BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() CPU: 1 PID: 9263 Comm: syz-executor2 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c net/dccp/ccids/lib/packet_history.c:422 ccid3_hc_rx_packet_recv+0x5c8/0xed0 net/dccp/ccids/ccid3.c:765 ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline] dccp_deliver_input_to_ccids+0xf0/0x280 net/dccp/input.c:180 dccp_rcv_established+0x87/0xb0 net/dccp/input.c:378 dccp_v4_do_rcv+0x153/0x180 net/dccp/ipv4.c:653 sk_backlog_rcv include/net/sock.h:909 [inline] __sk_receive_skb+0x3a2/0xd60 net/core/sock.c:513 dccp_v4_rcv+0x1151/0x2048 net/dccp/ipv4.c:874 ip_local_deliver_finish+0x2e3/0xd80 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:288 [inline] ip_local_deliver+0x1e1/0x720 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:450 [inline] ip_rcv_finish+0x81b/0x2200 net/ipv4/ip_input.c:396 NF_HOOK include/linux/netfilter.h:288 [inline] ip_rcv+0xb70/0x143d net/ipv4/ip_input.c:492 __netif_receive_skb_core+0x26f5/0x3630 net/core/dev.c:4592 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:4657 process_backlog+0x219/0x760 net/core/dev.c:5337 napi_poll net/core/dev.c:5735 [inline] net_rx_action+0x7b7/0x1930 net/core/dev.c:5801 __do_softirq+0x2e0/0xaf5 kernel/softirq.c:285 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1045 do_softirq.part.17+0x14d/0x190 kernel/softirq.c:329 do_softirq arch/x86/include/asm/preempt.h:23 [inline] __local_bh_enable_ip+0x1ec/0x230 kernel/softirq.c:182 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:728 [inline] ip_finish_output2+0xab2/0x1840 net/ipv4/ip_output.c:231 ip_finish_output+0x828/0xf80 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:277 [inline] ip_output+0x21b/0x850 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:444 [inline] ip_local_out+0xc5/0x1b0 net/ipv4/ip_output.c:124 ip_queue_xmit+0x9d0/0x1fa0 net/ipv4/ip_output.c:504 dccp_transmit_skb+0x999/0x12e0 net/dccp/output.c:142 dccp_xmit_packet+0x250/0x790 net/dccp/output.c:281 dccp_write_xmit+0x190/0x1f0 net/dccp/output.c:363 dccp_sendmsg+0x8c7/0x1020 net/dccp/proto.c:818 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:639 ___sys_sendmsg+0x805/0x940 net/socket.c:2117 __sys_sendmsg+0x115/0x270 net/socket.c:2155 SYSC_sendmsg net/socket.c:2164 [inline] SyS_sendmsg+0x29/0x30 net/socket.c:2162 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x455259 RSP: 002b:00007fc5c132ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fc5c132f6d4 RCX: 0000000000455259 RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000015 RBP: 000000000072bf58 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004cd R14: 00000000006fa3d8 R15: 0000000000000001 dccp_close: ABORT with 79 bytes unread Enabling of bearer <> rejected, illegal name Enabling of bearer <> rejected, illegal name netlink: 'syz-executor6': attribute type 41 has an invalid length. netlink: 'syz-executor6': attribute type 41 has an invalid length. device lo entered promiscuous mode Unknown options in mask 8927 device lo left promiscuous mode device lo entered promiscuous mode Unknown options in mask 8927 IPVS: length: 100 != 24 IPVS: length: 100 != 24 IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x1b43/0x1d30 net/netfilter/ipvs/ip_vs_ctl.c:2457 IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x1b43/0x1d30 net/netfilter/ipvs/ip_vs_ctl.c:2457 device bridge0 entered promiscuous mode device bridge0 left promiscuous mode device bridge0 entered promiscuous mode device bridge0 left promiscuous mode dccp_close: ABORT with 65423 bytes unread device lo left promiscuous mode netlink: 'syz-executor1': attribute type 40 has an invalid length. netlink: 'syz-executor3': attribute type 3 has an invalid length. netlink: 'syz-executor3': attribute type 3 has an invalid length. device team0 entered promiscuous mode device team0 left promiscuous mode IPVS: set_ctl: invalid protocol: 94 0.0.81.129:20001 none IPVS: set_ctl: invalid protocol: 94 0.0.81.129:20001 none netlink: 100 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 100 bytes leftover after parsing attributes in process `syz-executor3'. kernel msg: ebtables bug: please report to author: entries_size too small kernel msg: ebtables bug: please report to author: entries_size too small