BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 27028 Comm: kworker/u4:3 Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 tfrc_rx_hist_sample_rtt+0x370/0x460 net/dccp/ccids/lib/packet_history.c:414
 ccid3_hc_rx_packet_recv+0x636/0xd50 net/dccp/ccids/ccid3.c:760
 ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
 dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
 dccp_rcv_established+0x1b3/0x310 net/dccp/input.c:374
 dccp_v4_do_rcv+0xcd/0x190 net/dccp/ipv4.c:669
 sk_backlog_rcv include/net/sock.h:1059 [inline]
 __sk_receive_skb+0x416/0x9c0 net/core/sock.c:528
 ip_protocol_deliver_rcu+0x381/0x730 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0x1db/0x320 net/ipv4/ip_input.c:231
 NF_HOOK+0x364/0x410 include/linux/netfilter.h:302
 NF_HOOK+0x364/0x410 include/linux/netfilter.h:302
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x1c6/0x530 net/core/dev.c:5599
 process_backlog+0x363/0x7f0 net/core/dev.c:6476
 __napi_poll+0xc7/0x440 net/core/dev.c:7035
 napi_poll net/core/dev.c:7102 [inline]
 net_rx_action+0x617/0xda0 net/core/dev.c:7189
 __do_softirq+0x3b3/0x93a kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x155/0x240 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1096
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:finish_lock_switch+0x91/0x100 kernel/sched/core.c:4785
Code: 45 31 c9 68 c7 65 59 81 e8 ac 1a 09 00 48 83 c4 08 4c 89 ff e8 60 da fe ff eb 32 4c 89 ff e8 d6 a1 cc 08 e8 f1 44 2d 00 fb 5b <41> 5c 41 5d 41 5e 41 5f c3 44 89 f1 80 e1 07 80 c1 03 38 c1 7c 87
RSP: 0018:ffffc900039d76b8 EFLAGS: 00000282
RAX: bd9931a696848300 RBX: ffff888074769df4 RCX: ffffffff8162ee28
RDX: dffffc0000000000 RSI: ffffffff8a8b0f80 RDI: ffffffff8ad87e40
RBP: ffffc900039d7730 R08: dffffc0000000000 R09: fffffbfff1f7a035
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1101736748b R14: ffff8880b9b3a458 R15: ffff8880b9a39700
 finish_task_switch+0x134/0x630 kernel/sched/core.c:4902
 context_switch kernel/sched/core.c:5033 [inline]
 __schedule+0x12cc/0x45b0 kernel/sched/core.c:6376
 preempt_schedule_irq+0xf7/0x1c0 kernel/sched/core.c:6780
 irqentry_exit+0x53/0x80 kernel/entry/common.c:426
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:103 [inline]
RIP: 0010:__local_bh_enable_ip+0x16c/0x1f0 kernel/softirq.c:390
Code: 8a e8 58 43 cf 08 65 66 8b 05 90 32 b6 7e 66 85 c0 75 57 bf 01 00 00 00 e8 c1 dc 09 00 e8 ac 50 39 00 fb 65 8b 05 7c 15 b5 7e <85> c0 75 05 e8 0b 2d b3 ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
RSP: 0018:ffffc900039d7aa0 EFLAGS: 00000286
RAX: 0000000080000000 RBX: 1ffff9200073af58 RCX: ffffffff8162ee28
RDX: dffffc0000000000 RSI: ffffffff8a8b0f80 RDI: ffffffff8ad87e40
RBP: ffffc900039d7b50 R08: dffffc0000000000 R09: fffffbfff1f7a035
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff9200073af5c R14: ffffc900039d7ae0 R15: 0000000000000201
 spin_unlock_bh include/linux/spinlock.h:408 [inline]
 batadv_nc_purge_paths+0x30e/0x3b0 net/batman-adv/network-coding.c:475
 batadv_nc_worker+0x30b/0x5b0 net/batman-adv/network-coding.c:726
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
dccp_check_seqno: Step 6 failed for CLOSE packet, (LSWL(163827650166191) <= P.seqno(163827650166190) <= S.SWH(163827650166265)) and (P.ackno exists or LAWL(71325577265886) <= P.ackno(71325577265886) <= S.AWH(71325577265886), sending SYNC...
vkms_vblank_simulate: vblank timer overrun
----------------
Code disassembly (best guess):
   0:	45 31 c9             	xor    %r9d,%r9d
   3:	68 c7 65 59 81       	push   $0xffffffff815965c7
   8:	e8 ac 1a 09 00       	call   0x91ab9
   d:	48 83 c4 08          	add    $0x8,%rsp
  11:	4c 89 ff             	mov    %r15,%rdi
  14:	e8 60 da fe ff       	call   0xfffeda79
  19:	eb 32                	jmp    0x4d
  1b:	4c 89 ff             	mov    %r15,%rdi
  1e:	e8 d6 a1 cc 08       	call   0x8cca1f9
  23:	e8 f1 44 2d 00       	call   0x2d4519
  28:	fb                   	sti
  29:	5b                   	pop    %rbx
* 2a:	41 5c                	pop    %r12 <-- trapping instruction
  2c:	41 5d                	pop    %r13
  2e:	41 5e                	pop    %r14
  30:	41 5f                	pop    %r15
  32:	c3                   	ret
  33:	44 89 f1             	mov    %r14d,%ecx
  36:	80 e1 07             	and    $0x7,%cl
  39:	80 c1 03             	add    $0x3,%cl
  3c:	38 c1                	cmp    %al,%cl
  3e:	7c 87                	jl     0xffffffc7