bisecting fixing commit since 1d41d2e82623b40ee27811fe9ea38bafe2e722e9 building syzkaller on 8b9ca619df135211a89cc19719f2705d0016045d testing commit 1d41d2e82623b40ee27811fe9ea38bafe2e722e9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7056b9d0e0c82213bc98f00b6da91794a315c3026f84de20b103c1d8b38ed70e all runs: crashed: WARNING in j1939_session_deactivate testing current HEAD ec7f49619d8ee13e108740c82f942cd401b989e9 testing commit ec7f49619d8ee13e108740c82f942cd401b989e9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9a5f1ac34c129966543d40f294cfafc8bc68fd2658020f4cb592c5cc57d60b1 all runs: crashed: WARNING in j1939_session_deactivate_activate_next revisions tested: 2, total time: 19m22.999034216s (build: 12m11.29208327s, test: 6m42.628140072s) the crash still happens on HEAD commit msg: Merge tag 'drm-fixes-2022-05-14' of git://anongit.freedesktop.org/drm/drm crash: WARNING in j1939_session_deactivate_activate_next vcan0: j1939_tp_rxtimer: 0xffff888014f8f800: rx timeout, send abort vcan0: j1939_xtp_rx_dat: no tx connection found vcan0: j1939_xtp_rx_abort_one: 0xffff888067f6c000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 15 at net/can/j1939/transport.c:1090 j1939_session_deactivate net/can/j1939/transport.c:1090 [inline] WARNING: CPU: 0 PID: 15 at net/can/j1939/transport.c:1090 j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1100 Modules linked in: CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 5.18.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:j1939_session_deactivate net/can/j1939/transport.c:1090 [inline] RIP: 0010:j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1100 Code: e0 2a 48 c1 ea 03 8a 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 0c 84 d2 74 08 4c 89 ef e8 bf b9 22 f9 8b 45 28 83 f8 01 77 02 <0f> 0b 48 89 ef e8 0d 40 f6 fe 4c 89 e7 41 89 c5 e8 c2 7b 05 00 45 RSP: 0018:ffffc900001479e8 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffffffff888af325 RDX: 1ffff1100cfed800 RSI: 0000000000000004 RDI: ffff888067f6c028 RBP: ffff888067f6c000 R08: 0000000000000000 R09: ffff888067f6c02b R10: ffffed100cfed805 R11: 0000000000000000 R12: ffff888073699070 R13: ffff888067f6c028 R14: ffff888064b0e818 R15: ffffffff89f42480 FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcff096b998 CR3: 000000007956b000 CR4: 0000000000350ef0 Call Trace: j1939_xtp_rx_abort_one.cold+0x1cb/0x2f1 net/can/j1939/transport.c:1340 j1939_xtp_rx_abort net/can/j1939/transport.c:1351 [inline] j1939_tp_cmd_recv net/can/j1939/transport.c:2100 [inline] j1939_tp_recv+0x86a/0x9f0 net/can/j1939/transport.c:2133 j1939_can_recv+0x573/0x7c0 net/can/j1939/main.c:108 deliver net/can/af_can.c:574 [inline] can_rcv_filter+0x4ce/0x7b0 net/can/af_can.c:608 can_receive+0x2ae/0x4a0 net/can/af_can.c:665 can_rcv+0xce/0x160 net/can/af_can.c:696 __netif_receive_skb_one_core+0x104/0x180 net/core/dev.c:5405 process_backlog+0x2e4/0x6d0 net/core/dev.c:5847 __napi_poll+0x96/0x510 net/core/dev.c:6413 napi_poll net/core/dev.c:6480 [inline] net_rx_action+0x7b2/0xb40 net/core/dev.c:6567 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x548/0x8c0 kernel/smpboot.c:164 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298