------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 12643 at lib/refcount.c:25 refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
Modules linked in:
CPU: 1 PID: 12643 Comm: syz-executor.1 Not tainted 5.12.0-rc6-syzkaller-00183-g79c338ab575e #0
Hardware name: riscv-virtio,qemu (DT)
epc : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
 ra : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
epc : ffffffe000974660 ra : ffffffe000974660 sp : ffffffe00c403ce0
 gp : ffffffe004588ad0 tp : ffffffe008da17c0 t0 : ffffffe004ffdbb7
 t1 : ffffffc401880738 t2 : 0000000000000000 s0 : ffffffe00c403d00
 s1 : 0000000000000000 a0 : 000000000000002a a1 : 00000000000f0000
 a2 : ffffffd015628000 a3 : ffffffe0000e1472 a4 : 1270a47255785f00
 a5 : 1270a47255785f00 a6 : 0000000000f00000 a7 : ffffffe00c4039c7
 s2 : ffffffe0044c17ab s3 : 0000000000000000 s4 : 0000000000000000
 s5 : ffffffe00c403dec s6 : ffffffe00c403df8 s7 : ffffffe00d3ff498
 s8 : 0000000000000001 s9 : ffffffe00e4594d0 s10: 0000000000000000
 s11: 0000000000020000 t3 : 1270a47255785f00 t4 : ffffffc401880737
 t5 : ffffffc401880739 t6 : ffffffe00c4039c8
status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003
Call Trace:
[<ffffffe000974660>] refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
[<ffffffe002818468>] __refcount_add include/linux/refcount.h:199 [inline]
[<ffffffe002818468>] __refcount_inc include/linux/refcount.h:250 [inline]
[<ffffffe002818468>] refcount_inc include/linux/refcount.h:267 [inline]
[<ffffffe002818468>] kref_get include/linux/kref.h:45 [inline]
[<ffffffe002818468>] j1939_netdev_start+0x512/0x6d8 net/can/j1939/main.c:250
[<ffffffe002819fe8>] j1939_sk_bind+0x294/0x7ae net/can/j1939/socket.c:479
[<ffffffe0020ea92a>] __sys_bind+0x15e/0x19c net/socket.c:1637
[<ffffffe0020ea992>] __do_sys_bind net/socket.c:1648 [inline]
[<ffffffe0020ea992>] sys_bind+0x2a/0x38 net/socket.c:1646
[<ffffffe000005578>] ret_from_syscall+0x0/0x2