------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 10778 at lib/refcount.c:25 refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
Modules linked in:
CPU: 1 PID: 10778 Comm: syz-executor.1 Not tainted 5.12.0-rc6-syzkaller-00183-g7ae11635ec90 #0
Hardware name: riscv-virtio,qemu (DT)
epc : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
 ra : refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
epc : ffffffe000974660 ra : ffffffe000974660 sp : ffffffe02231fce0
 gp : ffffffe004588ad0 tp : ffffffe007954740 t0 : 0000000000000000
 t1 : 0000000000000001 t2 : 0000000000000008 s0 : ffffffe02231fd00
 s1 : 0000000000000000 a0 : 000000000000002a a1 : 00000000000f0000
 a2 : ffffffd012cb0000 a3 : ffffffe0000e1472 a4 : 1bb56314464f5800
 a5 : 1bb56314464f5800 a6 : 0000000000f00000 a7 : ffffffe000084f22
 s2 : ffffffe0044c17ab s3 : 0000000000000000 s4 : 0000000000000000
 s5 : ffffffe02231fdec s6 : ffffffe02231fdf8 s7 : ffffffe00d519f98
 s8 : 0000000000000001 s9 : ffffffe00d8aa4d0 s10: 0000000000000000
 s11: 0000000000020000 t3 : 1bb56314464f5800 t4 : ffffffc401218f9b
 t5 : ffffffc401218f9d t6 : ffffffe0090c7ce8
status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003
Call Trace:
[<ffffffe000974660>] refcount_warn_saturate+0x17c/0x1e8 lib/refcount.c:25
[<ffffffe002818468>] __refcount_add include/linux/refcount.h:199 [inline]
[<ffffffe002818468>] __refcount_inc include/linux/refcount.h:250 [inline]
[<ffffffe002818468>] refcount_inc include/linux/refcount.h:267 [inline]
[<ffffffe002818468>] kref_get include/linux/kref.h:45 [inline]
[<ffffffe002818468>] j1939_netdev_start+0x512/0x6d8 net/can/j1939/main.c:250
[<ffffffe002819fe8>] j1939_sk_bind+0x294/0x7ae net/can/j1939/socket.c:479
[<ffffffe0020ea92a>] __sys_bind+0x15e/0x19c net/socket.c:1637
[<ffffffe0020ea992>] __do_sys_bind net/socket.c:1648 [inline]
[<ffffffe0020ea992>] sys_bind+0x2a/0x38 net/socket.c:1646
[<ffffffe000005578>] ret_from_syscall+0x0/0x2