INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-net-kasan-gce-4,10.128.0.19' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.166475] refcount_t: underflow; use-after-free. [ 58.171564] ------------[ cut here ]------------ [ 58.176459] WARNING: CPU: 1 PID: 3010 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0 [ 58.185149] Kernel panic - not syncing: panic_on_warn set ... [ 58.185149] [ 58.192487] CPU: 1 PID: 3010 Comm: syzkaller953058 Not tainted 4.13.0-rc5+ #10 [ 58.199814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.209142] Call Trace: [ 58.211703] dump_stack+0x194/0x257 [ 58.215309] ? arch_local_irq_restore+0x53/0x53 [ 58.219958] panic+0x1e4/0x417 [ 58.223132] ? __warn+0x1d9/0x1d9 [ 58.226553] ? show_regs_print_info+0x65/0x65 [ 58.231033] ? refcount_sub_and_test+0x167/0x1b0 [ 58.235756] __warn+0x1c4/0x1d9 [ 58.239002] ? refcount_sub_and_test+0x167/0x1b0 [ 58.243735] report_bug+0x211/0x2d0 [ 58.247340] fixup_bug+0x40/0x90 [ 58.250678] do_trap+0x260/0x390 [ 58.254021] do_error_trap+0x120/0x390 [ 58.257881] ? do_trap+0x390/0x390 [ 58.261393] ? refcount_sub_and_test+0x167/0x1b0 [ 58.266125] ? vprintk_emit+0x3ea/0x590 [ 58.270076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.274902] do_invalid_op+0x1b/0x20 [ 58.278586] invalid_op+0x1e/0x30 [ 58.282010] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 58.287339] RSP: 0018:ffff8801d02ae330 EFLAGS: 00010286 [ 58.292671] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000 [ 58.299934] RDX: 0000000000000026 RSI: 1ffff1003a055c26 RDI: ffffed003a055c5a [ 58.307175] RBP: ffff8801d02ae3c0 R08: 0000000000000001 R09: 0000000000000000 [ 58.314412] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a055c67 [ 58.321662] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d15269fc [ 58.328928] ? refcount_inc+0x50/0x50 [ 58.332700] ? __sctp_outq_teardown+0xc7d/0x15a0 [ 58.337424] ? sctp_association_free+0x2d0/0x930 [ 58.342148] ? sctp_do_sm+0x28e7/0x6d90 [ 58.346095] ? sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 58.350827] ? sctp_close+0x3c6/0x980 [ 58.354595] ? inet_release+0xed/0x1c0 [ 58.358456] sctp_wfree+0x183/0x620 [ 58.362068] ? __sctp_write_space+0x910/0x910 [ 58.366541] skb_release_head_state+0x124/0x200 [ 58.371186] skb_release_all+0x15/0x60 [ 58.375042] consume_skb+0x153/0x490 [ 58.378723] ? sctp_chunk_put+0x99/0x420 [ 58.382754] ? alloc_skb_with_frags+0x710/0x710 [ 58.387391] ? sctp_chunk_hold+0x20/0x20 [ 58.391423] ? refcount_sub_and_test+0x115/0x1b0 [ 58.396146] ? refcount_inc+0x50/0x50 [ 58.399915] ? mark_held_locks+0xaf/0x100 [ 58.404036] ? sctp_datamsg_put+0x456/0x560 [ 58.408331] sctp_chunk_put+0x29c/0x420 [ 58.412290] ? sctp_chunk_hold+0x20/0x20 [ 58.416324] ? sctp_transport_dst_confirm+0x50/0x50 [ 58.421313] ? noop_count+0x40/0x40 [ 58.424920] sctp_chunk_free+0x53/0x60 [ 58.428777] __sctp_outq_teardown+0xc7d/0x15a0 [ 58.433354] ? sctp_inq_set_th_handler+0x1b0/0x1b0 [ 58.438252] ? lock_downgrade+0x990/0x990 [ 58.442375] ? lock_release+0xa40/0xa40 [ 58.446319] ? __free_insn_slot+0x5c0/0x5c0 [ 58.450615] ? update_stack_state+0x700/0x700 [ 58.455083] ? print_usage_bug+0x480/0x480 [ 58.459298] ? is_bpf_text_address+0xa4/0x120 [ 58.463766] ? __kernel_text_address+0xae/0xe0 [ 58.468314] ? unwind_get_return_address+0x61/0xa0 [ 58.473219] ? __save_stack_trace+0x7e/0xd0 [ 58.477528] ? check_noncircular+0x20/0x20 [ 58.481736] ? print_usage_bug+0x480/0x480 [ 58.485941] ? SOFTIRQ_verbose+0x10/0x10 [ 58.489967] ? save_stack_trace+0x16/0x20 [ 58.494084] ? save_trace+0x11f/0x350 [ 58.497858] ? lock_acquire+0x1d5/0x580 [ 58.501808] ? lock_acquire+0x1d5/0x580 [ 58.505759] ? lock_timer_base+0x1a3/0x2b0 [ 58.509968] ? find_held_lock+0x35/0x1d0 [ 58.514007] ? sock_def_wakeup+0x1f9/0x350 [ 58.518211] ? lock_downgrade+0x990/0x990 [ 58.522337] ? lock_release+0xa40/0xa40 [ 58.526284] sctp_outq_free+0x15/0x20 [ 58.530056] sctp_association_free+0x2d0/0x930 [ 58.534610] ? sctp_asconf_queue_teardown+0x700/0x700 [ 58.539769] ? sock_def_wakeup+0x222/0x350 [ 58.543971] ? sk_dst_check+0x560/0x560 [ 58.547916] ? sctp_association_put+0x74/0x2f0 [ 58.552464] ? sctp_association_hold+0x20/0x20 [ 58.557027] ? print_usage_bug+0x480/0x480 [ 58.561226] ? find_held_lock+0x35/0x1d0 [ 58.565256] ? sctp_sm_lookup_event+0x95/0x3c0 [ 58.569810] sctp_do_sm+0x28e7/0x6d90 [ 58.573592] ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0 [ 58.579623] ? print_usage_bug+0x480/0x480 [ 58.583830] ? print_usage_bug+0x480/0x480 [ 58.588049] ? find_held_lock+0x35/0x1d0 [ 58.592083] ? skb_dequeue+0x12a/0x180 [ 58.595938] ? lock_downgrade+0x990/0x990 [ 58.600056] ? do_raw_spin_trylock+0x190/0x190 [ 58.604610] ? mark_held_locks+0xaf/0x100 [ 58.608731] ? trace_hardirqs_on+0xd/0x10 [ 58.612849] sctp_primitive_SHUTDOWN+0xa0/0xd0 [ 58.617403] sctp_close+0x3c6/0x980 [ 58.621010] ? sctp_apply_peer_addr_params+0xf30/0xf30 [ 58.626251] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 58.631244] ? trace_hardirqs_on+0xd/0x10 [ 58.635363] ? rcu_idle_enter+0x1a0/0x1a0 [ 58.639480] ? locks_remove_file+0x414/0x560 [ 58.643857] ? fcntl_setlk+0x10c0/0x10c0 [ 58.647882] ? find_held_lock+0x35/0x1d0 [ 58.651915] ? __fsnotify_parent+0xb4/0x3a0 [ 58.656207] ? ip_mc_drop_socket+0x1ce/0x230 [ 58.660600] inet_release+0xed/0x1c0 [ 58.664286] sock_release+0x8d/0x1e0 [ 58.667970] ? sock_release+0x1e0/0x1e0 [ 58.671921] sock_close+0x16/0x20 [ 58.675343] __fput+0x327/0x7e0 [ 58.678596] ? fput+0x140/0x140 [ 58.681842] ? check_same_owner+0x320/0x320 [ 58.686138] ____fput+0x15/0x20 [ 58.689385] task_work_run+0x18a/0x260 [ 58.693242] ? task_work_cancel+0x210/0x210 [ 58.697529] ? free_nsproxy+0x185/0x1f0 [ 58.701472] ? switch_task_namespaces+0xa2/0xc0 [ 58.706115] do_exit+0xa3a/0x1b10 [ 58.709539] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 58.714699] ? print_usage_bug+0x480/0x480 [ 58.718907] ? mm_update_next_owner+0x930/0x930 [ 58.723543] ? check_noncircular+0x20/0x20 [ 58.727745] ? check_noncircular+0x20/0x20 [ 58.731951] ? find_held_lock+0x35/0x1d0 [ 58.735985] ? find_held_lock+0x35/0x1d0 [ 58.740019] ? check_noncircular+0x20/0x20 [ 58.744222] ? check_noncircular+0x20/0x20 [ 58.748423] ? lock_downgrade+0x990/0x990 [ 58.752542] ? do_raw_spin_trylock+0x190/0x190 [ 58.757097] ? reacquire_held_locks+0x1fd/0x3d0 [ 58.761730] ? mark_held_locks+0xaf/0x100 [ 58.765841] ? reacquire_held_locks+0x1fd/0x3d0 [ 58.770513] ? check_noncircular+0x20/0x20 [ 58.774720] ? find_held_lock+0x35/0x1d0 [ 58.778756] ? release_sock+0x1d4/0x2a0 [ 58.782696] ? lock_downgrade+0x990/0x990 [ 58.786814] ? lock_downgrade+0x990/0x990 [ 58.790936] ? find_held_lock+0x35/0x1d0 [ 58.794972] ? get_signal+0x855/0x17e0 [ 58.798834] ? lock_downgrade+0x990/0x990 [ 58.802957] do_group_exit+0x149/0x400 [ 58.806815] ? __lock_is_held+0xb6/0x140 [ 58.810844] ? SyS_exit+0x30/0x30 [ 58.814264] ? _raw_spin_unlock_irq+0x27/0x70 [ 58.818724] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 58.823710] get_signal+0x7e8/0x17e0 [ 58.827419] ? ptrace_notify+0x130/0x130 [ 58.831445] ? inet_autobind+0x1f/0x180 [ 58.835386] ? __local_bh_enable_ip+0x9d/0x160 [ 58.839938] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 58.844921] ? release_sock+0x1d4/0x2a0 [ 58.848859] ? trace_hardirqs_on+0xd/0x10 [ 58.852975] ? __local_bh_enable_ip+0x9d/0x160 [ 58.857530] ? _raw_spin_unlock_bh+0x30/0x40 [ 58.861907] ? release_sock+0x1d4/0x2a0 [ 58.865849] ? __release_sock+0x360/0x360 [ 58.869976] ? trace_hardirqs_on+0xd/0x10 [ 58.874097] do_signal+0x94/0x1ee0 [ 58.877622] ? inet_sendmsg+0x11f/0x5e0 [ 58.881562] ? inet_sendmsg+0x126/0x5e0 [ 58.885504] ? __might_sleep+0x95/0x190 [ 58.889447] ? setup_sigcontext+0x7d0/0x7d0 [ 58.893735] ? selinux_socket_sendmsg+0x36/0x40 [ 58.898369] ? security_socket_sendmsg+0x89/0xb0 [ 58.903087] ? inet_recvmsg+0x5f0/0x5f0 [ 58.907040] ? sock_sendmsg+0x4f/0x110 [ 58.910897] ? fput+0xd2/0x140 [ 58.914058] ? SYSC_sendto+0x40d/0x5a0 [ 58.917914] ? SYSC_connect+0x470/0x470 [ 58.921860] ? find_held_lock+0x35/0x1d0 [ 58.925894] ? exit_to_usermode_loop+0x98/0x300 [ 58.930535] exit_to_usermode_loop+0x224/0x300 [ 58.935086] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 58.940589] ? handle_mm_fault+0x4e3/0x940 [ 58.944787] ? down_read_trylock+0xdb/0x170 [ 58.949083] syscall_return_slowpath+0x3a7/0x450 [ 58.953807] ? prepare_exit_to_usermode+0x220/0x220 [ 58.958794] ? entry_SYSCALL_64_fastpath+0x91/0xbe [ 58.963689] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 58.968685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 58.973413] entry_SYSCALL_64_fastpath+0xbc/0xbe [ 58.978137] RIP: 0033:0x445dd9 [ 58.981307] RSP: 002b:00007f844dae7db8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c [ 58.988985] RAX: 000000000000009b RBX: 0000000000000000 RCX: 0000000000445dd9 [ 58.996229] RDX: 000000000000009b RSI: 0000000020381000 RDI: 0000000000000003 [ 59.003468] RBP: 0000000000000000 R08: 0000000020a63ff0 R09: 0000000000000010 [ 59.010705] R10: 0000000000004000 R11: 0000000000000212 R12: 0000000000000000 [ 59.017949] R13: 00000000007efe8f R14: 00007f844dae89c0 R15: 0000000000000000 [ 59.025583] Dumping ftrace buffer: [ 59.029128] (ftrace buffer empty) [ 59.032809] Kernel Offset: disabled [ 59.036403] Rebooting in 86400 seconds..