program:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0)
recvmsg$can_j1939(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/4, 0x4}], 0x1}, 0x0)

[   70.613957][ T4659] Bluetooth: hci0: command tx timeout
[   70.729624][ T5312] ------------[ cut here ]------------
[   70.731520][ T5312] refcount_t: underflow; use-after-free.
[   70.734753][ T5312] WARNING: CPU: 0 PID: 5312 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   70.738075][ T5312] Modules linked in:
[   70.739462][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[   70.743081][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.747454][ T5312] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   70.749915][ T5312] Code: e0 1e 5f 8c e8 87 c5 95 fc 90 0f 0b 90 90 eb 99 e8 2b 1e d5 fc c6 05 2d 2c 39 0b 01 90 48 c7 c7 40 1f 5f 8c e8 67 c5 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 08 1e d5 fc c6 05 07 2c 39 0b 01 90
[   70.757475][ T5312] RSP: 0018:ffffc9000d1e78e8 EFLAGS: 00010246
[   70.759821][ T5312] RAX: ac8e30dbe350cb00 RBX: ffff8880451655e4 RCX: 0000000000100000
[   70.762881][ T5312] RDX: ffffc9000e44a000 RSI: 00000000000009a9 RDI: 00000000000009aa
[   70.766176][ T5312] RBP: 0000000000000003 R08: ffffffff81601c02 R09: fffffbfff1cfa210
[   70.769202][ T5312] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff888039c6e068
[   70.772167][ T5312] R13: ffff8880451655e4 R14: 1ffff1100738dc18 R15: ffff888039c6e000
[   70.775137][ T5312] FS:  00007fdf816e06c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   70.778410][ T5312] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.781166][ T5312] CR2: 0000000020000040 CR3: 0000000036d46000 CR4: 0000000000352ef0
[   70.784424][ T5312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.787584][ T5312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.790501][ T5312] Call Trace:
[   70.791739][ T5312]  <TASK>
[   70.792842][ T5312]  ? __warn+0x165/0x4d0
[   70.794520][ T5312]  ? refcount_warn_saturate+0x15a/0x1d0
[   70.796550][ T5312]  ? report_bug+0x2b3/0x500
[   70.798366][ T5312]  ? refcount_warn_saturate+0x15a/0x1d0
[   70.800488][ T5312]  ? handle_bug+0x60/0x90
[   70.802117][ T5312]  ? exc_invalid_op+0x1a/0x50
[   70.804072][ T5312]  ? asm_exc_invalid_op+0x1a/0x20
[   70.806081][ T5312]  ? __warn_printk+0x292/0x360
[   70.807851][ T5312]  ? refcount_warn_saturate+0x15a/0x1d0
[   70.809912][ T5312]  ? refcount_warn_saturate+0x159/0x1d0
[   70.812053][ T5312]  j1939_session_put+0x1ed/0x440
[   70.814108][ T5312]  j1939_sk_sendmsg+0x121b/0x14c0
[   70.816086][ T5312]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   70.818230][ T5312]  ? __import_iovec+0x590/0x870
[   70.820282][ T5312]  ? aa_sock_msg_perm+0x91/0x160
[   70.822167][ T5312]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   70.824245][ T5312]  __sock_sendmsg+0x221/0x270
[   70.826149][ T5312]  ____sys_sendmsg+0x52a/0x7e0
[   70.827936][ T5312]  ? __pfx_____sys_sendmsg+0x10/0x10
[   70.829819][ T5312]  ? __fget_files+0x2a/0x410
[   70.831370][ T5312]  ? __fget_files+0x2a/0x410
[   70.833133][ T5312]  __sys_sendmsg+0x269/0x350
[   70.835099][ T5312]  ? __pfx___sys_sendmsg+0x10/0x10
[   70.837155][ T5312]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.839422][ T5312]  ? do_syscall_64+0x100/0x230
[   70.841307][ T5312]  ? do_syscall_64+0xb6/0x230
[   70.843300][ T5312]  do_syscall_64+0xf3/0x230
[   70.844988][ T5312]  ? clear_bhb_loop+0x35/0x90
[   70.846557][ T5312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.848844][ T5312] RIP: 0033:0x7fdf8097ff19
[   70.850941][ T5312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.858609][ T5312] RSP: 002b:00007fdf816e0058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.861819][ T5312] RAX: ffffffffffffffda RBX: 00007fdf80b45fa0 RCX: 00007fdf8097ff19
[   70.865071][ T5312] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[   70.868110][ T5312] RBP: 00007fdf809f3986 R08: 0000000000000000 R09: 0000000000000000
[   70.871099][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.874246][ T5312] R13: 0000000000000000 R14: 00007fdf80b45fa0 R15: 00007ffdd26b9938
[   70.877254][ T5312]  </TASK>
[   70.878470][ T5312] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.881172][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
[   70.885021][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.889099][ T5312] Call Trace:
[   70.890392][ T5312]  <TASK>
[   70.891528][ T5312]  dump_stack_lvl+0x241/0x360
[   70.893371][ T5312]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.895409][ T5312]  ? __pfx__printk+0x10/0x10
[   70.897162][ T5312]  ? _printk+0xd5/0x120
[   70.898744][ T5312]  ? __init_begin+0x41000/0x41000
[   70.900816][ T5312]  ? vscnprintf+0x5d/0x90
[   70.902624][ T5312]  panic+0x349/0x880
[   70.904177][ T5312]  ? __warn+0x174/0x4d0
[   70.905865][ T5312]  ? __pfx_panic+0x10/0x10
[   70.907775][ T5312]  __warn+0x344/0x4d0
[   70.909525][ T5312]  ? refcount_warn_saturate+0x15a/0x1d0
[   70.911875][ T5312]  report_bug+0x2b3/0x500
[   70.913880][ T5312]  ? refcount_warn_saturate+0x15a/0x1d0
[   70.916464][ T5312]  handle_bug+0x60/0x90
[   70.918376][ T5312]  exc_invalid_op+0x1a/0x50
[   70.920071][ T5312]  asm_exc_invalid_op+0x1a/0x20
[   70.921845][ T5312] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   70.924150][ T5312] Code: e0 1e 5f 8c e8 87 c5 95 fc 90 0f 0b 90 90 eb 99 e8 2b 1e d5 fc c6 05 2d 2c 39 0b 01 90 48 c7 c7 40 1f 5f 8c e8 67 c5 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 08 1e d5 fc c6 05 07 2c 39 0b 01 90
[   70.931125][ T5312] RSP: 0018:ffffc9000d1e78e8 EFLAGS: 00010246
[   70.933367][ T5312] RAX: ac8e30dbe350cb00 RBX: ffff8880451655e4 RCX: 0000000000100000
[   70.936286][ T5312] RDX: ffffc9000e44a000 RSI: 00000000000009a9 RDI: 00000000000009aa
[   70.939359][ T5312] RBP: 0000000000000003 R08: ffffffff81601c02 R09: fffffbfff1cfa210
[   70.942278][ T5312] R10: dffffc0000000000 R11: fffffbfff1cfa210 R12: ffff888039c6e068
[   70.945111][ T5312] R13: ffff8880451655e4 R14: 1ffff1100738dc18 R15: ffff888039c6e000
[   70.948265][ T5312]  ? __warn_printk+0x292/0x360
[   70.950151][ T5312]  ? refcount_warn_saturate+0x159/0x1d0
[   70.952354][ T5312]  j1939_session_put+0x1ed/0x440
[   70.954427][ T5312]  j1939_sk_sendmsg+0x121b/0x14c0
[   70.956381][ T5312]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   70.958562][ T5312]  ? __import_iovec+0x590/0x870
[   70.960461][ T5312]  ? aa_sock_msg_perm+0x91/0x160
[   70.962235][ T5312]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   70.964102][ T5312]  __sock_sendmsg+0x221/0x270
[   70.965745][ T5312]  ____sys_sendmsg+0x52a/0x7e0
[   70.967413][ T5312]  ? __pfx_____sys_sendmsg+0x10/0x10
[   70.969254][ T5312]  ? __fget_files+0x2a/0x410
[   70.970856][ T5312]  ? __fget_files+0x2a/0x410
[   70.972490][ T5312]  __sys_sendmsg+0x269/0x350
[   70.974133][ T5312]  ? __pfx___sys_sendmsg+0x10/0x10
[   70.975930][ T5312]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.978448][ T5312]  ? do_syscall_64+0x100/0x230
[   70.980347][ T5312]  ? do_syscall_64+0xb6/0x230
[   70.982247][ T5312]  do_syscall_64+0xf3/0x230
[   70.984003][ T5312]  ? clear_bhb_loop+0x35/0x90
[   70.985759][ T5312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.988081][ T5312] RIP: 0033:0x7fdf8097ff19
[   70.989875][ T5312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.997297][ T5312] RSP: 002b:00007fdf816e0058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   71.000424][ T5312] RAX: ffffffffffffffda RBX: 00007fdf80b45fa0 RCX: 00007fdf8097ff19
[   71.003152][ T5312] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[   71.005992][ T5312] RBP: 00007fdf809f3986 R08: 0000000000000000 R09: 0000000000000000
[   71.009036][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.011867][ T5312] R13: 0000000000000000 R14: 00007fdf80b45fa0 R15: 00007ffdd26b9938
[   71.014774][ T5312]  </TASK>
[   71.016135][ T5312] Kernel Offset: disabled
[   71.017959][ T5312] Rebooting in 86400 seconds..