BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() CPU: 1 PID: 16918 Comm: syz-executor7 Not tainted 4.16.0-rc4+ #273 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 tfrc_rx_hist_sample_rtt+0x407/0x4d0 net/dccp/ccids/lib/packet_history.c:422 ccid3_hc_rx_packet_recv+0x696/0xeb3 net/dccp/ccids/ccid3.c:765 ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline] dccp_deliver_input_to_ccids+0xd9/0x250 net/dccp/input.c:180 dccp_rcv_established+0x88/0xb0 net/dccp/input.c:378 dccp_v4_do_rcv+0x135/0x160 net/dccp/ipv4.c:653 sk_backlog_rcv include/net/sock.h:909 [inline] __sk_receive_skb+0x33e/0xc10 net/core/sock.c:513 dccp_v4_rcv+0xf5f/0x1c80 net/dccp/ipv4.c:874 ip_local_deliver_finish+0x2f1/0xc50 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:288 [inline] ip_local_deliver+0x1ce/0x6e0 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:450 [inline] ip_rcv_finish+0xa36/0x2040 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:288 [inline] ip_rcv+0xb76/0x1820 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1a41/0x3460 net/core/dev.c:4557 __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4622 process_backlog+0x203/0x740 net/core/dev.c:5302 napi_poll net/core/dev.c:5700 [inline] net_rx_action+0x792/0x1910 net/core/dev.c:5766 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 invoke_softirq kernel/softirq.c:365 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:541 [inline] smp_apic_timer_interrupt+0x16b/0x700 arch/x86/kernel/apic/apic.c:1052 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:857 RIP: 0010:should_fail+0x26d/0xa40 lib/fault-inject.c:109 RSP: 0018:ffff8801d009f520 EFLAGS: 00000203 ORIG_RAX: ffffffffffffff12 RAX: 0000000000000000 RBX: fffffffffffffff8 RCX: 0000000000000000 RDX: 0000000000000485 RSI: ffffc9000211e000 RDI: ffffed003a013ee8 RBP: ffff8801d009f788 R08: 0000000000000000 R09: 1ffff1003a013ed4 R10: ffff8801d009f668 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8801d009f760 R14: 1ffff1003a013eac R15: 0000000000000880 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:422 [inline] slab_alloc mm/slab.c:3365 [inline] kmem_cache_alloc+0x47/0x760 mm/slab.c:3539 sk_prot_alloc+0x65/0x2a0 net/core/sock.c:1468 sk_alloc+0x105/0x1440 net/core/sock.c:1528 inet_create+0x47c/0xf50 net/ipv4/af_inet.c:320 __sock_create+0x4d4/0x850 net/socket.c:1285 sock_create net/socket.c:1325 [inline] SYSC_socket net/socket.c:1355 [inline] SyS_socket+0xeb/0x1d0 net/socket.c:1335 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007f07bb726c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f07bb7276d4 RCX: 0000000000453e69 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000002 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005e7 R14: 00000000006f8e48 R15: 0000000000000000 dccp_close: ABORT with 4709 bytes unread kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: Wrong len argument sctp: [Deprecated]: syz-executor0 (pid 17124) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device ip6tnl0 entered promiscuous mode mip6: mip6_destopt_init_state: spi is not 0: 3557031936 mip6: mip6_destopt_init_state: spi is not 0: 3557031936 sctp: [Deprecated]: syz-executor0 (pid 17124) Use of int in maxseg socket option. Use struct sctp_assoc_value instead nla_parse: 8 callbacks suppressed netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. validate_nla: 1 callbacks suppressed netlink: 'syz-executor5': attribute type 7 has an invalid length. netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor5': attribute type 7 has an invalid length. bond0: enslaved VLAN challenged slave lo. Adding VLANs will be blocked as long as lo is part of bond bond0 bond0: lo is up - this may be due to an out of date ifenslave selinux_nlmsg_perm: 4 callbacks suppressed SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36625 sclass=netlink_route_socket pig=17545 comm=syz-executor6 IPv6: Can't replace route, no match found IPv6: Can't replace route, no match found SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17645 comm=syz-executor5 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=17663 comm=syz-executor5 kernel msg: ebtables bug: please report to author: Unknown flag for inv bitmask kernel msg: ebtables bug: please report to author: Unknown flag for inv bitmask IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1053 sclass=netlink_route_socket pig=17701 comm=syz-executor5 netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1053 sclass=netlink_route_socket pig=17711 comm=syz-executor5 netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. kernel msg: ebtables bug: please report to author: EBT_ENTRY_OR_ENTRIES shouldn't be set in distinguisher ip6gretap0: FDB only supports static addresses ip6gretap0: FDB only supports static addresses kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: Wrong len argument kernel msg: ebtables bug: please report to author: Wrong len argument PF_BRIDGE: br_mdb_parse() with unknown ifindex SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pig=18175 comm=syz-executor5 PF_BRIDGE: br_mdb_parse() with unknown ifindex netlink: 72 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 72 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 'syz-executor5': attribute type 1 has an invalid length. can: request_module (can-proto-5) failed. can: request_module (can-proto-5) failed. tc_dump_action: action bad kind tc_dump_action: action bad kind device lo entered promiscuous mode device lo left promiscuous mode ebt_among: dst integrity fail: 184 dccp_v6_rcv: dropped packet with invalid checksum dccp_v6_rcv: dropped packet with invalid checksum netlink: 'syz-executor6': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22042 sclass=netlink_route_socket pig=18818 comm=syz-executor5 netlink: 'syz-executor6': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22042 sclass=netlink_route_socket pig=18818 comm=syz-executor5 netlink: 'syz-executor2': attribute type 5 has an invalid length. netlink: 'syz-executor2': attribute type 5 has an invalid length. RDS: rds_bind could not find a transport for 255.255.255.255, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 255.255.255.255, load rds_tcp or rds_rdma? netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. netlink: 'syz-executor1': attribute type 1 has an invalid length. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=17254 sclass=netlink_route_socket pig=19164 comm=syz-executor5 netlink: 'syz-executor1': attribute type 1 has an invalid length. xt_nfacct: accounting object `syz0' does not exists netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. openvswitch: netlink: Flow set message rejected, Key attribute missing. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. openvswitch: netlink: Flow set message rejected, Key attribute missing. kernel msg: ebtables bug: please report to author: bad policy kernel msg: ebtables bug: please report to author: bad policy l2tp_ppp: tunl 4: get L2TP stats sctp: [Deprecated]: syz-executor0 (pid 19514) Use of int in max_burst socket option. Use struct sctp_assoc_value instead netlink: 'syz-executor6': attribute type 41 has an invalid length. SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3347 sclass=netlink_tcpdiag_socket pig=19520 comm=syz-executor2 netlink: 'syz-executor6': attribute type 41 has an invalid length. sctp: [Deprecated]: syz-executor0 (pid 19514) Use of int in max_burst socket option. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3347 sclass=netlink_tcpdiag_socket pig=19520 comm=syz-executor2 kernel msg: ebtables bug: please report to author: Wrong len argument SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pig=19635 comm=syz-executor7 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pig=19635 comm=syz-executor7 kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor0 (pid 19657) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kernel msg: ebtables bug: please report to author: counter_offset != totalcnt sctp: [Deprecated]: syz-executor0 (pid 19657) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 19861) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19871 comm=syz-executor3 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=19881 comm=syz-executor3 sctp: [Deprecated]: syz-executor7 (pid 19877) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead