program:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3}, 0x18)
connect$can_j1939(r2, &(0x7f0000000140)={0x1d, r3}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0)
recvmsg$can_j1939(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/4, 0x4}], 0x1}, 0x0)

[   59.010781][ T5326] ------------[ cut here ]------------
[   59.017730][ T5326] refcount_t: underflow; use-after-free.
[   59.025625][ T5326] WARNING: CPU: 0 PID: 5326 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   59.029348][ T5326] Modules linked in:
[   59.030770][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   59.034730][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.038691][ T5326] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   59.041109][ T5326] Code: e0 dd 60 8c e8 87 f7 96 fc 90 0f 0b 90 90 eb 99 e8 bb ff d5 fc c6 05 87 87 48 0b 01 90 48 c7 c7 40 de 60 8c e8 67 f7 96 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 98 ff d5 fc c6 05 61 87 48 0b 01 90
[   59.048104][ T5326] RSP: 0018:ffffc9000d6af8e8 EFLAGS: 00010246
[   59.050270][ T5326] RAX: bbefae909426b300 RBX: ffff88804fa8a9a4 RCX: 0000000000040000
[   59.053393][ T5326] RDX: ffffc9000d3fa000 RSI: 00000000000009a8 RDI: 00000000000009a9
[   59.056345][ T5326] RBP: 0000000000000003 R08: ffffffff8155e432 R09: 1ffff11003f8519a
[   59.059590][ T5326] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff8880404f5068
[   59.062504][ T5326] R13: ffff88804fa8a9a4 R14: 1ffff1100809ea18 R15: ffff8880404f5000
[   59.065725][ T5326] FS:  00007f440084a6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   59.069185][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   59.071794][ T5326] CR2: 00007f43ffb2d0f0 CR3: 0000000042ed8000 CR4: 0000000000352ef0
[   59.075011][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   59.078027][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   59.081218][ T5326] Call Trace:
[   59.082555][ T5326]  <TASK>
[   59.083879][ T5326]  ? __warn+0x168/0x4e0
[   59.085479][ T5326]  ? refcount_warn_saturate+0x15a/0x1d0
[   59.087506][ T5326]  ? report_bug+0x2b3/0x500
[   59.089287][ T5326]  ? refcount_warn_saturate+0x15a/0x1d0
[   59.091488][ T5326]  ? handle_bug+0x60/0x90
[   59.093318][ T5326]  ? exc_invalid_op+0x1a/0x50
[   59.094988][ T5326]  ? asm_exc_invalid_op+0x1a/0x20
[   59.096974][ T5326]  ? __warn_printk+0x292/0x360
[   59.098740][ T5326]  ? refcount_warn_saturate+0x15a/0x1d0
[   59.100837][ T5326]  ? refcount_warn_saturate+0x159/0x1d0
[   59.102897][ T5326]  j1939_session_put+0x1ed/0x440
[   59.104717][ T5326]  j1939_sk_sendmsg+0x121b/0x14c0
[   59.106470][ T5326]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   59.108278][ T5326]  ? __import_iovec+0x590/0x870
[   59.109929][ T5326]  ? aa_sock_msg_perm+0x91/0x160
[   59.111795][ T5326]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   59.113980][ T5326]  __sock_sendmsg+0x221/0x270
[   59.115759][ T5326]  ____sys_sendmsg+0x52a/0x7e0
[   59.117599][ T5326]  ? __pfx_____sys_sendmsg+0x10/0x10
[   59.119590][ T5326]  ? __fget_files+0x2a/0x410
[   59.121352][ T5326]  ? __fget_files+0x2a/0x410
[   59.123048][ T5326]  __sys_sendmsg+0x269/0x350
[   59.124824][ T5326]  ? __pfx___sys_sendmsg+0x10/0x10
[   59.126817][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.129188][ T5326]  ? do_syscall_64+0x100/0x230
[   59.130998][ T5326]  ? do_syscall_64+0xb6/0x230
[   59.132862][ T5326]  do_syscall_64+0xf3/0x230
[   59.134302][ T5326]  ? clear_bhb_loop+0x35/0x90
[   59.136122][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.138308][ T5326] RIP: 0033:0x7f43ff97e759
[   59.140036][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.147390][ T5326] RSP: 002b:00007f440084a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.150589][ T5326] RAX: ffffffffffffffda RBX: 00007f43ffb35f80 RCX: 00007f43ff97e759
[   59.153628][ T5326] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[   59.156894][ T5326] RBP: 00007f43ff9f175e R08: 0000000000000000 R09: 0000000000000000
[   59.159821][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   59.162514][ T5326] R13: 0000000000000000 R14: 00007f43ffb35f80 R15: 00007fff0798ab18
[   59.165577][ T5326]  </TASK>
[   59.166628][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   59.169139][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[   59.172983][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.176925][ T5326] Call Trace:
[   59.178160][ T5326]  <TASK>
[   59.179343][ T5326]  dump_stack_lvl+0x241/0x360
[   59.181166][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.183109][ T5326]  ? __pfx__printk+0x10/0x10
[   59.184874][ T5326]  ? vscnprintf+0x5d/0x90
[   59.186538][ T5326]  panic+0x349/0x880
[   59.188075][ T5326]  ? __warn+0x177/0x4e0
[   59.189630][ T5326]  ? __pfx_panic+0x10/0x10
[   59.191334][ T5326]  __warn+0x34b/0x4e0
[   59.192833][ T5326]  ? refcount_warn_saturate+0x15a/0x1d0
[   59.194925][ T5326]  report_bug+0x2b3/0x500
[   59.196593][ T5326]  ? refcount_warn_saturate+0x15a/0x1d0
[   59.198659][ T5326]  handle_bug+0x60/0x90
[   59.200240][ T5326]  exc_invalid_op+0x1a/0x50
[   59.201943][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   59.203831][ T5326] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   59.206050][ T5326] Code: e0 dd 60 8c e8 87 f7 96 fc 90 0f 0b 90 90 eb 99 e8 bb ff d5 fc c6 05 87 87 48 0b 01 90 48 c7 c7 40 de 60 8c e8 67 f7 96 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 98 ff d5 fc c6 05 61 87 48 0b 01 90
[   59.212806][ T5326] RSP: 0018:ffffc9000d6af8e8 EFLAGS: 00010246
[   59.215016][ T5326] RAX: bbefae909426b300 RBX: ffff88804fa8a9a4 RCX: 0000000000040000
[   59.217863][ T5326] RDX: ffffc9000d3fa000 RSI: 00000000000009a8 RDI: 00000000000009a9
[   59.220717][ T5326] RBP: 0000000000000003 R08: ffffffff8155e432 R09: 1ffff11003f8519a
[   59.223509][ T5326] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff8880404f5068
[   59.226302][ T5326] R13: ffff88804fa8a9a4 R14: 1ffff1100809ea18 R15: ffff8880404f5000
[   59.229353][ T5326]  ? __warn_printk+0x292/0x360
[   59.231203][ T5326]  ? refcount_warn_saturate+0x159/0x1d0
[   59.233296][ T5326]  j1939_session_put+0x1ed/0x440
[   59.235138][ T5326]  j1939_sk_sendmsg+0x121b/0x14c0
[   59.237093][ T5326]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   59.239076][ T5326]  ? __import_iovec+0x590/0x870
[   59.240932][ T5326]  ? aa_sock_msg_perm+0x91/0x160
[   59.242782][ T5326]  ? __pfx_j1939_sk_sendmsg+0x10/0x10
[   59.244798][ T5326]  __sock_sendmsg+0x221/0x270
[   59.246482][ T5326]  ____sys_sendmsg+0x52a/0x7e0
[   59.248185][ T5326]  ? __pfx_____sys_sendmsg+0x10/0x10
[   59.250008][ T5326]  ? __fget_files+0x2a/0x410
[   59.251655][ T5326]  ? __fget_files+0x2a/0x410
[   59.253307][ T5326]  __sys_sendmsg+0x269/0x350
[   59.254915][ T5326]  ? __pfx___sys_sendmsg+0x10/0x10
[   59.256696][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   59.258676][ T5326]  ? do_syscall_64+0x100/0x230
[   59.260462][ T5326]  ? do_syscall_64+0xb6/0x230
[   59.262246][ T5326]  do_syscall_64+0xf3/0x230
[   59.263992][ T5326]  ? clear_bhb_loop+0x35/0x90
[   59.265681][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.267843][ T5326] RIP: 0033:0x7f43ff97e759
[   59.269402][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.276673][ T5326] RSP: 002b:00007f440084a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.279733][ T5326] RAX: ffffffffffffffda RBX: 00007f43ffb35f80 RCX: 00007f43ff97e759
[   59.282512][ T5326] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[   59.285558][ T5326] RBP: 00007f43ff9f175e R08: 0000000000000000 R09: 0000000000000000
[   59.289137][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   59.292642][ T5326] R13: 0000000000000000 R14: 00007f43ffb35f80 R15: 00007fff0798ab18
[   59.295963][ T5326]  </TASK>
[   59.297636][ T5326] Kernel Offset: disabled
[   59.299430][ T5326] Rebooting in 86400 seconds..