.384316]  ? lock_downgrade+0x990/0x990
[   34.388444]  ? sk_dst_check+0x560/0x560
[   34.392394]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.397386]  ? lock_release+0xd70/0xd70
[   34.401341]  sctp_outq_free+0x15/0x20
[   34.405117]  sctp_association_free+0x2d0/0x930
[   34.409675]  ? sctp_asconf_queue_teardown+0x700/0x700
[   34.414835]  ? sock_def_wakeup+0x222/0x350
[   34.419064]  ? sk_dst_check+0x560/0x560
[   34.423017]  ? sctp_association_put+0x74/0x2f0
[   34.427570]  ? sctp_association_hold+0x20/0x20
[   34.432122]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   34.437287]  ? find_held_lock+0x39/0x1d0
[   34.441333]  sctp_do_sm+0x28e7/0x6dd0
[   34.445119]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   34.451153]  ? print_usage_bug+0x480/0x480
[   34.455361]  ? do_raw_spin_trylock+0x190/0x190
[   34.459916]  ? print_usage_bug+0x480/0x480
[   34.464125]  ? find_held_lock+0x39/0x1d0
[   34.468170]  ? lock_downgrade+0x990/0x990
[   34.472315]  ? skb_dequeue+0x22/0x180
[   34.476120]  ? do_raw_spin_trylock+0x190/0x190
[   34.480696]  ? mark_held_locks+0xb2/0x100
[   34.484900]  ? trace_hardirqs_on+0xd/0x10
[   34.489036]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.493609]  sctp_close+0x3c6/0x980
[   34.497240]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   34.502498]  ? dentry_free+0xcd/0x130
[   34.506271]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.511278]  ? kmem_cache_free+0x249/0x280
[   34.515509]  ? dentry_free+0xd2/0x130
[   34.519299]  ? locks_remove_file+0x3fa/0x5a0
[   34.523689]  ? fcntl_setlk+0x10d0/0x10d0
[   34.527730]  ? __fsnotify_parent+0xb4/0x3a0
[   34.532030]  ? ip_mc_drop_socket+0x1ce/0x230
[   34.536521]  inet_release+0xed/0x1c0
[   34.540233]  sock_release+0x8d/0x1e0
[   34.543939]  ? sock_release+0x1e0/0x1e0
[   34.547899]  sock_close+0x16/0x20
[   34.551337]  __fput+0x333/0x7f0
[   34.554620]  ? fput+0x140/0x140
[   34.557893]  ? trace_event_raw_event_sched_switch+0x770/0x770
[   34.563778]  ____fput+0x15/0x20
[   34.567048]  task_work_run+0x199/0x270
[   34.571043]  ? task_work_cancel+0x210/0x210
[   34.575370]  ? free_nsproxy+0x185/0x1f0
[   34.579340]  ? switch_task_namespaces+0xa2/0xc0
[   34.584086]  do_exit+0x9c8/0x1b00
[   34.587709]  ? __lock_acquire+0x700/0x4620
[   34.591930]  ? mm_update_next_owner+0x930/0x930
[   34.596586]  ? kernel_text_address+0x102/0x140
[   34.601157]  ? __kernel_text_address+0xd/0x40
[   34.605639]  ? unwind_get_return_address+0x61/0xa0
[   34.610560]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   34.615738]  ? save_stack_trace+0x16/0x20
[   34.619867]  ? __lock_acquire+0x20fd/0x4620
[   34.624181]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   34.629344]  ? check_noncircular+0x20/0x20
[   34.633565]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   34.638738]  ? find_held_lock+0x39/0x1d0
[   34.642781]  ? lock_downgrade+0x990/0x990
[   34.646902]  ? recalc_sigpending_tsk+0x117/0x150
[   34.651631]  ? recalc_sigpending+0x103/0x160
[   34.656010]  ? recalc_sigpending_tsk+0x150/0x150
[   34.660734]  ? get_signal+0x2b2/0x16d0
[   34.664606]  do_group_exit+0x149/0x400
[   34.668464]  ? __lock_is_held+0xbc/0x140
[   34.672499]  ? SyS_exit+0x30/0x30
[   34.675927]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.680396]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.685390]  get_signal+0x73f/0x16d0
[   34.689084]  ? ptrace_notify+0x130/0x130
[   34.693119]  ? get_unused_fd_flags+0x190/0x190
[   34.697685]  ? __lock_is_held+0xbc/0x140
[   34.701742]  do_signal+0x94/0x1ee0
[   34.705260]  ? __fd_install+0x2f7/0x6a0
[   34.709209]  ? __might_fault+0xe0/0x1d0
[   34.713161]  ? get_unused_fd_flags+0x190/0x190
[   34.717727]  ? setup_sigcontext+0x7d0/0x7d0
[   34.722034]  ? __might_sleep+0x95/0x190
[   34.725995]  ? __might_fault+0x188/0x1d0
[   34.730042]  ? fput+0xd2/0x140
[   34.733224]  ? SYSC_accept4+0x4f2/0x850
[   34.737182]  ? exit_to_usermode_loop+0x8c/0x310
[   34.741842]  exit_to_usermode_loop+0x214/0x310
[   34.746406]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   34.751922]  ? _raw_spin_unlock_irq+0x27/0x70
[   34.756406]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.761410]  syscall_return_slowpath+0x42f/0x510
[   34.766149]  ? finish_task_switch+0x1aa/0x740
[   34.770623]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[   34.775615]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   34.780524]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.785515]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.790249]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   34.794975] RIP: 0033:0x446549
[   34.798135] RSP: 002b:00007f589d32bdc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000120
[   34.805814] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000000000446549
[   34.813054] RDX: 0000000020146ffc RSI: 0000000020000000 RDI: 0000000000000003
[   34.820292] RBP: 0000000000000000 R08: 00007f589d32c700 R09: 00007f589d32c700
[   34.827534] R10: 0000000000000800 R11: 0000000000000202 R12: 0000000000000000
[   34.835470] R13: 00000000007efe7f R14: 00007f589d32c9c0 R15: 0000000000000000
[   34.842890] Dumping ftrace buffer:
[   34.846463]    (ftrace buffer empty)
[   34.850145] Kernel Offset: disabled
[   34.853757] Rebooting in 86400 seconds..