INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-1,10.128.15.224' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.499720] refcount_t: underflow; use-after-free.
[   32.504759] ------------[ cut here ]------------
[   32.509682] WARNING: CPU: 1 PID: 2993 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   32.518361] Kernel panic - not syncing: panic_on_warn set ...
[   32.518361] 
[   32.525693] CPU: 1 PID: 2993 Comm: syzkaller801747 Not tainted 4.14.0-rc2+ #12
[   32.533021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.542346] Call Trace:
[   32.544904]  dump_stack+0x194/0x257
[   32.548506]  ? arch_local_irq_restore+0x53/0x53
[   32.553161]  panic+0x1e4/0x417
[   32.556325]  ? __warn+0x1d9/0x1d9
[   32.559747]  ? show_regs_print_info+0x65/0x65
[   32.564227]  ? refcount_sub_and_test+0x167/0x1b0
[   32.568958]  __warn+0x1c4/0x1d9
[   32.572205]  ? refcount_sub_and_test+0x167/0x1b0
[   32.576931]  report_bug+0x211/0x2d0
[   32.580533]  fixup_bug+0x40/0x90
[   32.583874]  do_trap+0x260/0x390
[   32.587219]  do_error_trap+0x120/0x390
[   32.591079]  ? do_trap+0x390/0x390
[   32.594589]  ? refcount_sub_and_test+0x167/0x1b0
[   32.599313]  ? vprintk_emit+0x3ea/0x590
[   32.603266]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.608082]  do_invalid_op+0x1b/0x20
[   32.611767]  invalid_op+0x18/0x20
[   32.615190] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   32.620518] RSP: 0018:ffff8801ce23e370 EFLAGS: 00010282
[   32.625853] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   32.633094] RDX: 0000000000000026 RSI: 1ffff10039c47c2e RDI: ffffed0039c47c62
[   32.640336] RBP: ffff8801ce23e400 R08: ffff8801ce23da60 R09: 0000000000000000
[   32.647575] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039c47c6f
[   32.654815] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801ce2df364
[   32.662081]  ? refcount_inc+0x50/0x50
[   32.665852]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   32.670577]  ? sctp_association_free+0x2d0/0x930
[   32.675313]  ? sctp_do_sm+0x28e7/0x6dd0
[   32.679258]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   32.683978]  ? sctp_close+0x3c6/0x980
[   32.687746]  ? inet_release+0xed/0x1c0
[   32.691607]  sctp_wfree+0x183/0x620
[   32.695203]  ? __sctp_write_space+0x910/0x910
[   32.699670]  skb_release_head_state+0x124/0x200
[   32.704309]  skb_release_all+0x15/0x60
[   32.708163]  consume_skb+0x153/0x490
[   32.711848]  ? sctp_chunk_put+0x99/0x420
[   32.715877]  ? alloc_skb_with_frags+0x710/0x710
[   32.720515]  ? sctp_chunk_hold+0x20/0x20
[   32.724548]  ? refcount_sub_and_test+0x115/0x1b0
[   32.729272]  ? refcount_inc+0x50/0x50
[   32.733041]  ? mark_held_locks+0xb2/0x100
[   32.737161]  ? sctp_datamsg_put+0x456/0x560
[   32.741457]  sctp_chunk_put+0x29c/0x420
[   32.745404]  ? sctp_chunk_hold+0x20/0x20
[   32.749436]  ? sctp_transport_dst_confirm+0x50/0x50
[   32.754439]  sctp_chunk_free+0x53/0x60
[   32.758300]  __sctp_outq_teardown+0xc7d/0x15a0
[   32.762852]  ? inet6_release+0x50/0x70
[   32.766715]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   32.771617]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   32.776616]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   32.781602]  ? unwind_dump+0x4c0/0x4c0
[   32.785462]  ? unwind_dump+0x4c0/0x4c0
[   32.789321]  ? copy_trace+0x1d0/0x1d0
[   32.793097]  ? check_noncircular+0x20/0x20
[   32.797301]  ? check_noncircular+0x20/0x20
[   32.801502]  ? unwind_get_return_address+0x61/0xa0
[   32.806401]  ? __save_stack_trace+0x61/0xd0
[   32.810699]  ? check_noncircular+0x20/0x20
[   32.814904]  ? print_usage_bug+0x480/0x480
[   32.819113]  ? find_held_lock+0x39/0x1d0
[   32.823153]  ? lock_downgrade+0x990/0x990
[   32.827277]  ? sk_dst_check+0x560/0x560
[   32.831222]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.836217]  ? lock_release+0xd70/0xd70
[   32.840166]  sctp_outq_free+0x15/0x20
[   32.843935]  sctp_association_free+0x2d0/0x930
[   32.848488]  ? sctp_asconf_queue_teardown+0x700/0x700
[   32.853645]  ? sock_def_wakeup+0x222/0x350
[   32.857852]  ? sk_dst_check+0x560/0x560
[   32.861795]  ? sctp_association_put+0x74/0x2f0
[   32.866344]  ? sctp_association_hold+0x20/0x20
[   32.870894]  ? unwind_dump+0x4c0/0x4c0
[   32.874759]  sctp_do_sm+0x28e7/0x6dd0
[   32.878548]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   32.884578]  ? print_usage_bug+0x480/0x480
[   32.888781]  ? __lock_acquire+0x20fd/0x4620
[   32.893076]  ? print_usage_bug+0x480/0x480
[   32.897285]  ? find_held_lock+0x39/0x1d0
[   32.901325]  ? lock_downgrade+0x990/0x990
[   32.905448]  ? skb_dequeue+0x22/0x180
[   32.909227]  ? do_raw_spin_trylock+0x190/0x190
[   32.913867]  ? mark_held_locks+0xb2/0x100
[   32.917991]  ? trace_hardirqs_on+0xd/0x10
[   32.922114]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   32.926670]  sctp_close+0x3c6/0x980
[   32.930277]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   32.935521]  ? unwind_get_return_address+0x61/0xa0
[   32.940422]  ? check_noncircular+0x20/0x20
[   32.944631]  ? depot_save_stack+0x3b5/0x490
[   32.948930]  ? ipv6_sock_ac_close+0x2e8/0x3e0
[   32.953397]  ? ipv6_sock_mc_close+0x148/0x1a0
[   32.957862]  ? ip_mc_drop_socket+0x1ce/0x230
[   32.962238]  ? __fsnotify_parent+0xb4/0x3a0
[   32.966531]  inet_release+0xed/0x1c0
[   32.970218]  inet6_release+0x50/0x70
[   32.973902]  sock_release+0x8d/0x1e0
[   32.977583]  ? sock_release+0x1e0/0x1e0
[   32.981525]  sock_close+0x16/0x20
[   32.984947]  __fput+0x333/0x7f0
[   32.988200]  ? fput+0x140/0x140
[   32.991450]  ? _raw_spin_unlock_irq+0x27/0x70
[   32.995919]  ____fput+0x15/0x20
[   32.999169]  task_work_run+0x199/0x270
[   33.003029]  ? task_work_cancel+0x210/0x210
[   33.007320]  ? _raw_spin_unlock+0x22/0x30
[   33.011460]  ? switch_task_namespaces+0x87/0xc0
[   33.016110]  do_exit+0x9d2/0x1af0
[   33.019536]  ? find_held_lock+0x39/0x1d0
[   33.023576]  ? mm_update_next_owner+0x930/0x930
[   33.028220]  ? lock_downgrade+0x990/0x990
[   33.032338]  ? lock_downgrade+0x990/0x990
[   33.036464]  ? release_sock+0x74/0x2a0
[   33.040332]  ? do_raw_spin_trylock+0x190/0x190
[   33.044883]  ? trace_hardirqs_on+0xd/0x10
[   33.048998]  ? __local_bh_enable_ip+0x9d/0x160
[   33.053562]  ? check_noncircular+0x20/0x20
[   33.057767]  ? release_sock+0x1d4/0x2a0
[   33.061708]  ? trace_hardirqs_on+0xd/0x10
[   33.065822]  ? __local_bh_enable_ip+0x9d/0x160
[   33.070377]  ? _raw_spin_unlock_bh+0x30/0x40
[   33.074756]  ? release_sock+0x1d4/0x2a0
[   33.078701]  ? sctp_shutdown+0x2d0/0x2d0
[   33.082734]  ? __release_sock+0x360/0x360
[   33.086863]  ? find_held_lock+0x39/0x1d0
[   33.090903]  ? lock_downgrade+0x990/0x990
[   33.095030]  ? recalc_sigpending_tsk+0x117/0x150
[   33.099756]  ? recalc_sigpending+0x103/0x160
[   33.104135]  ? recalc_sigpending_tsk+0x150/0x150
[   33.108866]  ? get_signal+0x2b2/0x16d0
[   33.112742]  do_group_exit+0x149/0x400
[   33.116600]  ? __lock_is_held+0xbc/0x140
[   33.120634]  ? SyS_exit+0x30/0x30
[   33.124057]  ? _raw_spin_unlock_irq+0x27/0x70
[   33.128525]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.133514]  get_signal+0x73f/0x16d0
[   33.137208]  ? ptrace_notify+0x130/0x130
[   33.141251]  ? inet_sendmsg+0x11f/0x5e0
[   33.145195]  ? inet_sendmsg+0x126/0x5e0
[   33.149145]  ? __might_sleep+0x95/0x190
[   33.153091]  ? inet_recvmsg+0x5f0/0x5f0
[   33.157037]  ? selinux_socket_sendmsg+0x36/0x40
[   33.161680]  ? security_socket_sendmsg+0x89/0xb0
[   33.166412]  do_signal+0x94/0x1ee0
[   33.169923]  ? sock_sendmsg+0x4f/0x110
[   33.173779]  ? fput+0xd2/0x140
[   33.176941]  ? SYSC_sendto+0x413/0x5a0
[   33.180802]  ? setup_sigcontext+0x7d0/0x7d0
[   33.185780]  ? lock_downgrade+0x990/0x990
[   33.189918]  ? exit_to_usermode_loop+0x8c/0x310
[   33.194562]  exit_to_usermode_loop+0x214/0x310
[   33.199113]  ? vmacache_update+0xfe/0x130
[   33.203231]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   33.208741]  ? SyS_sendto+0x40/0x50
[   33.212364]  do_fast_syscall_32+0x83e/0xf05
[   33.216661]  ? do_int80_syscall_32+0x940/0x940
[   33.221217]  ? lockdep_sys_exit+0x47/0xf0
[   33.225339]  ? syscall_return_slowpath+0x2b3/0x510
[   33.230245]  ? finish_task_switch+0x1aa/0x740
[   33.234715]  ? retint_user+0x18/0x20
[   33.238402]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.243219]  entry_SYSENTER_compat+0x51/0x60
[   33.247602] RIP: 0023:0xf7f42c79
[   33.250932] RSP: 002b:00000000f6f3c1ec EFLAGS: 00000292 ORIG_RAX: 0000000000000171
[   33.258609] RAX: 0000000000000006 RBX: 0000000000000003 RCX: 0000000020aa7000
[   33.265848] RDX: 0000000000000006 RSI: 0000000000008000 RDI: 0000000020aa7000
[   33.273085] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[   33.280325] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   33.287572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.295314] Dumping ftrace buffer:
[   33.298869]    (ftrace buffer empty)
[   33.302552] Kernel Offset: disabled
[   33.306157] Rebooting in 86400 seconds..