program:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r4=>0x0})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r4}, 0x18)
sendmsg$can_j1939(r5, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
sendmsg$can_j1939(r5, &(0x7f00000002c0)={&(0x7f0000000200), 0x18, &(0x7f0000000280)={0x0}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r7, 0x6b, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendmsg$nl_route_sched(r6, 0x0, 0x0)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r3)
socket$inet6_sctp(0xa, 0x5, 0x84)

[   68.519963][ T4681] Bluetooth: hci0: command tx timeout
[   68.841215][    C0] ------------[ cut here ]------------
[   68.843513][    C0] refcount_t: underflow; use-after-free.
[   68.845861][    C0] WARNING: CPU: 0 PID: 5337 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   68.849228][    C0] Modules linked in:
[   68.850717][    C0] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0
[   68.854260][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.858303][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   68.860550][    C0] Code: 60 0f 61 8c e8 57 9d 95 fc 90 0f 0b 90 90 eb 99 e8 4b f4 d4 fc c6 05 0a a0 47 0b 01 90 48 c7 c7 c0 0f 61 8c e8 37 9d 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 28 f4 d4 fc c6 05 e4 9f 47 0b 01 90
[   68.867075][    C0] RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
[   68.869418][    C0] RAX: 278356754f2cca00 RBX: ffff888052e93ea4 RCX: ffff888000d64880
[   68.872501][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   68.875563][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: 1ffff11003f8519a
[   68.878512][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888043f20800
[   68.881602][    C0] R13: ffff888052e93ea4 R14: ffff888043f20800 R15: ffff888053f14c18
[   68.884617][    C0] FS:  00007fc83c59d6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   68.887962][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.890399][    C0] CR2: 00007fc83c59cfe0 CR3: 000000003603e000 CR4: 0000000000352ef0
[   68.893343][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.896300][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.899235][    C0] Call Trace:
[   68.900461][    C0]  <IRQ>
[   68.901550][    C0]  ? __warn+0x168/0x4e0
[   68.903123][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.905171][    C0]  ? report_bug+0x2b3/0x500
[   68.906955][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.908996][    C0]  ? handle_bug+0x60/0x90
[   68.910662][    C0]  ? exc_invalid_op+0x1a/0x50
[   68.912470][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   68.914319][    C0]  ? __warn_printk+0x292/0x360
[   68.916071][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   68.918088][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   68.919970][    C0]  j1939_tp_recv+0x8ae/0x1050
[   68.921891][    C0]  j1939_can_recv+0x732/0xb20
[   68.923828][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   68.925803][    C0]  ? __lock_acquire+0x1397/0x2100
[   68.927466][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   68.929248][    C0]  can_rcv_filter+0x359/0x7f0
[   68.931074][    C0]  can_receive+0x327/0x480
[   68.932904][    C0]  ? can_receive+0x1c9/0x480
[   68.934715][    C0]  can_rcv+0x144/0x260
[   68.936325][    C0]  ? __pfx_can_rcv+0x10/0x10
[   68.938122][    C0]  __netif_receive_skb+0x2e0/0x650
[   68.940178][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   68.942296][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   68.945273][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.947520][    C0]  ? __pfx_lock_release+0x10/0x10
[   68.949413][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   68.951629][    C0]  process_backlog+0x662/0x15b0
[   68.953517][    C0]  ? process_backlog+0x33b/0x15b0
[   68.955577][    C0]  ? __pfx_process_backlog+0x10/0x10
[   68.957607][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.959897][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.962252][    C0]  __napi_poll+0xcb/0x490
[   68.963913][    C0]  net_rx_action+0x89b/0x1240
[   68.965761][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   68.967738][    C0]  ? __run_timer_base+0x178/0x8e0
[   68.969698][    C0]  ? __pfx_tmigr_handle_remote+0x10/0x10
[   68.972007][    C0]  handle_softirqs+0x2c5/0x980
[   68.973978][    C0]  ? do_softirq+0x11b/0x1e0
[   68.975774][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   68.977789][    C0]  do_softirq+0x11b/0x1e0
[   68.979367][    C0]  </IRQ>
[   68.980498][    C0]  <TASK>
[   68.981571][    C0]  ? __pfx_do_softirq+0x10/0x10
[   68.983279][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   68.985363][    C0]  ? j1939_sk_sendmsg+0x1293/0x14c0
[   68.987300][    C0]  ? rcu_is_watching+0x15/0xb0
[   68.989091][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   68.991066][    C0]  ? j1939_sk_sendmsg+0x1293/0x14c0
[   68.993059][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   68.995077][    C0]  j1939_sk_sendmsg+0x1293/0x14c0
[   68.996927][    C0]  ? aa_sk_perm+0x96d/0xab0
[   68.998754][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   69.000726][    C0]  ? __import_iovec+0x590/0x870
[   69.002649][    C0]  ? aa_sock_msg_perm+0x91/0x160
[   69.004576][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   69.006663][    C0]  __sock_sendmsg+0x221/0x270
[   69.008480][    C0]  ____sys_sendmsg+0x52a/0x7e0
[   69.010377][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.012844][    C0]  ? __fget_files+0x2a/0x410
[   69.014971][    C0]  ? __fget_files+0x2a/0x410
[   69.017030][    C0]  __sys_sendmsg+0x269/0x350
[   69.018919][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.021075][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.023745][    C0]  ? do_syscall_64+0x100/0x230
[   69.025832][    C0]  ? do_syscall_64+0xb6/0x230
[   69.027772][    C0]  do_syscall_64+0xf3/0x230
[   69.029550][    C0]  ? clear_bhb_loop+0x35/0x90
[   69.031344][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.033653][    C0] RIP: 0033:0x7fc83b780809
[   69.035551][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.043042][    C0] RSP: 002b:00007fc83c59d058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.046185][    C0] RAX: ffffffffffffffda RBX: 00007fc83b946160 RCX: 00007fc83b780809
[   69.049249][    C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
[   69.052425][    C0] RBP: 00007fc83b7f393e R08: 0000000000000000 R09: 0000000000000000
[   69.055655][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.058701][    C0] R13: 0000000000000000 R14: 00007fc83b946160 R15: 00007ffca1f115c8
[   69.061703][    C0]  </TASK>
[   69.062847][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   69.065646][    C0] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0
[   69.069515][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.073670][    C0] Call Trace:
[   69.075028][    C0]  <IRQ>
[   69.076202][    C0]  dump_stack_lvl+0x241/0x360
[   69.077955][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.079948][    C0]  ? __pfx__printk+0x10/0x10
[   69.081721][    C0]  ? vscnprintf+0x5d/0x90
[   69.083330][    C0]  panic+0x349/0x880
[   69.084795][    C0]  ? __warn+0x177/0x4e0
[   69.086333][    C0]  ? __pfx_panic+0x10/0x10
[   69.087992][    C0]  __warn+0x34b/0x4e0
[   69.089451][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   69.091212][    C0]  report_bug+0x2b3/0x500
[   69.092733][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   69.094843][    C0]  handle_bug+0x60/0x90
[   69.096545][    C0]  exc_invalid_op+0x1a/0x50
[   69.098386][    C0]  asm_exc_invalid_op+0x1a/0x20
[   69.100312][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   69.103170][    C0] Code: 60 0f 61 8c e8 57 9d 95 fc 90 0f 0b 90 90 eb 99 e8 4b f4 d4 fc c6 05 0a a0 47 0b 01 90 48 c7 c7 c0 0f 61 8c e8 37 9d 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 28 f4 d4 fc c6 05 e4 9f 47 0b 01 90
[   69.110717][    C0] RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
[   69.113158][    C0] RAX: 278356754f2cca00 RBX: ffff888052e93ea4 RCX: ffff888000d64880
[   69.116369][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   69.119257][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: 1ffff11003f8519a
[   69.122095][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888043f20800
[   69.124953][    C0] R13: ffff888052e93ea4 R14: ffff888043f20800 R15: ffff888053f14c18
[   69.127778][    C0]  ? __warn_printk+0x292/0x360
[   69.129428][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   69.131299][    C0]  j1939_tp_recv+0x8ae/0x1050
[   69.133176][    C0]  j1939_can_recv+0x732/0xb20
[   69.135032][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   69.136837][    C0]  ? __lock_acquire+0x1397/0x2100
[   69.138724][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   69.140565][    C0]  can_rcv_filter+0x359/0x7f0
[   69.142051][    C0]  can_receive+0x327/0x480
[   69.143660][    C0]  ? can_receive+0x1c9/0x480
[   69.145238][    C0]  can_rcv+0x144/0x260
[   69.146785][    C0]  ? __pfx_can_rcv+0x10/0x10
[   69.148563][    C0]  __netif_receive_skb+0x2e0/0x650
[   69.150553][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   69.152451][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   69.154541][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.156854][    C0]  ? __pfx_lock_release+0x10/0x10
[   69.158771][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   69.160724][    C0]  process_backlog+0x662/0x15b0
[   69.162603][    C0]  ? process_backlog+0x33b/0x15b0
[   69.164512][    C0]  ? __pfx_process_backlog+0x10/0x10
[   69.166495][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.168854][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.171594][    C0]  __napi_poll+0xcb/0x490
[   69.173217][    C0]  net_rx_action+0x89b/0x1240
[   69.174977][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   69.176842][    C0]  ? __run_timer_base+0x178/0x8e0
[   69.178414][    C0]  ? __pfx_tmigr_handle_remote+0x10/0x10
[   69.180113][    C0]  handle_softirqs+0x2c5/0x980
[   69.181681][    C0]  ? do_softirq+0x11b/0x1e0
[   69.183246][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   69.184897][    C0]  do_softirq+0x11b/0x1e0
[   69.186196][    C0]  </IRQ>
[   69.187189][    C0]  <TASK>
[   69.188193][    C0]  ? __pfx_do_softirq+0x10/0x10
[   69.189661][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   69.191494][    C0]  ? j1939_sk_sendmsg+0x1293/0x14c0
[   69.193440][    C0]  ? rcu_is_watching+0x15/0xb0
[   69.195235][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   69.197062][    C0]  ? j1939_sk_sendmsg+0x1293/0x14c0
[   69.198722][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   69.200686][    C0]  j1939_sk_sendmsg+0x1293/0x14c0
[   69.202419][    C0]  ? aa_sk_perm+0x96d/0xab0
[   69.203988][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   69.205736][    C0]  ? __import_iovec+0x590/0x870
[   69.207340][    C0]  ? aa_sock_msg_perm+0x91/0x160
[   69.208960][    C0]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   69.210822][    C0]  __sock_sendmsg+0x221/0x270
[   69.212576][    C0]  ____sys_sendmsg+0x52a/0x7e0
[   69.214283][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.216361][    C0]  ? __fget_files+0x2a/0x410
[   69.218139][    C0]  ? __fget_files+0x2a/0x410
[   69.219915][    C0]  __sys_sendmsg+0x269/0x350
[   69.221698][    C0]  ? __pfx___sys_sendmsg+0x10/0x10
[   69.223622][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.225937][    C0]  ? do_syscall_64+0x100/0x230
[   69.227708][    C0]  ? do_syscall_64+0xb6/0x230
[   69.229488][    C0]  do_syscall_64+0xf3/0x230
[   69.231302][    C0]  ? clear_bhb_loop+0x35/0x90
[   69.233040][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.235340][    C0] RIP: 0033:0x7fc83b780809
[   69.237036][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.244288][    C0] RSP: 002b:00007fc83c59d058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.248157][    C0] RAX: ffffffffffffffda RBX: 00007fc83b946160 RCX: 00007fc83b780809
[   69.251332][    C0] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000006
[   69.254228][    C0] RBP: 00007fc83b7f393e R08: 0000000000000000 R09: 0000000000000000
[   69.257247][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.260281][    C0] R13: 0000000000000000 R14: 00007fc83b946160 R15: 00007ffca1f115c8
[   69.263196][    C0]  </TASK>
[   69.264533][    C0] Kernel Offset: disabled
[   69.266259][    C0] Rebooting in 86400 seconds..