------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 10720 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144 lib/refcount.c:25
Modules linked in:
CPU: 1 PID: 10720 Comm: syz-executor.0 Not tainted 5.14.0-rc2-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : refcount_warn_saturate+0xa0/0x144 lib/refcount.c:25
lr : refcount_warn_saturate+0xa0/0x144 lib/refcount.c:25
sp : ffff800014453ca0
x29: ffff800014453ca0 x28: fbff0000028dbd00 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: f8ff000005e484c0 x22: faff0000325b8000 x21: ffff800012563f18
x20: f8ff000005e48000 x19: fdff0000324fc000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000a0c9ad37d946
x14: 0000000000000320 x13: 0000000000000320 x12: 0000000000000000
x11: ffff800011dc0fc0 x10: 76c9da8a18090914 x9 : d7bb4e4bccffeab3
x8 : fbff0000028dcbb8 x7 : 0000000000000004 x6 : 0000008005886ef8
x5 : 0000000000000000 x4 : ffff00007fbb0988 x3 : ffff00007fbd3578
x2 : 0000000000000000 x1 : 0000000000000000 x0 : fbff0000028dbd00
Call trace:
 refcount_warn_saturate+0xa0/0x144 lib/refcount.c:25
 __refcount_add include/linux/refcount.h:199 [inline]
 __refcount_inc include/linux/refcount.h:250 [inline]
 refcount_inc include/linux/refcount.h:267 [inline]
 kref_get include/linux/kref.h:45 [inline]
 j1939_netdev_start+0x408/0x450 net/can/j1939/main.c:275
 j1939_sk_bind+0xf8/0x380 net/can/j1939/socket.c:482
 __sys_bind+0xd4/0x100 net/socket.c:1679
 __do_sys_bind net/socket.c:1690 [inline]
 __se_sys_bind net/socket.c:1688 [inline]
 __arm64_sys_bind+0x24/0x34 net/socket.c:1688
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x40/0xdc arch/arm64/kernel/syscall.c:145
 do_el0_svc+0x78/0x90 arch/arm64/kernel/syscall.c:184
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:511
 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:527
 el0t_64_sync+0x1b4/0x1b8 arch/arm64/kernel/entry.S:574
---[ end trace 115d8955a7af6610 ]---