Hi,

I've got the following error report while fuzzing the kernel with syzkaller.

On commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 (4.11-rc8).

C reproducer and .config are attached.
It takes 1-2 minutes of running the reproducer to trigger the issue.

------------[ cut here ]------------
WARNING: CPU: 0 PID: 21 at net/ipv6/addrconf.c:894
inet6_ifa_finish_destroy+0x12e/0x190
Modules linked in:
CPU: 0 PID: 21 Comm: kworker/0:1 Not tainted 4.11.0-rc8+ #296
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 __dump_stack lib/dump_stack.c:16
 dump_stack+0x292/0x398 lib/dump_stack.c:52
 __warn+0x19f/0x1e0 kernel/panic.c:549
 warn_slowpath_null+0x2c/0x40 kernel/panic.c:584
 inet6_ifa_finish_destroy+0x12e/0x190 c:894
 in6_ifa_put ./include/net/addrconf.h:330
 addrconf_dad_work+0x4e9/0x1040 net/ipv6/addrconf.c:3963
 process_one_work+0xc04/0x1c10 kernel/workqueue.c:2097
 worker_thread+0x223/0x19c0 kernel/workqueue.c:2231
 kthread+0x35e/0x430 kernel/kthread.c:231
 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430
---[ end trace 64f7dae275ec6e42 ]---
IPv6: Freeing alive inet6 address ffff88006383a000