bisecting fixing commit since 1d41d2e82623b40ee27811fe9ea38bafe2e722e9
building syzkaller on 8b9ca619df135211a89cc19719f2705d0016045d
testing commit 1d41d2e82623b40ee27811fe9ea38bafe2e722e9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ab3f83329e450e87fdf1e5c134ea19240186b1a7ff7fa6a9087eb33380e6ed0a
all runs: crashed: WARNING in j1939_session_deactivate
testing current HEAD ff6992735ade75aae3e35d16b17da1008d753d28
testing commit ff6992735ade75aae3e35d16b17da1008d753d28
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1d4610d701a51ae1eaaa4bda84e81720fd08db13a1356d525ac5a3e1743ee876
run #0: crashed: INFO: rcu detected stall in corrupted
run #1: crashed: INFO: rcu detected stall in corrupted
run #2: crashed: WARNING in j1939_session_deactivate_activate_next
run #3: crashed: INFO: rcu detected stall in corrupted
run #4: crashed: INFO: rcu detected stall in corrupted
run #5: crashed: INFO: rcu detected stall in corrupted
run #6: crashed: INFO: rcu detected stall in corrupted
run #7: crashed: WARNING in j1939_session_deactivate_activate_next
run #8: crashed: WARNING in j1939_session_deactivate_activate_next
run #9: crashed: WARNING in j1939_session_deactivate_activate_next
revisions tested: 2, total time: 21m9.055061976s (build: 13m56.646226563s, test: 6m24.703357365s)
the crash still happens on HEAD
commit msg: Linux 5.19-rc7
crash: WARNING in j1939_session_deactivate_activate_next
vcan0: j1939_xtp_rx_abort_one: 0xffff888019e04c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff8880668fc800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 22 at net/can/j1939/transport.c:1090 j1939_session_deactivate net/can/j1939/transport.c:1090 [inline]
WARNING: CPU: 1 PID: 22 at net/can/j1939/transport.c:1090 j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1100
Modules linked in:
CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 5.19.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:j1939_session_deactivate net/can/j1939/transport.c:1090 [inline]
RIP: 0010:j1939_session_deactivate_activate_next+0x7b/0xa8 net/can/j1939/transport.c:1100
Code: e0 2a 48 c1 ea 03 8a 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 0c 84 d2 74 08 4c 89 ef e8 36 6d 1b f9 8b 45 28 83 f8 01 77 02 <0f> 0b 48 89 ef e8 34 6f f5 fe 4c 89 e7 41 89 c5 e8 a9 8a 05 00 45
RSP: 0018:ffffc900001e0b10 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000000000003 RCX: ffffffff8894339e
RDX: 1ffff1100cd1f900 RSI: 0000000000000004 RDI: ffff8880668fc828
RBP: ffff8880668fc800 R08: 0000000000000000 R09: ffff8880668fc82b
R10: ffffed100cd1f905 R11: 0000000000000000 R12: ffff888073f21070
R13: ffff8880668fc828 R14: ffff888068f77018 R15: ffffffff89f66740
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1ca039c028 CR3: 000000006bd39000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 j1939_xtp_rx_abort_one.cold+0x1cb/0x2f1 net/can/j1939/transport.c:1340
 j1939_xtp_rx_abort net/can/j1939/transport.c:1351 [inline]
 j1939_tp_cmd_recv net/can/j1939/transport.c:2100 [inline]
 j1939_tp_recv+0x86a/0x9f0 net/can/j1939/transport.c:2133
 j1939_can_recv+0x573/0x7c0 net/can/j1939/main.c:108
 deliver net/can/af_can.c:574 [inline]
 can_rcv_filter+0x4ce/0x7b0 net/can/af_can.c:608
 can_receive+0x2ae/0x4a0 net/can/af_can.c:665
 can_rcv+0xce/0x160 net/can/af_can.c:696
 __netif_receive_skb_one_core+0x104/0x180 net/core/dev.c:5484
 process_backlog+0x2e4/0x6d0 net/core/dev.c:5926
 __napi_poll+0x96/0x510 net/core/dev.c:6492
 napi_poll net/core/dev.c:6559 [inline]
 net_rx_action+0x886/0xc70 net/core/dev.c:6670
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:571
 do_softirq.part.0+0xde/0x130 kernel/softirq.c:472
 </IRQ>
 <TASK>
 do_softirq kernel/softirq.c:464 [inline]
 __local_bh_enable_ip+0x102/0x120 kernel/softirq.c:396
 spin_unlock_bh include/linux/spinlock.h:394 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:814 [inline]
 nsim_dev_trap_report_work+0x7ea/0xb20 drivers/net/netdevsim/dev.c:840
 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289
 worker_thread+0x598/0xec0 kernel/workqueue.c:2436
 kthread+0x299/0x340 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>