./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1328252054 <...> DUID 00:04:ce:8e:a7:1a:d5:92:ad:c3:fd:35:80:c9:2b:13:ab:38 forked to background, child pid 4650 [ 50.367999][ T4651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.379166][ T4651] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. execve("./syz-executor1328252054", ["./syz-executor1328252054"], 0x7ffcd992ac70 /* 10 vars */) = 0 brk(NULL) = 0x555555a4f000 brk(0x555555a4fc40) = 0x555555a4fc40 arch_prctl(ARCH_SET_FS, 0x555555a4f300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1328252054", 4096) = 28 brk(0x555555a70c40) = 0x555555a70c40 brk(0x555555a71000) = 0x555555a71000 mprotect(0x7f04b5a05000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x555555a4f5d0) = 5076 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5076] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5076] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5076] listen(3, 6) = 0 [pid 5076] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5076] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 5076] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 syzkaller login: [ 75.831310][ T5076] dccp_xmit_packet: Payload too large (65475) for featneg. [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5076] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x555555a4f5d0) = 5077 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5077] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5077] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5077] listen(3, 6) = 0 [pid 5077] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5077] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 5077] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 75.921253][ T5077] dccp_xmit_packet: Payload too large (65475) for featneg. [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 75.990377][ T5077] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 76.001745][ T5077] CPU: 0 PID: 5077 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 76.012211][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 76.022287][ T5077] Call Trace: [ 76.025582][ T5077] [ 76.028531][ T5077] dump_stack_lvl+0xd1/0x138 [ 76.033187][ T5077] ccid3_update_send_interval.cold+0x87/0x93 [ 76.039229][ T5077] ccid3_hc_tx_packet_sent+0x132/0x160 [ 76.044725][ T5077] ? ccid3_update_send_interval+0x120/0x120 [ 76.050667][ T5077] dccp_xmit_packet+0x2f2/0x750 [ 76.055572][ T5077] dccp_write_xmit+0x171/0x1d0 [ 76.060370][ T5077] dccp_sendmsg+0xaee/0xd30 [ 76.064922][ T5077] ? dccp_done+0x100/0x100 [ 76.069380][ T5077] ? aa_af_perm+0x240/0x240 [ 76.073932][ T5077] ? __import_iovec+0x1fb/0x610 [ 76.078828][ T5077] inet_sendmsg+0x9d/0xe0 [ 76.083192][ T5077] ? inet_send_prepare+0x4e0/0x4e0 [ 76.088348][ T5077] sock_sendmsg+0xde/0x190 [ 76.092803][ T5077] ____sys_sendmsg+0x71c/0x900 [ 76.097601][ T5077] ? copy_msghdr_from_user+0xfc/0x150 [ 76.103000][ T5077] ? kernel_sendmsg+0x50/0x50 [ 76.107735][ T5077] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.113779][ T5077] ___sys_sendmsg+0x110/0x1b0 [ 76.118526][ T5077] ? do_recvmmsg+0x6e0/0x6e0 [ 76.123176][ T5077] ? lock_release+0x810/0x810 [ 76.127893][ T5077] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 76.133132][ T5077] ? do_raw_spin_lock+0x124/0x2b0 [ 76.138211][ T5077] ? rwlock_bug.part.0+0x90/0x90 [ 76.143193][ T5077] ? _raw_spin_lock_irq+0x45/0x50 [ 76.148287][ T5077] ? __fget_light+0x20a/0x270 [ 76.153021][ T5077] __sys_sendmsg+0xf7/0x1c0 [ 76.157563][ T5077] ? __sys_sendmsg_sock+0x40/0x40 [ 76.162646][ T5077] ? lock_downgrade+0x6e0/0x6e0 [ 76.167562][ T5077] ? lockdep_hardirqs_on+0x7d/0x100 [ 76.172804][ T5077] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.178053][ T5077] ? ptrace_notify+0xfe/0x140 [ 76.182768][ T5077] do_syscall_64+0x39/0xb0 [ 76.187218][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.193148][ T5077] RIP: 0033:0x7f04b5997eb9 [ 76.197583][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.217220][ T5077] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.225667][ T5077] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9 [ 76.233677][ T5077] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 76.241675][ T5077] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 76.249699][ T5077] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 76.257693][ T5077] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 76.265707][ T5077] [ 76.276009][ T5077] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 76.287607][ T5077] CPU: 0 PID: 5077 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 76.298063][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 76.308153][ T5077] Call Trace: [ 76.311528][ T5077] [ 76.314478][ T5077] dump_stack_lvl+0xd1/0x138 [ 76.319123][ T5077] ccid3_update_send_interval.cold+0x87/0x93 [ 76.325138][ T5077] ccid3_hc_tx_packet_sent+0x132/0x160 [ 76.330654][ T5077] ? ccid3_update_send_interval+0x120/0x120 [ 76.336589][ T5077] dccp_xmit_packet+0x2f2/0x750 [ 76.341471][ T5077] dccp_write_xmit+0x171/0x1d0 [ 76.346272][ T5077] dccp_sendmsg+0xaee/0xd30 [ 76.350812][ T5077] ? dccp_done+0x100/0x100 [ 76.355275][ T5077] ? aa_af_perm+0x240/0x240 [ 76.359807][ T5077] ? __import_iovec+0x1fb/0x610 [ 76.364713][ T5077] inet_sendmsg+0x9d/0xe0 [ 76.369070][ T5077] ? inet_send_prepare+0x4e0/0x4e0 [ 76.374207][ T5077] sock_sendmsg+0xde/0x190 [ 76.378674][ T5077] ____sys_sendmsg+0x71c/0x900 [ 76.383491][ T5077] ? copy_msghdr_from_user+0xfc/0x150 [ 76.388896][ T5077] ? kernel_sendmsg+0x50/0x50 [ 76.393628][ T5077] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.399700][ T5077] ___sys_sendmsg+0x110/0x1b0 [ 76.404458][ T5077] ? do_recvmmsg+0x6e0/0x6e0 [ 76.409100][ T5077] ? lock_release+0x810/0x810 [ 76.413816][ T5077] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 76.419052][ T5077] ? do_raw_spin_lock+0x124/0x2b0 [ 76.424134][ T5077] ? rwlock_bug.part.0+0x90/0x90 [ 76.429104][ T5077] ? _raw_spin_lock_irq+0x45/0x50 [ 76.434187][ T5077] ? __fget_light+0x20a/0x270 [ 76.438912][ T5077] __sys_sendmsg+0xf7/0x1c0 [ 76.443461][ T5077] ? __sys_sendmsg_sock+0x40/0x40 [ 76.448519][ T5077] ? lock_downgrade+0x6e0/0x6e0 [ 76.453499][ T5077] ? lockdep_hardirqs_on+0x7d/0x100 [ 76.458743][ T5077] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.463986][ T5077] ? ptrace_notify+0xfe/0x140 [ 76.468704][ T5077] do_syscall_64+0x39/0xb0 [ 76.473161][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.479116][ T5077] RIP: 0033:0x7f04b5997eb9 [ 76.483561][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.503200][ T5077] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.511651][ T5077] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9 [ 76.519655][ T5077] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 76.527675][ T5077] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5078] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5078] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5078] listen(3, 6) = 0 [pid 5078] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5078] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [ 76.535674][ T5077] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 76.543676][ T5077] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 76.551705][ T5077] [pid 5078] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 76.587125][ T5078] dccp_xmit_packet: Payload too large (65475) for featneg. [ 76.638384][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 76.649648][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 76.660107][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 76.670201][ T5078] Call Trace: [ 76.673496][ T5078] [ 76.676439][ T5078] dump_stack_lvl+0xd1/0x138 [ 76.681071][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 76.687118][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 76.692601][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 76.698560][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 76.703506][ T5078] dccp_write_xmit+0x171/0x1d0 [ 76.708374][ T5078] dccp_sendmsg+0xaee/0xd30 [ 76.712976][ T5078] ? dccp_done+0x100/0x100 [ 76.717531][ T5078] ? aa_af_perm+0x240/0x240 [ 76.722109][ T5078] ? __import_iovec+0x1fb/0x610 [ 76.727015][ T5078] inet_sendmsg+0x9d/0xe0 [ 76.731555][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 76.736699][ T5078] sock_sendmsg+0xde/0x190 [ 76.741166][ T5078] ____sys_sendmsg+0x71c/0x900 [ 76.745983][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 76.751390][ T5078] ? kernel_sendmsg+0x50/0x50 [ 76.756115][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 76.762154][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 76.766858][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 76.771491][ T5078] ? lock_release+0x810/0x810 [ 76.776197][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 76.781423][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 76.786476][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 76.791543][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 76.796608][ T5078] ? __fget_light+0x20a/0x270 [ 76.801330][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 76.805865][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 76.810931][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 76.815822][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 76.821051][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.826288][ T5078] ? ptrace_notify+0xfe/0x140 [ 76.830997][ T5078] do_syscall_64+0x39/0xb0 [ 76.835456][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.841384][ T5078] RIP: 0033:0x7f04b5997eb9 [ 76.845819][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.865534][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.873997][ T5078] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 76.881993][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 76.889989][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 76.897997][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 76.906078][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 76.914291][ T5078] [ 76.922910][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 76.934336][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 76.944820][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 76.954910][ T5078] Call Trace: [ 76.958207][ T5078] [ 76.961171][ T5078] dump_stack_lvl+0xd1/0x138 [ 76.965799][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 76.971812][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 76.977306][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 76.983266][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 76.988190][ T5078] dccp_write_xmit+0x171/0x1d0 [ 76.993011][ T5078] dccp_sendmsg+0xaee/0xd30 [ 76.997567][ T5078] ? dccp_done+0x100/0x100 [ 77.002036][ T5078] ? aa_af_perm+0x240/0x240 [ 77.006573][ T5078] ? __import_iovec+0x1fb/0x610 [ 77.011461][ T5078] inet_sendmsg+0x9d/0xe0 [ 77.015837][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 77.020964][ T5078] sock_sendmsg+0xde/0x190 [ 77.025494][ T5078] ____sys_sendmsg+0x71c/0x900 [ 77.030299][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 77.035691][ T5078] ? kernel_sendmsg+0x50/0x50 [ 77.040403][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 77.046446][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 77.051165][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 77.055796][ T5078] ? lock_release+0x810/0x810 [ 77.060511][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 77.065738][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 77.070784][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 77.075741][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 77.080819][ T5078] ? __fget_light+0x20a/0x270 [ 77.085537][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 77.090063][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 77.095115][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 77.100000][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.105315][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.110577][ T5078] ? ptrace_notify+0xfe/0x140 [ 77.115306][ T5078] do_syscall_64+0x39/0xb0 [ 77.119751][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.125678][ T5078] RIP: 0033:0x7f04b5997eb9 [ 77.130114][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.150538][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.158991][ T5078] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9 [ 77.166999][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 77.175088][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 77.183101][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 77.191206][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 77.199228][ T5078] [ 77.205050][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 77.216322][ T5078] CPU: 1 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 77.226766][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 77.236852][ T5078] Call Trace: [ 77.240159][ T5078] [ 77.243114][ T5078] dump_stack_lvl+0xd1/0x138 [ 77.247762][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 77.253769][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 77.259264][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 77.265226][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 77.270327][ T5078] dccp_write_xmit+0x171/0x1d0 [ 77.275146][ T5078] dccp_sendmsg+0xaee/0xd30 [ 77.279710][ T5078] ? dccp_done+0x100/0x100 [ 77.284178][ T5078] ? aa_af_perm+0x240/0x240 [ 77.288715][ T5078] ? __import_iovec+0x1fb/0x610 [ 77.293620][ T5078] inet_sendmsg+0x9d/0xe0 [ 77.298004][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 77.303164][ T5078] sock_sendmsg+0xde/0x190 [ 77.307675][ T5078] ____sys_sendmsg+0x71c/0x900 [ 77.312502][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 77.317945][ T5078] ? kernel_sendmsg+0x50/0x50 [ 77.322671][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 77.328694][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 77.333397][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 77.338052][ T5078] ? lock_release+0x810/0x810 [ 77.342855][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 77.348113][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 77.353173][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 77.358147][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 77.363222][ T5078] ? __fget_light+0x20a/0x270 [ 77.367968][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 77.372524][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 77.377567][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 77.382471][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.387732][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.392962][ T5078] ? ptrace_notify+0xfe/0x140 [ 77.397674][ T5078] do_syscall_64+0x39/0xb0 [ 77.402120][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.408087][ T5078] RIP: 0033:0x7f04b5997eb9 [ 77.412544][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.432202][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 77.440645][ T5078] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9 [ 77.448637][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 77.456623][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 77.464608][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 77.472616][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 77.480652][ T5078] [ 77.488573][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 77.500178][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 77.510616][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 77.520684][ T5078] Call Trace: [ 77.523969][ T5078] [ 77.526925][ T5078] dump_stack_lvl+0xd1/0x138 [ 77.531547][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 77.537549][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 77.543029][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 77.548942][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 77.553829][ T5078] dccp_write_xmit+0x171/0x1d0 [ 77.558620][ T5078] dccp_sendmsg+0xaee/0xd30 [ 77.563173][ T5078] ? dccp_done+0x100/0x100 [ 77.567617][ T5078] ? aa_af_perm+0x240/0x240 [ 77.572147][ T5078] ? __import_iovec+0x1fb/0x610 [ 77.577025][ T5078] inet_sendmsg+0x9d/0xe0 [ 77.581395][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 77.586523][ T5078] sock_sendmsg+0xde/0x190 [ 77.590968][ T5078] ____sys_sendmsg+0x71c/0x900 [ 77.595781][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 77.601182][ T5078] ? kernel_sendmsg+0x50/0x50 [ 77.605927][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 77.611963][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 77.616667][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 77.621340][ T5078] ? lock_release+0x810/0x810 [ 77.626048][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 77.631376][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 77.636437][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 77.641408][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 77.646499][ T5078] ? __fget_light+0x20a/0x270 [ 77.651236][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 77.655767][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 77.660829][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 77.665835][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.671085][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.676331][ T5078] ? ptrace_notify+0xfe/0x140 [ 77.681038][ T5078] do_syscall_64+0x39/0xb0 [ 77.685482][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.691499][ T5078] RIP: 0033:0x7f04b5997eb9 [ 77.695937][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.715659][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.724117][ T5078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9 [ 77.732136][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 77.740133][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 77.748134][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 77.756131][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 77.764157][ T5078] [ 77.769967][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 77.781247][ T5078] CPU: 1 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 77.791714][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 77.801795][ T5078] Call Trace: [ 77.805088][ T5078] [ 77.808027][ T5078] dump_stack_lvl+0xd1/0x138 [ 77.812646][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 77.818668][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 77.824147][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 77.830066][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 77.834971][ T5078] dccp_write_xmit+0x171/0x1d0 [ 77.839794][ T5078] dccp_sendmsg+0xaee/0xd30 [ 77.844335][ T5078] ? dccp_done+0x100/0x100 [ 77.848785][ T5078] ? aa_af_perm+0x240/0x240 [ 77.853322][ T5078] ? __import_iovec+0x1fb/0x610 [ 77.858205][ T5078] inet_sendmsg+0x9d/0xe0 [ 77.862827][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 77.867980][ T5078] sock_sendmsg+0xde/0x190 [ 77.872429][ T5078] ____sys_sendmsg+0x71c/0x900 [ 77.877228][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 77.882627][ T5078] ? kernel_sendmsg+0x50/0x50 [ 77.887360][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 77.893416][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 77.898120][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 77.902767][ T5078] ? lock_release+0x810/0x810 [ 77.907479][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 77.912727][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 77.917789][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 77.922782][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 77.927846][ T5078] ? __fget_light+0x20a/0x270 [ 77.932578][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 77.937142][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 77.942209][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 77.947086][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 77.952348][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 77.957587][ T5078] ? ptrace_notify+0xfe/0x140 [ 77.962312][ T5078] do_syscall_64+0x39/0xb0 [ 77.966753][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.972675][ T5078] RIP: 0033:0x7f04b5997eb9 [ 77.977106][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.996746][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.005187][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9 [ 78.013177][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 78.021166][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 78.029275][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 78.037302][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 78.045329][ T5078] [ 78.051135][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 78.062456][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 78.072932][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 78.083025][ T5078] Call Trace: [ 78.086333][ T5078] [ 78.089277][ T5078] dump_stack_lvl+0xd1/0x138 [ 78.093906][ T5078] ccid3_update_send_interval.cold+0x87/0x93 [ 78.099935][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160 [ 78.105420][ T5078] ? ccid3_update_send_interval+0x120/0x120 [ 78.111359][ T5078] dccp_xmit_packet+0x2f2/0x750 [ 78.116272][ T5078] dccp_write_xmit+0x171/0x1d0 [ 78.121077][ T5078] dccp_sendmsg+0xaee/0xd30 [ 78.125663][ T5078] ? dccp_done+0x100/0x100 [ 78.130147][ T5078] ? aa_af_perm+0x240/0x240 [ 78.134724][ T5078] ? __import_iovec+0x1fb/0x610 [ 78.139646][ T5078] inet_sendmsg+0x9d/0xe0 [ 78.144003][ T5078] ? inet_send_prepare+0x4e0/0x4e0 [ 78.149139][ T5078] sock_sendmsg+0xde/0x190 [ 78.153594][ T5078] ____sys_sendmsg+0x71c/0x900 [ 78.158400][ T5078] ? copy_msghdr_from_user+0xfc/0x150 [ 78.163800][ T5078] ? kernel_sendmsg+0x50/0x50 [ 78.168536][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 78.174576][ T5078] ___sys_sendmsg+0x110/0x1b0 [ 78.179283][ T5078] ? do_recvmmsg+0x6e0/0x6e0 [ 78.183919][ T5078] ? lock_release+0x810/0x810 [ 78.188624][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 78.193854][ T5078] ? do_raw_spin_lock+0x124/0x2b0 [ 78.198910][ T5078] ? rwlock_bug.part.0+0x90/0x90 [ 78.203876][ T5078] ? _raw_spin_lock_irq+0x45/0x50 [ 78.208948][ T5078] ? __fget_light+0x20a/0x270 [ 78.213674][ T5078] __sys_sendmsg+0xf7/0x1c0 [ 78.218203][ T5078] ? __sys_sendmsg_sock+0x40/0x40 [ 78.223253][ T5078] ? lock_downgrade+0x6e0/0x6e0 [ 78.228142][ T5078] ? lockdep_hardirqs_on+0x7d/0x100 [ 78.233429][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50 [ 78.238710][ T5078] ? ptrace_notify+0xfe/0x140 [ 78.243437][ T5078] do_syscall_64+0x39/0xb0 [ 78.247890][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.253843][ T5078] RIP: 0033:0x7f04b5997eb9 [ 78.258308][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 78.278164][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.286615][ T5078] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9 [pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5079] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5079] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5079] listen(3, 6) = 0 [pid 5079] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5079] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [ 78.294627][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 78.302640][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 78.310653][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 78.318656][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 78.326675][ T5078] [pid 5079] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 78.351837][ T5079] dccp_xmit_packet: Payload too large (65475) for featneg. [ 78.412248][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 78.423834][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 78.434329][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 78.444422][ T5079] Call Trace: [ 78.447744][ T5079] [ 78.450709][ T5079] dump_stack_lvl+0xd1/0x138 [ 78.455359][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 78.461371][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 78.466864][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 78.472820][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 78.477749][ T5079] dccp_write_xmit+0x171/0x1d0 [ 78.482552][ T5079] dccp_sendmsg+0xaee/0xd30 [ 78.487099][ T5079] ? dccp_done+0x100/0x100 [ 78.491556][ T5079] ? aa_af_perm+0x240/0x240 [ 78.496123][ T5079] ? __import_iovec+0x1fb/0x610 [ 78.501033][ T5079] inet_sendmsg+0x9d/0xe0 [ 78.505390][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 78.510530][ T5079] sock_sendmsg+0xde/0x190 [ 78.514988][ T5079] ____sys_sendmsg+0x71c/0x900 [ 78.519788][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 78.525187][ T5079] ? kernel_sendmsg+0x50/0x50 [ 78.529906][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 78.535963][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 78.540673][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 78.545388][ T5079] ? lock_release+0x810/0x810 [ 78.550096][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 78.555319][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 78.560369][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 78.565334][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 78.570413][ T5079] ? __fget_light+0x20a/0x270 [ 78.575131][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 78.579657][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 78.584717][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 78.589606][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 78.594840][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 78.600082][ T5079] ? ptrace_notify+0xfe/0x140 [ 78.604790][ T5079] do_syscall_64+0x39/0xb0 [ 78.609240][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.615286][ T5079] RIP: 0033:0x7f04b5997eb9 [ 78.619727][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 78.639377][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.647909][ T5079] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 78.655902][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 78.663892][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 78.671885][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 78.679873][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 78.687892][ T5079] [ 78.693061][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 78.704748][ T5079] CPU: 0 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 78.715201][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 78.725365][ T5079] Call Trace: [ 78.728669][ T5079] [ 78.731629][ T5079] dump_stack_lvl+0xd1/0x138 [ 78.736258][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 78.742302][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 78.747809][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 78.753728][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 78.758619][ T5079] dccp_write_xmit+0x171/0x1d0 [ 78.763439][ T5079] dccp_sendmsg+0xaee/0xd30 [ 78.768023][ T5079] ? dccp_done+0x100/0x100 [ 78.772504][ T5079] ? aa_af_perm+0x240/0x240 [ 78.777071][ T5079] ? __import_iovec+0x1fb/0x610 [ 78.781962][ T5079] inet_sendmsg+0x9d/0xe0 [ 78.786332][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 78.791469][ T5079] sock_sendmsg+0xde/0x190 [ 78.795954][ T5079] ____sys_sendmsg+0x71c/0x900 [ 78.800765][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 78.806164][ T5079] ? kernel_sendmsg+0x50/0x50 [ 78.810900][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 78.816935][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 78.821644][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 78.826267][ T5079] ? lock_release+0x810/0x810 [ 78.830962][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 78.836186][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 78.841249][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 78.846232][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 78.851301][ T5079] ? __fget_light+0x20a/0x270 [ 78.856022][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 78.860548][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 78.865607][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 78.870514][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 78.875747][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 78.880981][ T5079] ? ptrace_notify+0xfe/0x140 [ 78.885701][ T5079] do_syscall_64+0x39/0xb0 [ 78.890143][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 78.896160][ T5079] RIP: 0033:0x7f04b5997eb9 [ 78.900594][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 78.920229][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.928672][ T5079] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9 [ 78.936667][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 78.944659][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 78.952659][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 78.960652][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 78.968682][ T5079] [ 78.973539][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 78.984928][ T5079] CPU: 0 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 78.995383][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 79.005466][ T5079] Call Trace: [ 79.008785][ T5079] [ 79.011757][ T5079] dump_stack_lvl+0xd1/0x138 [ 79.016427][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 79.022505][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 79.028026][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 79.033976][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 79.038874][ T5079] dccp_write_xmit+0x171/0x1d0 [ 79.043686][ T5079] dccp_sendmsg+0xaee/0xd30 [ 79.048270][ T5079] ? dccp_done+0x100/0x100 [ 79.052726][ T5079] ? aa_af_perm+0x240/0x240 [ 79.057269][ T5079] ? __import_iovec+0x1fb/0x610 [ 79.062165][ T5079] inet_sendmsg+0x9d/0xe0 [ 79.066524][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 79.071677][ T5079] sock_sendmsg+0xde/0x190 [ 79.076216][ T5079] ____sys_sendmsg+0x71c/0x900 [ 79.081045][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 79.086462][ T5079] ? kernel_sendmsg+0x50/0x50 [ 79.091229][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.097274][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 79.102065][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 79.106726][ T5079] ? lock_release+0x810/0x810 [ 79.111445][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 79.116704][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 79.121771][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 79.126751][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 79.131836][ T5079] ? __fget_light+0x20a/0x270 [ 79.136581][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 79.141139][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 79.146218][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 79.151113][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.156354][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.161598][ T5079] ? ptrace_notify+0xfe/0x140 [ 79.166311][ T5079] do_syscall_64+0x39/0xb0 [ 79.170756][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.176681][ T5079] RIP: 0033:0x7f04b5997eb9 [ 79.181133][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.200781][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 79.209281][ T5079] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9 [ 79.217302][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 79.225303][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 79.233319][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 79.241331][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 79.249355][ T5079] [ 79.257741][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 79.269180][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 79.279631][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 79.289731][ T5079] Call Trace: [ 79.293038][ T5079] [ 79.296013][ T5079] dump_stack_lvl+0xd1/0x138 [ 79.300696][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 79.306740][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 79.312241][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 79.318192][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 79.323115][ T5079] dccp_write_xmit+0x171/0x1d0 [ 79.327923][ T5079] dccp_sendmsg+0xaee/0xd30 [ 79.332466][ T5079] ? dccp_done+0x100/0x100 [ 79.336914][ T5079] ? aa_af_perm+0x240/0x240 [ 79.341457][ T5079] ? __import_iovec+0x1fb/0x610 [ 79.346357][ T5079] inet_sendmsg+0x9d/0xe0 [ 79.350757][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 79.355932][ T5079] sock_sendmsg+0xde/0x190 [ 79.360385][ T5079] ____sys_sendmsg+0x71c/0x900 [ 79.365191][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 79.370612][ T5079] ? kernel_sendmsg+0x50/0x50 [ 79.375331][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.381353][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 79.386071][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 79.390699][ T5079] ? lock_release+0x810/0x810 [ 79.395445][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 79.400673][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 79.405722][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 79.410690][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 79.415779][ T5079] ? __fget_light+0x20a/0x270 [ 79.420487][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 79.425013][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 79.430071][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 79.434947][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.440196][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.445448][ T5079] ? ptrace_notify+0xfe/0x140 [ 79.450175][ T5079] do_syscall_64+0x39/0xb0 [ 79.454633][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.460582][ T5079] RIP: 0033:0x7f04b5997eb9 [ 79.465013][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.484759][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.493229][ T5079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9 [ 79.501323][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 79.509345][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 79.517362][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 79.525398][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 79.533427][ T5079] [ 79.542013][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 79.553235][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 79.563666][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 79.573733][ T5079] Call Trace: [ 79.577033][ T5079] [ 79.579988][ T5079] dump_stack_lvl+0xd1/0x138 [ 79.584617][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 79.590642][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 79.596133][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 79.602082][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 79.606988][ T5079] dccp_write_xmit+0x171/0x1d0 [ 79.611787][ T5079] dccp_sendmsg+0xaee/0xd30 [ 79.616337][ T5079] ? dccp_done+0x100/0x100 [ 79.620802][ T5079] ? aa_af_perm+0x240/0x240 [ 79.625386][ T5079] ? __import_iovec+0x1fb/0x610 [ 79.630287][ T5079] inet_sendmsg+0x9d/0xe0 [ 79.634638][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 79.639772][ T5079] sock_sendmsg+0xde/0x190 [ 79.644225][ T5079] ____sys_sendmsg+0x71c/0x900 [ 79.649035][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 79.654451][ T5079] ? kernel_sendmsg+0x50/0x50 [ 79.659189][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.665262][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 79.670000][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 79.674621][ T5079] ? lock_release+0x810/0x810 [ 79.679340][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 79.684576][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 79.689622][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 79.694589][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 79.699685][ T5079] ? __fget_light+0x20a/0x270 [ 79.704396][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 79.708928][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 79.713994][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 79.718900][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 79.724129][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 79.729397][ T5079] ? ptrace_notify+0xfe/0x140 [ 79.734104][ T5079] do_syscall_64+0x39/0xb0 [ 79.738572][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.744498][ T5079] RIP: 0033:0x7f04b5997eb9 [ 79.748929][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 79.768570][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.777032][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9 [ 79.785038][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 79.793053][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 79.801073][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 79.809084][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 79.817090][ T5079] [ 79.823677][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 79.835100][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 79.845534][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 79.855607][ T5079] Call Trace: [ 79.858896][ T5079] [ 79.861844][ T5079] dump_stack_lvl+0xd1/0x138 [ 79.866476][ T5079] ccid3_update_send_interval.cold+0x87/0x93 [ 79.872505][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160 [ 79.877988][ T5079] ? ccid3_update_send_interval+0x120/0x120 [ 79.883908][ T5079] dccp_xmit_packet+0x2f2/0x750 [ 79.888800][ T5079] dccp_write_xmit+0x171/0x1d0 [ 79.893633][ T5079] dccp_sendmsg+0xaee/0xd30 [ 79.898196][ T5079] ? dccp_done+0x100/0x100 [ 79.902637][ T5079] ? aa_af_perm+0x240/0x240 [ 79.907173][ T5079] ? __import_iovec+0x1fb/0x610 [ 79.912063][ T5079] inet_sendmsg+0x9d/0xe0 [ 79.916415][ T5079] ? inet_send_prepare+0x4e0/0x4e0 [ 79.921563][ T5079] sock_sendmsg+0xde/0x190 [ 79.926056][ T5079] ____sys_sendmsg+0x71c/0x900 [ 79.930867][ T5079] ? copy_msghdr_from_user+0xfc/0x150 [ 79.936265][ T5079] ? kernel_sendmsg+0x50/0x50 [ 79.941043][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 79.947064][ T5079] ___sys_sendmsg+0x110/0x1b0 [ 79.951762][ T5079] ? do_recvmmsg+0x6e0/0x6e0 [ 79.956382][ T5079] ? lock_release+0x810/0x810 [ 79.961110][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 79.966355][ T5079] ? do_raw_spin_lock+0x124/0x2b0 [ 79.971414][ T5079] ? rwlock_bug.part.0+0x90/0x90 [ 79.976414][ T5079] ? _raw_spin_lock_irq+0x45/0x50 [ 79.981476][ T5079] ? __fget_light+0x20a/0x270 [ 79.986195][ T5079] __sys_sendmsg+0xf7/0x1c0 [ 79.990739][ T5079] ? __sys_sendmsg_sock+0x40/0x40 [ 79.995782][ T5079] ? lock_downgrade+0x6e0/0x6e0 [ 80.000686][ T5079] ? lockdep_hardirqs_on+0x7d/0x100 [ 80.005955][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.011197][ T5079] ? ptrace_notify+0xfe/0x140 [ 80.015932][ T5079] do_syscall_64+0x39/0xb0 [ 80.020366][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.026284][ T5079] RIP: 0033:0x7f04b5997eb9 [ 80.030714][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.050343][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.058777][ T5079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9 [pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5080] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5080] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5080] listen(3, 6) = 0 [pid 5080] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5080] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [ 80.066771][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 80.074774][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 80.082779][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 80.090777][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 80.098810][ T5079] [pid 5080] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 80.121909][ T5080] dccp_xmit_packet: Payload too large (65475) for featneg. [ 80.180370][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 80.191609][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 80.202038][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 80.212137][ T5080] Call Trace: [ 80.215440][ T5080] [ 80.218393][ T5080] dump_stack_lvl+0xd1/0x138 [ 80.223037][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 80.229059][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 80.234549][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 80.240472][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 80.245369][ T5080] dccp_write_xmit+0x171/0x1d0 [ 80.250211][ T5080] dccp_sendmsg+0xaee/0xd30 [ 80.254777][ T5080] ? dccp_done+0x100/0x100 [ 80.259248][ T5080] ? aa_af_perm+0x240/0x240 [ 80.263817][ T5080] ? __import_iovec+0x1fb/0x610 [ 80.268719][ T5080] inet_sendmsg+0x9d/0xe0 [ 80.273085][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 80.278227][ T5080] sock_sendmsg+0xde/0x190 [ 80.282688][ T5080] ____sys_sendmsg+0x71c/0x900 [ 80.287489][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 80.292902][ T5080] ? kernel_sendmsg+0x50/0x50 [ 80.297624][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 80.303660][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 80.308390][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 80.313031][ T5080] ? lock_release+0x810/0x810 [ 80.317747][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 80.322972][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 80.328079][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 80.333048][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 80.338138][ T5080] ? __fget_light+0x20a/0x270 [ 80.342855][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 80.347469][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 80.352520][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 80.357408][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 80.362641][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.367878][ T5080] ? ptrace_notify+0xfe/0x140 [ 80.372585][ T5080] do_syscall_64+0x39/0xb0 [ 80.377024][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.382950][ T5080] RIP: 0033:0x7f04b5997eb9 [ 80.387393][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.407022][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.415467][ T5080] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f04b5997eb9 [ 80.423452][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 80.431439][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 80.439437][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 80.447437][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 80.455452][ T5080] [ 80.464205][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 80.475752][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 80.486269][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 80.496334][ T5080] Call Trace: [ 80.499613][ T5080] [ 80.502546][ T5080] dump_stack_lvl+0xd1/0x138 [ 80.507170][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 80.513171][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 80.518657][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 80.524569][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 80.529448][ T5080] dccp_write_xmit+0x171/0x1d0 [ 80.534236][ T5080] dccp_sendmsg+0xaee/0xd30 [ 80.538770][ T5080] ? dccp_done+0x100/0x100 [ 80.543221][ T5080] ? aa_af_perm+0x240/0x240 [ 80.547761][ T5080] ? __import_iovec+0x1fb/0x610 [ 80.552638][ T5080] inet_sendmsg+0x9d/0xe0 [ 80.556983][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 80.562111][ T5080] sock_sendmsg+0xde/0x190 [ 80.566576][ T5080] ____sys_sendmsg+0x71c/0x900 [ 80.571361][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 80.576745][ T5080] ? kernel_sendmsg+0x50/0x50 [ 80.581451][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 80.587477][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 80.592168][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 80.596782][ T5080] ? lock_release+0x810/0x810 [ 80.601499][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 80.606719][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 80.611759][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 80.616711][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 80.621784][ T5080] ? __fget_light+0x20a/0x270 [ 80.626503][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 80.631044][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 80.636088][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 80.640983][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 80.646235][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.651474][ T5080] ? ptrace_notify+0xfe/0x140 [ 80.656173][ T5080] do_syscall_64+0x39/0xb0 [ 80.660610][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.666531][ T5080] RIP: 0033:0x7f04b5997eb9 [ 80.670969][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.690691][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.699130][ T5080] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9 [ 80.707133][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 80.715119][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 80.723100][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 80.731092][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 80.739119][ T5080] [ 80.744706][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 80.755946][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 80.766378][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 80.776453][ T5080] Call Trace: [ 80.779754][ T5080] [ 80.782709][ T5080] dump_stack_lvl+0xd1/0x138 [ 80.787357][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 80.793395][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 80.798918][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 80.804834][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 80.809724][ T5080] dccp_write_xmit+0x171/0x1d0 [ 80.814540][ T5080] dccp_sendmsg+0xaee/0xd30 [ 80.819096][ T5080] ? dccp_done+0x100/0x100 [ 80.823544][ T5080] ? aa_af_perm+0x240/0x240 [ 80.828110][ T5080] ? __import_iovec+0x1fb/0x610 [ 80.832993][ T5080] inet_sendmsg+0x9d/0xe0 [ 80.837388][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 80.842523][ T5080] sock_sendmsg+0xde/0x190 [ 80.846989][ T5080] ____sys_sendmsg+0x71c/0x900 [ 80.851780][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 80.857187][ T5080] ? kernel_sendmsg+0x50/0x50 [ 80.861963][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 80.868006][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 80.872720][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 80.877369][ T5080] ? lock_release+0x810/0x810 [ 80.882063][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 80.887299][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 80.892364][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 80.897332][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 80.902418][ T5080] ? __fget_light+0x20a/0x270 [ 80.907127][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 80.911649][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 80.916715][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 80.921609][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 80.926839][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 80.932095][ T5080] ? ptrace_notify+0xfe/0x140 [ 80.936790][ T5080] do_syscall_64+0x39/0xb0 [ 80.941247][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.947171][ T5080] RIP: 0033:0x7f04b5997eb9 [ 80.951600][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.971849][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 80.980315][ T5080] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9 [ 80.988418][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 80.996442][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 81.004445][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 81.012442][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 81.020456][ T5080] [ 81.027578][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 81.038800][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 81.049233][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 81.059391][ T5080] Call Trace: [ 81.062684][ T5080] [ 81.065628][ T5080] dump_stack_lvl+0xd1/0x138 [ 81.070277][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 81.076310][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 81.081786][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 81.087700][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 81.092619][ T5080] dccp_write_xmit+0x171/0x1d0 [ 81.097449][ T5080] dccp_sendmsg+0xaee/0xd30 [ 81.101994][ T5080] ? dccp_done+0x100/0x100 [ 81.106445][ T5080] ? aa_af_perm+0x240/0x240 [ 81.110990][ T5080] ? __import_iovec+0x1fb/0x610 [ 81.115875][ T5080] inet_sendmsg+0x9d/0xe0 [ 81.120242][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 81.125390][ T5080] sock_sendmsg+0xde/0x190 [ 81.129869][ T5080] ____sys_sendmsg+0x71c/0x900 [ 81.134688][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 81.140095][ T5080] ? kernel_sendmsg+0x50/0x50 [ 81.144842][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.150860][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 81.155555][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 81.160173][ T5080] ? lock_release+0x810/0x810 [ 81.164878][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 81.170118][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 81.175190][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 81.180175][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 81.185225][ T5080] ? __fget_light+0x20a/0x270 [ 81.189940][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 81.194483][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 81.199579][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 81.204468][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.209711][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.214934][ T5080] ? ptrace_notify+0xfe/0x140 [ 81.219626][ T5080] do_syscall_64+0x39/0xb0 [ 81.224064][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.229996][ T5080] RIP: 0033:0x7f04b5997eb9 [ 81.234420][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.254055][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.262510][ T5080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9 [ 81.270502][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 81.278503][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 81.286501][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 81.294501][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 81.302519][ T5080] [ 81.308991][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 81.320288][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 81.330743][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 81.340827][ T5080] Call Trace: [ 81.344134][ T5080] [ 81.347075][ T5080] dump_stack_lvl+0xd1/0x138 [ 81.351700][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 81.357734][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 81.363225][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 81.369197][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 81.374130][ T5080] dccp_write_xmit+0x171/0x1d0 [ 81.378928][ T5080] dccp_sendmsg+0xaee/0xd30 [ 81.383474][ T5080] ? dccp_done+0x100/0x100 [ 81.387917][ T5080] ? aa_af_perm+0x240/0x240 [ 81.392459][ T5080] ? __import_iovec+0x1fb/0x610 [ 81.397358][ T5080] inet_sendmsg+0x9d/0xe0 [ 81.401740][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 81.406890][ T5080] sock_sendmsg+0xde/0x190 [ 81.411333][ T5080] ____sys_sendmsg+0x71c/0x900 [ 81.416125][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 81.421526][ T5080] ? kernel_sendmsg+0x50/0x50 [ 81.426238][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.432269][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 81.436991][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 81.441637][ T5080] ? lock_release+0x810/0x810 [ 81.446336][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 81.451569][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 81.456626][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 81.461590][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 81.466656][ T5080] ? __fget_light+0x20a/0x270 [ 81.471385][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 81.475928][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 81.481002][ T5080] ? asm_common_interrupt+0x26/0x40 [ 81.486284][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.491523][ T5080] ? ptrace_notify+0xfe/0x140 [ 81.496231][ T5080] do_syscall_64+0x39/0xb0 [ 81.500677][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.506603][ T5080] RIP: 0033:0x7f04b5997eb9 [ 81.511047][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 81.530677][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.539116][ T5080] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9 [ 81.547110][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 81.555099][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 81.563110][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 81.571197][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 81.579226][ T5080] [ 81.584733][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 81.595972][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 81.606410][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 81.616486][ T5080] Call Trace: [ 81.619771][ T5080] [ 81.622711][ T5080] dump_stack_lvl+0xd1/0x138 [ 81.627338][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 81.633389][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 81.638894][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 81.644815][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 81.649725][ T5080] dccp_write_xmit+0x171/0x1d0 [ 81.654547][ T5080] dccp_sendmsg+0xaee/0xd30 [ 81.659134][ T5080] ? dccp_done+0x100/0x100 [ 81.663614][ T5080] ? aa_af_perm+0x240/0x240 [ 81.668261][ T5080] ? __import_iovec+0x1fb/0x610 [ 81.673151][ T5080] inet_sendmsg+0x9d/0xe0 [ 81.677540][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 81.682681][ T5080] sock_sendmsg+0xde/0x190 [ 81.687163][ T5080] ____sys_sendmsg+0x71c/0x900 [ 81.692002][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 81.697741][ T5080] ? kernel_sendmsg+0x50/0x50 [ 81.702457][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.708477][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 81.713196][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 81.717835][ T5080] ? lock_release+0x810/0x810 [ 81.722554][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 81.727796][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 81.732853][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 81.737828][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 81.742889][ T5080] ? __fget_light+0x20a/0x270 [ 81.747613][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 81.752172][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 81.757287][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 81.762181][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.767430][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 81.772666][ T5080] ? ptrace_notify+0xfe/0x140 [ 81.777404][ T5080] do_syscall_64+0x39/0xb0 [ 81.781874][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.787835][ T5080] RIP: 0033:0x7f04b5997eb9 [ 81.792282][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 81.811913][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.820448][ T5080] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9 [ 81.828441][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 81.836437][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 81.844421][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 81.852436][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 81.860461][ T5080] [ 81.867711][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 81.878957][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 81.889431][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 81.899550][ T5080] Call Trace: [ 81.902855][ T5080] [ 81.905826][ T5080] dump_stack_lvl+0xd1/0x138 [ 81.910490][ T5080] ccid3_update_send_interval.cold+0x87/0x93 [ 81.916542][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160 [ 81.922034][ T5080] ? ccid3_update_send_interval+0x120/0x120 [ 81.928000][ T5080] dccp_xmit_packet+0x2f2/0x750 [ 81.932926][ T5080] dccp_write_xmit+0x171/0x1d0 [ 81.937745][ T5080] dccp_sendmsg+0xaee/0xd30 [ 81.942287][ T5080] ? dccp_done+0x100/0x100 [ 81.946735][ T5080] ? aa_af_perm+0x240/0x240 [ 81.951272][ T5080] ? __import_iovec+0x1fb/0x610 [ 81.956173][ T5080] inet_sendmsg+0x9d/0xe0 [ 81.960562][ T5080] ? inet_send_prepare+0x4e0/0x4e0 [ 81.965718][ T5080] sock_sendmsg+0xde/0x190 [ 81.970180][ T5080] ____sys_sendmsg+0x71c/0x900 [ 81.974977][ T5080] ? copy_msghdr_from_user+0xfc/0x150 [ 81.980367][ T5080] ? kernel_sendmsg+0x50/0x50 [ 81.985092][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 81.991122][ T5080] ___sys_sendmsg+0x110/0x1b0 [ 81.995829][ T5080] ? do_recvmmsg+0x6e0/0x6e0 [ 82.000458][ T5080] ? lock_release+0x810/0x810 [ 82.005158][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 82.010390][ T5080] ? do_raw_spin_lock+0x124/0x2b0 [ 82.015448][ T5080] ? rwlock_bug.part.0+0x90/0x90 [ 82.020414][ T5080] ? _raw_spin_lock_irq+0x45/0x50 [ 82.025480][ T5080] ? __fget_light+0x20a/0x270 [ 82.030195][ T5080] __sys_sendmsg+0xf7/0x1c0 [ 82.034725][ T5080] ? __sys_sendmsg_sock+0x40/0x40 [ 82.039776][ T5080] ? lock_downgrade+0x6e0/0x6e0 [ 82.044682][ T5080] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.049916][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.055153][ T5080] ? ptrace_notify+0xfe/0x140 [ 82.059866][ T5080] do_syscall_64+0x39/0xb0 [ 82.064336][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.070290][ T5080] RIP: 0033:0x7f04b5997eb9 [ 82.074726][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 82.094358][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.102807][ T5080] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9 [ 82.110804][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 82.118807][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 82.126804][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5081] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5081] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5081] listen(3, 6) = 0 [pid 5081] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5081] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 5081] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 82.134799][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 82.142811][ T5080] [ 82.175693][ T5081] dccp_xmit_packet: Payload too large (65475) for featneg. [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 82.234642][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 82.246069][ T5081] CPU: 1 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 82.256541][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 82.266629][ T5081] Call Trace: [ 82.269922][ T5081] [ 82.272865][ T5081] dump_stack_lvl+0xd1/0x138 [ 82.277505][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 82.283573][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 82.289073][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 82.295003][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 82.299907][ T5081] dccp_write_xmit+0x171/0x1d0 [ 82.304733][ T5081] dccp_sendmsg+0xaee/0xd30 [ 82.309278][ T5081] ? dccp_done+0x100/0x100 [ 82.313725][ T5081] ? aa_af_perm+0x240/0x240 [ 82.318258][ T5081] ? __import_iovec+0x1fb/0x610 [ 82.323164][ T5081] inet_sendmsg+0x9d/0xe0 [ 82.327648][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 82.332819][ T5081] sock_sendmsg+0xde/0x190 [ 82.337298][ T5081] ____sys_sendmsg+0x71c/0x900 [ 82.342115][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 82.347561][ T5081] ? kernel_sendmsg+0x50/0x50 [ 82.352309][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.358361][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 82.363091][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 82.367729][ T5081] ? lock_release+0x810/0x810 [ 82.372469][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 82.377719][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 82.382780][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 82.387743][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 82.392836][ T5081] ? __fget_light+0x20a/0x270 [ 82.397694][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 82.402228][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 82.407279][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 82.412207][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.417478][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.422733][ T5081] ? ptrace_notify+0xfe/0x140 [ 82.427461][ T5081] do_syscall_64+0x39/0xb0 [ 82.431906][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.437832][ T5081] RIP: 0033:0x7f04b5997eb9 [ 82.442269][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 82.461902][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.470354][ T5081] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007f04b5997eb9 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 82.478396][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 82.486386][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 82.494475][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 82.502465][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 82.510596][ T5081] [ 82.515678][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 82.527429][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 82.537882][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 82.547949][ T5081] Call Trace: [ 82.551240][ T5081] [ 82.554189][ T5081] dump_stack_lvl+0xd1/0x138 [ 82.558829][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 82.564837][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 82.570316][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 82.576229][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 82.581137][ T5081] dccp_write_xmit+0x171/0x1d0 [ 82.585947][ T5081] dccp_sendmsg+0xaee/0xd30 [ 82.590498][ T5081] ? dccp_done+0x100/0x100 [ 82.594953][ T5081] ? aa_af_perm+0x240/0x240 [ 82.599493][ T5081] ? __import_iovec+0x1fb/0x610 [ 82.604409][ T5081] inet_sendmsg+0x9d/0xe0 [ 82.608780][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 82.613937][ T5081] sock_sendmsg+0xde/0x190 [ 82.618399][ T5081] ____sys_sendmsg+0x71c/0x900 [ 82.623213][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 82.628621][ T5081] ? kernel_sendmsg+0x50/0x50 [ 82.633375][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.639415][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 82.644126][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 82.648759][ T5081] ? lock_release+0x810/0x810 [ 82.653458][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 82.658688][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 82.663744][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 82.668705][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 82.673772][ T5081] ? __fget_light+0x20a/0x270 [ 82.678489][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 82.683021][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 82.688087][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 82.692972][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.698211][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.703447][ T5081] ? ptrace_notify+0xfe/0x140 [ 82.708147][ T5081] do_syscall_64+0x39/0xb0 [ 82.712676][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.718624][ T5081] RIP: 0033:0x7f04b5997eb9 [ 82.723070][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 82.742731][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.751179][ T5081] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f04b5997eb9 [ 82.759179][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 82.767172][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 82.775165][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 82.783158][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 82.791170][ T5081] [ 82.796226][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 82.807555][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 82.818009][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 82.828077][ T5081] Call Trace: [ 82.831388][ T5081] [ 82.834333][ T5081] dump_stack_lvl+0xd1/0x138 [ 82.839049][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 82.845065][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 82.850550][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 82.856478][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 82.861462][ T5081] dccp_write_xmit+0x171/0x1d0 [ 82.866306][ T5081] dccp_sendmsg+0xaee/0xd30 [ 82.870886][ T5081] ? dccp_done+0x100/0x100 [ 82.875333][ T5081] ? aa_af_perm+0x240/0x240 [ 82.879869][ T5081] ? __import_iovec+0x1fb/0x610 [ 82.884756][ T5081] inet_sendmsg+0x9d/0xe0 [ 82.889113][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 82.894264][ T5081] sock_sendmsg+0xde/0x190 [ 82.898755][ T5081] ____sys_sendmsg+0x71c/0x900 [ 82.903581][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 82.908975][ T5081] ? kernel_sendmsg+0x50/0x50 [ 82.913724][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.919793][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 82.924511][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 82.929131][ T5081] ? lock_release+0x810/0x810 [ 82.933826][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 82.939060][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 82.944134][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 82.949105][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 82.954194][ T5081] ? __fget_light+0x20a/0x270 [ 82.958900][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 82.963425][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 82.968483][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 82.973383][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 82.978673][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 82.983930][ T5081] ? ptrace_notify+0xfe/0x140 [ 82.988632][ T5081] do_syscall_64+0x39/0xb0 [ 82.993067][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.998991][ T5081] RIP: 0033:0x7f04b5997eb9 [ 83.003537][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.023192][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 83.031676][ T5081] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f04b5997eb9 [ 83.039685][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 83.047672][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 83.055683][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 83.063689][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 83.071694][ T5081] [ 83.076615][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 83.087895][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 83.098331][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.108490][ T5081] Call Trace: [ 83.111781][ T5081] [ 83.114722][ T5081] dump_stack_lvl+0xd1/0x138 [ 83.119350][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 83.125363][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 83.130840][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 83.136760][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 83.141648][ T5081] dccp_write_xmit+0x171/0x1d0 [ 83.146464][ T5081] dccp_sendmsg+0xaee/0xd30 [ 83.151050][ T5081] ? dccp_done+0x100/0x100 [ 83.155537][ T5081] ? aa_af_perm+0x240/0x240 [ 83.160127][ T5081] ? __import_iovec+0x1fb/0x610 [ 83.165029][ T5081] inet_sendmsg+0x9d/0xe0 [ 83.169402][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 83.174549][ T5081] sock_sendmsg+0xde/0x190 [ 83.179043][ T5081] ____sys_sendmsg+0x71c/0x900 [ 83.183888][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 83.189294][ T5081] ? kernel_sendmsg+0x50/0x50 [ 83.194051][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.200104][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 83.204902][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 83.209561][ T5081] ? lock_release+0x810/0x810 [ 83.214255][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 83.219491][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 83.224550][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 83.229529][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 83.234618][ T5081] ? __fget_light+0x20a/0x270 [ 83.239341][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 83.243907][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 83.248978][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 83.253867][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.259109][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.264367][ T5081] ? ptrace_notify+0xfe/0x140 [ 83.269072][ T5081] do_syscall_64+0x39/0xb0 [ 83.273511][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.279432][ T5081] RIP: 0033:0x7f04b5997eb9 [ 83.283872][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.303518][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.311964][ T5081] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f04b5997eb9 [ 83.319982][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 83.327972][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 83.335996][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 83.344008][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 83.352042][ T5081] [ 83.356770][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 83.368261][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 83.378738][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.388823][ T5081] Call Trace: [ 83.392122][ T5081] [ 83.395075][ T5081] dump_stack_lvl+0xd1/0x138 [ 83.399730][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 83.405742][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 83.411221][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 83.417145][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 83.422044][ T5081] dccp_write_xmit+0x171/0x1d0 [ 83.426852][ T5081] dccp_sendmsg+0xaee/0xd30 [ 83.431402][ T5081] ? dccp_done+0x100/0x100 [ 83.435859][ T5081] ? aa_af_perm+0x240/0x240 [ 83.440410][ T5081] ? __import_iovec+0x1fb/0x610 [ 83.445306][ T5081] inet_sendmsg+0x9d/0xe0 [ 83.449663][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 83.454802][ T5081] sock_sendmsg+0xde/0x190 [ 83.459262][ T5081] ____sys_sendmsg+0x71c/0x900 [ 83.464072][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 83.469474][ T5081] ? kernel_sendmsg+0x50/0x50 [ 83.474202][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.480254][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 83.484960][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 83.489595][ T5081] ? lock_release+0x810/0x810 [ 83.494300][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 83.499527][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 83.504587][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 83.509551][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 83.514620][ T5081] ? __fget_light+0x20a/0x270 [ 83.519336][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 83.523867][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 83.528924][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 83.533851][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.539089][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.544330][ T5081] ? ptrace_notify+0xfe/0x140 [ 83.549044][ T5081] do_syscall_64+0x39/0xb0 [ 83.553491][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.559422][ T5081] RIP: 0033:0x7f04b5997eb9 [ 83.563862][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 83.583494][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.591933][ T5081] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9 [ 83.599941][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 83.607940][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 83.615940][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 83.623938][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 83.631953][ T5081] [ 83.636857][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 83.648213][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 83.658672][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.668747][ T5081] Call Trace: [ 83.672042][ T5081] [ 83.675006][ T5081] dump_stack_lvl+0xd1/0x138 [ 83.679630][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 83.685634][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 83.691116][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 83.697060][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 83.701983][ T5081] dccp_write_xmit+0x171/0x1d0 [ 83.706821][ T5081] dccp_sendmsg+0xaee/0xd30 [ 83.711353][ T5081] ? dccp_done+0x100/0x100 [ 83.715802][ T5081] ? aa_af_perm+0x240/0x240 [ 83.720335][ T5081] ? __import_iovec+0x1fb/0x610 [ 83.725245][ T5081] inet_sendmsg+0x9d/0xe0 [ 83.729631][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 83.734788][ T5081] sock_sendmsg+0xde/0x190 [ 83.739257][ T5081] ____sys_sendmsg+0x71c/0x900 [ 83.744069][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 83.749486][ T5081] ? kernel_sendmsg+0x50/0x50 [ 83.754220][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 83.760252][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 83.764958][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 83.769601][ T5081] ? lock_release+0x810/0x810 [ 83.774303][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 83.779539][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 83.784608][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 83.789583][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 83.794667][ T5081] ? __fget_light+0x20a/0x270 [ 83.799394][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 83.803939][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 83.808987][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 83.813875][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 83.819107][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 83.824359][ T5081] ? ptrace_notify+0xfe/0x140 [ 83.829063][ T5081] do_syscall_64+0x39/0xb0 [ 83.833518][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.839455][ T5081] RIP: 0033:0x7f04b5997eb9 [ 83.843897][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 83.863530][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.871993][ T5081] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9 [ 83.879989][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 83.887986][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 83.895980][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 83.903989][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 83.912014][ T5081] [ 83.917391][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 83.928770][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 83.939240][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 83.949355][ T5081] Call Trace: [ 83.952649][ T5081] [ 83.955604][ T5081] dump_stack_lvl+0xd1/0x138 [ 83.960233][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 83.966249][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 83.971756][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 83.977689][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 83.982603][ T5081] dccp_write_xmit+0x171/0x1d0 [ 83.987404][ T5081] dccp_sendmsg+0xaee/0xd30 [ 83.991954][ T5081] ? dccp_done+0x100/0x100 [ 83.996402][ T5081] ? aa_af_perm+0x240/0x240 [ 84.000961][ T5081] ? __import_iovec+0x1fb/0x610 [ 84.005863][ T5081] inet_sendmsg+0x9d/0xe0 [ 84.010239][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 84.015410][ T5081] sock_sendmsg+0xde/0x190 [ 84.019859][ T5081] ____sys_sendmsg+0x71c/0x900 [ 84.024675][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 84.030099][ T5081] ? kernel_sendmsg+0x50/0x50 [ 84.034823][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 84.040868][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 84.045580][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 84.050208][ T5081] ? lock_release+0x810/0x810 [ 84.054908][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 84.060160][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 84.065216][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 84.070182][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 84.075255][ T5081] ? __fget_light+0x20a/0x270 [ 84.079969][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 84.084511][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 84.089569][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 84.094455][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 84.099692][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 84.104933][ T5081] ? ptrace_notify+0xfe/0x140 [ 84.109654][ T5081] do_syscall_64+0x39/0xb0 [ 84.114100][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.120037][ T5081] RIP: 0033:0x7f04b5997eb9 [ 84.124488][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 84.144127][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.152573][ T5081] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9 [ 84.160571][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 84.168570][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 84.176568][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 84.184565][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 84.192580][ T5081] [ 84.198725][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 84.210042][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 84.220507][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 84.230603][ T5081] Call Trace: [ 84.233912][ T5081] [ 84.236857][ T5081] dump_stack_lvl+0xd1/0x138 [ 84.241487][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 84.247503][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 84.252996][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 84.258950][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 84.263865][ T5081] dccp_write_xmit+0x171/0x1d0 [ 84.268667][ T5081] dccp_sendmsg+0xaee/0xd30 [ 84.273212][ T5081] ? dccp_done+0x100/0x100 [ 84.277655][ T5081] ? aa_af_perm+0x240/0x240 [ 84.282197][ T5081] ? __import_iovec+0x1fb/0x610 [ 84.287096][ T5081] inet_sendmsg+0x9d/0xe0 [ 84.291479][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 84.296633][ T5081] sock_sendmsg+0xde/0x190 [ 84.301081][ T5081] ____sys_sendmsg+0x71c/0x900 [ 84.305874][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 84.311268][ T5081] ? kernel_sendmsg+0x50/0x50 [ 84.315995][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 84.322034][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 84.326758][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 84.331419][ T5081] ? lock_release+0x810/0x810 [ 84.336140][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 84.341365][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 84.346433][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 84.351404][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 84.356480][ T5081] ? __fget_light+0x20a/0x270 [ 84.361224][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 84.365749][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 84.370790][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 84.375710][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 84.380967][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 84.386214][ T5081] ? ptrace_notify+0xfe/0x140 [ 84.390949][ T5081] do_syscall_64+0x39/0xb0 [ 84.395394][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.401320][ T5081] RIP: 0033:0x7f04b5997eb9 [ 84.405751][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 84.425377][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.433817][ T5081] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 84.441839][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 84.449923][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 84.457955][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 84.465982][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 84.474011][ T5081] [ 84.481374][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 84.492760][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 84.503217][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 84.513296][ T5081] Call Trace: [ 84.516675][ T5081] [ 84.519635][ T5081] dump_stack_lvl+0xd1/0x138 [ 84.524278][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 84.530285][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 84.535763][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 84.541678][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 84.546586][ T5081] dccp_write_xmit+0x171/0x1d0 [ 84.551417][ T5081] dccp_sendmsg+0xaee/0xd30 [ 84.555967][ T5081] ? dccp_done+0x100/0x100 [ 84.560428][ T5081] ? aa_af_perm+0x240/0x240 [ 84.565020][ T5081] ? __import_iovec+0x1fb/0x610 [ 84.569934][ T5081] inet_sendmsg+0x9d/0xe0 [ 84.574284][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 84.579419][ T5081] sock_sendmsg+0xde/0x190 [ 84.583877][ T5081] ____sys_sendmsg+0x71c/0x900 [ 84.588680][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 84.594084][ T5081] ? kernel_sendmsg+0x50/0x50 [ 84.598827][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 84.604874][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 84.609593][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 84.614228][ T5081] ? lock_release+0x810/0x810 [ 84.618924][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 84.624147][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 84.629194][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 84.634162][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 84.639260][ T5081] ? __fget_light+0x20a/0x270 [ 84.643994][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 84.648520][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 84.653573][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 84.658495][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 84.663725][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 84.668954][ T5081] ? ptrace_notify+0xfe/0x140 [ 84.673653][ T5081] do_syscall_64+0x39/0xb0 [ 84.678086][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.684009][ T5081] RIP: 0033:0x7f04b5997eb9 [ 84.688457][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 84.708187][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.716660][ T5081] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9 [ 84.724653][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 84.732676][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 84.740691][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 84.748699][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 84.756704][ T5081] [ 84.763020][ C1] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 84.774469][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 84.784135][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 84.794227][ C1] Call Trace: [ 84.797516][ C1] [ 84.800371][ C1] dump_stack_lvl+0xd1/0x138 [ 84.804986][ C1] ccid3_update_send_interval.cold+0x87/0x93 [ 84.811007][ C1] ccid3_hc_tx_no_feedback_timer+0x348/0x700 [ 84.817027][ C1] call_timer_fn+0x1da/0x7c0 [ 84.821638][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0 [ 84.827307][ C1] ? timer_fixup_activate+0x3e0/0x3e0 [ 84.832696][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 84.837562][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0 [ 84.843207][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 84.848430][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0 [ 84.854100][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0 [ 84.859752][ C1] expire_timers+0x2c6/0x5c0 [ 84.864404][ C1] run_timer_softirq+0x326/0x910 [ 84.869389][ C1] ? expire_timers+0x5c0/0x5c0 [ 84.874196][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 84.879453][ C1] __do_softirq+0x1fb/0xadc [ 84.884051][ C1] __irq_exit_rcu+0x123/0x180 [ 84.888757][ C1] irq_exit_rcu+0x9/0x20 [ 84.893034][ C1] sysvec_apic_timer_interrupt+0x97/0xc0 [ 84.898717][ C1] [ 84.901667][ C1] [ 84.904616][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 84.910636][ C1] RIP: 0010:acpi_idle_do_entry+0x1fd/0x2a0 [ 84.916483][ C1] Code: 89 de e8 46 f3 72 f7 84 db 75 ac e8 cd f6 72 f7 e8 c8 78 79 f7 66 90 e8 c1 f6 72 f7 0f 00 2d ca b7 a3 00 e8 b5 f6 72 f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 70 f3 72 f7 48 85 db [ 84.936123][ C1] RSP: 0018:ffffc90000177d10 EFLAGS: 00000293 [ 84.942217][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 84.950234][ C1] RDX: ffff88813fef9d40 RSI: ffffffff8a0e1adb RDI: 0000000000000000 [ 84.958235][ C1] RBP: ffff888017991864 R08: 0000000000000001 R09: 0000000000000001 [ 84.966233][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 84.974243][ C1] R13: ffff888017991800 R14: ffff888017991864 R15: ffff8881462d2004 [ 84.982255][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0 [ 84.987504][ C1] acpi_idle_enter+0x368/0x510 [ 84.992328][ C1] cpuidle_enter_state+0x1af/0xd40 [ 84.997500][ C1] cpuidle_enter+0x4e/0xa0 [ 85.001958][ C1] do_idle+0x3f7/0x590 [ 85.006078][ C1] ? arch_cpu_idle_exit+0x30/0x30 [ 85.011134][ C1] ? _raw_spin_unlock_bh+0x20/0x30 [ 85.016298][ C1] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.021533][ C1] cpu_startup_entry+0x18/0x20 [ 85.026332][ C1] start_secondary+0x256/0x300 [ 85.031137][ C1] ? set_cpu_sibling_map+0x24f0/0x24f0 [ 85.036644][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 85.042595][ C1] [ 85.052010][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 85.063293][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 85.073747][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 85.083841][ T5081] Call Trace: [ 85.087138][ T5081] [ 85.090088][ T5081] dump_stack_lvl+0xd1/0x138 [ 85.094733][ T5081] ccid3_update_send_interval.cold+0x87/0x93 [ 85.100747][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160 [ 85.106235][ T5081] ? ccid3_update_send_interval+0x120/0x120 [ 85.112167][ T5081] dccp_xmit_packet+0x2f2/0x750 [ 85.117060][ T5081] dccp_write_xmit+0x171/0x1d0 [ 85.121881][ T5081] dccp_sendmsg+0xaee/0xd30 [ 85.126452][ T5081] ? dccp_done+0x100/0x100 [ 85.130925][ T5081] ? aa_af_perm+0x240/0x240 [ 85.135482][ T5081] ? __import_iovec+0x1fb/0x610 [ 85.140375][ T5081] inet_sendmsg+0x9d/0xe0 [ 85.144734][ T5081] ? inet_send_prepare+0x4e0/0x4e0 [ 85.149875][ T5081] sock_sendmsg+0xde/0x190 [ 85.154331][ T5081] ____sys_sendmsg+0x71c/0x900 [ 85.159135][ T5081] ? copy_msghdr_from_user+0xfc/0x150 [ 85.164532][ T5081] ? kernel_sendmsg+0x50/0x50 [ 85.169263][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.175294][ T5081] ___sys_sendmsg+0x110/0x1b0 [ 85.180002][ T5081] ? do_recvmmsg+0x6e0/0x6e0 [ 85.184639][ T5081] ? lock_release+0x810/0x810 [ 85.189343][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 85.194568][ T5081] ? do_raw_spin_lock+0x124/0x2b0 [ 85.199619][ T5081] ? rwlock_bug.part.0+0x90/0x90 [ 85.204609][ T5081] ? _raw_spin_lock_irq+0x45/0x50 [ 85.209671][ T5081] ? __fget_light+0x20a/0x270 [ 85.214386][ T5081] __sys_sendmsg+0xf7/0x1c0 [ 85.218916][ T5081] ? __sys_sendmsg_sock+0x40/0x40 [ 85.223978][ T5081] ? lock_downgrade+0x6e0/0x6e0 [ 85.228864][ T5081] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.234117][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.239363][ T5081] ? ptrace_notify+0xfe/0x140 [ 85.244074][ T5081] do_syscall_64+0x39/0xb0 [ 85.248532][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.254462][ T5081] RIP: 0033:0x7f04b5997eb9 [ 85.258904][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 85.278540][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.286986][ T5081] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9 [ 85.294982][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x555555a4f5d0) = 5082 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3 [pid 5082] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5082] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4 [pid 5082] listen(3, 6) = 0 [pid 5082] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0 [pid 5082] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [ 85.302972][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 85.310967][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 85.318964][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 85.326980][ T5081] [pid 5082] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 85.349901][ T5082] dccp_xmit_packet: Payload too large (65475) for featneg. [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 85.409840][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 85.421443][ T5082] CPU: 0 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 85.431918][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 85.442012][ T5082] Call Trace: [ 85.445327][ T5082] [ 85.448293][ T5082] dump_stack_lvl+0xd1/0x138 [ 85.452952][ T5082] ccid3_update_send_interval.cold+0x87/0x93 [ 85.458974][ T5082] ccid3_hc_tx_packet_sent+0x132/0x160 [ 85.464469][ T5082] ? ccid3_update_send_interval+0x120/0x120 [ 85.470427][ T5082] dccp_xmit_packet+0x2f2/0x750 [ 85.475347][ T5082] dccp_write_xmit+0x171/0x1d0 [ 85.480158][ T5082] dccp_sendmsg+0xaee/0xd30 [ 85.484728][ T5082] ? dccp_done+0x100/0x100 [ 85.489183][ T5082] ? aa_af_perm+0x240/0x240 [ 85.493730][ T5082] ? __import_iovec+0x1fb/0x610 [ 85.498627][ T5082] inet_sendmsg+0x9d/0xe0 [ 85.502989][ T5082] ? inet_send_prepare+0x4e0/0x4e0 [ 85.508130][ T5082] sock_sendmsg+0xde/0x190 [ 85.512586][ T5082] ____sys_sendmsg+0x71c/0x900 [ 85.517397][ T5082] ? copy_msghdr_from_user+0xfc/0x150 [ 85.522797][ T5082] ? kernel_sendmsg+0x50/0x50 [ 85.527524][ T5082] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.533558][ T5082] ___sys_sendmsg+0x110/0x1b0 [ 85.538262][ T5082] ? do_recvmmsg+0x6e0/0x6e0 [ 85.542904][ T5082] ? lock_release+0x810/0x810 [ 85.547614][ T5082] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 85.552840][ T5082] ? do_raw_spin_lock+0x124/0x2b0 [ 85.557888][ T5082] ? rwlock_bug.part.0+0x90/0x90 [ 85.562842][ T5082] ? _raw_spin_lock_irq+0x45/0x50 [ 85.567911][ T5082] ? __fget_light+0x20a/0x270 [ 85.572623][ T5082] __sys_sendmsg+0xf7/0x1c0 [ 85.577169][ T5082] ? __sys_sendmsg_sock+0x40/0x40 [ 85.582217][ T5082] ? lock_downgrade+0x6e0/0x6e0 [ 85.587097][ T5082] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.592323][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.597656][ T5082] ? ptrace_notify+0xfe/0x140 [ 85.602390][ T5082] do_syscall_64+0x39/0xb0 [ 85.606839][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.612783][ T5082] RIP: 0033:0x7f04b5997eb9 [ 85.617231][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 85.636884][ T5082] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.645324][ T5082] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9 [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 85.653314][ T5082] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 85.661324][ T5082] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 85.669332][ T5082] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [ 85.677334][ T5082] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 85.685365][ T5082] [ 85.693891][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 85.705270][ T5082] CPU: 1 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 85.715722][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 85.725882][ T5082] Call Trace: [ 85.729177][ T5082] [ 85.732150][ T5082] dump_stack_lvl+0xd1/0x138 [ 85.736819][ T5082] ccid3_update_send_interval.cold+0x87/0x93 [ 85.742860][ T5082] ccid3_hc_tx_packet_sent+0x132/0x160 [ 85.748394][ T5082] ? ccid3_update_send_interval+0x120/0x120 [ 85.754356][ T5082] dccp_xmit_packet+0x2f2/0x750 [ 85.759294][ T5082] dccp_write_xmit+0x171/0x1d0 [ 85.764095][ T5082] dccp_sendmsg+0xaee/0xd30 [ 85.768639][ T5082] ? dccp_done+0x100/0x100 [ 85.773115][ T5082] ? aa_af_perm+0x240/0x240 [ 85.777674][ T5082] ? __import_iovec+0x1fb/0x610 [ 85.782576][ T5082] inet_sendmsg+0x9d/0xe0 [ 85.786966][ T5082] ? inet_send_prepare+0x4e0/0x4e0 [ 85.792115][ T5082] sock_sendmsg+0xde/0x190 [ 85.796576][ T5082] ____sys_sendmsg+0x71c/0x900 [ 85.801387][ T5082] ? copy_msghdr_from_user+0xfc/0x150 [ 85.806830][ T5082] ? kernel_sendmsg+0x50/0x50 [ 85.811567][ T5082] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 85.817605][ T5082] ___sys_sendmsg+0x110/0x1b0 [ 85.822334][ T5082] ? do_recvmmsg+0x6e0/0x6e0 [ 85.826980][ T5082] ? lock_release+0x810/0x810 [ 85.831686][ T5082] ? ptrace_stop.part.0+0x4a3/0x8e0 [ 85.836912][ T5082] ? do_raw_spin_lock+0x124/0x2b0 [ 85.841964][ T5082] ? rwlock_bug.part.0+0x90/0x90 [ 85.846922][ T5082] ? _raw_spin_lock_irq+0x45/0x50 [ 85.852022][ T5082] ? __fget_light+0x20a/0x270 [ 85.856731][ T5082] __sys_sendmsg+0xf7/0x1c0 [ 85.861255][ T5082] ? __sys_sendmsg_sock+0x40/0x40 [ 85.866305][ T5082] ? lock_downgrade+0x6e0/0x6e0 [ 85.871184][ T5082] ? lockdep_hardirqs_on+0x7d/0x100 [ 85.876421][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50 [ 85.881680][ T5082] ? ptrace_notify+0xfe/0x140 [ 85.886389][ T5082] do_syscall_64+0x39/0xb0 [ 85.890865][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.896789][ T5082] RIP: 0033:0x7f04b5997eb9 [ 85.901234][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 85.920874][ T5082] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 85.929347][ T5082] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9 [ 85.937355][ T5082] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004 [ 85.945371][ T5082] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8 [ 85.953415][ T5082] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c [pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1 [ 85.961431][ T5082] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 85.969450][ T5082] [ 85.977906][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval() [ 85.989143][ T5082] CPU: 1 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0 [ 85.999598][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023