------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 3056 at lib/refcount.c:28 refcount_warn_saturate+0x1e4/0x1e8 lib/refcount.c:28
Modules linked in:
CPU: 0 PID: 3056 Comm: syz-fuzzer Not tainted 5.12.0-rc8-syzkaller-00011-g18a3c5f7abfd #0
Hardware name: riscv-virtio,qemu (DT)
epc : refcount_warn_saturate+0x1e4/0x1e8 lib/refcount.c:28
 ra : refcount_warn_saturate+0x1e4/0x1e8 lib/refcount.c:28
epc : ffffffe000977304 ra : ffffffe000977304 sp : ffffffe00b75fb10
 gp : ffffffe0045883c0 tp : ffffffe00a4497c0 t0 : ffffffe004ffdbb7
 t1 : ffffffc4016ebefe t2 : 0000000000000000 s0 : ffffffe00b75fb30
 s1 : 0000000000000000 a0 : 0000000000000026 a1 : 00000000000f0000
 a2 : 0000000000000100 a3 : ffffffe0000e1458 a4 : acb9b8a2847c8e00
 a5 : acb9b8a2847c8e00 a6 : 0000000000f00000 a7 : ffffffe00b75f7f7
 s2 : ffffffe0044c0c6d s3 : ffffffe00b9b3020 s4 : ffffffe026af8000
 s5 : ffffffe00b9b3000 s6 : ffffffe00d6ed088 s7 : ffffffe0087dd640
 s8 : ffffffe00a4497c0 s9 : ffffffe003004560 s10: 0000000000000000
 s11: 0000000000000000 t3 : acb9b8a2847c8e00 t4 : ffffffc4016ebefd
 t5 : ffffffc4016ebeff t6 : ffffffe00b75f7f8
status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003
Call Trace:
[<ffffffe000977304>] refcount_warn_saturate+0x1e4/0x1e8 lib/refcount.c:28
[<ffffffe002876f30>] __refcount_sub_and_test include/linux/refcount.h:283 [inline]
[<ffffffe002876f30>] __refcount_dec_and_test include/linux/refcount.h:315 [inline]
[<ffffffe002876f30>] refcount_dec_and_test include/linux/refcount.h:333 [inline]
[<ffffffe002876f30>] sctp_transport_put+0x10c/0x12c net/sctp/transport.c:325
[<ffffffe002869dc6>] sctp_generate_heartbeat_event+0x110/0x290 net/sctp/sm_sideeffect.c:401
[<ffffffe00011d2d0>] call_timer_fn+0x10e/0x656 kernel/time/timer.c:1431
[<ffffffe00011dbf8>] expire_timers kernel/time/timer.c:1476 [inline]
[<ffffffe00011dbf8>] __run_timers.part.0+0x3e0/0x442 kernel/time/timer.c:1745
[<ffffffe00011dcd0>] __run_timers kernel/time/timer.c:1726 [inline]
[<ffffffe00011dcd0>] run_timer_softirq+0x76/0xe0 kernel/time/timer.c:1758
[<ffffffe002a9b208>] __do_softirq+0x270/0x8c4 kernel/softirq.c:345
[<ffffffe00003507e>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
[<ffffffe00003507e>] invoke_softirq kernel/softirq.c:228 [inline]
[<ffffffe00003507e>] __irq_exit_rcu kernel/softirq.c:422 [inline]
[<ffffffe00003507e>] irq_exit+0x1a0/0x1b6 kernel/softirq.c:446
[<ffffffe0000e4706>] __handle_domain_irq+0x146/0x1ea kernel/irq/irqdesc.c:692
[<ffffffe000a93d8e>] handle_domain_irq include/linux/irqdesc.h:176 [inline]
[<ffffffe000a93d8e>] riscv_intc_irq+0x82/0xcc drivers/irqchip/irq-riscv-intc.c:40
[<ffffffe000005586>] ret_from_exception+0x0/0x14
irq event stamp: 4072841
hardirqs last  enabled at (4072840): [<ffffffe0000ddb8a>] console_unlock+0x816/0x98a kernel/printk/printk.c:2605
hardirqs last disabled at (4072841): [<ffffffe0000054bc>] _save_context+0x80/0x90
softirqs last  enabled at (4072594): [<ffffffe002a9b578>] __do_softirq+0x5e0/0x8c4 kernel/softirq.c:372
softirqs last disabled at (4072799): [<ffffffe00003507e>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (4072799): [<ffffffe00003507e>] invoke_softirq kernel/softirq.c:228 [inline]
softirqs last disabled at (4072799): [<ffffffe00003507e>] __irq_exit_rcu kernel/softirq.c:422 [inline]
softirqs last disabled at (4072799): [<ffffffe00003507e>] irq_exit+0x1a0/0x1b6 kernel/softirq.c:446
---[ end trace 357dc582b6d05453 ]---