vxcan1: j1939_tp_rxtimer: 0xffff88802a8be400: abort rx timeout. Force session deactivation
------------[ cut here ]------------
WARNING: CPU: 1 PID: 14609 at net/can/j1939/transport.c:1098 j1939_session_deactivate net/can/j1939/transport.c:1098 [inline]
WARNING: CPU: 1 PID: 14609 at net/can/j1939/transport.c:1098 j1939_session_deactivate_activate_next+0x95/0xd3 net/can/j1939/transport.c:1108
Modules linked in:
CPU: 1 PID: 14609 Comm: syz-executor.0 Not tainted 6.2.0-rc2-syzkaller-00388-g55b98837e37d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:j1939_session_deactivate net/can/j1939/transport.c:1098 [inline]
RIP: 0010:j1939_session_deactivate_activate_next+0x95/0xd3 net/can/j1939/transport.c:1108
Code: 03 38 d0 7c 0c 84 d2 74 08 4c 89 ef e8 c7 24 cc f7 8b 5d 28 bf 01 00 00 00 89 de e8 68 1d 7e f7 83 fb 01 77 07 e8 ae 20 7e f7 <0f> 0b e8 a7 20 7e f7 48 89 ef e8 df 05 c8 fe 4c 89 e7 89 c3 e8 a5
RSP: 0000:ffffc900001e0dc0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000100
RDX: ffff888079f6d7c0 RSI: ffffffff8a0331e2 RDI: 0000000000000005
RBP: ffff88802a8be400 R08: 0000000000000005 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880494b9070
R13: ffff88802a8be428 R14: ffff8880494b8000 R15: 0000000000000002
FS:  0000555555b81400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32226000 CR3: 00000000411b9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 j1939_tp_rxtimer.cold+0x154/0x24f net/can/j1939/transport.c:1236
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x690/0xfb0 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x17f/0x360 kernel/time/hrtimer.c:1766
 __do_softirq+0x1fb/0xadc kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:do_user_addr_fault+0x5d6/0x1210 arch/x86/mm/fault.c:1326
Code: ea 41 b8 01 00 00 00 48 89 ee 4c 89 e7 e8 e2 ef ff ff e9 03 01 00 00 e8 f8 55 48 00 e8 33 d8 4e 00 fb c7 44 24 04 54 02 00 00 <e9> f0 fb ff ff e8 e0 55 48 00 4c 89 e9 4c 89 e2 be 01 00 00 00 bf
RSP: 0000:ffffc90014c1feb8 EFLAGS: 00000202
RAX: 000000000000153b RBX: 0000000000000003 RCX: 1ffffffff1ce5741
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000006 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000003 R11: 0000000000000000 R12: ffffc90014c1ff58
R13: 0000001b32226000 R14: 0000001b32226000 R15: ffff88807b16a300
 handle_page_fault arch/x86/mm/fault.c:1519 [inline]
 exc_page_fault+0x98/0x170 arch/x86/mm/fault.c:1575
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7fef848276c6
Code: ff ff 66 90 48 8b 0d 29 e0 ca 00 4c 63 05 12 e0 ca 00 48 8b 05 13 e0 ca 00 49 01 c8 48 39 c8 72 13 4c 39 c0 73 0e 48 8d 50 04 <89> 38 48 89 15 f9 df ca 00 c3 52 48 8d 35 ca f0 0b 00 48 89 c2 48
RSP: 002b:00007ffc9b5ff5b8 EFLAGS: 00010287
RAX: 0000001b32226000 RBX: 00007fef842017e8 RCX: 0000001b32220000
RDX: 0000001b32226004 RSI: 00007fef84400000 RDI: 0000000081c248e9
RBP: 000000000000056d R08: 0000001b32820000 R09: 00000000670eb923
R10: 0000000000000000 R11: 0000000000000000 R12: 00007fef84202b70
R13: 00007fef84400000 R14: 00007fef849ac018 R15: ffffffff818ec810
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	41 b8 01 00 00 00    	mov    $0x1,%r8d
   6:	48 89 ee             	mov    %rbp,%rsi
   9:	4c 89 e7             	mov    %r12,%rdi
   c:	e8 e2 ef ff ff       	callq  0xffffeff3
  11:	e9 03 01 00 00       	jmpq   0x119
  16:	e8 f8 55 48 00       	callq  0x485613
  1b:	e8 33 d8 4e 00       	callq  0x4ed853
  20:	fb                   	sti
  21:	c7 44 24 04 54 02 00 	movl   $0x254,0x4(%rsp)
  28:	00
* 29:	e9 f0 fb ff ff       	jmpq   0xfffffc1e <-- trapping instruction
  2e:	e8 e0 55 48 00       	callq  0x485613
  33:	4c 89 e9             	mov    %r13,%rcx
  36:	4c 89 e2             	mov    %r12,%rdx
  39:	be 01 00 00 00       	mov    $0x1,%esi
  3e:	bf                   	.byte 0xbf