[111607.195289] ------------[ cut here ]------------
[111607.195305] refcount_t: addition on 0; use-after-free.
[111607.195481] WARNING: CPU: 2 PID: 3130808 at lib/refcount.c:25 refcount_warn_saturate+0x74/0x110
[111607.196310] Modules linked in: tls nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables nfnetlink intel_rapl_msr intel_rapl_common intel_pmc_core rapl snd_ens1371 snd_ac97_codec vmw_balloon ac97_bus vmwgfx snd_pcm drm_ttm_helper pcspkr ttm snd_timer snd_rawmidi snd_seq_device drm_kms_helper snd syscopyarea vmw_vmci sysfillrect soundcore i2c_piix4 sysimgblt vfat fat joydev drm fuse xfs libcrc32c sr_mod cdrom sg ata_generic crct10dif_pclmul crc32_pclmul crc32c_intel nvme ghash_clmulni_intel ahci libahci nvme_core ata_piix nvme_common libata t10_pi vmxnet3 serio_raw dm_mirror dm_region_hash dm_log dm_mod
[111607.197802] CPU: 2 PID: 3130808 Comm: poc6 Kdump: loaded Not tainted 5.14.0-362.24.2.el9_3.x86_64 #1
[111607.198059] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.21805430.B64.2305221826 05/22/2023
[111607.198360] RIP: 0010:refcount_warn_saturate+0x74/0x110
[111607.198628] Code: 01 01 e8 cf a7 b0 ff 0f 0b c3 cc cc cc cc 80 3d 03 c9 b2 01 00 75 cb 48 c7 c7 98 be 55 82 c6 05 f3 c8 b2 01 01 e8 ac a7 b0 ff <0f> 0b c3 cc cc cc cc 80 3d e2 c8 b2 01 00 75 a8 48 c7 c7 70 be 55
[111607.199085] RSP: 0018:ffffc900118b7bb0 EFLAGS: 00010286
[111607.199295] RAX: 0000000000000000 RBX: ffff888017f20108 RCX: 0000000000000027
[111607.199565] RDX: 0000000000000027 RSI: ffffffff82c67200 RDI: ffff88806f09f888
[111607.199773] RBP: 000000000001b4d1 R08: 80000000ffff8711 R09: 3a745f746e756f63
[111607.199982] R10: 203b30206e6f206e R11: 6f69746964646120 R12: ffff888002864168
[111607.200175] R13: ffffffff83d83280 R14: ffff888017f20108 R15: 00000000b394005a
[111607.200365] FS: 00007fd621001640(0000) GS:ffff88806f080000(0000) knlGS:0000000000000000
[111607.200534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[111607.200766] CR2: 0000000020ccb000 CR3: 000000001e5b0006 CR4: 00000000003706e0
[111607.201030] Call Trace:
[111607.201182] 
[111607.201350] ? show_trace_log_lvl+0x1c4/0x2df 
[111607.201623] ? show_trace_log_lvl+0x1c4/0x2df 
[111607.201800] ? tcp_twsk_unique+0x183/0x190 
[111607.201993] ? refcount_warn_saturate+0x74/0x110 
[111607.202164] ? __warn+0x81/0x110 
[111607.202442] ? refcount_warn_saturate+0x74/0x110 
[111607.202692] ? report_bug+0x10a/0x140 
[111607.202931] ? handle_bug+0x3c/0x70 
[111607.203212] ? exc_invalid_op+0x14/0x70 
[111607.203425] ? asm_exc_invalid_op+0x16/0x20 
[111607.203679] ? refcount_warn_saturate+0x74/0x110 
[111607.203924] tcp_twsk_unique+0x183/0x190 
[111607.204091] __inet_check_established+0x158/0x2c0 
[111607.204335] __inet_hash_connect+0xb7/0x540 
[111607.204590] ? __pfx___inet_check_established+0x10/0x10 
[111607.206806] tcp_v4_connect+0x24e/0x520 
[111607.207707] __inet_stream_connect+0xcb/0x3b0 
[111607.208583] ? release_sock+0x40/0x90 
[111607.209469] ? selinux_netlbl_socket_connect+0x2b/0x40 
[111607.210342] inet_stream_connect+0x37/0x60 
[111607.211177] __sys_connect+0xa3/0xd0 
[111607.211985] __x64_sys_connect+0x14/0x20 
[111607.212751] do_syscall_64+0x59/0x90 
[111607.213481] ? handle_mm_fault+0xc5/0x2a0 
[111607.214232] ? do_user_addr_fault+0x1d6/0x6a0 
[111607.215008] ? exc_page_fault+0x62/0x150 
[111607.215729] entry_SYSCALL_64_after_hwframe+0x72/0xdc 
[111607.216422] RIP: 0033:0x7fd620c3ee5d 
[111607.217343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 93 af 1b 00 f7 d8 64 89 01 48 
[111607.218781] RSP: 002b:00007fd621000de8 EFLAGS: 00000296 ORIG_RAX: 000000000000002a 
[111607.219457] RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007fd620c3ee5d 
[111607.220126] RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 
[111607.220790] RBP: 00007fd621000e20 R08: 0000000000000000 R09: 0000000000000000 
[111607.221410] R10: 0000000000000000 R11: 0000000000000296 R12: 00007fd621001640 
[111607.222035] R13: 0000000000000000 R14: 00007fd620c9f530 R15: 0000000000000000 
[111607.222621]
[111607.223192] ---[ end trace f02e72c43eeca118 ]---
[111607.223742] ------------[ cut here ]------------
[111607.223743] refcount_t: underflow; use-after-free.
[111607.223750] WARNING: CPU: 2 PID: 3130808 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110
[111607.225417] Modules linked in: tls nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables nfnetlink intel_rapl_msr intel_rapl_common intel_pmc_core rapl snd_ens1371 snd_ac97_codec vmw_balloon ac97_bus vmwgfx snd_pcm drm_ttm_helper pcspkr ttm snd_timer snd_rawmidi snd_seq_device drm_kms_helper snd syscopyarea vmw_vmci sysfillrect soundcore i2c_piix4 sysimgblt vfat fat joydev drm fuse xfs libcrc32c sr_mod cdrom sg ata_generic crct10dif_pclmul crc32_pclmul crc32c_intel nvme ghash_clmulni_intel ahci libahci nvme_core ata_piix nvme_common libata t10_pi vmxnet3 serio_raw dm_mirror dm_region_hash dm_log dm_mod
[111607.228620] CPU: 2 PID: 3130808 Comm: poc6 Kdump: loaded Tainted: G W ------- --- 5.14.0-362.24.2.el9_3.x86_64 #1
[111607.229352] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.21805430.B64.2305221826 05/22/2023
[111607.230106] RIP: 0010:refcount_warn_saturate+0xba/0x110
[111607.230848] Code: 01 01 e8 89 a7 b0 ff 0f 0b c3 cc cc cc cc 80 3d bc c8 b2 01 00 75 85 48 c7 c7 c8 be 55 82 c6 05 ac c8 b2 01 01 e8 66 a7 b0 ff <0f> 0b c3 cc cc cc cc 80 3d 97 c8 b2 01 00 0f 85 5e ff ff ff 48 c7
[111607.232365] RSP: 0018:ffffc900118b7bd0 EFLAGS: 00010282
[111607.233131] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000000027
[111607.233902] RDX: 0000000000000027 RSI: ffffffff82c67200 RDI: ffff88806f09f888
[111607.234719] RBP: ffff8880048ebf00 R08: 80000000ffff8749 R09: 657466612d657375
[111607.235532] R10: 203b776f6c667265 R11: 646e75203a745f74 R12: ffff888002864168
[111607.236327] R13: ffffffff83d83280 R14: ffff888017f20108 R15: 00000000b394005a
[111607.237148] FS: 00007fd621001640(0000) GS:ffff88806f080000(0000) knlGS:0000000000000000
[111607.237988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[111607.238815] CR2: 0000000020ccb000 CR3: 000000001e5b0006 CR4: 00000000003706e0
[111607.239689] Call Trace:
[111607.240472] 
[111607.241313] ? show_trace_log_lvl+0x1c4/0x2df 
[111607.242156] ? show_trace_log_lvl+0x1c4/0x2df 
[111607.242989] ? __inet_check_established+0x23a/0x2c0 
[111607.243838] ? refcount_warn_saturate+0xba/0x110 
[111607.244669] ? __warn+0x81/0x110 
[111607.245484] ? refcount_warn_saturate+0xba/0x110 
[111607.246331] ? report_bug+0x10a/0x140 
[111607.247155] ? handle_bug+0x3c/0x70 
[111607.248005] ? exc_invalid_op+0x14/0x70 
[111607.248834] ? asm_exc_invalid_op+0x16/0x20 
[111607.249629] ? refcount_warn_saturate+0xba/0x110 
[111607.250435] __inet_check_established+0x23a/0x2c0 
[111607.251279] __inet_hash_connect+0xb7/0x540 
[111607.252135] ? __pfx___inet_check_established+0x10/0x10 
[111607.252962] tcp_v4_connect+0x24e/0x520 
[111607.253786] __inet_stream_connect+0xcb/0x3b0 
[111607.254601] ? release_sock+0x40/0x90 
[111607.255361] ? selinux_netlbl_socket_connect+0x2b/0x40 
[111607.256105] inet_stream_connect+0x37/0x60 
[111607.256913] __sys_connect+0xa3/0xd0 
[111607.257709] __x64_sys_connect+0x14/0x20 
[111607.258481] do_syscall_64+0x59/0x90 
[111607.259254] ? handle_mm_fault+0xc5/0x2a0 
[111607.260002] ? do_user_addr_fault+0x1d6/0x6a0 
[111607.260735] ? exc_page_fault+0x62/0x150 
[111607.261466] entry_SYSCALL_64_after_hwframe+0x72/0xdc 
[111607.262226] RIP: 0033:0x7fd620c3ee5d 
[111607.262995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 93 af 1b 00 f7 d8 64 89 01 48 
[111607.264529] RSP: 002b:00007fd621000de8 EFLAGS: 00000296 ORIG_RAX: 000000000000002a 
[111607.264533] RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007fd620c3ee5d 
[111607.264535] RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 
[111607.264536] RBP: 00007fd621000e20 R08: 0000000000000000 R09: 0000000000000000 
[111607.264537] R10: 0000000000000000 R11: 0000000000000296 R12: 00007fd621001640 
[111607.264538] R13: 0000000000000000 R14: 00007fd620c9f530 R15: 0000000000000000 
[111607.264541]
[111607.264542] ---[ end trace f02e72c43eeca119 ]---
[116082.336931] ------------[ cut here ]------------
[116082.336934] refcount_t: decrement hit 0; leaking memory.
[116082.336942] WARNING: CPU: 1 PID: 3866568 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110
[116082.338791] Modules linked in: tls nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables nfnetlink intel_rapl_msr intel_rapl_common intel_pmc_core rapl snd_ens1371 snd_ac97_codec vmw_balloon ac97_bus vmwgfx snd_pcm drm_ttm_helper pcspkr ttm snd_timer snd_rawmidi snd_seq_device drm_kms_helper snd syscopyarea vmw_vmci sysfillrect soundcore i2c_piix4 sysimgblt vfat fat joydev drm fuse xfs libcrc32c sr_mod cdrom sg ata_generic crct10dif_pclmul crc32_pclmul crc32c_intel nvme ghash_clmulni_intel ahci libahci nvme_core ata_piix nvme_common libata t10_pi vmxnet3 serio_raw dm_mirror dm_region_hash dm_log dm_mod
[116082.342044] CPU: 1 PID: 3866568 Comm: poc5 Kdump: loaded Tainted: G W ------- --- 5.14.0-362.24.2.el9_3.x86_64 #1
[116082.342768] Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.21805430.B64.2305221826 05/22/2023
[116082.343457] RIP: 0010:refcount_warn_saturate+0xfb/0x110
[116082.344151] Code: 20 bf 55 82 c6 05 83 c8 b2 01 01 e8 3f a7 b0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 f0 be 55 82 c6 05 6a c8 b2 01 01 e8 25 a7 b0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90
[116082.345654] RSP: 0018:ffffc90005c83c40 EFLAGS: 00010286
[116082.346415] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000000027
[116082.347200] RDX: 0000000000000027 RSI: ffffffff82c67200 RDI: ffff88806f05f888
[116082.347957] RBP: ffff888011893600 R08: 80000000ffff8780 R09: 64203a745f746e75
[116082.348746] R10: 203b302074696820 R11: 746e656d65726365 R12: ffff888002864168
[116082.349548] R13: ffffffff83d83280 R14: ffff888017225ad0 R15: 00000000b394005a
[116082.350328] FS: 00007f0c33ece640(0000) GS:ffff88806f040000(0000) knlGS:0000000000000000
[116082.351154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[116082.351972] CR2: 0000000020ccb000 CR3: 000000000aa5c001 CR4: 00000000003706e0
[116082.352815] Call Trace:
[116082.353638] 
[116082.354410] ? show_trace_log_lvl+0x1c4/0x2df 
[116082.355236] ? show_trace_log_lvl+0x1c4/0x2df 
[116082.356055] ? __inet_check_established+0x29c/0x2c0 
[116082.356874] ? refcount_warn_saturate+0xfb/0x110 
[116082.357692] ? __warn+0x81/0x110 
[116082.358505] ? refcount_warn_saturate+0xfb/0x110 
[116082.359302] ? report_bug+0x10a/0x140 
[116082.360124] ? handle_bug+0x3c/0x70 
[116082.360905] ? exc_invalid_op+0x14/0x70 
[116082.361697] ? asm_exc_invalid_op+0x16/0x20 
[116082.362491] ? refcount_warn_saturate+0xfb/0x110 
[116082.363300] __inet_check_established+0x29c/0x2c0 
[116082.364098] __inet_hash_connect+0xb7/0x540 
[116082.364893] ? __pfx___inet_check_established+0x10/0x10 
[116082.365689] tcp_v4_connect+0x24e/0x520 
[116082.366454] ? pgtable_trans_huge_deposit+0x88/0x110 
[116082.367247] __inet_stream_connect+0xcb/0x3b0 
[116082.368000] ? release_sock+0x40/0x90 
[116082.368746] ? selinux_netlbl_socket_connect+0x2b/0x40 
[116082.369488] inet_stream_connect+0x37/0x60 
[116082.370197] __sys_connect+0xa3/0xd0 
[116082.370942] __x64_sys_connect+0x14/0x20 
[116082.371699] do_syscall_64+0x59/0x90 
[116082.372417] ? do_syscall_64+0x69/0x90 
[116082.373161] ? exc_page_fault+0x62/0x150 
[116082.373882] entry_SYSCALL_64_after_hwframe+0x72/0xdc 
[116082.374621] RIP: 0033:0x7f0c33c3ee5d 
[116082.375345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 93 af 1b 00 f7 d8 64 89 01 48 
[116082.376841] RSP: 002b:00007f0c33ecdde8 EFLAGS: 00000296 ORIG_RAX: 000000000000002a 
[116082.377568] RAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f0c33c3ee5d 
[116082.378268] RDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003 
[116082.378968] RBP: 00007f0c33ecde20 R08: 0000000000000000 R09: 0000000000000000 
[116082.379631] R10: 0000000000000000 R11: 0000000000000296 R12: 00007f0c33ece640 
[116082.380272] R13: 0000000000000000 R14: 00007f0c33c9f530 R15: 0000000000000000 
[116082.380901]
[116082.381500] ---[ end trace f02e72c43eeca11a ]---