------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 1 PID: 10651 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0 lib/refcount.c:187
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 10651 Comm: syz-executor1 Not tainted 4.15.0+ #292
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 panic+0x1e4/0x41c kernel/panic.c:183
 __warn+0x1dc/0x200 kernel/panic.c:547
 report_bug+0x211/0x2d0 lib/bug.c:184
 fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1097
RIP: 0010:refcount_sub_and_test+0x167/0x1b0 lib/refcount.c:187
RSP: 0018:ffff8801d702eb70 EFLAGS: 00010282
RAX: dffffc0000000008 RBX: 0000000000000401 RCX: ffffffff815a57ae
RDX: 0000000000010000 RSI: ffffc9000354e000 RDI: 1ffff1003ae05cf3
RBP: ffff8801d702ec00 R08: 1ffff1003ae05cb5 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003ae05d6f
R13: 00000000ffffff01 R14: 0000000000000500 R15: ffff8801acda22bc
 sock_wfree+0xa6/0x140 net/core/sock.c:1822
 sctp_wfree+0x2eb/0x670 net/sctp/socket.c:8065
 skb_release_head_state+0x124/0x260 net/core/skbuff.c:612
 skb_release_all+0x15/0x60 net/core/skbuff.c:625
 __kfree_skb net/core/skbuff.c:641 [inline]
 consume_skb+0x153/0x490 net/core/skbuff.c:701
 sctp_chunk_destroy net/sctp/sm_make_chunk.c:1445 [inline]
 sctp_chunk_put+0x29c/0x420 net/sctp/sm_make_chunk.c:1472
 sctp_chunk_free+0x53/0x60 net/sctp/sm_make_chunk.c:1459
 sctp_outq_sack+0xa35/0x16d0 net/sctp/outqueue.c:1355
 sctp_cmd_process_sack net/sctp/sm_sideeffect.c:810 [inline]
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1379 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1210 [inline]
 sctp_do_sm+0x3902/0x6ed0 net/sctp/sm_sideeffect.c:1181
 sctp_assoc_bh_rcv+0x283/0x4b0 net/sctp/associola.c:1065
 sctp_inq_push+0x23b/0x300 net/sctp/inqueue.c:95
 sctp_backlog_rcv+0x177/0xa90 net/sctp/input.c:350
 sk_backlog_rcv include/net/sock.h:908 [inline]
 __release_sock+0x124/0x360 net/core/sock.c:2274
 release_sock+0xa4/0x2a0 net/core/sock.c:2789
 sctp_sendmsg+0x19b9/0x35e0 net/sctp/socket.c:2055
 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
 sock_sendmsg_nosec net/socket.c:630 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:640
 sock_write_iter+0x31a/0x5d0 net/socket.c:909
 call_write_iter include/linux/fs.h:1781 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x29/0xa0
RIP: 0033:0x453299
RSP: 002b:00007ffabfb46c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000453299
RDX: 000000000000032a RSI: 00000000204a1f49 RDI: 0000000000000013
RBP: 00000000000003ce R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f4bf0
R13: 00000000ffffffff R14: 00007ffabfb476d4 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..