INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-9,10.128.0.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.479656] refcount_t: underflow; use-after-free. [ 34.480575] ------------[ cut here ]------------ [ 34.481344] WARNING: CPU: 1 PID: 2912 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0 [ 34.482554] Kernel panic - not syncing: panic_on_warn set ... [ 34.482554] [ 34.483594] CPU: 1 PID: 2912 Comm: syzkaller568251 Not tainted 4.13.0-rc4+ #30 [ 34.484618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.485836] Call Trace: [ 34.486202] dump_stack+0x194/0x257 [ 34.486728] ? arch_local_irq_restore+0x53/0x53 [ 34.487407] panic+0x1e4/0x417 [ 34.487863] ? __warn+0x1d9/0x1d9 [ 34.488352] ? show_regs_print_info+0x65/0x65 [ 34.488962] ? refcount_sub_and_test+0x167/0x1b0 [ 34.489615] __warn+0x1c4/0x1d9 [ 34.490121] ? refcount_sub_and_test+0x167/0x1b0 [ 34.490790] report_bug+0x211/0x2d0 [ 34.491281] fixup_bug+0x40/0x90 [ 34.491780] do_trap+0x260/0x390 [ 34.492280] do_error_trap+0x120/0x390 [ 34.492832] ? do_trap+0x390/0x390 [ 34.493309] ? refcount_sub_and_test+0x167/0x1b0 [ 34.493940] ? vprintk_emit+0x3ea/0x590 [ 34.494478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.495127] do_invalid_op+0x1b/0x20 [ 34.495624] invalid_op+0x1e/0x30 [ 34.496110] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 34.496848] RSP: 0018:ffff8801d1eb6810 EFLAGS: 00010282 [ 34.497605] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000 [ 34.498610] RDX: 0000000000000026 RSI: 1ffff1003a3d6cc2 RDI: ffffed003a3d6cf6 [ 34.499651] RBP: ffff8801d1eb68a0 R08: 0000000000000001 R09: 0000000000000000 [ 34.506149] R10: ffff8801d1eb7030 R11: 0000000000000000 R12: 1ffff1003a3d6d03 [ 34.513384] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d0958a3c [ 34.520637] ? refcount_inc+0x50/0x50 [ 34.524424] ? is_bpf_text_address+0x7b/0x120 [ 34.528892] sctp_wfree+0x183/0x620 [ 34.532483] ? __sctp_write_space+0x910/0x910 [ 34.536947] skb_release_head_state+0x124/0x200 [ 34.541580] skb_release_all+0x15/0x60 [ 34.545433] consume_skb+0x153/0x490 [ 34.549111] ? pskb_carve+0x1db0/0x1db0 [ 34.553052] ? is_bpf_text_address+0xa4/0x120 [ 34.557510] ? refcount_sub_and_test+0x115/0x1b0 [ 34.562248] ? refcount_inc+0x50/0x50 [ 34.566025] sctp_chunk_put+0x29c/0x420 [ 34.569967] ? save_trace+0x11f/0x350 [ 34.573735] ? sctp_chunk_hold+0x20/0x20 [ 34.577762] ? graph_lock+0x170/0x170 [ 34.581543] ? refcount_sub_and_test+0x115/0x1b0 [ 34.586261] ? refcount_sub_and_test+0x115/0x1b0 [ 34.590981] ? refcount_inc+0x50/0x50 [ 34.594749] ? __lock_acquire+0x2de2/0x3dc0 [ 34.599041] sctp_datamsg_put+0x22d/0x560 [ 34.603156] ? sctp_transport_dst_confirm+0x50/0x50 [ 34.608150] sctp_chunk_free+0x46/0x60 [ 34.612001] __sctp_outq_teardown+0xc7d/0x15a0 [ 34.616546] ? bpf_prog_kallsyms_find+0xbd/0x440 [ 34.621273] ? sctp_inq_set_th_handler+0x1b0/0x1b0 [ 34.626186] ? is_bpf_text_address+0x7b/0x120 [ 34.630652] ? lock_downgrade+0x990/0x990 [ 34.634769] ? lock_release+0xa40/0xa40 [ 34.638715] ? update_stack_state+0x700/0x700 [ 34.643175] ? print_usage_bug+0x480/0x480 [ 34.647489] ? is_bpf_text_address+0xa4/0x120 [ 34.651951] ? __kernel_text_address+0xae/0xe0 [ 34.656496] ? unwind_get_return_address+0x61/0xa0 [ 34.661393] ? __save_stack_trace+0x7e/0xd0 [ 34.665685] ? check_noncircular+0x20/0x20 [ 34.669888] ? print_usage_bug+0x480/0x480 [ 34.674090] ? save_stack_trace+0x16/0x20 [ 34.678203] ? save_trace+0x11f/0x350 [ 34.681973] ? lock_acquire+0x1d5/0x580 [ 34.685912] ? lock_acquire+0x1d5/0x580 [ 34.689857] ? lock_timer_base+0x1a3/0x2b0 [ 34.694137] ? find_held_lock+0x35/0x1d0 [ 34.698169] ? sock_def_wakeup+0x1f9/0x350 [ 34.702382] ? lock_downgrade+0x990/0x990 [ 34.706498] ? lock_release+0xa40/0xa40 [ 34.710440] sctp_outq_free+0x15/0x20 [ 34.714208] sctp_association_free+0x2d0/0x930 [ 34.718757] ? sctp_asconf_queue_teardown+0x700/0x700 [ 34.723910] ? sock_def_wakeup+0x222/0x350 [ 34.728107] ? sk_dst_check+0x560/0x560 [ 34.732045] ? sctp_association_put+0x74/0x2f0 [ 34.736604] ? sctp_association_hold+0x20/0x20 [ 34.741167] ? __is_insn_slot_addr+0x1fc/0x330 [ 34.745714] ? sctp_sm_lookup_event+0x95/0x3c0 [ 34.750264] sctp_do_sm+0x28e7/0x6d90 [ 34.754031] ? check_noncircular+0x20/0x20 [ 34.758239] ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0 [ 34.764263] ? print_usage_bug+0x480/0x480 [ 34.768462] ? print_usage_bug+0x480/0x480 [ 34.772689] ? find_held_lock+0x35/0x1d0 [ 34.776720] ? skb_dequeue+0x12a/0x180 [ 34.780576] ? lock_downgrade+0x990/0x990 [ 34.784697] ? do_raw_spin_trylock+0x190/0x190 [ 34.789251] ? mark_held_locks+0xaf/0x100 [ 34.793370] ? trace_hardirqs_on+0xd/0x10 [ 34.797489] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 34.802040] sctp_close+0x3c6/0x980 [ 34.805641] ? sctp_apply_peer_addr_params+0xf30/0xf30 [ 34.810882] ? unwind_get_return_address+0x61/0xa0 [ 34.815776] ? __save_stack_trace+0x7e/0xd0 [ 34.820067] ? check_noncircular+0x20/0x20 [ 34.824275] ? ipv6_sock_ac_close+0x2e8/0x3e0 [ 34.828737] ? ipv6_sock_mc_close+0x148/0x1a0 [ 34.833194] ? ipv6_sock_ac_drop+0x580/0x580 [ 34.837565] ? ip_mc_drop_socket+0x1ce/0x230 [ 34.841950] ? __fsnotify_parent+0xb4/0x3a0 [ 34.846236] inet_release+0xed/0x1c0 [ 34.849915] inet6_release+0x50/0x70 [ 34.853592] sock_release+0x8d/0x1e0 [ 34.857270] ? sock_release+0x1e0/0x1e0 [ 34.861208] sock_close+0x16/0x20 [ 34.864625] __fput+0x327/0x7e0 [ 34.867874] ? fput+0x140/0x140 [ 34.871122] ? do_raw_spin_trylock+0x190/0x190 [ 34.875668] ? check_same_owner+0x320/0x320 [ 34.879956] ____fput+0x15/0x20 [ 34.883198] task_work_run+0x18a/0x260 [ 34.887052] ? task_work_cancel+0x210/0x210 [ 34.891337] ? _raw_spin_unlock+0x22/0x30 [ 34.895465] ? switch_task_namespaces+0x87/0xc0 [ 34.900103] do_exit+0xa32/0x1b10 [ 34.903530] ? __fd_install+0x2da/0x6a0 [ 34.907470] ? exit_notify+0xb10/0xb10 [ 34.911341] ? __lock_is_held+0xb6/0x140 [ 34.915375] ? __fd_install+0x2f7/0x6a0 [ 34.919342] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.924064] ? get_unused_fd_flags+0x190/0x190 [ 34.928624] ? retint_kernel+0x10/0x10 [ 34.932501] ? copy_user_generic_unrolled+0x89/0xc0 [ 34.937484] ? _copy_to_user+0xa2/0xc0 [ 34.941343] ? fd_install+0x4d/0x60 [ 34.944935] ? SYSC_accept4+0x4ec/0x850 [ 34.948876] ? kernel_accept+0x2f0/0x2f0 [ 34.952899] ? __do_page_fault+0x51b/0xb60 [ 34.957098] ? lock_downgrade+0x990/0x990 [ 34.961217] ? down_read_trylock+0xdb/0x170 [ 34.965502] ? __do_page_fault+0x2b8/0xb60 [ 34.969701] ? downgrade_write+0x150/0x150 [ 34.973899] ? vmacache_find+0x61/0x270 [ 34.977840] do_group_exit+0x149/0x400 [ 34.981693] ? SyS_exit+0x30/0x30 [ 34.985108] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.990090] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.994817] SyS_exit_group+0x1d/0x20 [ 34.998585] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 35.003307] RIP: 0033:0x43e9f8 [ 35.006463] RSP: 002b:00007ffe8e7583c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.014152] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e9f8 [ 35.021390] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 35.028627] RBP: 0000000000000086 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 35.035865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401720 [ 35.043103] R13: 00000000004017b0 R14: 0000000000000000 R15: 0000000000000000 [ 35.050784] Dumping ftrace buffer: [ 35.054332] (ftrace buffer empty) [ 35.058013] Kernel Offset: disabled [ 35.061612] Rebooting in 86400 seconds..