program:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r4=>0x0})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4}, 0x18)
sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
sendmsg$can_j1939(r5, &(0x7f00000002c0)={&(0x7f0000000200), 0x18, &(0x7f0000000280)={0x0}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, 0x0, 0x0)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
socket$inet6_sctp(0xa, 0x5, 0x84)

[   60.013474][ T4682] Bluetooth: hci0: command tx timeout
[   60.147430][    C0] ------------[ cut here ]------------
[   60.149889][    C0] refcount_t: underflow; use-after-free.
[   60.152416][    C0] WARNING: CPU: 0 PID: 5341 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   60.156118][    C0] Modules linked in:
[   60.157642][    C0] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0
[   60.161450][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.165645][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   60.168057][    C0] Code: a0 10 61 8c e8 17 94 95 fc 90 0f 0b 90 90 eb 99 e8 0b eb d4 fc c6 05 eb a2 47 0b 01 90 48 c7 c7 00 11 61 8c e8 f7 93 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 e8 ea d4 fc c6 05 c5 a2 47 0b 01 90
[   60.175311][    C0] RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
[   60.177679][    C0] RAX: e74cc9d177feb900 RBX: ffff888052ecb864 RCX: ffff88801f7b0000
[   60.180781][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   60.183871][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: fffffbfff1cfa8a0
[   60.186818][    C0] R10: dffffc0000000000 R11: fffffbfff1cfa8a0 R12: ffff888042e1a000
[   60.189607][    C0] R13: ffff888052ecb864 R14: ffff888042e1a000 R15: ffff888053c3fb18
[   60.192482][    C0] FS:  00007f18fa1ed6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   60.195448][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.197847][    C0] CR2: 00007f18fa1ecfe0 CR3: 00000000443ee000 CR4: 0000000000352ef0
[   60.201065][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   60.204198][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   60.207283][    C0] Call Trace:
[   60.208639][    C0]  <IRQ>
[   60.209857][    C0]  ? __warn+0x168/0x4e0
[   60.211567][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   60.213367][    C0]  ? report_bug+0x2b3/0x500
[   60.215568][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   60.217900][    C0]  ? handle_bug+0x60/0x90
[   60.219757][    C0]  ? exc_invalid_op+0x1a/0x50
[   60.221588][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   60.223448][    C0]  ? __warn_printk+0x292/0x360
[   60.225323][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   60.227474][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   60.229412][    C0]  j1939_tp_recv+0x8ae/0x1050
[   60.231363][    C0]  j1939_can_recv+0x732/0xb20
[   60.233067][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   60.234978][    C0]  ? __lock_acquire+0x1397/0x2100
[   60.236858][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   60.238917][    C0]  can_rcv_filter+0x359/0x7f0
[   60.240752][    C0]  can_receive+0x327/0x480
[   60.242478][    C0]  ? can_receive+0x1c9/0x480
[   60.244303][    C0]  can_rcv+0x144/0x260
[   60.245836][    C0]  ? __pfx_can_rcv+0x10/0x10
[   60.247648][    C0]  __netif_receive_skb+0x2e0/0x650
[   60.249358][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   60.251079][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   60.252984][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.255033][    C0]  ? __pfx_lock_release+0x10/0x10
[   60.256741][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   60.258495][    C0]  process_backlog+0x662/0x15b0
[   60.260390][    C0]  ? process_backlog+0x33b/0x15b0
[   60.262140][    C0]  ? __pfx_process_backlog+0x10/0x10
[   60.264056][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.266247][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.268634][    C0]  __napi_poll+0xcb/0x490
[   60.270457][    C0]  net_rx_action+0x89b/0x1240
[   60.272179][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   60.274065][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.276206][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.278505][    C0]  handle_softirqs+0x2c5/0x980
[   60.280277][    C0]  ? do_softirq+0x11b/0x1e0
[   60.282021][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   60.284088][    C0]  do_softirq+0x11b/0x1e0
[   60.285725][    C0]  </IRQ>
[   60.286900][    C0]  <TASK>
[   60.287965][    C0]  ? __pfx_do_softirq+0x10/0x10
[   60.289871][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   60.292021][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   60.293834][    C0]  ? rcu_is_watching+0x15/0xb0
[   60.295712][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   60.297678][    C0]  ? j1939_sk_sendmsg+0x114a/0x14c0
[   60.299662][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   60.301606][    C0]  j1939_sk_sendmsg+0x114a/0x14c0
[   60.303506][    C0]  ? aa_sk_perm+0x96d/0xab0
[   60.305259][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   60.307246][    C0]  ? __import_iovec+0x590/0x870
[   60.309175][    C0]  ? aa_sock_msg_perm+0x91/0x160
[   60.311127][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   60.313195][    C0]  __sock_sendmsg+0x221/0x270
[   60.315013][    C0]  ____sys_sendmsg+0x52a/0x7e0
[   60.316891][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[   60.318841][    C0]  ? __fget_files+0x2a/0x410
[   60.320743][    C0]  ? __fget_files+0x2a/0x410
[   60.322484][    C0]  __sys_sendmsg+0x269/0x350
[   60.324290][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[   60.326246][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.328651][    C0]  ? do_syscall_64+0x100/0x230
[   60.330561][    C0]  ? do_syscall_64+0xb6/0x230
[   60.332350][    C0]  do_syscall_64+0xf3/0x230
[   60.334048][    C0]  ? clear_bhb_loop+0x35/0x90
[   60.335777][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.337926][    C0] RIP: 0033:0x7f18f9380809
[   60.339831][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.347695][    C0] RSP: 002b:00007f18fa1ed058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.350841][    C0] RAX: ffffffffffffffda RBX: 00007f18f9546160 RCX: 00007f18f9380809
[   60.353884][    C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
[   60.356918][    C0] RBP: 00007f18f93f393e R08: 0000000000000000 R09: 0000000000000000
[   60.359914][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.363081][    C0] R13: 0000000000000000 R14: 00007f18f9546160 R15: 00007ffdd8fa98b8
[   60.366094][    C0]  </TASK>
[   60.367293][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   60.370004][    C0] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0
[   60.373999][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.378239][    C0] Call Trace:
[   60.379539][    C0]  <IRQ>
[   60.380654][    C0]  dump_stack_lvl+0x241/0x360
[   60.382431][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.384408][    C0]  ? __pfx__printk+0x10/0x10
[   60.386046][    C0]  ? vscnprintf+0x5d/0x90
[   60.387665][    C0]  panic+0x349/0x880
[   60.389160][    C0]  ? __warn+0x177/0x4e0
[   60.390709][    C0]  ? __pfx_panic+0x10/0x10
[   60.392391][    C0]  __warn+0x34b/0x4e0
[   60.393826][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   60.395667][    C0]  report_bug+0x2b3/0x500
[   60.397215][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   60.399168][    C0]  handle_bug+0x60/0x90
[   60.400771][    C0]  exc_invalid_op+0x1a/0x50
[   60.402467][    C0]  asm_exc_invalid_op+0x1a/0x20
[   60.404264][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   60.406433][    C0] Code: a0 10 61 8c e8 17 94 95 fc 90 0f 0b 90 90 eb 99 e8 0b eb d4 fc c6 05 eb a2 47 0b 01 90 48 c7 c7 00 11 61 8c e8 f7 93 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 e8 ea d4 fc c6 05 c5 a2 47 0b 01 90
[   60.413375][    C0] RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
[   60.415665][    C0] RAX: e74cc9d177feb900 RBX: ffff888052ecb864 RCX: ffff88801f7b0000
[   60.419051][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   60.422552][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: fffffbfff1cfa8a0
[   60.426061][    C0] R10: dffffc0000000000 R11: fffffbfff1cfa8a0 R12: ffff888042e1a000
[   60.429515][    C0] R13: ffff888052ecb864 R14: ffff888042e1a000 R15: ffff888053c3fb18
[   60.432320][    C0]  ? __warn_printk+0x292/0x360
[   60.433879][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   60.435514][    C0]  j1939_tp_recv+0x8ae/0x1050
[   60.437201][    C0]  j1939_can_recv+0x732/0xb20
[   60.438758][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   60.440347][    C0]  ? __lock_acquire+0x1397/0x2100
[   60.442226][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   60.444073][    C0]  can_rcv_filter+0x359/0x7f0
[   60.445915][    C0]  can_receive+0x327/0x480
[   60.447689][    C0]  ? can_receive+0x1c9/0x480
[   60.449410][    C0]  can_rcv+0x144/0x260
[   60.450971][    C0]  ? __pfx_can_rcv+0x10/0x10
[   60.452749][    C0]  __netif_receive_skb+0x2e0/0x650
[   60.454654][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   60.456524][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   60.458633][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.460889][    C0]  ? __pfx_lock_release+0x10/0x10
[   60.462747][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   60.464728][    C0]  process_backlog+0x662/0x15b0
[   60.466555][    C0]  ? process_backlog+0x33b/0x15b0
[   60.468499][    C0]  ? __pfx_process_backlog+0x10/0x10
[   60.470467][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.472735][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.475294][    C0]  __napi_poll+0xcb/0x490
[   60.477002][    C0]  net_rx_action+0x89b/0x1240
[   60.478752][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   60.480612][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.482828][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.485213][    C0]  handle_softirqs+0x2c5/0x980
[   60.486997][    C0]  ? do_softirq+0x11b/0x1e0
[   60.488693][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   60.490631][    C0]  do_softirq+0x11b/0x1e0
[   60.492142][    C0]  </IRQ>
[   60.493106][    C0]  <TASK>
[   60.494042][    C0]  ? __pfx_do_softirq+0x10/0x10
[   60.495628][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   60.497514][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   60.499419][    C0]  ? rcu_is_watching+0x15/0xb0
[   60.501090][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   60.502924][    C0]  ? j1939_sk_sendmsg+0x114a/0x14c0
[   60.504938][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   60.507110][    C0]  j1939_sk_sendmsg+0x114a/0x14c0
[   60.508970][    C0]  ? aa_sk_perm+0x96d/0xab0
[   60.510889][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   60.513419][    C0]  ? __import_iovec+0x590/0x870
[   60.515684][    C0]  ? aa_sock_msg_perm+0x91/0x160
[   60.517966][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   60.520441][    C0]  __sock_sendmsg+0x221/0x270
[   60.522588][    C0]  ____sys_sendmsg+0x52a/0x7e0
[   60.524716][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[   60.527050][    C0]  ? __fget_files+0x2a/0x410
[   60.529131][    C0]  ? __fget_files+0x2a/0x410
[   60.531157][    C0]  __sys_sendmsg+0x269/0x350
[   60.532990][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[   60.534921][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.537092][    C0]  ? do_syscall_64+0x100/0x230
[   60.538770][    C0]  ? do_syscall_64+0xb6/0x230
[   60.540404][    C0]  do_syscall_64+0xf3/0x230
[   60.542058][    C0]  ? clear_bhb_loop+0x35/0x90
[   60.543914][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.546227][    C0] RIP: 0033:0x7f18f9380809
[   60.547867][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.555130][    C0] RSP: 002b:00007f18fa1ed058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.558639][    C0] RAX: ffffffffffffffda RBX: 00007f18f9546160 RCX: 00007f18f9380809
[   60.562118][    C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
[   60.565620][    C0] RBP: 00007f18f93f393e R08: 0000000000000000 R09: 0000000000000000
[   60.569149][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.572610][    C0] R13: 0000000000000000 R14: 00007f18f9546160 R15: 00007ffdd8fa98b8
[   60.575798][    C0]  </TASK>
[   60.577133][    C0] Kernel Offset: disabled
[   60.578621][    C0] Rebooting in 86400 seconds..