ci starts bisection 2022-12-29 11:56:15.952961315 +0000 UTC m=+155726.495666877
bisecting fixing commit since 1d41d2e82623b40ee27811fe9ea38bafe2e722e9
building syzkaller on 8b9ca619df135211a89cc19719f2705d0016045d
ensuring issue is reproducible on original commit 1d41d2e82623b40ee27811fe9ea38bafe2e722e9
testing commit 1d41d2e82623b40ee27811fe9ea38bafe2e722e9 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a2d3822975fe01f1cbbdc559b2edf315fcc1f2e7e1e5339ee1c5cf005e25699b
all runs: crashed: WARNING in j1939_session_deactivate
testing current HEAD 1b929c02afd37871d5afb9d498426f83432e71c2
testing commit 1b929c02afd37871d5afb9d498426f83432e71c2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a00c1b2318fb9e8ad92a67cd8c8db58cc62f01943853788440366cc2fc13948b
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
revisions tested: 2, total time: 25m43.940831319s (build: 17m19.982563865s, test: 7m3.725155457s)
the crash still happens on HEAD
commit msg: Linux 6.2-rc1
crash: WARNING in j1939_session_deactivate_activate_next
vcan0: j1939_tp_rxtimer: 0xffff88807e522c00: rx timeout, send abort
vcan0: j1939_xtp_rx_dat_one: 0xffff88806acf3800: last 15
vcan0: j1939_xtp_rx_abort_one: 0xffff88806ad00800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff88806ad00000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9 at net/can/j1939/transport.c:1098 j1939_session_deactivate net/can/j1939/transport.c:1098 [inline]
WARNING: CPU: 0 PID: 9 at net/can/j1939/transport.c:1098 j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1108
Modules linked in:
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: phy14 ieee80211_iface_work
RIP: 0010:j1939_session_deactivate net/can/j1939/transport.c:1098 [inline]
RIP: 0010:j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1108
Code: e0 2a 48 c1 ea 03 8a 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 0c 84 d2 74 08 4c 89 ef e8 4e 34 e8 f8 8b 45 28 83 f8 01 77 02 <0f> 0b 48 89 ef e8 cc 74 e4 fe 4c 89 e7 41 89 c5 e8 71 dc 05 00 45
RSP: 0018:ffffc90000007af0 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff88cd3f46
RDX: 1ffff1100d5a0000 RSI: 0000000000000004 RDI: ffff88806ad00028
RBP: ffff88806ad00000 R08: 0000000000000000 R09: ffff88806ad0002b
R10: ffffed100d5a0005 R11: 0000000000000001 R12: ffff88806f3cd070
R13: ffff88806ad00028 R14: ffffffff8a11eda0 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff64e39d090 CR3: 0000000078c0b000 CR4: 0000000000350ef0
Call Trace:
j1939_xtp_rx_abort_one.cold+0x2c3/0x3ba net/can/j1939/transport.c:1348
j1939_xtp_rx_abort net/can/j1939/transport.c:1360 [inline]
j1939_tp_cmd_recv net/can/j1939/transport.c:2108 [inline]
j1939_tp_recv+0x888/0xa00 net/can/j1939/transport.c:2141
j1939_can_recv net/can/j1939/main.c:112 [inline]
j1939_can_recv+0x60f/0x850 net/can/j1939/main.c:38
deliver net/can/af_can.c:572 [inline]
can_rcv_filter+0x4ce/0x7b0 net/can/af_can.c:606
can_receive+0x2ae/0x4a0 net/can/af_can.c:663
can_rcv+0x15e/0x1e0 net/can/af_can.c:687
__netif_receive_skb_one_core+0x104/0x180 net/core/dev.c:5482
process_backlog+0x326/0x730 net/core/dev.c:5924
__napi_poll+0x9e/0x5c0 net/core/dev.c:6485
napi_poll net/core/dev.c:6552 [inline]
net_rx_action+0x8c8/0xcc0 net/core/dev.c:6663
__do_softirq+0x1fb/0xadc kernel/softirq.c:571
do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
do_softirq kernel/softirq.c:464 [inline]
__local_bh_enable_ip+0x106/0x130 kernel/softirq.c:396
spin_unlock_bh include/linux/spinlock.h:395 [inline]
cfg80211_bss_update+0x223/0x1fc0 net/wireless/scan.c:1804
cfg80211_inform_single_bss_frame_data+0x65b/0xd80 net/wireless/scan.c:2492
cfg80211_inform_bss_frame_data+0xac/0xc00 net/wireless/scan.c:2525
ieee80211_bss_info_update+0x269/0x8c0 net/mac80211/scan.c:190
ieee80211_rx_bss_info net/mac80211/ibss.c:1120 [inline]
ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1609 [inline]
ieee80211_ibss_rx_queued_mgmt+0x12e0/0x31d0 net/mac80211/ibss.c:1638
ieee80211_iface_process_skb net/mac80211/iface.c:1581 [inline]
ieee80211_iface_work+0x6f9/0x9e0 net/mac80211/iface.c:1635
process_one_work+0x8ba/0x14c0 kernel/workqueue.c:2289
worker_thread+0x59c/0xec0 kernel/workqueue.c:2436
kthread+0x298/0x340 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308