vxcan0: j1939_tp_rxtimer: 0x00000000f3b3caa5: rx timeout, send abort vxcan0: j1939_xtp_rx_abort_one: 0x0000000009cbca7f: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 6878 at net/can/j1939/transport.c:1096 j1939_session_deactivate net/can/j1939/transport.c:1096 [inline] WARNING: CPU: 1 PID: 6878 at net/can/j1939/transport.c:1096 j1939_session_deactivate_activate_next net/can/j1939/transport.c:1106 [inline] WARNING: CPU: 1 PID: 6878 at net/can/j1939/transport.c:1096 j1939_xtp_rx_abort_one+0x2fc/0x334 net/can/j1939/transport.c:1346 Modules linked in: CPU: 1 PID: 6878 Comm: rm Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : j1939_session_deactivate net/can/j1939/transport.c:1096 [inline] pc : j1939_session_deactivate_activate_next net/can/j1939/transport.c:1106 [inline] pc : j1939_xtp_rx_abort_one+0x2fc/0x334 net/can/j1939/transport.c:1346 lr : j1939_session_deactivate net/can/j1939/transport.c:1096 [inline] lr : j1939_session_deactivate_activate_next net/can/j1939/transport.c:1106 [inline] lr : j1939_xtp_rx_abort_one+0x2fc/0x334 net/can/j1939/transport.c:1346 sp : ffff80000800bbb0 x29: ffff80000800bbb0 x28: ffff0001fefefed0 x27: ffff0000f8a17600 x26: 0000000000000000 x25: 0000000000000009 x24: 0000000000000009 x23: 0000000000000000 x22: ffff000101f00000 x21: 0000000000000001 x20: ffff0000ffbb3070 x19: ffff0000ccf49400 x18: 00000000000002f6 x17: ffff80000bffd6bc x16: ffff80000db49158 x15: ffff0000efdb3500 x14: 0000000000000178 x13: 0000000000002000 x12: ffff0000efdb3500 x11: ff8080000b915890 x10: 0000000000000000 x9 : ffff80000b915890 x8 : ffff0000efdb3500 x7 : ffff80000b915790 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000002 Call trace: j1939_session_deactivate net/can/j1939/transport.c:1096 [inline] j1939_session_deactivate_activate_next net/can/j1939/transport.c:1106 [inline] j1939_xtp_rx_abort_one+0x2fc/0x334 net/can/j1939/transport.c:1346 j1939_xtp_rx_abort net/can/j1939/transport.c:1357 [inline] j1939_tp_cmd_recv+0x3a0/0xa08 net/can/j1939/transport.c:2106 j1939_tp_recv+0x150/0x304 net/can/j1939/transport.c:2139 j1939_can_recv+0x33c/0x494 net/can/j1939/main.c:108 deliver net/can/af_can.c:574 [inline] can_rcv_filter+0x134/0x30c net/can/af_can.c:608 can_receive+0x194/0x26c net/can/af_can.c:665 can_rcv+0x80/0x138 net/can/af_can.c:696 __netif_receive_skb_one_core net/core/dev.c:5485 [inline] __netif_receive_skb+0x70/0x14c net/core/dev.c:5599 process_backlog+0x23c/0x384 net/core/dev.c:5927 __napi_poll+0x5c/0x24c net/core/dev.c:6511 napi_poll+0x110/0x48c net/core/dev.c:6578 net_rx_action+0x18c/0x40c net/core/dev.c:6689 _stext+0x168/0x37c ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:889 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84 invoke_softirq+0x70/0xbc kernel/softirq.c:452 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662 __el1_irq arch/arm64/kernel/entry-common.c:471 [inline] el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:485 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 debug_check_no_obj_freed+0xb0/0x2b0 lib/debugobjects.c:1021 slab_free_hook mm/slub.c:1734 [inline] slab_free_freelist_hook mm/slub.c:1785 [inline] slab_free mm/slub.c:3539 [inline] kmem_cache_free+0x160/0x3a4 mm/slub.c:3556 vm_area_free+0x38/0xe8 kernel/fork.c:487 remove_vma mm/mmap.c:147 [inline] exit_mmap+0x1a8/0x2e4 mm/mmap.c:3124 __mmput+0x90/0x204 kernel/fork.c:1187 mmput+0x64/0xa0 kernel/fork.c:1208 exit_mm+0x16c/0x1c0 kernel/exit.c:510 do_exit+0x1f4/0xbe0 kernel/exit.c:782 do_group_exit+0x60/0xe8 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 irq event stamp: 5693 hardirqs last enabled at (5692): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] hardirqs last enabled at (5692): [] _raw_spin_unlock_irqrestore+0x48/0x8c kernel/locking/spinlock.c:194 hardirqs last disabled at (5693): [] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:404 softirqs last enabled at (3926): [] _stext+0x2e4/0x37c softirqs last disabled at (5625): [] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79 ---[ end trace 0000000000000000 ]--- vxcan0: j1939_xtp_rx_abort_one: 0x00000000fa43bdfa: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. vxcan0: j1939_xtp_rx_abort_one: 0x000000006cf02bf4: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. vxcan0: j1939_tp_rxtimer: 0x00000000f3b3caa5: abort rx timeout. Force session deactivation