./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1328252054
<...>
DUID 00:04:ce:8e:a7:1a:d5:92:ad:c3:fd:35:80:c9:2b:13:ab:38
forked to background, child pid 4650
[ 50.367999][ T4651] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.379166][ T4651] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts.
execve("./syz-executor1328252054", ["./syz-executor1328252054"], 0x7ffcd992ac70 /* 10 vars */) = 0
brk(NULL) = 0x555555a4f000
brk(0x555555a4fc40) = 0x555555a4fc40
arch_prctl(ARCH_SET_FS, 0x555555a4f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1328252054", 4096) = 28
brk(0x555555a70c40) = 0x555555a70c40
brk(0x555555a71000) = 0x555555a71000
mprotect(0x7f04b5a05000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
, child_tidptr=0x555555a4f5d0) = 5076
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5076] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5076] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5076] listen(3, 6) = 0
[pid 5076] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5076] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 5076] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
syzkaller login: [ 75.831310][ T5076] dccp_xmit_packet: Payload too large (65475) for featneg.
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached
, child_tidptr=0x555555a4f5d0) = 5077
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5077] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5077] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5077] listen(3, 6) = 0
[pid 5077] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5077] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 5077] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 75.921253][ T5077] dccp_xmit_packet: Payload too large (65475) for featneg.
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 75.990377][ T5077] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 76.001745][ T5077] CPU: 0 PID: 5077 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 76.012211][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 76.022287][ T5077] Call Trace:
[ 76.025582][ T5077]
[ 76.028531][ T5077] dump_stack_lvl+0xd1/0x138
[ 76.033187][ T5077] ccid3_update_send_interval.cold+0x87/0x93
[ 76.039229][ T5077] ccid3_hc_tx_packet_sent+0x132/0x160
[ 76.044725][ T5077] ? ccid3_update_send_interval+0x120/0x120
[ 76.050667][ T5077] dccp_xmit_packet+0x2f2/0x750
[ 76.055572][ T5077] dccp_write_xmit+0x171/0x1d0
[ 76.060370][ T5077] dccp_sendmsg+0xaee/0xd30
[ 76.064922][ T5077] ? dccp_done+0x100/0x100
[ 76.069380][ T5077] ? aa_af_perm+0x240/0x240
[ 76.073932][ T5077] ? __import_iovec+0x1fb/0x610
[ 76.078828][ T5077] inet_sendmsg+0x9d/0xe0
[ 76.083192][ T5077] ? inet_send_prepare+0x4e0/0x4e0
[ 76.088348][ T5077] sock_sendmsg+0xde/0x190
[ 76.092803][ T5077] ____sys_sendmsg+0x71c/0x900
[ 76.097601][ T5077] ? copy_msghdr_from_user+0xfc/0x150
[ 76.103000][ T5077] ? kernel_sendmsg+0x50/0x50
[ 76.107735][ T5077] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 76.113779][ T5077] ___sys_sendmsg+0x110/0x1b0
[ 76.118526][ T5077] ? do_recvmmsg+0x6e0/0x6e0
[ 76.123176][ T5077] ? lock_release+0x810/0x810
[ 76.127893][ T5077] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 76.133132][ T5077] ? do_raw_spin_lock+0x124/0x2b0
[ 76.138211][ T5077] ? rwlock_bug.part.0+0x90/0x90
[ 76.143193][ T5077] ? _raw_spin_lock_irq+0x45/0x50
[ 76.148287][ T5077] ? __fget_light+0x20a/0x270
[ 76.153021][ T5077] __sys_sendmsg+0xf7/0x1c0
[ 76.157563][ T5077] ? __sys_sendmsg_sock+0x40/0x40
[ 76.162646][ T5077] ? lock_downgrade+0x6e0/0x6e0
[ 76.167562][ T5077] ? lockdep_hardirqs_on+0x7d/0x100
[ 76.172804][ T5077] ? _raw_spin_unlock_irq+0x2e/0x50
[ 76.178053][ T5077] ? ptrace_notify+0xfe/0x140
[ 76.182768][ T5077] do_syscall_64+0x39/0xb0
[ 76.187218][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.193148][ T5077] RIP: 0033:0x7f04b5997eb9
[ 76.197583][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.217220][ T5077] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 76.225667][ T5077] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9
[ 76.233677][ T5077] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 76.241675][ T5077] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 76.249699][ T5077] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 76.257693][ T5077] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 76.265707][ T5077]
[ 76.276009][ T5077] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 76.287607][ T5077] CPU: 0 PID: 5077 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 76.298063][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 76.308153][ T5077] Call Trace:
[ 76.311528][ T5077]
[ 76.314478][ T5077] dump_stack_lvl+0xd1/0x138
[ 76.319123][ T5077] ccid3_update_send_interval.cold+0x87/0x93
[ 76.325138][ T5077] ccid3_hc_tx_packet_sent+0x132/0x160
[ 76.330654][ T5077] ? ccid3_update_send_interval+0x120/0x120
[ 76.336589][ T5077] dccp_xmit_packet+0x2f2/0x750
[ 76.341471][ T5077] dccp_write_xmit+0x171/0x1d0
[ 76.346272][ T5077] dccp_sendmsg+0xaee/0xd30
[ 76.350812][ T5077] ? dccp_done+0x100/0x100
[ 76.355275][ T5077] ? aa_af_perm+0x240/0x240
[ 76.359807][ T5077] ? __import_iovec+0x1fb/0x610
[ 76.364713][ T5077] inet_sendmsg+0x9d/0xe0
[ 76.369070][ T5077] ? inet_send_prepare+0x4e0/0x4e0
[ 76.374207][ T5077] sock_sendmsg+0xde/0x190
[ 76.378674][ T5077] ____sys_sendmsg+0x71c/0x900
[ 76.383491][ T5077] ? copy_msghdr_from_user+0xfc/0x150
[ 76.388896][ T5077] ? kernel_sendmsg+0x50/0x50
[ 76.393628][ T5077] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 76.399700][ T5077] ___sys_sendmsg+0x110/0x1b0
[ 76.404458][ T5077] ? do_recvmmsg+0x6e0/0x6e0
[ 76.409100][ T5077] ? lock_release+0x810/0x810
[ 76.413816][ T5077] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 76.419052][ T5077] ? do_raw_spin_lock+0x124/0x2b0
[ 76.424134][ T5077] ? rwlock_bug.part.0+0x90/0x90
[ 76.429104][ T5077] ? _raw_spin_lock_irq+0x45/0x50
[ 76.434187][ T5077] ? __fget_light+0x20a/0x270
[ 76.438912][ T5077] __sys_sendmsg+0xf7/0x1c0
[ 76.443461][ T5077] ? __sys_sendmsg_sock+0x40/0x40
[ 76.448519][ T5077] ? lock_downgrade+0x6e0/0x6e0
[ 76.453499][ T5077] ? lockdep_hardirqs_on+0x7d/0x100
[ 76.458743][ T5077] ? _raw_spin_unlock_irq+0x2e/0x50
[ 76.463986][ T5077] ? ptrace_notify+0xfe/0x140
[ 76.468704][ T5077] do_syscall_64+0x39/0xb0
[ 76.473161][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.479116][ T5077] RIP: 0033:0x7f04b5997eb9
[ 76.483561][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.503200][ T5077] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 76.511651][ T5077] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9
[ 76.519655][ T5077] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 76.527675][ T5077] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[pid 5077] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5078] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5078] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5078] listen(3, 6) = 0
[pid 5078] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5078] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[ 76.535674][ T5077] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 76.543676][ T5077] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 76.551705][ T5077]
[pid 5078] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 76.587125][ T5078] dccp_xmit_packet: Payload too large (65475) for featneg.
[ 76.638384][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 76.649648][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 76.660107][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 76.670201][ T5078] Call Trace:
[ 76.673496][ T5078]
[ 76.676439][ T5078] dump_stack_lvl+0xd1/0x138
[ 76.681071][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 76.687118][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 76.692601][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 76.698560][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 76.703506][ T5078] dccp_write_xmit+0x171/0x1d0
[ 76.708374][ T5078] dccp_sendmsg+0xaee/0xd30
[ 76.712976][ T5078] ? dccp_done+0x100/0x100
[ 76.717531][ T5078] ? aa_af_perm+0x240/0x240
[ 76.722109][ T5078] ? __import_iovec+0x1fb/0x610
[ 76.727015][ T5078] inet_sendmsg+0x9d/0xe0
[ 76.731555][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 76.736699][ T5078] sock_sendmsg+0xde/0x190
[ 76.741166][ T5078] ____sys_sendmsg+0x71c/0x900
[ 76.745983][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 76.751390][ T5078] ? kernel_sendmsg+0x50/0x50
[ 76.756115][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 76.762154][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 76.766858][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 76.771491][ T5078] ? lock_release+0x810/0x810
[ 76.776197][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 76.781423][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 76.786476][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 76.791543][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 76.796608][ T5078] ? __fget_light+0x20a/0x270
[ 76.801330][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 76.805865][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 76.810931][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 76.815822][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 76.821051][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 76.826288][ T5078] ? ptrace_notify+0xfe/0x140
[ 76.830997][ T5078] do_syscall_64+0x39/0xb0
[ 76.835456][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.841384][ T5078] RIP: 0033:0x7f04b5997eb9
[ 76.845819][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.865534][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 76.873997][ T5078] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 76.881993][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 76.889989][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 76.897997][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 76.906078][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 76.914291][ T5078]
[ 76.922910][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 76.934336][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 76.944820][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 76.954910][ T5078] Call Trace:
[ 76.958207][ T5078]
[ 76.961171][ T5078] dump_stack_lvl+0xd1/0x138
[ 76.965799][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 76.971812][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 76.977306][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 76.983266][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 76.988190][ T5078] dccp_write_xmit+0x171/0x1d0
[ 76.993011][ T5078] dccp_sendmsg+0xaee/0xd30
[ 76.997567][ T5078] ? dccp_done+0x100/0x100
[ 77.002036][ T5078] ? aa_af_perm+0x240/0x240
[ 77.006573][ T5078] ? __import_iovec+0x1fb/0x610
[ 77.011461][ T5078] inet_sendmsg+0x9d/0xe0
[ 77.015837][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 77.020964][ T5078] sock_sendmsg+0xde/0x190
[ 77.025494][ T5078] ____sys_sendmsg+0x71c/0x900
[ 77.030299][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 77.035691][ T5078] ? kernel_sendmsg+0x50/0x50
[ 77.040403][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 77.046446][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 77.051165][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 77.055796][ T5078] ? lock_release+0x810/0x810
[ 77.060511][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 77.065738][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 77.070784][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 77.075741][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 77.080819][ T5078] ? __fget_light+0x20a/0x270
[ 77.085537][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 77.090063][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 77.095115][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 77.100000][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 77.105315][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.110577][ T5078] ? ptrace_notify+0xfe/0x140
[ 77.115306][ T5078] do_syscall_64+0x39/0xb0
[ 77.119751][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.125678][ T5078] RIP: 0033:0x7f04b5997eb9
[ 77.130114][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.150538][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 77.158991][ T5078] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9
[ 77.166999][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 77.175088][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 77.183101][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 77.191206][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 77.199228][ T5078]
[ 77.205050][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 77.216322][ T5078] CPU: 1 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 77.226766][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 77.236852][ T5078] Call Trace:
[ 77.240159][ T5078]
[ 77.243114][ T5078] dump_stack_lvl+0xd1/0x138
[ 77.247762][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 77.253769][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 77.259264][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 77.265226][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 77.270327][ T5078] dccp_write_xmit+0x171/0x1d0
[ 77.275146][ T5078] dccp_sendmsg+0xaee/0xd30
[ 77.279710][ T5078] ? dccp_done+0x100/0x100
[ 77.284178][ T5078] ? aa_af_perm+0x240/0x240
[ 77.288715][ T5078] ? __import_iovec+0x1fb/0x610
[ 77.293620][ T5078] inet_sendmsg+0x9d/0xe0
[ 77.298004][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 77.303164][ T5078] sock_sendmsg+0xde/0x190
[ 77.307675][ T5078] ____sys_sendmsg+0x71c/0x900
[ 77.312502][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 77.317945][ T5078] ? kernel_sendmsg+0x50/0x50
[ 77.322671][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 77.328694][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 77.333397][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 77.338052][ T5078] ? lock_release+0x810/0x810
[ 77.342855][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 77.348113][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 77.353173][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 77.358147][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 77.363222][ T5078] ? __fget_light+0x20a/0x270
[ 77.367968][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 77.372524][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 77.377567][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 77.382471][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 77.387732][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.392962][ T5078] ? ptrace_notify+0xfe/0x140
[ 77.397674][ T5078] do_syscall_64+0x39/0xb0
[ 77.402120][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.408087][ T5078] RIP: 0033:0x7f04b5997eb9
[ 77.412544][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.432202][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 77.440645][ T5078] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9
[ 77.448637][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 77.456623][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 77.464608][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 77.472616][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 77.480652][ T5078]
[ 77.488573][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 77.500178][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 77.510616][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 77.520684][ T5078] Call Trace:
[ 77.523969][ T5078]
[ 77.526925][ T5078] dump_stack_lvl+0xd1/0x138
[ 77.531547][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 77.537549][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 77.543029][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 77.548942][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 77.553829][ T5078] dccp_write_xmit+0x171/0x1d0
[ 77.558620][ T5078] dccp_sendmsg+0xaee/0xd30
[ 77.563173][ T5078] ? dccp_done+0x100/0x100
[ 77.567617][ T5078] ? aa_af_perm+0x240/0x240
[ 77.572147][ T5078] ? __import_iovec+0x1fb/0x610
[ 77.577025][ T5078] inet_sendmsg+0x9d/0xe0
[ 77.581395][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 77.586523][ T5078] sock_sendmsg+0xde/0x190
[ 77.590968][ T5078] ____sys_sendmsg+0x71c/0x900
[ 77.595781][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 77.601182][ T5078] ? kernel_sendmsg+0x50/0x50
[ 77.605927][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 77.611963][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 77.616667][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 77.621340][ T5078] ? lock_release+0x810/0x810
[ 77.626048][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 77.631376][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 77.636437][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 77.641408][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 77.646499][ T5078] ? __fget_light+0x20a/0x270
[ 77.651236][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 77.655767][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 77.660829][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 77.665835][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 77.671085][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.676331][ T5078] ? ptrace_notify+0xfe/0x140
[ 77.681038][ T5078] do_syscall_64+0x39/0xb0
[ 77.685482][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.691499][ T5078] RIP: 0033:0x7f04b5997eb9
[ 77.695937][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.715659][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 77.724117][ T5078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9
[ 77.732136][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 77.740133][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 77.748134][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 77.756131][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 77.764157][ T5078]
[ 77.769967][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 77.781247][ T5078] CPU: 1 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 77.791714][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 77.801795][ T5078] Call Trace:
[ 77.805088][ T5078]
[ 77.808027][ T5078] dump_stack_lvl+0xd1/0x138
[ 77.812646][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 77.818668][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 77.824147][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 77.830066][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 77.834971][ T5078] dccp_write_xmit+0x171/0x1d0
[ 77.839794][ T5078] dccp_sendmsg+0xaee/0xd30
[ 77.844335][ T5078] ? dccp_done+0x100/0x100
[ 77.848785][ T5078] ? aa_af_perm+0x240/0x240
[ 77.853322][ T5078] ? __import_iovec+0x1fb/0x610
[ 77.858205][ T5078] inet_sendmsg+0x9d/0xe0
[ 77.862827][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 77.867980][ T5078] sock_sendmsg+0xde/0x190
[ 77.872429][ T5078] ____sys_sendmsg+0x71c/0x900
[ 77.877228][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 77.882627][ T5078] ? kernel_sendmsg+0x50/0x50
[ 77.887360][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 77.893416][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 77.898120][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 77.902767][ T5078] ? lock_release+0x810/0x810
[ 77.907479][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 77.912727][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 77.917789][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 77.922782][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 77.927846][ T5078] ? __fget_light+0x20a/0x270
[ 77.932578][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 77.937142][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 77.942209][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 77.947086][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 77.952348][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 77.957587][ T5078] ? ptrace_notify+0xfe/0x140
[ 77.962312][ T5078] do_syscall_64+0x39/0xb0
[ 77.966753][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.972675][ T5078] RIP: 0033:0x7f04b5997eb9
[ 77.977106][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.996746][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 78.005187][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9
[ 78.013177][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 78.021166][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 78.029275][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 78.037302][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 78.045329][ T5078]
[ 78.051135][ T5078] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 78.062456][ T5078] CPU: 0 PID: 5078 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 78.072932][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 78.083025][ T5078] Call Trace:
[ 78.086333][ T5078]
[ 78.089277][ T5078] dump_stack_lvl+0xd1/0x138
[ 78.093906][ T5078] ccid3_update_send_interval.cold+0x87/0x93
[ 78.099935][ T5078] ccid3_hc_tx_packet_sent+0x132/0x160
[ 78.105420][ T5078] ? ccid3_update_send_interval+0x120/0x120
[ 78.111359][ T5078] dccp_xmit_packet+0x2f2/0x750
[ 78.116272][ T5078] dccp_write_xmit+0x171/0x1d0
[ 78.121077][ T5078] dccp_sendmsg+0xaee/0xd30
[ 78.125663][ T5078] ? dccp_done+0x100/0x100
[ 78.130147][ T5078] ? aa_af_perm+0x240/0x240
[ 78.134724][ T5078] ? __import_iovec+0x1fb/0x610
[ 78.139646][ T5078] inet_sendmsg+0x9d/0xe0
[ 78.144003][ T5078] ? inet_send_prepare+0x4e0/0x4e0
[ 78.149139][ T5078] sock_sendmsg+0xde/0x190
[ 78.153594][ T5078] ____sys_sendmsg+0x71c/0x900
[ 78.158400][ T5078] ? copy_msghdr_from_user+0xfc/0x150
[ 78.163800][ T5078] ? kernel_sendmsg+0x50/0x50
[ 78.168536][ T5078] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 78.174576][ T5078] ___sys_sendmsg+0x110/0x1b0
[ 78.179283][ T5078] ? do_recvmmsg+0x6e0/0x6e0
[ 78.183919][ T5078] ? lock_release+0x810/0x810
[ 78.188624][ T5078] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 78.193854][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 78.198910][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 78.203876][ T5078] ? _raw_spin_lock_irq+0x45/0x50
[ 78.208948][ T5078] ? __fget_light+0x20a/0x270
[ 78.213674][ T5078] __sys_sendmsg+0xf7/0x1c0
[ 78.218203][ T5078] ? __sys_sendmsg_sock+0x40/0x40
[ 78.223253][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 78.228142][ T5078] ? lockdep_hardirqs_on+0x7d/0x100
[ 78.233429][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.238710][ T5078] ? ptrace_notify+0xfe/0x140
[ 78.243437][ T5078] do_syscall_64+0x39/0xb0
[ 78.247890][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.253843][ T5078] RIP: 0033:0x7f04b5997eb9
[ 78.258308][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.278164][ T5078] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 78.286615][ T5078] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9
[pid 5078] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5079] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5079] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5079] listen(3, 6) = 0
[pid 5079] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5079] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[ 78.294627][ T5078] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 78.302640][ T5078] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 78.310653][ T5078] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 78.318656][ T5078] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 78.326675][ T5078]
[pid 5079] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 78.351837][ T5079] dccp_xmit_packet: Payload too large (65475) for featneg.
[ 78.412248][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 78.423834][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 78.434329][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 78.444422][ T5079] Call Trace:
[ 78.447744][ T5079]
[ 78.450709][ T5079] dump_stack_lvl+0xd1/0x138
[ 78.455359][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 78.461371][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 78.466864][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 78.472820][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 78.477749][ T5079] dccp_write_xmit+0x171/0x1d0
[ 78.482552][ T5079] dccp_sendmsg+0xaee/0xd30
[ 78.487099][ T5079] ? dccp_done+0x100/0x100
[ 78.491556][ T5079] ? aa_af_perm+0x240/0x240
[ 78.496123][ T5079] ? __import_iovec+0x1fb/0x610
[ 78.501033][ T5079] inet_sendmsg+0x9d/0xe0
[ 78.505390][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 78.510530][ T5079] sock_sendmsg+0xde/0x190
[ 78.514988][ T5079] ____sys_sendmsg+0x71c/0x900
[ 78.519788][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 78.525187][ T5079] ? kernel_sendmsg+0x50/0x50
[ 78.529906][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 78.535963][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 78.540673][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 78.545388][ T5079] ? lock_release+0x810/0x810
[ 78.550096][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 78.555319][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 78.560369][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 78.565334][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 78.570413][ T5079] ? __fget_light+0x20a/0x270
[ 78.575131][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 78.579657][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 78.584717][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 78.589606][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 78.594840][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.600082][ T5079] ? ptrace_notify+0xfe/0x140
[ 78.604790][ T5079] do_syscall_64+0x39/0xb0
[ 78.609240][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.615286][ T5079] RIP: 0033:0x7f04b5997eb9
[ 78.619727][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.639377][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 78.647909][ T5079] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 78.655902][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 78.663892][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 78.671885][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 78.679873][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 78.687892][ T5079]
[ 78.693061][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 78.704748][ T5079] CPU: 0 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 78.715201][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 78.725365][ T5079] Call Trace:
[ 78.728669][ T5079]
[ 78.731629][ T5079] dump_stack_lvl+0xd1/0x138
[ 78.736258][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 78.742302][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 78.747809][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 78.753728][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 78.758619][ T5079] dccp_write_xmit+0x171/0x1d0
[ 78.763439][ T5079] dccp_sendmsg+0xaee/0xd30
[ 78.768023][ T5079] ? dccp_done+0x100/0x100
[ 78.772504][ T5079] ? aa_af_perm+0x240/0x240
[ 78.777071][ T5079] ? __import_iovec+0x1fb/0x610
[ 78.781962][ T5079] inet_sendmsg+0x9d/0xe0
[ 78.786332][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 78.791469][ T5079] sock_sendmsg+0xde/0x190
[ 78.795954][ T5079] ____sys_sendmsg+0x71c/0x900
[ 78.800765][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 78.806164][ T5079] ? kernel_sendmsg+0x50/0x50
[ 78.810900][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 78.816935][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 78.821644][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 78.826267][ T5079] ? lock_release+0x810/0x810
[ 78.830962][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 78.836186][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 78.841249][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 78.846232][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 78.851301][ T5079] ? __fget_light+0x20a/0x270
[ 78.856022][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 78.860548][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 78.865607][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 78.870514][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 78.875747][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 78.880981][ T5079] ? ptrace_notify+0xfe/0x140
[ 78.885701][ T5079] do_syscall_64+0x39/0xb0
[ 78.890143][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 78.896160][ T5079] RIP: 0033:0x7f04b5997eb9
[ 78.900594][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 78.920229][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 78.928672][ T5079] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9
[ 78.936667][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 78.944659][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 78.952659][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 78.960652][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 78.968682][ T5079]
[ 78.973539][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 78.984928][ T5079] CPU: 0 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 78.995383][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 79.005466][ T5079] Call Trace:
[ 79.008785][ T5079]
[ 79.011757][ T5079] dump_stack_lvl+0xd1/0x138
[ 79.016427][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 79.022505][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 79.028026][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 79.033976][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 79.038874][ T5079] dccp_write_xmit+0x171/0x1d0
[ 79.043686][ T5079] dccp_sendmsg+0xaee/0xd30
[ 79.048270][ T5079] ? dccp_done+0x100/0x100
[ 79.052726][ T5079] ? aa_af_perm+0x240/0x240
[ 79.057269][ T5079] ? __import_iovec+0x1fb/0x610
[ 79.062165][ T5079] inet_sendmsg+0x9d/0xe0
[ 79.066524][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 79.071677][ T5079] sock_sendmsg+0xde/0x190
[ 79.076216][ T5079] ____sys_sendmsg+0x71c/0x900
[ 79.081045][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 79.086462][ T5079] ? kernel_sendmsg+0x50/0x50
[ 79.091229][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 79.097274][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 79.102065][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 79.106726][ T5079] ? lock_release+0x810/0x810
[ 79.111445][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 79.116704][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 79.121771][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 79.126751][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 79.131836][ T5079] ? __fget_light+0x20a/0x270
[ 79.136581][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 79.141139][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 79.146218][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 79.151113][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 79.156354][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 79.161598][ T5079] ? ptrace_notify+0xfe/0x140
[ 79.166311][ T5079] do_syscall_64+0x39/0xb0
[ 79.170756][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.176681][ T5079] RIP: 0033:0x7f04b5997eb9
[ 79.181133][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.200781][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 79.209281][ T5079] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9
[ 79.217302][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 79.225303][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 79.233319][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 79.241331][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 79.249355][ T5079]
[ 79.257741][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 79.269180][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 79.279631][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 79.289731][ T5079] Call Trace:
[ 79.293038][ T5079]
[ 79.296013][ T5079] dump_stack_lvl+0xd1/0x138
[ 79.300696][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 79.306740][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 79.312241][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 79.318192][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 79.323115][ T5079] dccp_write_xmit+0x171/0x1d0
[ 79.327923][ T5079] dccp_sendmsg+0xaee/0xd30
[ 79.332466][ T5079] ? dccp_done+0x100/0x100
[ 79.336914][ T5079] ? aa_af_perm+0x240/0x240
[ 79.341457][ T5079] ? __import_iovec+0x1fb/0x610
[ 79.346357][ T5079] inet_sendmsg+0x9d/0xe0
[ 79.350757][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 79.355932][ T5079] sock_sendmsg+0xde/0x190
[ 79.360385][ T5079] ____sys_sendmsg+0x71c/0x900
[ 79.365191][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 79.370612][ T5079] ? kernel_sendmsg+0x50/0x50
[ 79.375331][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 79.381353][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 79.386071][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 79.390699][ T5079] ? lock_release+0x810/0x810
[ 79.395445][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 79.400673][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 79.405722][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 79.410690][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 79.415779][ T5079] ? __fget_light+0x20a/0x270
[ 79.420487][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 79.425013][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 79.430071][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 79.434947][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 79.440196][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 79.445448][ T5079] ? ptrace_notify+0xfe/0x140
[ 79.450175][ T5079] do_syscall_64+0x39/0xb0
[ 79.454633][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.460582][ T5079] RIP: 0033:0x7f04b5997eb9
[ 79.465013][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.484759][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 79.493229][ T5079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9
[ 79.501323][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 79.509345][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 79.517362][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 79.525398][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 79.533427][ T5079]
[ 79.542013][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 79.553235][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 79.563666][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 79.573733][ T5079] Call Trace:
[ 79.577033][ T5079]
[ 79.579988][ T5079] dump_stack_lvl+0xd1/0x138
[ 79.584617][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 79.590642][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 79.596133][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 79.602082][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 79.606988][ T5079] dccp_write_xmit+0x171/0x1d0
[ 79.611787][ T5079] dccp_sendmsg+0xaee/0xd30
[ 79.616337][ T5079] ? dccp_done+0x100/0x100
[ 79.620802][ T5079] ? aa_af_perm+0x240/0x240
[ 79.625386][ T5079] ? __import_iovec+0x1fb/0x610
[ 79.630287][ T5079] inet_sendmsg+0x9d/0xe0
[ 79.634638][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 79.639772][ T5079] sock_sendmsg+0xde/0x190
[ 79.644225][ T5079] ____sys_sendmsg+0x71c/0x900
[ 79.649035][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 79.654451][ T5079] ? kernel_sendmsg+0x50/0x50
[ 79.659189][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 79.665262][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 79.670000][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 79.674621][ T5079] ? lock_release+0x810/0x810
[ 79.679340][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 79.684576][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 79.689622][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 79.694589][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 79.699685][ T5079] ? __fget_light+0x20a/0x270
[ 79.704396][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 79.708928][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 79.713994][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 79.718900][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 79.724129][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 79.729397][ T5079] ? ptrace_notify+0xfe/0x140
[ 79.734104][ T5079] do_syscall_64+0x39/0xb0
[ 79.738572][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.744498][ T5079] RIP: 0033:0x7f04b5997eb9
[ 79.748929][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.768570][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 79.777032][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9
[ 79.785038][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 79.793053][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 79.801073][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 79.809084][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 79.817090][ T5079]
[ 79.823677][ T5079] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 79.835100][ T5079] CPU: 1 PID: 5079 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 79.845534][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 79.855607][ T5079] Call Trace:
[ 79.858896][ T5079]
[ 79.861844][ T5079] dump_stack_lvl+0xd1/0x138
[ 79.866476][ T5079] ccid3_update_send_interval.cold+0x87/0x93
[ 79.872505][ T5079] ccid3_hc_tx_packet_sent+0x132/0x160
[ 79.877988][ T5079] ? ccid3_update_send_interval+0x120/0x120
[ 79.883908][ T5079] dccp_xmit_packet+0x2f2/0x750
[ 79.888800][ T5079] dccp_write_xmit+0x171/0x1d0
[ 79.893633][ T5079] dccp_sendmsg+0xaee/0xd30
[ 79.898196][ T5079] ? dccp_done+0x100/0x100
[ 79.902637][ T5079] ? aa_af_perm+0x240/0x240
[ 79.907173][ T5079] ? __import_iovec+0x1fb/0x610
[ 79.912063][ T5079] inet_sendmsg+0x9d/0xe0
[ 79.916415][ T5079] ? inet_send_prepare+0x4e0/0x4e0
[ 79.921563][ T5079] sock_sendmsg+0xde/0x190
[ 79.926056][ T5079] ____sys_sendmsg+0x71c/0x900
[ 79.930867][ T5079] ? copy_msghdr_from_user+0xfc/0x150
[ 79.936265][ T5079] ? kernel_sendmsg+0x50/0x50
[ 79.941043][ T5079] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 79.947064][ T5079] ___sys_sendmsg+0x110/0x1b0
[ 79.951762][ T5079] ? do_recvmmsg+0x6e0/0x6e0
[ 79.956382][ T5079] ? lock_release+0x810/0x810
[ 79.961110][ T5079] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 79.966355][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 79.971414][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 79.976414][ T5079] ? _raw_spin_lock_irq+0x45/0x50
[ 79.981476][ T5079] ? __fget_light+0x20a/0x270
[ 79.986195][ T5079] __sys_sendmsg+0xf7/0x1c0
[ 79.990739][ T5079] ? __sys_sendmsg_sock+0x40/0x40
[ 79.995782][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 80.000686][ T5079] ? lockdep_hardirqs_on+0x7d/0x100
[ 80.005955][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.011197][ T5079] ? ptrace_notify+0xfe/0x140
[ 80.015932][ T5079] do_syscall_64+0x39/0xb0
[ 80.020366][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.026284][ T5079] RIP: 0033:0x7f04b5997eb9
[ 80.030714][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.050343][ T5079] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 80.058777][ T5079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9
[pid 5079] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5080] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5080] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5080] listen(3, 6) = 0
[pid 5080] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5080] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[ 80.066771][ T5079] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 80.074774][ T5079] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 80.082779][ T5079] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 80.090777][ T5079] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 80.098810][ T5079]
[pid 5080] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 80.121909][ T5080] dccp_xmit_packet: Payload too large (65475) for featneg.
[ 80.180370][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 80.191609][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 80.202038][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 80.212137][ T5080] Call Trace:
[ 80.215440][ T5080]
[ 80.218393][ T5080] dump_stack_lvl+0xd1/0x138
[ 80.223037][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 80.229059][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 80.234549][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 80.240472][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 80.245369][ T5080] dccp_write_xmit+0x171/0x1d0
[ 80.250211][ T5080] dccp_sendmsg+0xaee/0xd30
[ 80.254777][ T5080] ? dccp_done+0x100/0x100
[ 80.259248][ T5080] ? aa_af_perm+0x240/0x240
[ 80.263817][ T5080] ? __import_iovec+0x1fb/0x610
[ 80.268719][ T5080] inet_sendmsg+0x9d/0xe0
[ 80.273085][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 80.278227][ T5080] sock_sendmsg+0xde/0x190
[ 80.282688][ T5080] ____sys_sendmsg+0x71c/0x900
[ 80.287489][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 80.292902][ T5080] ? kernel_sendmsg+0x50/0x50
[ 80.297624][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 80.303660][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 80.308390][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 80.313031][ T5080] ? lock_release+0x810/0x810
[ 80.317747][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 80.322972][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 80.328079][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 80.333048][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 80.338138][ T5080] ? __fget_light+0x20a/0x270
[ 80.342855][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 80.347469][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 80.352520][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 80.357408][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 80.362641][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.367878][ T5080] ? ptrace_notify+0xfe/0x140
[ 80.372585][ T5080] do_syscall_64+0x39/0xb0
[ 80.377024][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.382950][ T5080] RIP: 0033:0x7f04b5997eb9
[ 80.387393][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.407022][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 80.415467][ T5080] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f04b5997eb9
[ 80.423452][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 80.431439][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 80.439437][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 80.447437][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 80.455452][ T5080]
[ 80.464205][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 80.475752][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 80.486269][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 80.496334][ T5080] Call Trace:
[ 80.499613][ T5080]
[ 80.502546][ T5080] dump_stack_lvl+0xd1/0x138
[ 80.507170][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 80.513171][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 80.518657][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 80.524569][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 80.529448][ T5080] dccp_write_xmit+0x171/0x1d0
[ 80.534236][ T5080] dccp_sendmsg+0xaee/0xd30
[ 80.538770][ T5080] ? dccp_done+0x100/0x100
[ 80.543221][ T5080] ? aa_af_perm+0x240/0x240
[ 80.547761][ T5080] ? __import_iovec+0x1fb/0x610
[ 80.552638][ T5080] inet_sendmsg+0x9d/0xe0
[ 80.556983][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 80.562111][ T5080] sock_sendmsg+0xde/0x190
[ 80.566576][ T5080] ____sys_sendmsg+0x71c/0x900
[ 80.571361][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 80.576745][ T5080] ? kernel_sendmsg+0x50/0x50
[ 80.581451][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 80.587477][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 80.592168][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 80.596782][ T5080] ? lock_release+0x810/0x810
[ 80.601499][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 80.606719][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 80.611759][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 80.616711][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 80.621784][ T5080] ? __fget_light+0x20a/0x270
[ 80.626503][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 80.631044][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 80.636088][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 80.640983][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 80.646235][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.651474][ T5080] ? ptrace_notify+0xfe/0x140
[ 80.656173][ T5080] do_syscall_64+0x39/0xb0
[ 80.660610][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.666531][ T5080] RIP: 0033:0x7f04b5997eb9
[ 80.670969][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.690691][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 80.699130][ T5080] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9
[ 80.707133][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 80.715119][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 80.723100][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 80.731092][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 80.739119][ T5080]
[ 80.744706][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 80.755946][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 80.766378][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 80.776453][ T5080] Call Trace:
[ 80.779754][ T5080]
[ 80.782709][ T5080] dump_stack_lvl+0xd1/0x138
[ 80.787357][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 80.793395][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 80.798918][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 80.804834][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 80.809724][ T5080] dccp_write_xmit+0x171/0x1d0
[ 80.814540][ T5080] dccp_sendmsg+0xaee/0xd30
[ 80.819096][ T5080] ? dccp_done+0x100/0x100
[ 80.823544][ T5080] ? aa_af_perm+0x240/0x240
[ 80.828110][ T5080] ? __import_iovec+0x1fb/0x610
[ 80.832993][ T5080] inet_sendmsg+0x9d/0xe0
[ 80.837388][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 80.842523][ T5080] sock_sendmsg+0xde/0x190
[ 80.846989][ T5080] ____sys_sendmsg+0x71c/0x900
[ 80.851780][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 80.857187][ T5080] ? kernel_sendmsg+0x50/0x50
[ 80.861963][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 80.868006][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 80.872720][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 80.877369][ T5080] ? lock_release+0x810/0x810
[ 80.882063][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 80.887299][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 80.892364][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 80.897332][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 80.902418][ T5080] ? __fget_light+0x20a/0x270
[ 80.907127][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 80.911649][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 80.916715][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 80.921609][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 80.926839][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.932095][ T5080] ? ptrace_notify+0xfe/0x140
[ 80.936790][ T5080] do_syscall_64+0x39/0xb0
[ 80.941247][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.947171][ T5080] RIP: 0033:0x7f04b5997eb9
[ 80.951600][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.971849][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 80.980315][ T5080] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9
[ 80.988418][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 80.996442][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 81.004445][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 81.012442][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 81.020456][ T5080]
[ 81.027578][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 81.038800][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 81.049233][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 81.059391][ T5080] Call Trace:
[ 81.062684][ T5080]
[ 81.065628][ T5080] dump_stack_lvl+0xd1/0x138
[ 81.070277][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 81.076310][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 81.081786][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 81.087700][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 81.092619][ T5080] dccp_write_xmit+0x171/0x1d0
[ 81.097449][ T5080] dccp_sendmsg+0xaee/0xd30
[ 81.101994][ T5080] ? dccp_done+0x100/0x100
[ 81.106445][ T5080] ? aa_af_perm+0x240/0x240
[ 81.110990][ T5080] ? __import_iovec+0x1fb/0x610
[ 81.115875][ T5080] inet_sendmsg+0x9d/0xe0
[ 81.120242][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 81.125390][ T5080] sock_sendmsg+0xde/0x190
[ 81.129869][ T5080] ____sys_sendmsg+0x71c/0x900
[ 81.134688][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 81.140095][ T5080] ? kernel_sendmsg+0x50/0x50
[ 81.144842][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 81.150860][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 81.155555][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 81.160173][ T5080] ? lock_release+0x810/0x810
[ 81.164878][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 81.170118][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 81.175190][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 81.180175][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 81.185225][ T5080] ? __fget_light+0x20a/0x270
[ 81.189940][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 81.194483][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 81.199579][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 81.204468][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 81.209711][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 81.214934][ T5080] ? ptrace_notify+0xfe/0x140
[ 81.219626][ T5080] do_syscall_64+0x39/0xb0
[ 81.224064][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.229996][ T5080] RIP: 0033:0x7f04b5997eb9
[ 81.234420][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.254055][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 81.262510][ T5080] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9
[ 81.270502][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 81.278503][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 81.286501][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 81.294501][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 81.302519][ T5080]
[ 81.308991][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 81.320288][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 81.330743][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 81.340827][ T5080] Call Trace:
[ 81.344134][ T5080]
[ 81.347075][ T5080] dump_stack_lvl+0xd1/0x138
[ 81.351700][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 81.357734][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 81.363225][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 81.369197][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 81.374130][ T5080] dccp_write_xmit+0x171/0x1d0
[ 81.378928][ T5080] dccp_sendmsg+0xaee/0xd30
[ 81.383474][ T5080] ? dccp_done+0x100/0x100
[ 81.387917][ T5080] ? aa_af_perm+0x240/0x240
[ 81.392459][ T5080] ? __import_iovec+0x1fb/0x610
[ 81.397358][ T5080] inet_sendmsg+0x9d/0xe0
[ 81.401740][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 81.406890][ T5080] sock_sendmsg+0xde/0x190
[ 81.411333][ T5080] ____sys_sendmsg+0x71c/0x900
[ 81.416125][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 81.421526][ T5080] ? kernel_sendmsg+0x50/0x50
[ 81.426238][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 81.432269][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 81.436991][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 81.441637][ T5080] ? lock_release+0x810/0x810
[ 81.446336][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 81.451569][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 81.456626][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 81.461590][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 81.466656][ T5080] ? __fget_light+0x20a/0x270
[ 81.471385][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 81.475928][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 81.481002][ T5080] ? asm_common_interrupt+0x26/0x40
[ 81.486284][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 81.491523][ T5080] ? ptrace_notify+0xfe/0x140
[ 81.496231][ T5080] do_syscall_64+0x39/0xb0
[ 81.500677][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.506603][ T5080] RIP: 0033:0x7f04b5997eb9
[ 81.511047][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 81.530677][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 81.539116][ T5080] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9
[ 81.547110][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 81.555099][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 81.563110][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 81.571197][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 81.579226][ T5080]
[ 81.584733][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 81.595972][ T5080] CPU: 1 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 81.606410][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 81.616486][ T5080] Call Trace:
[ 81.619771][ T5080]
[ 81.622711][ T5080] dump_stack_lvl+0xd1/0x138
[ 81.627338][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 81.633389][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 81.638894][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 81.644815][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 81.649725][ T5080] dccp_write_xmit+0x171/0x1d0
[ 81.654547][ T5080] dccp_sendmsg+0xaee/0xd30
[ 81.659134][ T5080] ? dccp_done+0x100/0x100
[ 81.663614][ T5080] ? aa_af_perm+0x240/0x240
[ 81.668261][ T5080] ? __import_iovec+0x1fb/0x610
[ 81.673151][ T5080] inet_sendmsg+0x9d/0xe0
[ 81.677540][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 81.682681][ T5080] sock_sendmsg+0xde/0x190
[ 81.687163][ T5080] ____sys_sendmsg+0x71c/0x900
[ 81.692002][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 81.697741][ T5080] ? kernel_sendmsg+0x50/0x50
[ 81.702457][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 81.708477][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 81.713196][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 81.717835][ T5080] ? lock_release+0x810/0x810
[ 81.722554][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 81.727796][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 81.732853][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 81.737828][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 81.742889][ T5080] ? __fget_light+0x20a/0x270
[ 81.747613][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 81.752172][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 81.757287][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 81.762181][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 81.767430][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 81.772666][ T5080] ? ptrace_notify+0xfe/0x140
[ 81.777404][ T5080] do_syscall_64+0x39/0xb0
[ 81.781874][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.787835][ T5080] RIP: 0033:0x7f04b5997eb9
[ 81.792282][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.811913][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 81.820448][ T5080] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9
[ 81.828441][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 81.836437][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 81.844421][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 81.852436][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 81.860461][ T5080]
[ 81.867711][ T5080] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 81.878957][ T5080] CPU: 0 PID: 5080 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 81.889431][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 81.899550][ T5080] Call Trace:
[ 81.902855][ T5080]
[ 81.905826][ T5080] dump_stack_lvl+0xd1/0x138
[ 81.910490][ T5080] ccid3_update_send_interval.cold+0x87/0x93
[ 81.916542][ T5080] ccid3_hc_tx_packet_sent+0x132/0x160
[ 81.922034][ T5080] ? ccid3_update_send_interval+0x120/0x120
[ 81.928000][ T5080] dccp_xmit_packet+0x2f2/0x750
[ 81.932926][ T5080] dccp_write_xmit+0x171/0x1d0
[ 81.937745][ T5080] dccp_sendmsg+0xaee/0xd30
[ 81.942287][ T5080] ? dccp_done+0x100/0x100
[ 81.946735][ T5080] ? aa_af_perm+0x240/0x240
[ 81.951272][ T5080] ? __import_iovec+0x1fb/0x610
[ 81.956173][ T5080] inet_sendmsg+0x9d/0xe0
[ 81.960562][ T5080] ? inet_send_prepare+0x4e0/0x4e0
[ 81.965718][ T5080] sock_sendmsg+0xde/0x190
[ 81.970180][ T5080] ____sys_sendmsg+0x71c/0x900
[ 81.974977][ T5080] ? copy_msghdr_from_user+0xfc/0x150
[ 81.980367][ T5080] ? kernel_sendmsg+0x50/0x50
[ 81.985092][ T5080] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 81.991122][ T5080] ___sys_sendmsg+0x110/0x1b0
[ 81.995829][ T5080] ? do_recvmmsg+0x6e0/0x6e0
[ 82.000458][ T5080] ? lock_release+0x810/0x810
[ 82.005158][ T5080] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 82.010390][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 82.015448][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 82.020414][ T5080] ? _raw_spin_lock_irq+0x45/0x50
[ 82.025480][ T5080] ? __fget_light+0x20a/0x270
[ 82.030195][ T5080] __sys_sendmsg+0xf7/0x1c0
[ 82.034725][ T5080] ? __sys_sendmsg_sock+0x40/0x40
[ 82.039776][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 82.044682][ T5080] ? lockdep_hardirqs_on+0x7d/0x100
[ 82.049916][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.055153][ T5080] ? ptrace_notify+0xfe/0x140
[ 82.059866][ T5080] do_syscall_64+0x39/0xb0
[ 82.064336][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.070290][ T5080] RIP: 0033:0x7f04b5997eb9
[ 82.074726][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.094358][ T5080] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 82.102807][ T5080] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9
[ 82.110804][ T5080] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 82.118807][ T5080] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 82.126804][ T5080] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5080] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a4f5d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5081] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5081] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5081] listen(3, 6) = 0
[pid 5081] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5081] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 5081] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 82.134799][ T5080] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 82.142811][ T5080]
[ 82.175693][ T5081] dccp_xmit_packet: Payload too large (65475) for featneg.
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 82.234642][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 82.246069][ T5081] CPU: 1 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 82.256541][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 82.266629][ T5081] Call Trace:
[ 82.269922][ T5081]
[ 82.272865][ T5081] dump_stack_lvl+0xd1/0x138
[ 82.277505][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 82.283573][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 82.289073][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 82.295003][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 82.299907][ T5081] dccp_write_xmit+0x171/0x1d0
[ 82.304733][ T5081] dccp_sendmsg+0xaee/0xd30
[ 82.309278][ T5081] ? dccp_done+0x100/0x100
[ 82.313725][ T5081] ? aa_af_perm+0x240/0x240
[ 82.318258][ T5081] ? __import_iovec+0x1fb/0x610
[ 82.323164][ T5081] inet_sendmsg+0x9d/0xe0
[ 82.327648][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 82.332819][ T5081] sock_sendmsg+0xde/0x190
[ 82.337298][ T5081] ____sys_sendmsg+0x71c/0x900
[ 82.342115][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 82.347561][ T5081] ? kernel_sendmsg+0x50/0x50
[ 82.352309][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 82.358361][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 82.363091][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 82.367729][ T5081] ? lock_release+0x810/0x810
[ 82.372469][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 82.377719][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 82.382780][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 82.387743][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 82.392836][ T5081] ? __fget_light+0x20a/0x270
[ 82.397694][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 82.402228][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 82.407279][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 82.412207][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 82.417478][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.422733][ T5081] ? ptrace_notify+0xfe/0x140
[ 82.427461][ T5081] do_syscall_64+0x39/0xb0
[ 82.431906][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.437832][ T5081] RIP: 0033:0x7f04b5997eb9
[ 82.442269][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.461902][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 82.470354][ T5081] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007f04b5997eb9
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 82.478396][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 82.486386][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 82.494475][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 82.502465][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 82.510596][ T5081]
[ 82.515678][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 82.527429][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 82.537882][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 82.547949][ T5081] Call Trace:
[ 82.551240][ T5081]
[ 82.554189][ T5081] dump_stack_lvl+0xd1/0x138
[ 82.558829][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 82.564837][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 82.570316][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 82.576229][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 82.581137][ T5081] dccp_write_xmit+0x171/0x1d0
[ 82.585947][ T5081] dccp_sendmsg+0xaee/0xd30
[ 82.590498][ T5081] ? dccp_done+0x100/0x100
[ 82.594953][ T5081] ? aa_af_perm+0x240/0x240
[ 82.599493][ T5081] ? __import_iovec+0x1fb/0x610
[ 82.604409][ T5081] inet_sendmsg+0x9d/0xe0
[ 82.608780][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 82.613937][ T5081] sock_sendmsg+0xde/0x190
[ 82.618399][ T5081] ____sys_sendmsg+0x71c/0x900
[ 82.623213][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 82.628621][ T5081] ? kernel_sendmsg+0x50/0x50
[ 82.633375][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 82.639415][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 82.644126][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 82.648759][ T5081] ? lock_release+0x810/0x810
[ 82.653458][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 82.658688][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 82.663744][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 82.668705][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 82.673772][ T5081] ? __fget_light+0x20a/0x270
[ 82.678489][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 82.683021][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 82.688087][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 82.692972][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 82.698211][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.703447][ T5081] ? ptrace_notify+0xfe/0x140
[ 82.708147][ T5081] do_syscall_64+0x39/0xb0
[ 82.712676][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.718624][ T5081] RIP: 0033:0x7f04b5997eb9
[ 82.723070][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.742731][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 82.751179][ T5081] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f04b5997eb9
[ 82.759179][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 82.767172][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 82.775165][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 82.783158][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 82.791170][ T5081]
[ 82.796226][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 82.807555][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 82.818009][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 82.828077][ T5081] Call Trace:
[ 82.831388][ T5081]
[ 82.834333][ T5081] dump_stack_lvl+0xd1/0x138
[ 82.839049][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 82.845065][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 82.850550][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 82.856478][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 82.861462][ T5081] dccp_write_xmit+0x171/0x1d0
[ 82.866306][ T5081] dccp_sendmsg+0xaee/0xd30
[ 82.870886][ T5081] ? dccp_done+0x100/0x100
[ 82.875333][ T5081] ? aa_af_perm+0x240/0x240
[ 82.879869][ T5081] ? __import_iovec+0x1fb/0x610
[ 82.884756][ T5081] inet_sendmsg+0x9d/0xe0
[ 82.889113][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 82.894264][ T5081] sock_sendmsg+0xde/0x190
[ 82.898755][ T5081] ____sys_sendmsg+0x71c/0x900
[ 82.903581][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 82.908975][ T5081] ? kernel_sendmsg+0x50/0x50
[ 82.913724][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 82.919793][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 82.924511][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 82.929131][ T5081] ? lock_release+0x810/0x810
[ 82.933826][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 82.939060][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 82.944134][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 82.949105][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 82.954194][ T5081] ? __fget_light+0x20a/0x270
[ 82.958900][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 82.963425][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 82.968483][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 82.973383][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 82.978673][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.983930][ T5081] ? ptrace_notify+0xfe/0x140
[ 82.988632][ T5081] do_syscall_64+0x39/0xb0
[ 82.993067][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.998991][ T5081] RIP: 0033:0x7f04b5997eb9
[ 83.003537][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 83.023192][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 83.031676][ T5081] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f04b5997eb9
[ 83.039685][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 83.047672][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 83.055683][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 83.063689][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 83.071694][ T5081]
[ 83.076615][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 83.087895][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 83.098331][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 83.108490][ T5081] Call Trace:
[ 83.111781][ T5081]
[ 83.114722][ T5081] dump_stack_lvl+0xd1/0x138
[ 83.119350][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 83.125363][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 83.130840][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 83.136760][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 83.141648][ T5081] dccp_write_xmit+0x171/0x1d0
[ 83.146464][ T5081] dccp_sendmsg+0xaee/0xd30
[ 83.151050][ T5081] ? dccp_done+0x100/0x100
[ 83.155537][ T5081] ? aa_af_perm+0x240/0x240
[ 83.160127][ T5081] ? __import_iovec+0x1fb/0x610
[ 83.165029][ T5081] inet_sendmsg+0x9d/0xe0
[ 83.169402][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 83.174549][ T5081] sock_sendmsg+0xde/0x190
[ 83.179043][ T5081] ____sys_sendmsg+0x71c/0x900
[ 83.183888][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 83.189294][ T5081] ? kernel_sendmsg+0x50/0x50
[ 83.194051][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 83.200104][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 83.204902][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 83.209561][ T5081] ? lock_release+0x810/0x810
[ 83.214255][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 83.219491][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 83.224550][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 83.229529][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 83.234618][ T5081] ? __fget_light+0x20a/0x270
[ 83.239341][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 83.243907][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 83.248978][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 83.253867][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 83.259109][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 83.264367][ T5081] ? ptrace_notify+0xfe/0x140
[ 83.269072][ T5081] do_syscall_64+0x39/0xb0
[ 83.273511][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.279432][ T5081] RIP: 0033:0x7f04b5997eb9
[ 83.283872][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 83.303518][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 83.311964][ T5081] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f04b5997eb9
[ 83.319982][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 83.327972][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 83.335996][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 83.344008][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 83.352042][ T5081]
[ 83.356770][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 83.368261][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 83.378738][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 83.388823][ T5081] Call Trace:
[ 83.392122][ T5081]
[ 83.395075][ T5081] dump_stack_lvl+0xd1/0x138
[ 83.399730][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 83.405742][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 83.411221][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 83.417145][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 83.422044][ T5081] dccp_write_xmit+0x171/0x1d0
[ 83.426852][ T5081] dccp_sendmsg+0xaee/0xd30
[ 83.431402][ T5081] ? dccp_done+0x100/0x100
[ 83.435859][ T5081] ? aa_af_perm+0x240/0x240
[ 83.440410][ T5081] ? __import_iovec+0x1fb/0x610
[ 83.445306][ T5081] inet_sendmsg+0x9d/0xe0
[ 83.449663][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 83.454802][ T5081] sock_sendmsg+0xde/0x190
[ 83.459262][ T5081] ____sys_sendmsg+0x71c/0x900
[ 83.464072][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 83.469474][ T5081] ? kernel_sendmsg+0x50/0x50
[ 83.474202][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 83.480254][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 83.484960][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 83.489595][ T5081] ? lock_release+0x810/0x810
[ 83.494300][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 83.499527][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 83.504587][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 83.509551][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 83.514620][ T5081] ? __fget_light+0x20a/0x270
[ 83.519336][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 83.523867][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 83.528924][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 83.533851][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 83.539089][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 83.544330][ T5081] ? ptrace_notify+0xfe/0x140
[ 83.549044][ T5081] do_syscall_64+0x39/0xb0
[ 83.553491][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.559422][ T5081] RIP: 0033:0x7f04b5997eb9
[ 83.563862][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 83.583494][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 83.591933][ T5081] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f04b5997eb9
[ 83.599941][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 83.607940][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 83.615940][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 83.623938][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 83.631953][ T5081]
[ 83.636857][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 83.648213][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 83.658672][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 83.668747][ T5081] Call Trace:
[ 83.672042][ T5081]
[ 83.675006][ T5081] dump_stack_lvl+0xd1/0x138
[ 83.679630][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 83.685634][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 83.691116][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 83.697060][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 83.701983][ T5081] dccp_write_xmit+0x171/0x1d0
[ 83.706821][ T5081] dccp_sendmsg+0xaee/0xd30
[ 83.711353][ T5081] ? dccp_done+0x100/0x100
[ 83.715802][ T5081] ? aa_af_perm+0x240/0x240
[ 83.720335][ T5081] ? __import_iovec+0x1fb/0x610
[ 83.725245][ T5081] inet_sendmsg+0x9d/0xe0
[ 83.729631][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 83.734788][ T5081] sock_sendmsg+0xde/0x190
[ 83.739257][ T5081] ____sys_sendmsg+0x71c/0x900
[ 83.744069][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 83.749486][ T5081] ? kernel_sendmsg+0x50/0x50
[ 83.754220][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 83.760252][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 83.764958][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 83.769601][ T5081] ? lock_release+0x810/0x810
[ 83.774303][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 83.779539][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 83.784608][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 83.789583][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 83.794667][ T5081] ? __fget_light+0x20a/0x270
[ 83.799394][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 83.803939][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 83.808987][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 83.813875][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 83.819107][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 83.824359][ T5081] ? ptrace_notify+0xfe/0x140
[ 83.829063][ T5081] do_syscall_64+0x39/0xb0
[ 83.833518][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.839455][ T5081] RIP: 0033:0x7f04b5997eb9
[ 83.843897][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 83.863530][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 83.871993][ T5081] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9
[ 83.879989][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 83.887986][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 83.895980][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 83.903989][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 83.912014][ T5081]
[ 83.917391][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 83.928770][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 83.939240][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 83.949355][ T5081] Call Trace:
[ 83.952649][ T5081]
[ 83.955604][ T5081] dump_stack_lvl+0xd1/0x138
[ 83.960233][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 83.966249][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 83.971756][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 83.977689][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 83.982603][ T5081] dccp_write_xmit+0x171/0x1d0
[ 83.987404][ T5081] dccp_sendmsg+0xaee/0xd30
[ 83.991954][ T5081] ? dccp_done+0x100/0x100
[ 83.996402][ T5081] ? aa_af_perm+0x240/0x240
[ 84.000961][ T5081] ? __import_iovec+0x1fb/0x610
[ 84.005863][ T5081] inet_sendmsg+0x9d/0xe0
[ 84.010239][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 84.015410][ T5081] sock_sendmsg+0xde/0x190
[ 84.019859][ T5081] ____sys_sendmsg+0x71c/0x900
[ 84.024675][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 84.030099][ T5081] ? kernel_sendmsg+0x50/0x50
[ 84.034823][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 84.040868][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 84.045580][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 84.050208][ T5081] ? lock_release+0x810/0x810
[ 84.054908][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 84.060160][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 84.065216][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 84.070182][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 84.075255][ T5081] ? __fget_light+0x20a/0x270
[ 84.079969][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 84.084511][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 84.089569][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 84.094455][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 84.099692][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 84.104933][ T5081] ? ptrace_notify+0xfe/0x140
[ 84.109654][ T5081] do_syscall_64+0x39/0xb0
[ 84.114100][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.120037][ T5081] RIP: 0033:0x7f04b5997eb9
[ 84.124488][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.144127][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 84.152573][ T5081] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9
[ 84.160571][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 84.168570][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 84.176568][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 84.184565][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 84.192580][ T5081]
[ 84.198725][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 84.210042][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 84.220507][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 84.230603][ T5081] Call Trace:
[ 84.233912][ T5081]
[ 84.236857][ T5081] dump_stack_lvl+0xd1/0x138
[ 84.241487][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 84.247503][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 84.252996][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 84.258950][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 84.263865][ T5081] dccp_write_xmit+0x171/0x1d0
[ 84.268667][ T5081] dccp_sendmsg+0xaee/0xd30
[ 84.273212][ T5081] ? dccp_done+0x100/0x100
[ 84.277655][ T5081] ? aa_af_perm+0x240/0x240
[ 84.282197][ T5081] ? __import_iovec+0x1fb/0x610
[ 84.287096][ T5081] inet_sendmsg+0x9d/0xe0
[ 84.291479][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 84.296633][ T5081] sock_sendmsg+0xde/0x190
[ 84.301081][ T5081] ____sys_sendmsg+0x71c/0x900
[ 84.305874][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 84.311268][ T5081] ? kernel_sendmsg+0x50/0x50
[ 84.315995][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 84.322034][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 84.326758][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 84.331419][ T5081] ? lock_release+0x810/0x810
[ 84.336140][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 84.341365][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 84.346433][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 84.351404][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 84.356480][ T5081] ? __fget_light+0x20a/0x270
[ 84.361224][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 84.365749][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 84.370790][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 84.375710][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 84.380967][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 84.386214][ T5081] ? ptrace_notify+0xfe/0x140
[ 84.390949][ T5081] do_syscall_64+0x39/0xb0
[ 84.395394][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.401320][ T5081] RIP: 0033:0x7f04b5997eb9
[ 84.405751][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.425377][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 84.433817][ T5081] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f04b5997eb9
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 84.441839][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 84.449923][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 84.457955][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 84.465982][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 84.474011][ T5081]
[ 84.481374][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 84.492760][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 84.503217][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 84.513296][ T5081] Call Trace:
[ 84.516675][ T5081]
[ 84.519635][ T5081] dump_stack_lvl+0xd1/0x138
[ 84.524278][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 84.530285][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 84.535763][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 84.541678][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 84.546586][ T5081] dccp_write_xmit+0x171/0x1d0
[ 84.551417][ T5081] dccp_sendmsg+0xaee/0xd30
[ 84.555967][ T5081] ? dccp_done+0x100/0x100
[ 84.560428][ T5081] ? aa_af_perm+0x240/0x240
[ 84.565020][ T5081] ? __import_iovec+0x1fb/0x610
[ 84.569934][ T5081] inet_sendmsg+0x9d/0xe0
[ 84.574284][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 84.579419][ T5081] sock_sendmsg+0xde/0x190
[ 84.583877][ T5081] ____sys_sendmsg+0x71c/0x900
[ 84.588680][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 84.594084][ T5081] ? kernel_sendmsg+0x50/0x50
[ 84.598827][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 84.604874][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 84.609593][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 84.614228][ T5081] ? lock_release+0x810/0x810
[ 84.618924][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 84.624147][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 84.629194][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 84.634162][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 84.639260][ T5081] ? __fget_light+0x20a/0x270
[ 84.643994][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 84.648520][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 84.653573][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 84.658495][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 84.663725][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 84.668954][ T5081] ? ptrace_notify+0xfe/0x140
[ 84.673653][ T5081] do_syscall_64+0x39/0xb0
[ 84.678086][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.684009][ T5081] RIP: 0033:0x7f04b5997eb9
[ 84.688457][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.708187][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 84.716660][ T5081] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f04b5997eb9
[ 84.724653][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 84.732676][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 84.740691][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 84.748699][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 84.756704][ T5081]
[ 84.763020][ C1] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 84.774469][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 84.784135][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 84.794227][ C1] Call Trace:
[ 84.797516][ C1]
[ 84.800371][ C1] dump_stack_lvl+0xd1/0x138
[ 84.804986][ C1] ccid3_update_send_interval.cold+0x87/0x93
[ 84.811007][ C1] ccid3_hc_tx_no_feedback_timer+0x348/0x700
[ 84.817027][ C1] call_timer_fn+0x1da/0x7c0
[ 84.821638][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0
[ 84.827307][ C1] ? timer_fixup_activate+0x3e0/0x3e0
[ 84.832696][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 84.837562][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0
[ 84.843207][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 84.848430][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0
[ 84.854100][ C1] ? ccid3_hc_tx_packet_recv+0xce0/0xce0
[ 84.859752][ C1] expire_timers+0x2c6/0x5c0
[ 84.864404][ C1] run_timer_softirq+0x326/0x910
[ 84.869389][ C1] ? expire_timers+0x5c0/0x5c0
[ 84.874196][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 84.879453][ C1] __do_softirq+0x1fb/0xadc
[ 84.884051][ C1] __irq_exit_rcu+0x123/0x180
[ 84.888757][ C1] irq_exit_rcu+0x9/0x20
[ 84.893034][ C1] sysvec_apic_timer_interrupt+0x97/0xc0
[ 84.898717][ C1]
[ 84.901667][ C1]
[ 84.904616][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 84.910636][ C1] RIP: 0010:acpi_idle_do_entry+0x1fd/0x2a0
[ 84.916483][ C1] Code: 89 de e8 46 f3 72 f7 84 db 75 ac e8 cd f6 72 f7 e8 c8 78 79 f7 66 90 e8 c1 f6 72 f7 0f 00 2d ca b7 a3 00 e8 b5 f6 72 f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 70 f3 72 f7 48 85 db
[ 84.936123][ C1] RSP: 0018:ffffc90000177d10 EFLAGS: 00000293
[ 84.942217][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 84.950234][ C1] RDX: ffff88813fef9d40 RSI: ffffffff8a0e1adb RDI: 0000000000000000
[ 84.958235][ C1] RBP: ffff888017991864 R08: 0000000000000001 R09: 0000000000000001
[ 84.966233][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 84.974243][ C1] R13: ffff888017991800 R14: ffff888017991864 R15: ffff8881462d2004
[ 84.982255][ C1] ? acpi_idle_do_entry+0x1fb/0x2a0
[ 84.987504][ C1] acpi_idle_enter+0x368/0x510
[ 84.992328][ C1] cpuidle_enter_state+0x1af/0xd40
[ 84.997500][ C1] cpuidle_enter+0x4e/0xa0
[ 85.001958][ C1] do_idle+0x3f7/0x590
[ 85.006078][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 85.011134][ C1] ? _raw_spin_unlock_bh+0x20/0x30
[ 85.016298][ C1] ? lockdep_hardirqs_on+0x7d/0x100
[ 85.021533][ C1] cpu_startup_entry+0x18/0x20
[ 85.026332][ C1] start_secondary+0x256/0x300
[ 85.031137][ C1] ? set_cpu_sibling_map+0x24f0/0x24f0
[ 85.036644][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 85.042595][ C1]
[ 85.052010][ T5081] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 85.063293][ T5081] CPU: 0 PID: 5081 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 85.073747][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 85.083841][ T5081] Call Trace:
[ 85.087138][ T5081]
[ 85.090088][ T5081] dump_stack_lvl+0xd1/0x138
[ 85.094733][ T5081] ccid3_update_send_interval.cold+0x87/0x93
[ 85.100747][ T5081] ccid3_hc_tx_packet_sent+0x132/0x160
[ 85.106235][ T5081] ? ccid3_update_send_interval+0x120/0x120
[ 85.112167][ T5081] dccp_xmit_packet+0x2f2/0x750
[ 85.117060][ T5081] dccp_write_xmit+0x171/0x1d0
[ 85.121881][ T5081] dccp_sendmsg+0xaee/0xd30
[ 85.126452][ T5081] ? dccp_done+0x100/0x100
[ 85.130925][ T5081] ? aa_af_perm+0x240/0x240
[ 85.135482][ T5081] ? __import_iovec+0x1fb/0x610
[ 85.140375][ T5081] inet_sendmsg+0x9d/0xe0
[ 85.144734][ T5081] ? inet_send_prepare+0x4e0/0x4e0
[ 85.149875][ T5081] sock_sendmsg+0xde/0x190
[ 85.154331][ T5081] ____sys_sendmsg+0x71c/0x900
[ 85.159135][ T5081] ? copy_msghdr_from_user+0xfc/0x150
[ 85.164532][ T5081] ? kernel_sendmsg+0x50/0x50
[ 85.169263][ T5081] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 85.175294][ T5081] ___sys_sendmsg+0x110/0x1b0
[ 85.180002][ T5081] ? do_recvmmsg+0x6e0/0x6e0
[ 85.184639][ T5081] ? lock_release+0x810/0x810
[ 85.189343][ T5081] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 85.194568][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 85.199619][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 85.204609][ T5081] ? _raw_spin_lock_irq+0x45/0x50
[ 85.209671][ T5081] ? __fget_light+0x20a/0x270
[ 85.214386][ T5081] __sys_sendmsg+0xf7/0x1c0
[ 85.218916][ T5081] ? __sys_sendmsg_sock+0x40/0x40
[ 85.223978][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 85.228864][ T5081] ? lockdep_hardirqs_on+0x7d/0x100
[ 85.234117][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 85.239363][ T5081] ? ptrace_notify+0xfe/0x140
[ 85.244074][ T5081] do_syscall_64+0x39/0xb0
[ 85.248532][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.254462][ T5081] RIP: 0033:0x7f04b5997eb9
[ 85.258904][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.278540][ T5081] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 85.286986][ T5081] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04b5997eb9
[ 85.294982][ T5081] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[pid 5081] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
, child_tidptr=0x555555a4f5d0) = 5082
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] socket(AF_INET6, SOCK_DCCP, IPPROTO_IP) = 3
[pid 5082] bind(3, {sa_family=AF_INET6, sin6_port=htons(20000), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
[pid 5082] socket(AF_INET, SOCK_DCCP, IPPROTO_IP) = 4
[pid 5082] listen(3, 6) = 0
[pid 5082] setsockopt(4, SOL_DCCP, DCCP_SOCKOPT_CCID, "\x03", 1) = 0
[pid 5082] connect(4, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[ 85.302972][ T5081] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 85.310967][ T5081] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 85.318964][ T5081] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 85.326980][ T5081]
[pid 5082] sendto(4, "\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65475, 0, NULL, 0) = 65475
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 85.349901][ T5082] dccp_xmit_packet: Payload too large (65475) for featneg.
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 85.409840][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 85.421443][ T5082] CPU: 0 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 85.431918][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 85.442012][ T5082] Call Trace:
[ 85.445327][ T5082]
[ 85.448293][ T5082] dump_stack_lvl+0xd1/0x138
[ 85.452952][ T5082] ccid3_update_send_interval.cold+0x87/0x93
[ 85.458974][ T5082] ccid3_hc_tx_packet_sent+0x132/0x160
[ 85.464469][ T5082] ? ccid3_update_send_interval+0x120/0x120
[ 85.470427][ T5082] dccp_xmit_packet+0x2f2/0x750
[ 85.475347][ T5082] dccp_write_xmit+0x171/0x1d0
[ 85.480158][ T5082] dccp_sendmsg+0xaee/0xd30
[ 85.484728][ T5082] ? dccp_done+0x100/0x100
[ 85.489183][ T5082] ? aa_af_perm+0x240/0x240
[ 85.493730][ T5082] ? __import_iovec+0x1fb/0x610
[ 85.498627][ T5082] inet_sendmsg+0x9d/0xe0
[ 85.502989][ T5082] ? inet_send_prepare+0x4e0/0x4e0
[ 85.508130][ T5082] sock_sendmsg+0xde/0x190
[ 85.512586][ T5082] ____sys_sendmsg+0x71c/0x900
[ 85.517397][ T5082] ? copy_msghdr_from_user+0xfc/0x150
[ 85.522797][ T5082] ? kernel_sendmsg+0x50/0x50
[ 85.527524][ T5082] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 85.533558][ T5082] ___sys_sendmsg+0x110/0x1b0
[ 85.538262][ T5082] ? do_recvmmsg+0x6e0/0x6e0
[ 85.542904][ T5082] ? lock_release+0x810/0x810
[ 85.547614][ T5082] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 85.552840][ T5082] ? do_raw_spin_lock+0x124/0x2b0
[ 85.557888][ T5082] ? rwlock_bug.part.0+0x90/0x90
[ 85.562842][ T5082] ? _raw_spin_lock_irq+0x45/0x50
[ 85.567911][ T5082] ? __fget_light+0x20a/0x270
[ 85.572623][ T5082] __sys_sendmsg+0xf7/0x1c0
[ 85.577169][ T5082] ? __sys_sendmsg_sock+0x40/0x40
[ 85.582217][ T5082] ? lock_downgrade+0x6e0/0x6e0
[ 85.587097][ T5082] ? lockdep_hardirqs_on+0x7d/0x100
[ 85.592323][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50
[ 85.597656][ T5082] ? ptrace_notify+0xfe/0x140
[ 85.602390][ T5082] do_syscall_64+0x39/0xb0
[ 85.606839][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.612783][ T5082] RIP: 0033:0x7f04b5997eb9
[ 85.617231][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.636884][ T5082] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 85.645324][ T5082] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f04b5997eb9
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 85.653314][ T5082] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 85.661324][ T5082] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 85.669332][ T5082] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[ 85.677334][ T5082] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 85.685365][ T5082]
[ 85.693891][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 85.705270][ T5082] CPU: 1 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 85.715722][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 85.725882][ T5082] Call Trace:
[ 85.729177][ T5082]
[ 85.732150][ T5082] dump_stack_lvl+0xd1/0x138
[ 85.736819][ T5082] ccid3_update_send_interval.cold+0x87/0x93
[ 85.742860][ T5082] ccid3_hc_tx_packet_sent+0x132/0x160
[ 85.748394][ T5082] ? ccid3_update_send_interval+0x120/0x120
[ 85.754356][ T5082] dccp_xmit_packet+0x2f2/0x750
[ 85.759294][ T5082] dccp_write_xmit+0x171/0x1d0
[ 85.764095][ T5082] dccp_sendmsg+0xaee/0xd30
[ 85.768639][ T5082] ? dccp_done+0x100/0x100
[ 85.773115][ T5082] ? aa_af_perm+0x240/0x240
[ 85.777674][ T5082] ? __import_iovec+0x1fb/0x610
[ 85.782576][ T5082] inet_sendmsg+0x9d/0xe0
[ 85.786966][ T5082] ? inet_send_prepare+0x4e0/0x4e0
[ 85.792115][ T5082] sock_sendmsg+0xde/0x190
[ 85.796576][ T5082] ____sys_sendmsg+0x71c/0x900
[ 85.801387][ T5082] ? copy_msghdr_from_user+0xfc/0x150
[ 85.806830][ T5082] ? kernel_sendmsg+0x50/0x50
[ 85.811567][ T5082] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 85.817605][ T5082] ___sys_sendmsg+0x110/0x1b0
[ 85.822334][ T5082] ? do_recvmmsg+0x6e0/0x6e0
[ 85.826980][ T5082] ? lock_release+0x810/0x810
[ 85.831686][ T5082] ? ptrace_stop.part.0+0x4a3/0x8e0
[ 85.836912][ T5082] ? do_raw_spin_lock+0x124/0x2b0
[ 85.841964][ T5082] ? rwlock_bug.part.0+0x90/0x90
[ 85.846922][ T5082] ? _raw_spin_lock_irq+0x45/0x50
[ 85.852022][ T5082] ? __fget_light+0x20a/0x270
[ 85.856731][ T5082] __sys_sendmsg+0xf7/0x1c0
[ 85.861255][ T5082] ? __sys_sendmsg_sock+0x40/0x40
[ 85.866305][ T5082] ? lock_downgrade+0x6e0/0x6e0
[ 85.871184][ T5082] ? lockdep_hardirqs_on+0x7d/0x100
[ 85.876421][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50
[ 85.881680][ T5082] ? ptrace_notify+0xfe/0x140
[ 85.886389][ T5082] do_syscall_64+0x39/0xb0
[ 85.890865][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.896789][ T5082] RIP: 0033:0x7f04b5997eb9
[ 85.901234][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.920874][ T5082] RSP: 002b:00007fff777fb728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 85.929347][ T5082] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f04b5997eb9
[ 85.937355][ T5082] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000004
[ 85.945371][ T5082] RBP: 0000000000000000 R08: 00007fff777fb8c8 R09: 00007fff777fb8c8
[ 85.953415][ T5082] R10: 00007fff777fb8c8 R11: 0000000000000246 R12: 00007fff777fb73c
[pid 5082] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="s", iov_len=1}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 1
[ 85.961431][ T5082] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[ 85.969450][ T5082]
[ 85.977906][ T5082] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:90/ccid3_update_send_interval()
[ 85.989143][ T5082] CPU: 1 PID: 5082 Comm: syz-executor132 Not tainted 6.2.0-rc8-syzkaller-02206-g675f176b4dcc #0
[ 85.999598][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023