INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-0,10.128.0.2' (ECDSA) to the list of known hosts.
2017/08/17 02:10:34 parsed 1 programs
2017/08/17 02:10:34 executed programs: 0
syzkaller login: [   34.500229] refcount_t: underflow; use-after-free.
[   34.502215] ------------[ cut here ]------------
[   34.503794] WARNING: CPU: 1 PID: 3017 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   34.506608] Kernel panic - not syncing: panic_on_warn set ...
[   34.506608] 
[   34.508976] CPU: 1 PID: 3017 Comm: syz-executor0 Not tainted 4.13.0-rc5+ #8
[   34.511285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.513986] Call Trace:
[   34.514683]  dump_stack+0x194/0x257
[   34.515839]  ? arch_local_irq_restore+0x53/0x53
[   34.517473]  panic+0x1e4/0x417
[   34.518441]  ? __warn+0x1d9/0x1d9
[   34.519383]  ? show_regs_print_info+0x65/0x65
[   34.522400]  ? refcount_sub_and_test+0x167/0x1b0
[   34.527134]  __warn+0x1c4/0x1d9
[   34.530397]  ? refcount_sub_and_test+0x167/0x1b0
[   34.535138]  report_bug+0x211/0x2d0
[   34.538749]  fixup_bug+0x40/0x90
[   34.542098]  do_trap+0x260/0x390
[   34.545449]  do_error_trap+0x120/0x390
[   34.549335]  ? do_trap+0x390/0x390
[   34.552854]  ? refcount_sub_and_test+0x167/0x1b0
[   34.557593]  ? vprintk_emit+0x3ea/0x590
[   34.561571]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.566401]  do_invalid_op+0x1b/0x20
[   34.570095]  invalid_op+0x1e/0x30
[   34.573523] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   34.578862] RSP: 0018:ffff8801cfc46330 EFLAGS: 00010286
[   34.584200] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   34.591446] RDX: 0000000000000026 RSI: 1ffff10039f88c26 RDI: ffffed0039f88c5a
[   34.598690] RBP: ffff8801cfc463c0 R08: 0000000000000001 R09: 0000000000000000
[   34.605935] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039f88c67
[   34.613180] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d0f0327c
[   34.620452]  ? refcount_inc+0x50/0x50
[   34.624231]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   34.628963]  ? sctp_association_free+0x2d0/0x930
[   34.633691]  ? sctp_do_sm+0x28e7/0x6d90
[   34.637640]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.642372]  ? sctp_close+0x3c6/0x980
[   34.646146]  ? inet_release+0xed/0x1c0
[   34.650016]  sctp_wfree+0x183/0x620
[   34.653622]  ? __sctp_write_space+0x910/0x910
[   34.658098]  skb_release_head_state+0x124/0x200
[   34.662777]  skb_release_all+0x15/0x60
[   34.666646]  consume_skb+0x153/0x490
[   34.670353]  ? sctp_chunk_put+0x99/0x420
[   34.674389]  ? alloc_skb_with_frags+0x710/0x710
[   34.679046]  ? sctp_chunk_hold+0x20/0x20
[   34.683096]  ? refcount_sub_and_test+0x115/0x1b0
[   34.687830]  ? refcount_inc+0x50/0x50
[   34.691614]  ? mark_held_locks+0xaf/0x100
[   34.695745]  ? sctp_datamsg_put+0x456/0x560
[   34.700050]  sctp_chunk_put+0x29c/0x420
[   34.704006]  ? sctp_chunk_hold+0x20/0x20
[   34.708050]  ? sctp_transport_dst_confirm+0x50/0x50
[   34.713053]  ? noop_count+0x40/0x40
[   34.716668]  sctp_chunk_free+0x53/0x60
[   34.720536]  __sctp_outq_teardown+0xc7d/0x15a0
[   34.725104]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   34.730013]  ? lock_downgrade+0x990/0x990
[   34.734138]  ? lock_release+0xa40/0xa40
[   34.738096]  ? __free_insn_slot+0x5c0/0x5c0
[   34.742401]  ? update_stack_state+0x700/0x700
[   34.746872]  ? print_usage_bug+0x480/0x480
[   34.751145]  ? is_bpf_text_address+0xa4/0x120
[   34.755621]  ? __kernel_text_address+0xae/0xe0
[   34.760181]  ? unwind_get_return_address+0x61/0xa0
[   34.765098]  ? __save_stack_trace+0x7e/0xd0
[   34.769404]  ? check_noncircular+0x20/0x20
[   34.773620]  ? print_usage_bug+0x480/0x480
[   34.777831]  ? SOFTIRQ_verbose+0x10/0x10
[   34.781867]  ? save_stack_trace+0x16/0x20
[   34.785993]  ? save_trace+0x11f/0x350
[   34.789777]  ? lock_acquire+0x1d5/0x580
[   34.793730]  ? lock_acquire+0x1d5/0x580
[   34.797682]  ? lock_timer_base+0x1a3/0x2b0
[   34.801895]  ? find_held_lock+0x35/0x1d0
[   34.805940]  ? sock_def_wakeup+0x1f9/0x350
[   34.810150]  ? lock_downgrade+0x990/0x990
[   34.814278]  ? lock_release+0xa40/0xa40
[   34.818236]  sctp_outq_free+0x15/0x20
[   34.822018]  sctp_association_free+0x2d0/0x930
[   34.826583]  ? sctp_asconf_queue_teardown+0x700/0x700
[   34.831750]  ? sock_def_wakeup+0x222/0x350
[   34.835961]  ? sk_dst_check+0x560/0x560
[   34.839911]  ? sctp_association_put+0x74/0x2f0
[   34.844466]  ? sctp_association_hold+0x20/0x20
[   34.849066]  ? find_held_lock+0x35/0x1d0
[   34.853110]  ? sctp_sm_lookup_event+0x95/0x3c0
[   34.857671]  sctp_do_sm+0x28e7/0x6d90
[   34.861460]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   34.867497]  ? print_usage_bug+0x480/0x480
[   34.871710]  ? print_usage_bug+0x480/0x480
[   34.875924]  ? __kernel_text_address+0xae/0xe0
[   34.880483]  ? unwind_get_return_address+0x61/0xa0
[   34.885394]  ? find_held_lock+0x35/0x1d0
[   34.889438]  ? skb_dequeue+0x12a/0x180
[   34.893302]  ? lock_downgrade+0x990/0x990
[   34.897464]  ? do_raw_spin_trylock+0x190/0x190
[   34.902032]  ? mark_held_locks+0xaf/0x100
[   34.906161]  ? trace_hardirqs_on+0xd/0x10
[   34.910290]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   34.914852]  sctp_close+0x3c6/0x980
[   34.918462]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   34.923716]  ? dentry_free+0xcd/0x130
[   34.927492]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.932481]  ? kmem_cache_free+0x249/0x280
[   34.936691]  ? dentry_free+0xd2/0x130
[   34.940469]  ? locks_remove_file+0x414/0x560
[   34.945352]  ? fcntl_setlk+0x10c0/0x10c0
[   34.949389]  ? __fsnotify_parent+0xb4/0x3a0
[   34.953682]  ? ip_mc_drop_socket+0x1ce/0x230
[   34.958066]  inet_release+0xed/0x1c0
[   34.961756]  sock_release+0x8d/0x1e0
[   34.965445]  ? sock_release+0x1e0/0x1e0
[   34.969391]  sock_close+0x16/0x20
[   34.972852]  __fput+0x327/0x7e0
[   34.976114]  ? fput+0x140/0x140
[   34.979377]  ? check_same_owner+0x320/0x320
[   34.983671]  ? do_raw_spin_trylock+0x190/0x190
[   34.988229]  ? check_same_owner+0x320/0x320
[   34.992536]  ____fput+0x15/0x20
[   34.995793]  task_work_run+0x18a/0x260
[   34.999688]  ? task_work_cancel+0x210/0x210
[   35.003989]  ? _raw_spin_unlock+0x22/0x30
[   35.008115]  ? switch_task_namespaces+0x87/0xc0
[   35.012762]  do_exit+0xa3a/0x1b10
[   35.016237]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.021404]  ? print_usage_bug+0x480/0x480
[   35.025616]  ? print_usage_bug+0x480/0x480
[   35.029828]  ? mm_update_next_owner+0x930/0x930
[   35.034471]  ? print_usage_bug+0x480/0x480
[   35.038680]  ? save_trace+0x11f/0x350
[   35.042457]  ? print_usage_bug+0x480/0x480
[   35.047179]  ? check_noncircular+0x20/0x20
[   35.051388]  ? check_noncircular+0x20/0x20
[   35.055595]  ? mark_lock+0xb5d/0x13d0
[   35.059378]  ? __lock_acquire+0x6ef/0x3dc0
[   35.063585]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.068762]  ? check_noncircular+0x20/0x20
[   35.072987]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   35.078156]  ? find_held_lock+0x35/0x1d0
[   35.082198]  ? get_signal+0x855/0x17e0
[   35.086090]  ? lock_downgrade+0x990/0x990
[   35.090218]  do_group_exit+0x149/0x400
[   35.094081]  ? __lock_is_held+0xb6/0x140
[   35.098116]  ? SyS_exit+0x30/0x30
[   35.101544]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.106016]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.111011]  get_signal+0x7e8/0x17e0
[   35.114724]  ? ptrace_notify+0x130/0x130
[   35.118762]  ? __fd_install+0x2da/0x6a0
[   35.122710]  ? lock_downgrade+0x990/0x990
[   35.126836]  ? __lock_is_held+0xb6/0x140
[   35.130882]  do_signal+0x94/0x1ee0
[   35.134396]  ? __fd_install+0x2f7/0x6a0
[   35.138359]  ? get_unused_fd_flags+0x190/0x190
[   35.143422]  ? setup_sigcontext+0x7d0/0x7d0
[   35.147723]  ? __might_sleep+0x95/0x190
[   35.151676]  ? kasan_check_read+0x11/0x20
[   35.155797]  ? _copy_to_user+0xa2/0xc0
[   35.159663]  ? fd_install+0x4d/0x60
[   35.163260]  ? fput+0xd2/0x140
[   35.166428]  ? SYSC_accept4+0x4ec/0x850
[   35.170376]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   35.175628]  ? exit_to_usermode_loop+0x98/0x300
[   35.180275]  exit_to_usermode_loop+0x224/0x300
[   35.184844]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   35.190371]  syscall_return_slowpath+0x3a7/0x450
[   35.195100]  ? prepare_exit_to_usermode+0x220/0x220
[   35.200091]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   35.204995]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   35.209985]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   35.214719]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   35.219447] RIP: 0033:0x4512e9
[   35.222610] RSP: 002b:00007fda9796cc08 EFLAGS: 00000216 ORIG_RAX: 000000000000002b
[   35.230292] RAX: 0000000000000004 RBX: 0000000000718000 RCX: 00000000004512e9
[   35.237533] RDX: 000000002048bffc RSI: 0000000020b4afe4 RDI: 0000000000000003
[   35.245237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   35.252480] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004b6323
[   35.259723] R13: 00000000ffffffff R14: 0000000000000003 R15: 0000000020b4afe4
[   35.267511] Dumping ftrace buffer:
[   35.271070]    (ftrace buffer empty)
[   35.274759] Kernel Offset: disabled
[   35.278362] Rebooting in 86400 seconds..