Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1537/dccp_feat_activate_values()
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 5869 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-g861c0981648f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x393/0x4b0 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x699/0xe60 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1b7/0x310 net/dccp/input.c:374
dccp_v4_do_rcv+0xff/0x1f0 net/dccp/ipv4.c:675
sk_backlog_rcv include/net/sock.h:1092 [inline]
__sk_receive_skb+0x41e/0x9d0 net/core/sock.c:568
ip_protocol_deliver_rcu+0x208/0x3f0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b6/0x500 net/ipv4/ip_input.c:233
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1ca/0x530 net/core/dev.c:5648
process_backlog+0x385/0x760 net/core/dev.c:5976
__napi_poll+0xc7/0x480 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x78b/0x1010 net/core/dev.c:6778
__do_softirq+0x2b8/0x939 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu+0xf1/0x1b0 kernel/softirq.c:632
irq_exit_rcu+0x9/0x20 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:103 [inline]
RIP: 0010:__local_bh_enable_ip+0x170/0x1f0 kernel/softirq.c:388
Code: 8b e8 84 ca d0 09 65 66 8b 05 dc 5e ad 7e 66 85 c0 75 59 bf 01 00 00 00 e8 9d aa 0a 00 e8 f8 9d 3f 00 fb 65 8b 05 a8 5e ad 7e <85> c0 75 05 e8 57 27 aa ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
RSP: 0018:ffffc90009a5f6c0 EFLAGS: 00000282
RAX: 0000000080000000 RBX: 1ffff9200134bedc RCX: ffffffff925f3303
RDX: dffffc0000000000 RSI: ffffffff8b6aa6e0 RDI: ffffffff8bbe9960
RBP: ffffc90009a5f770 R08: ffffffff8f02486f R09: 1ffffffff1e0490d
R10: dffffc0000000000 R11: fffffbfff1e0490e R12: dffffc0000000000
R13: 1ffff9200134bee0 R14: ffffc90009a5f700 R15: 0000000000000201
dccp_sendmsg+0x3c5/0xb70 net/dccp/proto.c:763
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x592/0x890 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f50bea7c8c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f50bf8100c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f50beb9bf80 RCX: 00007f50bea7c8c9
RDX: 000000000000ffc3 RSI: 0000000020001e80 RDI: 0000000000000006
RBP: 00007f50bead8ae8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f50beb9bf80 R15: 00007ffd11fbdac8
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 6078 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-g861c0981648f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x393/0x4b0 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x699/0xe60 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1b7/0x310 net/dccp/input.c:374
dccp_v4_do_rcv+0xff/0x1f0 net/dccp/ipv4.c:675
sk_backlog_rcv include/net/sock.h:1092 [inline]
__sk_receive_skb+0x41e/0x9d0 net/core/sock.c:568
ip_protocol_deliver_rcu+0x208/0x3f0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b6/0x500 net/ipv4/ip_input.c:233
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1ca/0x530 net/core/dev.c:5648
process_backlog+0x385/0x760 net/core/dev.c:5976
__napi_poll+0xc7/0x480 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x78b/0x1010 net/core/dev.c:6778
__do_softirq+0x2b8/0x939 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu+0xf1/0x1b0 kernel/softirq.c:632
irq_exit_rcu+0x9/0x20 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x97/0xb0 arch/x86/kernel/apic/apic.c:1076
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:lock_acquire+0x25a/0x530 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 a4 59 7e 00 f6 44 24 61 02 0f 85 8a 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90009e4f4e0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920013c9ea8 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8b6ab860 RDI: ffffffff8bbe9960
RBP: ffffc90009e4f638 R08: ffffffff90dfb3e7 R09: 1ffffffff21bf67c
R10: dffffc0000000000 R11: fffffbfff21bf67d R12: 1ffff920013c9ea4
R13: dffffc0000000000 R14: ffffc90009e4f540 R15: 0000000000000246
rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
rcu_read_lock include/linux/rcupdate.h:750 [inline]
dccp_write_space+0x43/0x580 net/dccp/output.c:201
sock_wfree+0x1b9/0x620 net/core/sock.c:2481
skb_release_head_state+0xfd/0x240 net/core/skbuff.c:1080
skb_release_all net/core/skbuff.c:1092 [inline]
__kfree_skb net/core/skbuff.c:1108 [inline]
kfree_skb_reason+0x15d/0x390 net/core/skbuff.c:1144
dccp_write_xmit+0x156/0x220 net/dccp/output.c:369
dccp_sendmsg+0x759/0xb70 net/dccp/proto.c:801
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x592/0x890 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f50bea7c8c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f50bf8100c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f50beb9bf80 RCX: 00007f50bea7c8c9
RDX: 000000000000ffc3 RSI: 0000000020001e80 RDI: 0000000000000006
RBP: 00007f50bead8ae8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f50beb9bf80 R15: 00007ffd11fbdac8
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:417/tfrc_rx_hist_sample_rtt()
CPU: 1 PID: 6149 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-g861c0981648f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
tfrc_rx_hist_sample_rtt+0x393/0x4b0 net/dccp/ccids/lib/packet_history.c:414
ccid3_hc_rx_packet_recv+0x699/0xe60 net/dccp/ccids/ccid3.c:760
ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
dccp_deliver_input_to_ccids net/dccp/input.c:176 [inline]
dccp_rcv_established+0x1b7/0x310 net/dccp/input.c:374
dccp_v4_do_rcv+0xff/0x1f0 net/dccp/ipv4.c:675
sk_backlog_rcv include/net/sock.h:1092 [inline]
__sk_receive_skb+0x41e/0x9d0 net/core/sock.c:568
ip_protocol_deliver_rcu+0x208/0x3f0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b6/0x500 net/ipv4/ip_input.c:233
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
NF_HOOK+0x3a1/0x450 include/linux/netfilter.h:314
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1ca/0x530 net/core/dev.c:5648
process_backlog+0x385/0x760 net/core/dev.c:5976
__napi_poll+0xc7/0x480 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x78b/0x1010 net/core/dev.c:6778
__do_softirq+0x2b8/0x939 kernel/softirq.c:553
do_softirq+0x11b/0x1e0 kernel/softirq.c:454
__local_bh_enable_ip+0x1b7/0x1f0 kernel/softirq.c:381
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]
__dev_queue_xmit+0x15fd/0x3b00 net/core/dev.c:4378
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
neigh_hh_output include/net/neighbour.h:526 [inline]
neigh_output include/net/neighbour.h:540 [inline]
ip_finish_output2+0xd37/0x1350 net/ipv4/ip_output.c:235
dst_output include/net/dst.h:451 [inline]
ip_local_out net/ipv4/ip_output.c:129 [inline]
__ip_queue_xmit+0x1245/0x1c20 net/ipv4/ip_output.c:535
dccp_transmit_skb+0xf35/0x1690 net/dccp/output.c:138
__dccp_rcv_established+0x118/0x400 net/dccp/input.c:346
dccp_rcv_established+0x2a4/0x310 net/dccp/input.c:376
dccp_v4_do_rcv+0xff/0x1f0 net/dccp/ipv4.c:675
sk_backlog_rcv include/net/sock.h:1092 [inline]
__release_sock+0x19c/0x4c0 net/core/sock.c:2973
release_sock+0x61/0x1d0 net/core/sock.c:3539
dccp_sendmsg+0x4de/0xb70 net/dccp/proto.c:803
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x592/0x890 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x3b2/0x730 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f50bea7c8c9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f50bf8100c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f50beb9bf80 RCX: 00007f50bea7c8c9
RDX: 000000000000ffc3 RSI: 0000000020001e80 RDI: 0000000000000006
RBP: 00007f50bead8ae8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f50beb9bf80 R15: 00007ffd11fbdac8
Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1537/dccp_feat_activate_values()
Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1537/dccp_feat_activate_values()
----------------
Code disassembly (best guess):
0: 8b e8 mov %eax,%ebp
2: 84 ca test %cl,%dl
4: d0 09 rorb (%rcx)
6: 65 66 8b 05 dc 5e ad mov %gs:0x7ead5edc(%rip),%ax # 0x7ead5eea
d: 7e
e: 66 85 c0 test %ax,%ax
11: 75 59 jne 0x6c
13: bf 01 00 00 00 mov $0x1,%edi
18: e8 9d aa 0a 00 call 0xaaaba
1d: e8 f8 9d 3f 00 call 0x3f9e1a
22: fb sti
23: 65 8b 05 a8 5e ad 7e mov %gs:0x7ead5ea8(%rip),%eax # 0x7ead5ed2
* 2a: 85 c0 test %eax,%eax <-- trapping instruction
2c: 75 05 jne 0x33
2e: e8 57 27 aa ff call 0xffaa278a
33: 48 c7 44 24 20 0e 36 movq $0x45e0360e,0x20(%rsp)
3a: e0 45
3c: 49 rex.WB
3d: c7 .byte 0xc7
3e: 04 1c add $0x1c,%al