net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
executing program
syzkaller login: [   20.253979] refcount_t: underflow; use-after-free.
[   20.254612] ------------[ cut here ]------------
[   20.254942] WARNING: CPU: 3 PID: 3057 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0
[   20.255626] Kernel panic - not syncing: panic_on_warn set ...
[   20.255626] 
[   20.256255] CPU: 3 PID: 3057 Comm: syzkaller116861 Not tainted 4.13.0-rc5-next-20170817+ #5
[   20.257016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
[   20.257746] Call Trace:
[   20.258092]  dump_stack+0x194/0x257
[   20.258460]  ? arch_local_irq_restore+0x53/0x53
[   20.258893]  panic+0x1e4/0x417
[   20.259209]  ? __warn+0x1d9/0x1d9
[   20.259489]  ? show_regs_print_info+0x65/0x65
[   20.259959]  ? refcount_sub_and_test+0x167/0x1b0
[   20.260296]  __warn+0x1c4/0x1d9
[   20.260554]  ? refcount_sub_and_test+0x167/0x1b0
[   20.261565]  report_bug+0x211/0x2d0
[   20.261962]  fixup_bug+0x40/0x90
[   20.262338]  do_trap+0x260/0x390
[   20.262703]  do_error_trap+0x120/0x390
[   20.263102]  ? do_trap+0x390/0x390
[   20.263459]  ? refcount_sub_and_test+0x167/0x1b0
[   20.263898]  ? vprintk_emit+0x3ea/0x590
[   20.264273]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   20.264741]  do_invalid_op+0x1b/0x20
[   20.265134]  invalid_op+0x18/0x20
[   20.265483] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   20.266032] RSP: 0018:ffff880039416840 EFLAGS: 00010282
[   20.266588] RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
[   20.267299] RDX: 0000000000000026 RSI: 1ffff10007282cc8 RDI: ffffed0007282cfc
[   20.268024] RBP: ffff8800394168d0 R08: 0000000000000000 R09: 1ffff10007282c9a
[   20.268843] R10: ffff880039416670 R11: ffffffff85b2cbf8 R12: 1ffff10007282d09
[   20.269591] R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff880069e5927c
[   20.270315]  ? refcount_inc+0x50/0x50
[   20.270676]  ? __sctp_outq_teardown+0xc7d/0x15a0
[   20.271156]  ? sctp_association_free+0x2d0/0x930
[   20.271647]  ? sctp_do_sm+0x28e7/0x6d90
[   20.272055]  ? sctp_primitive_SHUTDOWN+0xa0/0xd0
[   20.272509]  ? sctp_close+0x3c6/0x980
[   20.272888]  ? inet_release+0xed/0x1c0
[   20.273262]  ? sock_release+0x8d/0x1e0
[   20.273641]  ? sock_close+0x16/0x20
[   20.273989]  sctp_wfree+0x183/0x620
[   20.274389]  ? entry_SYSCALL_64_fastpath+0xbc/0xbe
[   20.274833]  ? __sctp_write_space+0x910/0x910
[   20.275246]  skb_release_head_state+0x124/0x200
[   20.275675]  skb_release_all+0x15/0x60
[   20.276061]  consume_skb+0x153/0x490
[   20.276421]  ? sctp_chunk_put+0x99/0x420
[   20.276811]  ? alloc_skb_with_frags+0x710/0x710
[   20.277213]  ? sctp_chunk_hold+0x20/0x20
[   20.277631]  ? cpuusage_read+0x10/0x10
[   20.277965]  ? refcount_sub_and_test+0x115/0x1b0
[   20.278468]  ? refcount_inc+0x50/0x50
[   20.278824]  ? trace_hardirqs_off+0xd/0x10
[   20.279187]  ? quarantine_put+0xeb/0x190
[   20.279555]  sctp_chunk_put+0x29c/0x420
[   20.279896]  ? sctp_chunk_hold+0x20/0x20
[   20.280246]  ? sctp_transport_dst_confirm+0x50/0x50
[   20.280675]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.281129]  ? update_sd_lb_stats+0x429/0x23b0
[   20.281583]  ? dequeue_task_fair+0x16d8/0x68b0
[   20.281993]  sctp_chunk_free+0x53/0x60
[   20.282413]  __sctp_outq_teardown+0xc7d/0x15a0
[   20.282878]  ? sctp_inq_set_th_handler+0x1b0/0x1b0
[   20.283336]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.283798]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.284268]  ? set_pageblock_migratetype+0x40/0x40
[   20.284704]  ? do_raw_spin_trylock+0x190/0x190
[   20.285128]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.285587]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.286070]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.286528]  ? lock_acquire+0x1d5/0x580
[   20.286887]  ? lock_acquire+0x1d5/0x580
[   20.287226]  ? lock_timer_base+0x1a3/0x2b0
[   20.287586]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.288058]  ? lock_acquire+0x1d5/0x580
[   20.288420]  ? lock_acquire+0x1d5/0x580
[   20.288777]  ? sock_def_wakeup+0x1f9/0x350
[   20.289160]  ? lock_downgrade+0x990/0x990
[   20.289459]  ? lock_release+0xa40/0xa40
[   20.289717]  ? __next_timer_interrupt+0x150/0x150
[   20.290067]  sctp_outq_free+0x15/0x20
[   20.290349]  sctp_association_free+0x2d0/0x930
[   20.290703]  ? refcount_inc+0x50/0x50
[   20.290982]  ? sctp_asconf_queue_teardown+0x700/0x700
[   20.291367]  ? sock_def_wakeup+0x222/0x350
[   20.291682]  ? sk_dst_check+0x560/0x560
[   20.291976]  ? sctp_association_put+0x74/0x2f0
[   20.292355]  ? sctp_association_hold+0x20/0x20
[   20.292678]  ? __is_insn_slot_addr+0x1fc/0x330
[   20.292984]  ? sctp_sm_lookup_event+0x95/0x3c0
[   20.293296]  sctp_do_sm+0x28e7/0x6d90
[   20.293564]  ? sctp_do_8_2_transport_strike.isra.16+0x8a0/0x8a0
[   20.294013]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   20.294539]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   20.294893]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   20.295265]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.295637]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.295988]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.296363]  ? lock_acquire+0x1d5/0x580
[   20.296666]  ? skb_dequeue+0x12a/0x180
[   20.296922]  ? lock_downgrade+0x990/0x990
[   20.297233]  ? do_raw_spin_trylock+0x190/0x190
[   20.297579]  ? lock_release+0xa40/0xa40
[   20.297843]  ? trace_hardirqs_on+0xd/0x10
[   20.298155]  sctp_primitive_SHUTDOWN+0xa0/0xd0
[   20.298471]  sctp_close+0x3c6/0x980
[   20.298741]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   20.299159]  ? trace_hardirqs_off+0xd/0x10
[   20.299433]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   20.299801]  ? try_to_wake_up+0xf9/0x1600
[   20.300094]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   20.300467]  ? locks_remove_file+0x3fa/0x5a0
[   20.300786]  ? migrate_swap_stop+0x970/0x970
[   20.301105]  ? fcntl_setlk+0x10c0/0x10c0
[   20.301405]  ? __fsnotify_parent+0xb4/0x3a0
[   20.301716]  ? ip_mc_drop_socket+0x1ce/0x230
[   20.302029]  inet_release+0xed/0x1c0
[   20.302335]  sock_release+0x8d/0x1e0
[   20.302643]  ? sock_release+0x1e0/0x1e0
[   20.302950]  sock_close+0x16/0x20
[   20.303252]  __fput+0x327/0x7e0
[   20.304225]  ? fput+0x140/0x140
[   20.304479]  ____fput+0x15/0x20
[   20.304730]  task_work_run+0x199/0x270
[   20.304996]  ? task_work_cancel+0x210/0x210
[   20.305291]  ? pgtable_bad+0x110/0x110
[   20.305556]  get_signal+0x143d/0x17e0
[   20.305818]  ? __bad_area_nosemaphore+0x1f4/0x3e0
[   20.306144]  ? rcu_note_context_switch+0x710/0x710
[   20.306498]  ? downgrade_write+0x150/0x150
[   20.306845]  ? bad_area+0x69/0x80
[   20.307134]  ? __do_page_fault+0x35b/0xb60
[   20.307467]  ? ptrace_notify+0x130/0x130
[   20.307765]  ? trace_do_page_fault+0x141/0x730
[   20.308127]  ? do_page_fault+0x70/0x70
[   20.308405]  ? trace_do_page_fault+0x141/0x730
[   20.308750]  ? lock_downgrade+0x990/0x990
[   20.309045]  ? do_page_fault+0x70/0x70
[   20.309365]  ? do_raw_spin_trylock+0x190/0x190
[   20.309714]  ? inet_accept+0x147/0x930
[   20.309996]  ? lock_acquire+0x1d5/0x580
[   20.310272]  do_signal+0x94/0x1ee0
[   20.310510]  ? lock_acquire+0x1d5/0x580
[   20.310781]  ? put_unused_fd+0x62/0x70
[   20.311049]  ? setup_sigcontext+0x7d0/0x7d0
[   20.311339]  ? do_raw_spin_trylock+0x190/0x190
[   20.311664]  ? task_work_add+0x10e/0x1b0
[   20.311963]  ? __put_unused_fd+0x183/0x250
[   20.312302]  ? alloc_fdtable+0x280/0x280
[   20.312607]  ? cpumask_weight.constprop.3+0x45/0x45
[   20.312955]  ? _copy_to_user+0xa2/0xc0
[   20.313300]  ? _raw_spin_unlock+0x22/0x30
[   20.313594]  ? put_unused_fd+0x62/0x70
[   20.313880]  ? fput+0xd2/0x140
[   20.314122]  ? SYSC_accept4+0x4ec/0x850
[   20.314414]  exit_to_usermode_loop+0x224/0x300
[   20.314733]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   20.315154]  ? do_page_fault+0x70/0x70
[   20.315420]  syscall_return_slowpath+0x42f/0x500
[   20.315738]  ? finish_task_switch+0x1aa/0x740
[   20.316042]  ? prepare_exit_to_usermode+0x2c0/0x2c0
[   20.316446]  ? prepare_exit_to_usermode+0x1a0/0x2c0
[   20.316809]  ? perf_trace_sys_enter+0xc20/0xc20
[   20.317136]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   20.317469]  entry_SYSCALL_64_fastpath+0xbc/0xbe
[   20.317789] RIP: 0033:0x440159
[   20.318016] RSP: 002b:00007f0df6ee0db8 EFLAGS: 00000206 ORIG_RAX: 000000000000002b
[   20.318565] RAX: fffffffffffffff2 RBX: 0000000000000000 RCX: 0000000000440159
[   20.319089] RDX: 000000002048bffc RSI: 0000000020b52000 RDI: 0000000000000004
[   20.319578] RBP: 0000000000000000 R08: 00007f0df6ee1700 R09: 0000000000000000
[   20.320065] R10: 00007f0df6ee1700 R11: 0000000000000206 R12: 0000000000000000
[   20.320568] R13: 0000000000000000 R14: 00007f0df6ee19c0 R15: 00007f0df6ee1700
[   20.321118] Dumping ftrace buffer:
[   20.321419]    (ftrace buffer empty)
[   20.321702] Kernel Offset: disabled
[   20.321941] Rebooting in 86400 seconds..