------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 1 PID: 13016 at lib/refcount.c:25 refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25 Modules linked in: CPU: 1 PID: 13016 Comm: syz-executor.0 Not tainted 5.12.0-rc8-syzkaller-00011-g18a3c5f7abfd #0 Hardware name: riscv-virtio,qemu (DT) epc : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25 ra : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25 epc : ffffffe00097729c ra : ffffffe00097729c sp : ffffffe00f357ce0 gp : ffffffe0045883c0 tp : ffffffe008d917c0 t0 : ffffffe004ffdbb7 t1 : ffffffc401e6af38 t2 : 0000000000000000 s0 : ffffffe00f357d00 s1 : 0000000000000000 a0 : 000000000000002a a1 : 00000000000f0000 a2 : ffffffd010ada000 a3 : ffffffe0000e1458 a4 : ed669a2a82b05500 a5 : ed669a2a82b05500 a6 : 0000000000f00000 a7 : ffffffe00f3579c7 s2 : ffffffe0044c0c6d s3 : ffffffe00e1fc000 s4 : 0000000000000000 s5 : ffffffe008d917c0 s6 : 0000000000000002 s7 : ffffffe00a574050 s8 : ffffffe00f470568 s9 : ffffffe0050495b0 s10: 0000000000000000 s11: 0000000000020000 t3 : ed669a2a82b05500 t4 : ffffffc401e6af37 t5 : ffffffc401e6af39 t6 : ffffffe00f3579c8 status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 Call Trace: [] refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25 [] __refcount_add include/linux/refcount.h:199 [inline] [] __refcount_inc include/linux/refcount.h:250 [inline] [] refcount_inc include/linux/refcount.h:267 [inline] [] kref_get include/linux/kref.h:45 [inline] [] j1939_netdev_start+0x686/0x6d8 net/can/j1939/main.c:271 [] j1939_sk_bind+0x294/0x7ae net/can/j1939/socket.c:479 [] __sys_bind+0x15e/0x19c net/socket.c:1637 [] __do_sys_bind net/socket.c:1648 [inline] [] sys_bind+0x2a/0x38 net/socket.c:1646 [] ret_from_syscall+0x0/0x2 irq event stamp: 7854 hardirqs last enabled at (7853): [] console_unlock+0x816/0x98a kernel/printk/printk.c:2605 hardirqs last disabled at (7854): [] _save_context+0x80/0x90 softirqs last enabled at (7834): [] __do_softirq+0x5e0/0x8c4 kernel/softirq.c:372 softirqs last disabled at (7827): [] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] softirqs last disabled at (7827): [] invoke_softirq kernel/softirq.c:228 [inline] softirqs last disabled at (7827): [] __irq_exit_rcu kernel/softirq.c:422 [inline] softirqs last disabled at (7827): [] irq_exit+0x1a0/0x1b6 kernel/softirq.c:446 ---[ end trace 5d8e16d26a5cdff8 ]---