------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 9094 at lib/refcount.c:25 refcount_warn_saturate+0x147/0x1b0 lib/refcount.c:25
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9094 Comm: syz-executor.0 Not tainted 5.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fb/0x318 lib/dump_stack.c:118
 panic+0x264/0x7a9 kernel/panic.c:221
 __warn+0x209/0x210 kernel/panic.c:582
 report_bug+0x1b6/0x2f0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0xcf/0x1c0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:refcount_warn_saturate+0x147/0x1b0 lib/refcount.c:25
Code: c7 ed e2 f0 88 31 c0 e8 d7 2d a8 fd 0f 0b eb a1 e8 0e 68 d6 fd c6 05 c7 31 c5 05 01 48 c7 c7 24 e3 f0 88 31 c0 e8 b9 2d a8 fd <0f> 0b eb 83 e8 f0 67 d6 fd c6 05 aa 31 c5 05 01 48 c7 c7 50 e3 f0
RSP: 0018:ffffc90001f17d58 EFLAGS: 00010246
RAX: 16770119375caa00 RBX: 0000000000000002 RCX: ffff888087810380
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90001f17d68 R08: ffffffff81600324 R09: ffffed1015d66618
R10: ffffed1015d66618 R11: 0000000000000000 R12: ffff888041e020c0
R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8880927d8040
 refcount_add include/linux/refcount.h:192 [inline]
 refcount_inc include/linux/refcount.h:228 [inline]
 get_net include/net/net_namespace.h:241 [inline]
 sk_alloc+0x8ba/0x9a0 net/core/sock.c:1669
 inet_create+0x5da/0xdb0 net/ipv4/af_inet.c:321
 __sock_create+0x5cb/0x910 net/socket.c:1433
 sock_create net/socket.c:1484 [inline]
 __sys_socket+0xe7/0x2e0 net/socket.c:1526
 __do_sys_socket net/socket.c:1535 [inline]
 __se_sys_socket net/socket.c:1533 [inline]
 __x64_sys_socket+0x7a/0x90 net/socket.c:1533
 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ef97
Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4a 8b fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d 8b fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffeb8276788 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045ef97
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 000000000000017c R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8276ea0 R14: 0000000000047321 R15: 00007ffeb8276eb0
Kernel Offset: disabled
Rebooting in 86400 seconds..