WARNING in j1939_sk_queue_activate

WARNING in j1939_sk_queue_activate_next
Status: upstream: reported C repro on 2019/11/21 03:25
Reported-by: syzbot+49595536c57ef38095ed@syzkaller.appspotmail.com
First crash: 233d, last: 27d

Cause bisection: introduced by (bisect log):

commit 9d71dd0c70099914fcd063135da3c580865e924c
Author: The j1939 authors <linux-can@vger.kernel.org>
Date: Mon Oct 8 09:48:36 2018 +0000

can: add support of SAE J1939 protocol

Crash: WARNING in j1939_sk_queue_activate_next (log)
Repro: C syz .config

Fix bisection: failed (bisect log)

Sample crash report:

vcan0: j1939_tp_rxtimer: 0x00000000bd290875: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0x00000000bd290875: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9 at net/can/j1939/socket.c:180 j1939_sk_queue_activate_next_locked net/can/j1939/socket.c:180 [inline]
WARNING: CPU: 0 PID: 9 at net/can/j1939/socket.c:180 j1939_sk_queue_activate_next+0x359/0x460 net/can/j1939/socket.c:204
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.4.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:j1939_sk_queue_activate_next_locked net/can/j1939/socket.c:180 [inline]
RIP: 0010:j1939_sk_queue_activate_next+0x359/0x460 net/can/j1939/socket.c:204
Code: e8 1c 83 c0 0a 89 45 cc eb 9f 48 c7 c7 b4 aa c6 89 e8 3b 15 2f fb e9 6a fd ff ff e8 31 15 2f fb e9 19 fe ff ff e8 d7 a9 f3 fa <0f> 0b 48 8b 45 c0 48 8d b8 b0 00 00 00 48 89 f8 48 c1 e8 03 42 0f
RSP: 0018:ffff8880a98af918 EFLAGS: 00010206
RAX: ffff8880a989e240 RBX: ffff8880971ab000 RCX: ffffffff867fac38
RDX: 0000000000000100 RSI: ffffffff867facd9 RDI: 0000000000000005
RBP: ffff8880a98af970 R08: ffff8880a989e240 R09: fffffbfff14f014d
R10: fffffbfff14f014c R11: ffffffff8a780a67 R12: ffff8880971ab510
R13: ffff8880994f6800 R14: ffff8880971ab548 R15: dffffc0000000000
 j1939_session_deactivate_activate_next+0x3d/0x50 net/can/j1939/transport.c:1046
 j1939_xtp_rx_abort_one.cold+0x21a/0x35e net/can/j1939/transport.c:1275
 j1939_xtp_rx_abort net/can/j1939/transport.c:1286 [inline]
 j1939_tp_cmd_recv net/can/j1939/transport.c:1972 [inline]
 j1939_tp_recv+0x783/0x9b0 net/can/j1939/transport.c:2005
 j1939_can_recv+0x502/0x610 net/can/j1939/main.c:101
 deliver net/can/af_can.c:569 [inline]
 can_rcv_filter+0x292/0x8e0 net/can/af_can.c:603
 can_receive+0x2e7/0x530 net/can/af_can.c:660
 can_rcv+0x133/0x1b0 net/can/af_can.c:686
 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4929
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5043
 process_backlog+0x206/0x750 net/core/dev.c:5874
 napi_poll net/core/dev.c:6311 [inline]
 net_rx_action+0x508/0x1120 net/core/dev.c:6379
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 run_ksoftirqd kernel/softirq.c:603 [inline]
 run_ksoftirqd+0x8e/0x110 kernel/softirq.c:595
 smpboot_thread_fn+0x6a3/0xa40 kernel/smpboot.c:165
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (18):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-selinux-root	2019/11/21 12:45	upstream	c74386d5	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce	2019/11/21 03:38	upstream	c74386d5	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-root	2019/11/21 03:34	upstream	c74386d5	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-smack-root	2019/11/21 03:31	upstream	c74386d5	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-386	2019/11/21 03:38	upstream	c74386d5	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-net-this-kasan-gce	2019/11/21 03:33	net	6e4ff1c9	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-net-kasan-gce	2019/11/21 02:44	net-next	1f12177b	8098ea0f	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-linux-next-kasan-gce-root	2019/12/06 10:44	linux-next	838333c8	98b4ef2d	.config	log	report	syz	C	davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce	2020/03/11 01:52	upstream	f35111a9	35f53e45	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-smack-root	2020/02/10 07:11	upstream	d1ea35f4	35f5e45e	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce	2020/02/04 01:14	upstream	754beeec	93e5e335	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-selinux-root	2020/01/19 14:50	upstream	244dc268	bc8bc756	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-smack-root	2020/01/18 21:39	upstream	25e73aad	3de7aabb	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce-smack-root	2020/01/18 20:40	upstream	25e73aad	3de7aabb	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-kasan-gce	2020/01/13 16:01	upstream	b3a987b0	99565c1a	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-net-kasan-gce	2020/06/13 10:00	net-next	cb8e59cc	f4724dd3	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, kuba@kernel.org, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-net-kasan-gce	2019/11/29 02:46	net-next	a6ed68d6	76357d6f	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net
ci-upstream-net-kasan-gce	2019/11/21 01:40	net-next	1f12177b	8098ea0f	.config	log	report			davem@davemloft.net, kernel@pengutronix.de, linux-can@vger.kernel.org, linux-kernel@vger.kernel.org, linux@rempel-privat.de, mkl@pengutronix.de, netdev@vger.kernel.org, robin@protonic.nl, socketcan@hartkopp.net