BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:414/tfrc_rx_hist_sample_rtt()
CPU: 1 UID: 0 PID: 6896 Comm: syz.0.268 Not tainted 6.13.0-rc1-syzkaller-00378-g62b5a46999c7 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 tfrc_rx_hist_sample_rtt+0x3e1/0x4a0 net/dccp/ccids/lib/packet_history.c:414
 ccid3_hc_rx_packet_recv+0x443/0xf50 net/dccp/ccids/ccid3.c:760
 ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
 dccp_deliver_input_to_ccids+0xe3/0x270 net/dccp/input.c:176
 dccp_rcv_established net/dccp/input.c:374 [inline]
 dccp_rcv_established+0x10a/0x160 net/dccp/input.c:364
 dccp_v4_do_rcv+0x171/0x1b0 net/dccp/ipv4.c:680
 sk_backlog_rcv include/net/sock.h:1121 [inline]
 __sk_receive_skb+0x7aa/0x890 net/core/sock.c:568
 dccp_v4_rcv+0x1153/0x1d30 net/dccp/ipv4.c:903
 ip_protocol_deliver_rcu+0x441/0x4c0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x316/0x570 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_local_deliver+0x18e/0x1f0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:460 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:447 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_rcv+0x2c3/0x5d0 net/ipv4/ip_input.c:567
 __netif_receive_skb_one_core+0x199/0x1e0 net/core/dev.c:5672
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785
 process_backlog+0x443/0x15f0 net/core/dev.c:6117
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883
 napi_poll net/core/dev.c:6952 [inline]
 net_rx_action+0xa94/0x1010 net/core/dev.c:7074
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:655
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0023:0xf70e95cf
Code: 00 89 4c 24 04 8d ae 0c f0 01 00 88 5c 24 17 89 7c 24 0c 89 54 24 1c 89 5c 24 18 8b 7c 24 0c 89 c2 81 e2 ff 1f 00 00 8b 34 d7 <8b> 7c d7 04 89 f1 89 fb 33 0c 24 33 5c 24 04 09 d9 74 4e 09 fe 74
RSP: 002b:00000000fff5d148 EFLAGS: 00000206
RAX: 00000000891ee6b1 RBX: 000000000000000f RCX: 0000000001e1e01f
RDX: 00000000000006b1 RSI: 0000000081e8c6b1 RDI: 00000000f73f2000
RBP: 00000000f73f0000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 89 4c 24 04 8d    	add    %cl,-0x72fbdbb4(%rcx)
   6:	ae                   	scas   %es:(%rdi),%al
   7:	0c f0                	or     $0xf0,%al
   9:	01 00                	add    %eax,(%rax)
   b:	88 5c 24 17          	mov    %bl,0x17(%rsp)
   f:	89 7c 24 0c          	mov    %edi,0xc(%rsp)
  13:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  17:	89 5c 24 18          	mov    %ebx,0x18(%rsp)
  1b:	8b 7c 24 0c          	mov    0xc(%rsp),%edi
  1f:	89 c2                	mov    %eax,%edx
  21:	81 e2 ff 1f 00 00    	and    $0x1fff,%edx
  27:	8b 34 d7             	mov    (%rdi,%rdx,8),%esi
* 2a:	8b 7c d7 04          	mov    0x4(%rdi,%rdx,8),%edi <-- trapping instruction
  2e:	89 f1                	mov    %esi,%ecx
  30:	89 fb                	mov    %edi,%ebx
  32:	33 0c 24             	xor    (%rsp),%ecx
  35:	33 5c 24 04          	xor    0x4(%rsp),%ebx
  39:	09 d9                	or     %ebx,%ecx
  3b:	74 4e                	je     0x8b
  3d:	09 fe                	or     %edi,%esi
  3f:	74                   	.byte 0x74