INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-1,10.128.0.36' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.574932] refcount_t: underflow; use-after-free.
[   50.580081] ------------[ cut here ]------------
[   50.585083] WARNING: CPU: 0 PID: 2993 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   50.593885] Kernel panic - not syncing: panic_on_warn set ...
[   50.593885] 
[   50.601222] CPU: 0 PID: 2993 Comm: syzkaller502982 Not tainted 4.13.0-mm1+ #7
[   50.608462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.617787] Call Trace:
[   50.620350]  dump_stack+0x194/0x257
[   50.623951]  ? arch_local_irq_restore+0x53/0x53
[   50.628601]  panic+0x1e4/0x417
[   50.631766]  ? __warn+0x1d9/0x1d9
[   50.635188]  ? show_regs_print_info+0x65/0x65
[   50.639668]  ? refcount_sub_and_test+0x167/0x1b0
[   50.644396]  __warn+0x1c4/0x1d9
[   50.647648]  ? refcount_sub_and_test+0x167/0x1b0
[   50.652375]  report_bug+0x211/0x2d0
[   50.655988]  fixup_bug+0x40/0x90
[   50.659327]  do_trap+0x260/0x390
[   50.662671]  do_error_trap+0x120/0x390
[   50.666527]  ? vprintk_emit+0x49b/0x590
[   50.670477]  ? do_trap+0x390/0x390
[   50.673991]  ? refcount_sub_and_test+0x167/0x1b0
[   50.678718]  ? vprintk_emit+0x3ea/0x590
[   50.682670]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   50.687489]  do_invalid_op+0x1b/0x20
[   50.691173]  invalid_op+0x18/0x20
[   50.694594] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   50.699931] RSP: 0018:ffff8801ce0a6cd8 EFLAGS: 00010282
[   50.705323] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   50.712570] RDX: 0000000000000026 RSI: 1ffff10039c14d5b RDI: ffffed0039c14d8f
[   50.719810] RBP: ffff8801ce0a6d68 R08: ffff8801ce0a63c8 R09: 0000000000000000
[   50.727050] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039c14d9c
[   50.734290] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801ce0082a4
[   50.741560]  ? refcount_sub_and_test+0x167/0x1b0
[   50.746288]  ? refcount_inc+0x50/0x50
[   50.750063]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   50.754789]  ? sctp_association_free+0x2d0/0x930
[   50.759514]  ? sctp_do_sm+0x28e7/0x6dd0
[   50.763459]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   50.768180]  ? sctp_close+0x3c6/0x980
[   50.771951]  ? inet_release+0xed/0x1c0
[   50.775813]  sctp_wfree+0x183/0x620
[   50.779411]  ? __sctp_write_space+0x910/0x910
[   50.783901]  skb_release_head_state+0x124/0x200
[   50.788554]  skb_release_all+0x15/0x60
[   50.792417]  consume_skb+0x153/0x490
[   50.796109]  ? sctp_chunk_put+0x99/0x420
[   50.800147]  ? alloc_skb_with_frags+0x710/0x710
[   50.804793]  ? sctp_chunk_hold+0x20/0x20
[   50.808835]  ? refcount_sub_and_test+0x115/0x1b0
[   50.813569]  ? refcount_inc+0x50/0x50
[   50.817345]  ? mark_held_locks+0xb2/0x100
[   50.821470]  ? sctp_datamsg_put+0x456/0x560
[   50.825772]  sctp_chunk_put+0x29c/0x420
[   50.829730]  ? sctp_chunk_hold+0x20/0x20
[   50.833770]  ? sctp_transport_dst_confirm+0x50/0x50
[   50.838762]  ? find_held_lock+0x39/0x1d0
[   50.842811]  sctp_chunk_free+0x53/0x60
[   50.846674]  __sctp_outq_teardown+0xc7d/0x15a0
[   50.851228]  ? check_noncircular+0x20/0x20
[   50.855442]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   50.860344]  ? do_raw_spin_trylock+0x190/0x190
[   50.864895]  ? do_raw_spin_trylock+0x190/0x190
[   50.869465]  ? trace_hardirqs_off+0xd/0x10
[   50.873672]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   50.878748]  ? try_to_wake_up+0x115/0x1850
[   50.882958]  ? check_noncircular+0x20/0x20
[   50.887170]  ? migrate_swap_stop+0x970/0x970
[   50.891557]  ? check_noncircular+0x20/0x20
[   50.895771]  ? find_held_lock+0x39/0x1d0
[   50.899815]  ? lock_downgrade+0x990/0x990
[   50.903932]  ? find_held_lock+0x39/0x1d0
[   50.907969]  ? sk_dst_check+0x560/0x560
[   50.911915]  ? lock_downgrade+0x990/0x990
[   50.916034]  ? lock_release+0xd70/0xd70
[   50.919984]  sctp_outq_free+0x15/0x20
[   50.923755]  sctp_association_free+0x2d0/0x930
[   50.928310]  ? sctp_asconf_queue_teardown+0x700/0x700
[   50.933469]  ? sock_def_wakeup+0x222/0x350
[   50.937674]  ? sk_dst_check+0x560/0x560
[   50.941623]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   50.946619]  ? trace_hardirqs_on+0xd/0x10
[   50.950739]  ? __wake_up+0x3f/0x50
[   50.954256]  sctp_do_sm+0x28e7/0x6dd0
[   50.958041]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   50.964074]  ? print_usage_bug+0x480/0x480
[   50.968281]  ? print_usage_bug+0x480/0x480
[   50.972492]  ? find_held_lock+0x39/0x1d0
[   50.976540]  ? lock_downgrade+0x990/0x990
[   50.980667]  ? skb_dequeue+0x22/0x180
[   50.984445]  ? do_raw_spin_trylock+0x190/0x190
[   50.989010]  ? mark_held_locks+0xb2/0x100
[   50.993144]  ? trace_hardirqs_on+0xd/0x10
[   50.997269]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   51.001825]  sctp_close+0x3c6/0x980
[   51.005431]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   51.010681]  ? release_sock+0x74/0x2a0
[   51.014553]  ? locks_remove_file+0x3fa/0x5a0
[   51.018934]  ? fcntl_setlk+0x10d0/0x10d0
[   51.022969]  ? __fsnotify_parent+0xb4/0x3a0
[   51.027263]  ? ip_mc_drop_socket+0x1ce/0x230
[   51.031647]  inet_release+0xed/0x1c0
[   51.035336]  sock_release+0x8d/0x1e0
[   51.039021]  ? sock_release+0x1e0/0x1e0
[   51.042965]  sock_close+0x16/0x20
[   51.046393]  __fput+0x333/0x7f0
[   51.049653]  ? fput+0x140/0x140
[   51.052907]  ? _raw_spin_unlock_irq+0x27/0x70
[   51.057378]  ____fput+0x15/0x20
[   51.060628]  task_work_run+0x199/0x270
[   51.064489]  ? task_work_cancel+0x210/0x210
[   51.068778]  ? SYSC_accept4+0x4f2/0x850
[   51.072725]  ? exit_to_usermode_loop+0x98/0x300
[   51.077371]  exit_to_usermode_loop+0x2a6/0x300
[   51.081927]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   51.087436]  ? _raw_spin_unlock_irq+0x27/0x70
[   51.091903]  ? __do_page_fault+0xb60/0xb60
[   51.096110]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   51.101100]  syscall_return_slowpath+0x42f/0x500
[   51.105826]  ? finish_task_switch+0x1aa/0x740
[   51.110292]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   51.115277]  ? entry_SYSCALL_64_fastpath+0x91/0xbe
[   51.120177]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   51.125163]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   51.129894]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   51.134619] RIP: 0033:0x445d39
[   51.137781] RSP: 002b:00007f8693f11dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002b
[   51.145461] RAX: ffffffffffffff99 RBX: 0000000000000000 RCX: 0000000000445d39
[   51.152716] RDX: 0000000020ffd000 RSI: 0000000020ffc000 RDI: 0000000000000003
[   51.160366] RBP: 0000000000000000 R08: 00007f8693f12700 R09: 00007f8693f12700
[   51.167608] R10: 00007f8693f12700 R11: 0000000000000202 R12: 0000000000000000
[   51.174846] R13: 00007ffff985d1df R14: 00007f8693f129c0 R15: 0000000000000000
[   51.182297] Dumping ftrace buffer:
[   51.185859]    (ftrace buffer empty)
[   51.189540] Kernel Offset: disabled
[   51.193144] Rebooting in 86400 seconds..