program:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r4=>0x0})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4}, 0x18)
sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)

[   68.369874][   T48] Bluetooth: hci0: command tx timeout
[   68.768683][    C0] ------------[ cut here ]------------
[   68.771204][    C0] refcount_t: underflow; use-after-free.
[   68.773703][    C0] WARNING: CPU: 0 PID: 12 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   68.777077][    C0] Modules linked in:
[   68.778604][    C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[   68.782342][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.786489][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[   68.789198][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   68.791581][    C0] Code: e0 1e 5f 8c e8 a7 c1 95 fc 90 0f 0b 90 90 eb 99 e8 bb 19 d5 fc c6 05 8d 28 39 0b 01 90 48 c7 c7 40 1f 5f 8c e8 87 c1 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 98 19 d5 fc c6 05 67 28 39 0b 01 90
[   68.799666][    C0] RSP: 0018:ffffc900000076c0 EFLAGS: 00010246
[   68.801996][    C0] RAX: f351b8e8e79c8e00 RBX: ffff8880455c24a4 RCX: ffff88801caec880
[   68.804734][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   68.807650][    C0] RBP: 0000000000000003 R08: ffffffff81601c02 R09: 1ffff11003f8519a
[   68.810785][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff88801187a800
[   68.813884][    C0] R13: ffff8880455c24a4 R14: ffff88801187a800 R15: ffff8880538a8c18
[   68.816451][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.819192][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.821149][    C0] CR2: 00007f96a92e3fe0 CR3: 000000000e736000 CR4: 0000000000352ef0
[   68.824275][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.827988][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.831543][    C0] Call Trace:
[   68.833189][    C0]  <IRQ>
[   68.834324][    C0]  ? __warn+0x165/0x4d0
[   68.836037][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.839115][    C0]  ? report_bug+0x2b3/0x500
[   68.841202][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.843369][    C0]  ? handle_bug+0x60/0x90
[   68.844979][    C0]  ? exc_invalid_op+0x1a/0x50
[   68.846775][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   68.848688][    C0]  ? __warn_printk+0x292/0x360
[   68.850528][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.852547][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   68.854558][    C0]  j1939_tp_recv+0x8ae/0x1050
[   68.856472][    C0]  j1939_can_recv+0x732/0xb20
[   68.858391][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   68.860404][    C0]  ? __lock_acquire+0x1397/0x2100
[   68.862202][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   68.863750][    C0]  can_rcv_filter+0x359/0x7f0
[   68.865354][    C0]  can_receive+0x327/0x480
[   68.867230][    C0]  ? can_receive+0x1c9/0x480
[   68.868738][    C0]  can_rcv+0x144/0x260
[   68.870312][    C0]  ? __pfx_can_rcv+0x10/0x10
[   68.872000][    C0]  __netif_receive_skb+0x2e0/0x650
[   68.873920][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   68.875886][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   68.878167][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.880540][    C0]  ? __pfx_lock_release+0x10/0x10
[   68.882292][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   68.883817][    C0]  process_backlog+0x662/0x15b0
[   68.885315][    C0]  ? process_backlog+0x33b/0x15b0
[   68.886949][    C0]  ? __pfx_process_backlog+0x10/0x10
[   68.888798][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.890908][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.892727][    C0]  __napi_poll+0xcb/0x490
[   68.894054][    C0]  net_rx_action+0x89b/0x1240
[   68.895853][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   68.897976][    C0]  ? do_softirq+0x11b/0x1e0
[   68.899751][    C0]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   68.901986][    C0]  ? try_to_wake_up+0x959/0x1470
[   68.903877][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.906312][    C0]  handle_softirqs+0x2d4/0x9b0
[   68.908444][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   68.910471][    C0]  ? do_softirq+0x11b/0x1e0
[   68.912272][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   68.914150][    C0]  do_softirq+0x11b/0x1e0
[   68.915675][    C0]  </IRQ>
[   68.916733][    C0]  <TASK>
[   68.918013][    C0]  ? __pfx_do_softirq+0x10/0x10
[   68.919836][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   68.921869][    C0]  ? rcu_is_watching+0x15/0xb0
[   68.923624][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   68.925524][    C0]  ? nsim_dev_trap_report_work+0x7c4/0xb50
[   68.927588][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   68.929438][    C0]  ? do_raw_spin_unlock+0x58/0x8b0
[   68.931126][    C0]  ? nsim_dev_trap_report_work+0x71a/0xb50
[   68.933121][    C0]  nsim_dev_trap_report_work+0x7c4/0xb50
[   68.935050][    C0]  ? process_scheduled_works+0x976/0x1840
[   68.936841][    C0]  process_scheduled_works+0xa66/0x1840
[   68.938698][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[   68.940698][    C0]  ? assign_work+0x364/0x3d0
[   68.942448][    C0]  worker_thread+0x870/0xd30
[   68.944140][    C0]  ? __kthread_parkme+0x169/0x1d0
[   68.946014][    C0]  ? __pfx_worker_thread+0x10/0x10
[   68.947914][    C0]  kthread+0x2f0/0x390
[   68.949457][    C0]  ? __pfx_worker_thread+0x10/0x10
[   68.951361][    C0]  ? __pfx_kthread+0x10/0x10
[   68.953033][    C0]  ret_from_fork+0x4b/0x80
[   68.954622][    C0]  ? __pfx_kthread+0x10/0x10
[   68.956201][    C0]  ret_from_fork_asm+0x1a/0x30
[   68.958460][    C0]  </TASK>
[   68.959951][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.963341][    C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[   68.967729][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.971122][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[   68.973448][    C0] Call Trace:
[   68.974637][    C0]  <IRQ>
[   68.975676][    C0]  dump_stack_lvl+0x241/0x360
[   68.977330][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.979122][    C0]  ? __pfx__printk+0x10/0x10
[   68.980742][    C0]  ? _printk+0xd5/0x120
[   68.982195][    C0]  ? __init_begin+0x41000/0x41000
[   68.983961][    C0]  ? vscnprintf+0x5d/0x90
[   68.985734][    C0]  panic+0x349/0x880
[   68.987276][    C0]  ? __warn+0x174/0x4d0
[   68.988893][    C0]  ? __pfx_panic+0x10/0x10
[   68.990505][    C0]  ? ret_from_fork_asm+0x1a/0x30
[   68.992095][    C0]  __warn+0x344/0x4d0
[   68.993527][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.995547][    C0]  report_bug+0x2b3/0x500
[   68.997216][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.999378][    C0]  handle_bug+0x60/0x90
[   69.001014][    C0]  exc_invalid_op+0x1a/0x50
[   69.002663][    C0]  asm_exc_invalid_op+0x1a/0x20
[   69.004358][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   69.006617][    C0] Code: e0 1e 5f 8c e8 a7 c1 95 fc 90 0f 0b 90 90 eb 99 e8 bb 19 d5 fc c6 05 8d 28 39 0b 01 90 48 c7 c7 40 1f 5f 8c e8 87 c1 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 98 19 d5 fc c6 05 67 28 39 0b 01 90
[   69.013243][    C0] RSP: 0018:ffffc900000076c0 EFLAGS: 00010246
[   69.015486][    C0] RAX: f351b8e8e79c8e00 RBX: ffff8880455c24a4 RCX: ffff88801caec880
[   69.018287][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.021248][    C0] RBP: 0000000000000003 R08: ffffffff81601c02 R09: 1ffff11003f8519a
[   69.024265][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff88801187a800
[   69.027050][    C0] R13: ffff8880455c24a4 R14: ffff88801187a800 R15: ffff8880538a8c18
[   69.029624][    C0]  ? __warn_printk+0x292/0x360
[   69.031336][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   69.033051][    C0]  j1939_tp_recv+0x8ae/0x1050
[   69.034660][    C0]  j1939_can_recv+0x732/0xb20
[   69.036479][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   69.038515][    C0]  ? __lock_acquire+0x1397/0x2100
[   69.040834][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   69.043249][    C0]  can_rcv_filter+0x359/0x7f0
[   69.045121][    C0]  can_receive+0x327/0x480
[   69.047005][    C0]  ? can_receive+0x1c9/0x480
[   69.048995][    C0]  can_rcv+0x144/0x260
[   69.050578][    C0]  ? __pfx_can_rcv+0x10/0x10
[   69.052225][    C0]  __netif_receive_skb+0x2e0/0x650
[   69.054027][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   69.055812][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.057781][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.060073][    C0]  ? __pfx_lock_release+0x10/0x10
[   69.061976][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   69.063946][    C0]  process_backlog+0x662/0x15b0
[   69.065830][    C0]  ? process_backlog+0x33b/0x15b0
[   69.067726][    C0]  ? __pfx_process_backlog+0x10/0x10
[   69.069685][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.072025][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.074199][    C0]  __napi_poll+0xcb/0x490
[   69.075762][    C0]  net_rx_action+0x89b/0x1240
[   69.077449][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   69.079161][    C0]  ? do_softirq+0x11b/0x1e0
[   69.080788][    C0]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   69.082741][    C0]  ? try_to_wake_up+0x959/0x1470
[   69.084441][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.086958][    C0]  handle_softirqs+0x2d4/0x9b0
[   69.089026][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   69.091094][    C0]  ? do_softirq+0x11b/0x1e0
[   69.092867][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   69.094851][    C0]  do_softirq+0x11b/0x1e0
[   69.096441][    C0]  </IRQ>
[   69.097649][    C0]  <TASK>
[   69.098802][    C0]  ? __pfx_do_softirq+0x10/0x10
[   69.100481][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   69.102535][    C0]  ? rcu_is_watching+0x15/0xb0
[   69.104277][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   69.106224][    C0]  ? nsim_dev_trap_report_work+0x7c4/0xb50
[   69.108340][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   69.110380][    C0]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.112340][    C0]  ? nsim_dev_trap_report_work+0x71a/0xb50
[   69.114309][    C0]  nsim_dev_trap_report_work+0x7c4/0xb50
[   69.116407][    C0]  ? process_scheduled_works+0x976/0x1840
[   69.118558][    C0]  process_scheduled_works+0xa66/0x1840
[   69.120814][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.123254][    C0]  ? assign_work+0x364/0x3d0
[   69.125014][    C0]  worker_thread+0x870/0xd30
[   69.126870][    C0]  ? __kthread_parkme+0x169/0x1d0
[   69.128552][    C0]  ? __pfx_worker_thread+0x10/0x10
[   69.130316][    C0]  kthread+0x2f0/0x390
[   69.131699][    C0]  ? __pfx_worker_thread+0x10/0x10
[   69.133448][    C0]  ? __pfx_kthread+0x10/0x10
[   69.135082][    C0]  ret_from_fork+0x4b/0x80
[   69.136671][    C0]  ? __pfx_kthread+0x10/0x10
[   69.138207][    C0]  ret_from_fork_asm+0x1a/0x30
[   69.139776][    C0]  </TASK>
[   69.140988][    C0] Kernel Offset: disabled
[   69.143446][    C0] Rebooting in 86400 seconds..