vcan0: j1939_tp_rxtimer: 0xffff888019c94800: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff888059b24000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 13 at net/can/j1939/transport.c:1090 j1939_session_deactivate+0xaf/0xd0 net/can/j1939/transport.c:1090
Modules linked in:
CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:j1939_session_deactivate+0xaf/0xd0 net/can/j1939/transport.c:1090
Code: fd 01 76 21 e8 92 f4 4f f9 48 89 ef e8 2a fc ff ff 4c 89 e7 41 89 c5 e8 9f 09 27 01 44 89 e8 5d 41 5c 41 5d c3 e8 71 f4 4f f9 <0f> 0b eb d6 4c 89 ef e8 45 30 97 f9 eb b5 48 89 ef e8 4b 30 97 f9
RSP: 0018:ffffc90000007ab0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000100
RDX: ffff888011910000 RSI: ffffffff88285c6f RDI: 0000000000000003
RBP: ffff888059b24000 R08: 0000000000000001 R09: ffff888059b2402b
R10: ffffffff88285c43 R11: 0000000000000001 R12: ffff888046705070
R13: 0000000000000001 R14: ffff88801a4bec18 R15: ffffffff8ac3c920
FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6da28891b8 CR3: 0000000077aba000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
j1939_session_deactivate_activate_next+0x12/0x35 net/can/j1939/transport.c:1100
j1939_xtp_rx_abort_one.cold+0x20b/0x33c net/can/j1939/transport.c:1340
j1939_xtp_rx_abort net/can/j1939/transport.c:1351 [inline]
j1939_tp_cmd_recv net/can/j1939/transport.c:2100 [inline]
j1939_tp_recv+0xb28/0xcb0 net/can/j1939/transport.c:2133
j1939_can_recv+0x6ff/0x9a0 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x5d4/0x8d0 net/can/af_can.c:608
can_receive+0x31d/0x580 net/can/af_can.c:665
can_rcv+0x120/0x1c0 net/can/af_can.c:696
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5351
__netif_receive_skb+0x24/0x1b0 net/core/dev.c:5465
process_backlog+0x2a5/0x6c0 net/core/dev.c:5797
__napi_poll+0xaf/0x440 net/core/dev.c:6365
napi_poll net/core/dev.c:6432 [inline]
net_rx_action+0x801/0xb40 net/core/dev.c:6519
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:smpboot_thread_fn+0x2a8/0x9c0 kernel/smpboot.c:158
Code: 02 0f 84 14 01 00 00 e8 b6 de 28 00 49 8d 7c 24 18 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 39 06 00 00 48 89 e8 4d 8b 6c 24 18 <48> c1 e8 03 0f b6 04 18 84 c0 74 08 3c 03 0f 8e 79 06 00 00 8b 7d
RSP: 0018:ffffc90000d27ed0 EFLAGS: 00000246
RAX: ffff88823bc04000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: ffff888011910000 RSI: ffffffff814f722a RDI: ffffffff8ba36b78
RBP: ffff88823bc04000 R08: ffffffff89aba5a0 R09: ffffffff814f7212
R10: 0000000000000002 R11: 0000000000000001 R12: ffffffff8ba36b60
R13: ffffffff81471500 R14: ffff888011910000 R15: 0000000000000001
kthread+0x2e9/0x3a0 kernel/kthread.c:359
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
----------------
Code disassembly (best guess):
0: 02 0f add (%rdi),%cl
2: 84 14 01 test %dl,(%rcx,%rax,1)
5: 00 00 add %al,(%rax)
7: e8 b6 de 28 00 callq 0x28dec2
c: 49 8d 7c 24 18 lea 0x18(%r12),%rdi
11: 48 89 f8 mov %rdi,%rax
14: 48 c1 e8 03 shr $0x3,%rax
18: 80 3c 18 00 cmpb $0x0,(%rax,%rbx,1)
1c: 0f 85 39 06 00 00 jne 0x65b
22: 48 89 e8 mov %rbp,%rax
25: 4d 8b 6c 24 18 mov 0x18(%r12),%r13
* 2a: 48 c1 e8 03 shr $0x3,%rax <-- trapping instruction
2e: 0f b6 04 18 movzbl (%rax,%rbx,1),%eax
32: 84 c0 test %al,%al
34: 74 08 je 0x3e
36: 3c 03 cmp $0x3,%al
38: 0f 8e 79 06 00 00 jle 0x6b7
3e: 8b .byte 0x8b
3f: 7d .byte 0x7d