INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-6,10.128.0.35' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.215618] refcount_t: underflow; use-after-free.
[   41.216478] ------------[ cut here ]------------
[   41.217368] WARNING: CPU: 1 PID: 3012 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   41.218573] Kernel panic - not syncing: panic_on_warn set ...
[   41.218573] 
[   41.219593] CPU: 1 PID: 3012 Comm: syzkaller247487 Not tainted 4.13.0-rc5+ #12
[   41.220569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.221789] Call Trace:
[   41.222202]  dump_stack+0x194/0x257
[   41.222714]  ? arch_local_irq_restore+0x53/0x53
[   41.223351]  panic+0x1e4/0x417
[   41.223784]  ? __warn+0x1d9/0x1d9
[   41.224250]  ? show_regs_print_info+0x65/0x65
[   41.224875]  ? refcount_sub_and_test+0x167/0x1b0
[   41.225509]  __warn+0x1c4/0x1d9
[   41.225959]  ? refcount_sub_and_test+0x167/0x1b0
[   41.226596]  report_bug+0x211/0x2d0
[   41.227092]  fixup_bug+0x40/0x90
[   41.227551]  do_trap+0x260/0x390
[   41.228012]  do_error_trap+0x120/0x390
[   41.228549]  ? do_trap+0x390/0x390
[   41.229028]  ? refcount_sub_and_test+0x167/0x1b0
[   41.229672]  ? vprintk_emit+0x3ea/0x590
[   41.230215]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.230955]  do_invalid_op+0x1b/0x20
[   41.231534]  invalid_op+0x1e/0x30
[   41.232000] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   41.232818] RSP: 0018:ffff8801d012e850 EFLAGS: 00010282
[   41.233537] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   41.234491] RDX: 0000000000000026 RSI: 1ffff1003a025cca RDI: ffffed003a025cfe
[   41.235470] RBP: ffff8801d012e8e0 R08: 0000000000000001 R09: 0000000000000000
[   41.236445] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a025d0b
[   41.243680] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d1ed62bc
[   41.250938]  ? refcount_inc+0x50/0x50
[   41.254708]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   41.259448]  ? sctp_association_free+0x2d0/0x930
[   41.264172]  ? sctp_do_sm+0x28e7/0x6d90
[   41.268113]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   41.272855]  ? sctp_close+0x3c6/0x980
[   41.276645]  ? inet_release+0xed/0x1c0
[   41.280508]  sctp_wfree+0x183/0x620
[   41.284112]  ? __sctp_write_space+0x910/0x910
[   41.289041]  skb_release_head_state+0x124/0x200
[   41.293695]  skb_release_all+0x15/0x60
[   41.297559]  consume_skb+0x153/0x490
[   41.301241]  ? sctp_chunk_put+0x99/0x420
[   41.305269]  ? alloc_skb_with_frags+0x710/0x710
[   41.309908]  ? sctp_chunk_hold+0x20/0x20
[   41.313941]  ? refcount_sub_and_test+0x115/0x1b0
[   41.318667]  ? refcount_inc+0x50/0x50
[   41.322437]  ? mark_held_locks+0xaf/0x100
[   41.326556]  ? sctp_datamsg_put+0x456/0x560
[   41.330851]  sctp_chunk_put+0x29c/0x420
[   41.334796]  ? sctp_chunk_hold+0x20/0x20
[   41.338832]  ? sctp_transport_dst_confirm+0x50/0x50
[   41.343831]  ? noop_count+0x40/0x40
[   41.347487]  sctp_chunk_free+0x53/0x60
[   41.351349]  __sctp_outq_teardown+0xc7d/0x15a0
[   41.355912]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   41.360824]  ? lock_downgrade+0x990/0x990
[   41.364942]  ? lock_release+0xa40/0xa40
[   41.368884]  ? __free_insn_slot+0x5c0/0x5c0
[   41.373175]  ? update_stack_state+0x700/0x700
[   41.377638]  ? print_usage_bug+0x480/0x480
[   41.381852]  ? is_bpf_text_address+0xa4/0x120
[   41.386317]  ? __kernel_text_address+0xae/0xe0
[   41.390879]  ? unwind_get_return_address+0x61/0xa0
[   41.395777]  ? __save_stack_trace+0x7e/0xd0
[   41.400072]  ? check_noncircular+0x20/0x20
[   41.404274]  ? print_usage_bug+0x480/0x480
[   41.408486]  ? SOFTIRQ_verbose+0x10/0x10
[   41.412512]  ? save_stack_trace+0x16/0x20
[   41.416629]  ? save_trace+0x11f/0x350
[   41.420408]  ? lock_acquire+0x1d5/0x580
[   41.424349]  ? lock_acquire+0x1d5/0x580
[   41.428291]  ? lock_timer_base+0x1a3/0x2b0
[   41.432503]  ? find_held_lock+0x35/0x1d0
[   41.436537]  ? sock_def_wakeup+0x1f9/0x350
[   41.440742]  ? lock_downgrade+0x990/0x990
[   41.444860]  ? lock_release+0xa40/0xa40
[   41.448808]  sctp_outq_free+0x15/0x20
[   41.452577]  sctp_association_free+0x2d0/0x930
[   41.457130]  ? sctp_asconf_queue_teardown+0x700/0x700
[   41.462287]  ? sock_def_wakeup+0x222/0x350
[   41.466490]  ? sk_dst_check+0x560/0x560
[   41.470436]  ? sctp_association_put+0x74/0x2f0
[   41.474988]  ? sctp_association_hold+0x20/0x20
[   41.479545]  ? sctp_sm_lookup_event+0x95/0x3c0
[   41.484098]  sctp_do_sm+0x28e7/0x6d90
[   41.487866]  ? print_usage_bug+0x480/0x480
[   41.492079]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   41.498110]  ? print_usage_bug+0x480/0x480
[   41.502317]  ? print_usage_bug+0x480/0x480
[   41.506523]  ? lock_pin_lock+0x360/0x360
[   41.510558]  ? check_noncircular+0x20/0x20
[   41.514767]  ? find_held_lock+0x35/0x1d0
[   41.518815]  ? skb_dequeue+0x12a/0x180
[   41.522700]  ? lock_downgrade+0x990/0x990
[   41.526836]  ? do_raw_spin_trylock+0x190/0x190
[   41.531390]  ? mark_held_locks+0xaf/0x100
[   41.535513]  ? trace_hardirqs_on+0xd/0x10
[   41.539644]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   41.544199]  sctp_close+0x3c6/0x980
[   41.547803]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   41.553047]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   41.558206]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   41.563364]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   41.568528]  ? locks_remove_file+0x414/0x560
[   41.572914]  ? fcntl_setlk+0x10c0/0x10c0
[   41.576947]  ? __fsnotify_parent+0xb4/0x3a0
[   41.581235]  ? ip_mc_drop_socket+0x1ce/0x230
[   41.585627]  inet_release+0xed/0x1c0
[   41.589319]  sock_release+0x8d/0x1e0
[   41.592999]  ? sock_release+0x1e0/0x1e0
[   41.596944]  sock_close+0x16/0x20
[   41.600368]  __fput+0x327/0x7e0
[   41.603618]  ? fput+0x140/0x140
[   41.606868]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   41.612027]  ____fput+0x15/0x20
[   41.615276]  task_work_run+0x18a/0x260
[   41.619133]  ? task_work_cancel+0x210/0x210
[   41.623428]  ? check_noncircular+0x20/0x20
[   41.627642]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   41.632720]  get_signal+0x1440/0x17e0
[   41.636496]  ? search_extable+0x35/0x40
[   41.640439]  ? copy_user_handle_tail+0x40/0x80
[   41.644988]  ? copy_user_handle_tail+0x40/0x80
[   41.649538]  ? ex_handler_default+0x18/0x90
[   41.653825]  ? __pte+0x53/0x53
[   41.656988]  ? fixup_exception+0x93/0xc0
[   41.661022]  ? no_context+0xe5/0x8c0
[   41.664715]  ? ptrace_notify+0x130/0x130
[   41.668744]  ? check_noncircular+0x20/0x20
[   41.672966]  ? __bad_area_nosemaphore+0x1f4/0x3e0
[   41.677802]  ? downgrade_write+0x150/0x150
[   41.682033]  ? check_noncircular+0x20/0x20
[   41.686262]  ? bad_area+0x69/0x80
[   41.689709]  ? retint_kernel+0x10/0x10
[   41.693592]  do_signal+0x94/0x1ee0
[   41.697111]  ? put_unused_fd+0x62/0x70
[   41.700969]  ? lock_downgrade+0x990/0x990
[   41.705094]  ? setup_sigcontext+0x7d0/0x7d0
[   41.709383]  ? do_raw_spin_trylock+0x190/0x190
[   41.713938]  ? __put_unused_fd+0x183/0x250
[   41.718142]  ? alloc_fdtable+0x280/0x280
[   41.722171]  ? cpumask_weight.constprop.3+0x45/0x45
[   41.727157]  ? _copy_to_user+0xa2/0xc0
[   41.731021]  ? _raw_spin_unlock+0x22/0x30
[   41.735135]  ? put_unused_fd+0x62/0x70
[   41.738995]  ? fput+0xd2/0x140
[   41.742160]  ? SYSC_accept4+0x4ec/0x850
[   41.746107]  ? exit_to_usermode_loop+0x98/0x300
[   41.750749]  exit_to_usermode_loop+0x224/0x300
[   41.755309]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   41.760814]  ? handle_mm_fault+0x4e3/0x940
[   41.765024]  syscall_return_slowpath+0x3a7/0x450
[   41.769751]  ? prepare_exit_to_usermode+0x220/0x220
[   41.774751]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   41.779654]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.784639]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.789368]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   41.794090] RIP: 0033:0x446549
[   41.797247] RSP: 002b:00007f4020d87dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002b
[   41.804924] RAX: fffffffffffffff2 RBX: 0000000000000000 RCX: 0000000000446549
[   41.812161] RDX: 000000002048bffc RSI: 0000000020b52000 RDI: 0000000000000003
[   41.819402] RBP: 0000000000000000 R08: 00007f4020d88700 R09: 00007f4020d88700
[   41.826641] R10: 00007f4020d88700 R11: 0000000000000202 R12: 0000000000000000
[   41.833877] R13: 00000000007efe7f R14: 00007f4020d889c0 R15: 0000000000000000
[   41.841275] Dumping ftrace buffer:
[   41.844846]    (ftrace buffer empty)
[   41.848526] Kernel Offset: disabled
[   41.852123] Rebooting in 86400 seconds..