vxcan0: j1939_xtp_rx_abort_one: 0xffff88801fe18000: 0x00000: (8) Duplicate sequence number (and software is not able to recover)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5106 at net/can/j1939/transport.c:1656 j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1656 [inline]
WARNING: CPU: 0 PID: 5106 at net/can/j1939/transport.c:1656 j1939_xtp_rx_rts+0x13db/0x1930 net/can/j1939/transport.c:1735
Modules linked in:
CPU: 0 PID: 5106 Comm: kworker/u9:5 Not tainted 6.9.0-rc5-syzkaller-01489-gdcc61472534e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: hci3 hci_cmd_timeout
RIP: 0010:j1939_xtp_rx_rts_session_new net/can/j1939/transport.c:1656 [inline]
RIP: 0010:j1939_xtp_rx_rts+0x13db/0x1930 net/can/j1939/transport.c:1735
Code: e8 2a ed 8a f7 e9 d6 f1 ff ff 89 d9 80 e1 07 38 c1 0f 8c ea f1 ff ff 48 89 df e8 10 ed 8a f7 e9 dd f1 ff ff e8 b6 39 26 f7 90 <0f> 0b 90 e9 6d f2 ff ff 89 f9 80 e1 07 38 c1 0f 8c 51 ee ff ff 48
RSP: 0018:ffffc90000007640 EFLAGS: 00010246
RAX: ffffffff8a6fe29a RBX: 00000000fffffff5 RCX: ffff888064088000
RDX: 0000000000000101 RSI: 00000000fffffff5 RDI: 0000000000000000
RBP: ffffc900000077a8 R08: ffffffff8a6fe00c R09: 1ffffffff25e82bb
R10: dffffc0000000000 R11: fffffbfff25e82bc R12: dffffc0000000000
R13: ffff88802be1d800 R14: 0000000000000014 R15: 0000000000000233
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb0baed66e4 CR3: 0000000065524000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 j1939_tp_cmd_recv net/can/j1939/transport.c:2057 [inline]
 j1939_tp_recv+0xb84/0x1050 net/can/j1939/transport.c:2144
 j1939_can_recv+0x732/0xb20 net/can/j1939/main.c:112
 deliver net/can/af_can.c:572 [inline]
 can_rcv_filter+0x359/0x7f0 net/can/af_can.c:606
 can_receive+0x327/0x480 net/can/af_can.c:663
 can_rcv+0x144/0x260 net/can/af_can.c:687
 __netif_receive_skb_one_core net/core/dev.c:5625 [inline]
 __netif_receive_skb+0x2e0/0x650 net/core/dev.c:5739
 process_backlog+0x391/0x7d0 net/core/dev.c:6068
 __napi_poll+0xcb/0x490 net/core/dev.c:6722
 napi_poll net/core/dev.c:6791 [inline]
 net_rx_action+0x7bb/0x10a0 net/core/dev.c:6907
 __do_softirq+0x2c6/0x980 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:console_flush_all+0xaad/0xfd0 kernel/printk/printk.c:2985
Code: ff ff e8 26 97 1f 00 90 0f 0b 90 e9 d8 f8 ff ff e8 18 97 1f 00 e8 c3 88 0b 0a 4d 85 f6 74 b6 e8 09 97 1f 00 fb 48 8b 44 24 70 <42> 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 22 02 00 00 0f b6 1f 31
RSP: 0018:ffffc90002def560 EFLAGS: 00000293
RAX: 1ffff920005bdef8 RBX: 0000000000000000 RCX: ffff888064088000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90002def710 R08: ffffffff817684e4 R09: 1ffffffff25e82bb
R10: dffffc0000000000 R11: fffffbfff25e82bc R12: ffffffff8eb165b8
R13: ffffffff8eb16560 R14: 0000000000000200 R15: dffffc0000000000
 console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3048
 vprintk_emit+0x5a6/0x770 kernel/printk/printk.c:2348
 _printk+0xd5/0x120 kernel/printk/printk.c:2373
 bt_err+0x127/0x180 net/bluetooth/lib.c:296
 hci_cmd_timeout+0x104/0x1e0 net/bluetooth/hci_core.c:1532
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	e8 26 97 1f 00       	call   0x1f972b
   5:	90                   	nop
   6:	0f 0b                	ud2
   8:	90                   	nop
   9:	e9 d8 f8 ff ff       	jmp    0xfffff8e6
   e:	e8 18 97 1f 00       	call   0x1f972b
  13:	e8 c3 88 0b 0a       	call   0xa0b88db
  18:	4d 85 f6             	test   %r14,%r14
  1b:	74 b6                	je     0xffffffd3
  1d:	e8 09 97 1f 00       	call   0x1f972b
  22:	fb                   	sti
  23:	48 8b 44 24 70       	mov    0x70(%rsp),%rax
* 28:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2d:	84 c0                	test   %al,%al
  2f:	48 8b 7c 24 30       	mov    0x30(%rsp),%rdi
  34:	0f 85 22 02 00 00    	jne    0x25c
  3a:	0f b6 1f             	movzbl (%rdi),%ebx
  3d:	31                   	.byte 0x31