program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)

[   72.399251][ T4685] Bluetooth: hci0: command tx timeout
[   72.536179][    C0] ------------[ cut here ]------------
[   72.538551][    C0] refcount_t: underflow; use-after-free.
[   72.541061][    C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   72.544709][    C0] Modules linked in:
[   72.546321][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   72.550360][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.554417][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   72.556695][    C0] Code: a0 0f 61 8c e8 57 dc 95 fc 90 0f 0b 90 90 eb 99 e8 3b 36 d5 fc c6 05 0e d4 47 0b 01 90 48 c7 c7 00 10 61 8c e8 37 dc 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 18 36 d5 fc c6 05 e8 d3 47 0b 01 90
[   72.564439][    C0] RSP: 0018:ffffc9000042f480 EFLAGS: 00010246
[   72.566794][    C0] RAX: c703ccd08f2d0500 RBX: ffff88803a35f9a4 RCX: ffff88801cad0000
[   72.569858][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   72.572875][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: 1ffff11003f8519a
[   72.575819][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888000257400
[   72.579036][    C0] R13: ffff88803a35f9a4 R14: ffff888000257400 R15: ffff88804325af18
[   72.582003][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.585140][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.587556][    C0] CR2: 0000000020015000 CR3: 0000000035f16000 CR4: 0000000000352ef0
[   72.590354][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.592998][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.596086][    C0] Call Trace:
[   72.597469][    C0]  <TASK>
[   72.598553][    C0]  ? __warn+0x168/0x4e0
[   72.600040][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   72.602049][    C0]  ? report_bug+0x2b3/0x500
[   72.603615][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   72.605513][    C0]  ? handle_bug+0x60/0x90
[   72.607012][    C0]  ? exc_invalid_op+0x1a/0x50
[   72.608743][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   72.610414][    C0]  ? __warn_printk+0x292/0x360
[   72.612134][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   72.614057][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   72.615767][    C0]  j1939_tp_recv+0x8ae/0x1050
[   72.617778][    C0]  j1939_can_recv+0x732/0xb20
[   72.619568][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   72.621502][    C0]  ? __lock_acquire+0x1397/0x2100
[   72.623472][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   72.625366][    C0]  can_rcv_filter+0x359/0x7f0
[   72.627090][    C0]  can_receive+0x327/0x480
[   72.628903][    C0]  ? can_receive+0x1c9/0x480
[   72.630741][    C0]  can_rcv+0x144/0x260
[   72.632522][    C0]  ? __pfx_can_rcv+0x10/0x10
[   72.634771][    C0]  __netif_receive_skb+0x2e0/0x650
[   72.636702][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   72.638793][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   72.641049][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.643321][    C0]  ? __pfx_lock_release+0x10/0x10
[   72.645181][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   72.647216][    C0]  process_backlog+0x662/0x15b0
[   72.649264][    C0]  ? process_backlog+0x33b/0x15b0
[   72.651233][    C0]  ? __pfx_process_backlog+0x10/0x10
[   72.653249][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.655610][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.658052][    C0]  __napi_poll+0xcb/0x490
[   72.659618][    C0]  net_rx_action+0x89b/0x1240
[   72.661299][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   72.663144][    C0]  ? rcu_qs+0xf1/0x190
[   72.664590][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.666804][    C0]  handle_softirqs+0x2c5/0x980
[   72.668428][    C0]  ? run_ksoftirqd+0xca/0x130
[   72.670062][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   72.672216][    C0]  run_ksoftirqd+0xca/0x130
[   72.674041][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.676040][    C0]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[   72.678151][    C0]  ? smpboot_thread_fn+0x2d3/0xa30
[   72.680059][    C0]  ? smpboot_thread_fn+0x4fb/0xa30
[   72.682142][    C0]  ? smpboot_thread_fn+0x656/0xa30
[   72.684115][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.686427][    C0]  smpboot_thread_fn+0x544/0xa30
[   72.688573][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   72.690525][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.692514][    C0]  kthread+0x2f0/0x390
[   72.694088][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.696109][    C0]  ? __pfx_kthread+0x10/0x10
[   72.698020][    C0]  ret_from_fork+0x4b/0x80
[   72.699743][    C0]  ? __pfx_kthread+0x10/0x10
[   72.701555][    C0]  ret_from_fork_asm+0x1a/0x30
[   72.703429][    C0]  </TASK>
[   72.704618][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   72.707276][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   72.711089][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.715050][    C0] Call Trace:
[   72.716279][    C0]  <TASK>
[   72.717303][    C0]  dump_stack_lvl+0x241/0x360
[   72.718935][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.720859][    C0]  ? __pfx__printk+0x10/0x10
[   72.722511][    C0]  ? vscnprintf+0x5d/0x90
[   72.724078][    C0]  panic+0x349/0x880
[   72.725389][    C0]  ? __warn+0x177/0x4e0
[   72.726904][    C0]  ? __pfx_panic+0x10/0x10
[   72.728508][    C0]  ? ret_from_fork_asm+0x1a/0x30
[   72.730309][    C0]  __warn+0x34b/0x4e0
[   72.731773][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   72.733778][    C0]  report_bug+0x2b3/0x500
[   72.735307][    C0]  ? refcount_warn_saturate+0x15a/0x1d0
[   72.737334][    C0]  handle_bug+0x60/0x90
[   72.738922][    C0]  exc_invalid_op+0x1a/0x50
[   72.740666][    C0]  asm_exc_invalid_op+0x1a/0x20
[   72.742484][    C0] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   72.744821][    C0] Code: a0 0f 61 8c e8 57 dc 95 fc 90 0f 0b 90 90 eb 99 e8 3b 36 d5 fc c6 05 0e d4 47 0b 01 90 48 c7 c7 00 10 61 8c e8 37 dc 95 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 18 36 d5 fc c6 05 e8 d3 47 0b 01 90
[   72.751816][    C0] RSP: 0018:ffffc9000042f480 EFLAGS: 00010246
[   72.754046][    C0] RAX: c703ccd08f2d0500 RBX: ffff88803a35f9a4 RCX: ffff88801cad0000
[   72.756945][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   72.759932][    C0] RBP: 0000000000000003 R08: ffffffff815688b2 R09: 1ffff11003f8519a
[   72.762819][    C0] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff888000257400
[   72.765851][    C0] R13: ffff88803a35f9a4 R14: ffff888000257400 R15: ffff88804325af18
[   72.768795][    C0]  ? __warn_printk+0x292/0x360
[   72.770638][    C0]  j1939_xtp_rx_cts+0x552/0xc70
[   72.772520][    C0]  j1939_tp_recv+0x8ae/0x1050
[   72.774307][    C0]  j1939_can_recv+0x732/0xb20
[   72.776092][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   72.778151][    C0]  ? __lock_acquire+0x1397/0x2100
[   72.779912][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   72.781776][    C0]  can_rcv_filter+0x359/0x7f0
[   72.783629][    C0]  can_receive+0x327/0x480
[   72.785333][    C0]  ? can_receive+0x1c9/0x480
[   72.787146][    C0]  can_rcv+0x144/0x260
[   72.788720][    C0]  ? __pfx_can_rcv+0x10/0x10
[   72.790418][    C0]  __netif_receive_skb+0x2e0/0x650
[   72.792328][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   72.794175][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   72.796204][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.798544][    C0]  ? __pfx_lock_release+0x10/0x10
[   72.800519][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   72.802573][    C0]  process_backlog+0x662/0x15b0
[   72.804522][    C0]  ? process_backlog+0x33b/0x15b0
[   72.806506][    C0]  ? __pfx_process_backlog+0x10/0x10
[   72.808609][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.810877][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.813284][    C0]  __napi_poll+0xcb/0x490
[   72.814911][    C0]  net_rx_action+0x89b/0x1240
[   72.816784][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   72.818727][    C0]  ? rcu_qs+0xf1/0x190
[   72.820232][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.822698][    C0]  handle_softirqs+0x2c5/0x980
[   72.824570][    C0]  ? run_ksoftirqd+0xca/0x130
[   72.826473][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   72.828600][    C0]  run_ksoftirqd+0xca/0x130
[   72.830496][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.832477][    C0]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[   72.834792][    C0]  ? smpboot_thread_fn+0x2d3/0xa30
[   72.836746][    C0]  ? smpboot_thread_fn+0x4fb/0xa30
[   72.838718][    C0]  ? smpboot_thread_fn+0x656/0xa30
[   72.840661][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   72.842623][    C0]  smpboot_thread_fn+0x544/0xa30
[   72.844596][    C0]  ? smpboot_thread_fn+0x4e/0xa30
[   72.846394][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.848311][    C0]  kthread+0x2f0/0x390
[   72.849744][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   72.851600][    C0]  ? __pfx_kthread+0x10/0x10
[   72.853245][    C0]  ret_from_fork+0x4b/0x80
[   72.854837][    C0]  ? __pfx_kthread+0x10/0x10
[   72.856373][    C0]  ret_from_fork_asm+0x1a/0x30
[   72.858067][    C0]  </TASK>
[   72.859529][    C0] Kernel Offset: disabled
[   72.861187][    C0] Rebooting in 86400 seconds..