BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:414/tfrc_rx_hist_sample_rtt()
CPU: 3 UID: 0 PID: 6125 Comm: syz-executor.0 Not tainted 6.14.0-syzkaller-g1e1ba8d23dae #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 tfrc_rx_hist_sample_rtt+0x3e1/0x4a0 net/dccp/ccids/lib/packet_history.c:414
 ccid3_hc_rx_packet_recv+0x448/0xf50 net/dccp/ccids/ccid3.c:760
 ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
 dccp_deliver_input_to_ccids+0xe3/0x270 net/dccp/input.c:176
 dccp_rcv_established net/dccp/input.c:374 [inline]
 dccp_rcv_established+0x10a/0x160 net/dccp/input.c:364
 dccp_v4_do_rcv+0x171/0x1b0 net/dccp/ipv4.c:681
 sk_backlog_rcv include/net/sock.h:1122 [inline]
 __sk_receive_skb+0x79f/0x890 net/core/sock.c:575
 dccp_v4_rcv+0x1145/0x1d10 net/dccp/ipv4.c:904
 ip_protocol_deliver_rcu+0x441/0x4c0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x316/0x570 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_local_deliver+0x18e/0x1f0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:469 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:447 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_rcv+0x2c3/0x5d0 net/ipv4/ip_input.c:567
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5896
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6009
 process_backlog+0x442/0x15e0 net/core/dev.c:6357
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7190
 napi_poll net/core/dev.c:7259 [inline]
 net_rx_action+0xa97/0x1010 net/core/dev.c:7381
 handle_softirqs+0x216/0x8e0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_latency_start kernel/sched/core.c:5824 [inline]
RIP: 0010:preempt_latency_start kernel/sched/core.c:5819 [inline]
RIP: 0010:preempt_count_add+0x9e/0x150 kernel/sched/core.c:5847
Code: 0f 00 85 c0 75 38 65 48 8b 2d 56 b4 13 12 48 8d bd e0 14 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 87 00 00 00 48 89 9d e0 14 00 00 5b 5d c3 cc cc cc cc 31 ff
RSP: 0018:ffffc900048c7340 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffffff8169a8c1 RCX: 1ffffffff35584d4
RDX: 1ffff110050a4724 RSI: ffffffff89337769 RDI: ffff888028523920
RBP: ffff888028522440 R08: 0000000000000001 R09: 0000000000000000
R10: ffffc900048c73c8 R11: 00000000000832dd R12: ffffffff81a6c6a0
R13: ffffc900048c73c8 R14: 0000000000000000 R15: ffff888028522440
 unwind_next_frame+0xb1/0x1ff0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2376 [inline]
 slab_free mm/slub.c:4633 [inline]
 kfree+0x2b6/0x4d0 mm/slub.c:4832
 skb_kfree_head net/core/skbuff.c:996 [inline]
 skb_free_head+0x108/0x1d0 net/core/skbuff.c:1008
 skb_release_data+0x56d/0x740 net/core/skbuff.c:1035
 skb_release_all net/core/skbuff.c:1100 [inline]
 __kfree_skb net/core/skbuff.c:1114 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1152
 kfree_skb_reason include/linux/skbuff.h:1271 [inline]
 kfree_skb include/linux/skbuff.h:1280 [inline]
 dccp_qpolicy_drop net/dccp/qpolicy.c:109 [inline]
 dccp_qpolicy_drop+0x39/0x40 net/dccp/qpolicy.c:105
 dccp_write_xmit+0x184/0x1d0 net/dccp/output.c:369
 dccp_sendmsg+0x9b2/0xd10 net/dccp/proto.c:801
 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:851
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:733 [inline]
 ____sys_sendmsg+0x96b/0xc60 net/socket.c:2573
 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2627
 __sys_sendmmsg+0x200/0x420 net/socket.c:2716
 __do_sys_sendmmsg net/socket.c:2743 [inline]
 __se_sys_sendmmsg net/socket.c:2740 [inline]
 __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8e7fe7cd29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8e80c6b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f8e7ffabf80 RCX: 00007f8e7fe7cd29
RDX: 000000000000ffc3 RSI: 0000000020001e80 RDI: 0000000000000006
RBP: 00007f8e7fec947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f8e7ffabf80 R15: 00007ffd507f6268
 </TASK>
Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1538/dccp_feat_activate_values()
BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:414/tfrc_rx_hist_sample_rtt()
CPU: 3 UID: 0 PID: 6304 Comm: syz-executor.0 Not tainted 6.14.0-syzkaller-g1e1ba8d23dae #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 tfrc_rx_hist_sample_rtt+0x3e1/0x4a0 net/dccp/ccids/lib/packet_history.c:414
 ccid3_hc_rx_packet_recv+0x448/0xf50 net/dccp/ccids/ccid3.c:760
 ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
 dccp_deliver_input_to_ccids+0xe3/0x270 net/dccp/input.c:176
 dccp_rcv_established net/dccp/input.c:374 [inline]
 dccp_rcv_established+0x10a/0x160 net/dccp/input.c:364
 dccp_v4_do_rcv+0x171/0x1b0 net/dccp/ipv4.c:681
 sk_backlog_rcv include/net/sock.h:1122 [inline]
 __sk_receive_skb+0x79f/0x890 net/core/sock.c:575
 dccp_v4_rcv+0x1145/0x1d10 net/dccp/ipv4.c:904
 ip_protocol_deliver_rcu+0x441/0x4c0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x316/0x570 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_local_deliver+0x18e/0x1f0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:469 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:447 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 ip_rcv+0x2c3/0x5d0 net/ipv4/ip_input.c:567
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5896
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6009
 process_backlog+0x442/0x15e0 net/core/dev.c:6357
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7190
 napi_poll net/core/dev.c:7259 [inline]
 net_rx_action+0xa97/0x1010 net/core/dev.c:7381
 handle_softirqs+0x216/0x8e0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:write_comp_data+0x42/0x90 kernel/kcov.c:246
Code: a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 0f 00 75 60 a9 00 00 f0 00 75 59 8b 82 3c 16 00 00 85 c0 74 4f 8b 82 18 16 00 00 <83> f8 03 75 44 48 8b 82 20 16 00 00 8b 92 1c 16 00 00 48 8b 38 48
RSP: 0018:ffffc90003a978b0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff92000752f18 RCX: ffffffff847df6b0
RDX: ffff8880253f4880 RSI: 0000000000000007 RDI: 0000000000000005
RBP: ffff88802578e900 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000093 R11: 0000000000000000 R12: ffff888031d540c0
R13: ffffc90003a978e0 R14: 0000000000000093 R15: ffffc90003a97920
 sock_skip_has_perm security/selinux/hooks.c:4658 [inline]
 sock_has_perm+0x150/0x2f0 security/selinux/hooks.c:4671
 security_socket_sendmsg+0x9b/0x240 security/security.c:4674
 __sock_sendmsg net/socket.c:730 [inline]
 ____sys_sendmsg+0x2f2/0xc60 net/socket.c:2573
 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2627
 __sys_sendmmsg+0x200/0x420 net/socket.c:2716
 __do_sys_sendmmsg net/socket.c:2743 [inline]
 __se_sys_sendmmsg net/socket.c:2740 [inline]
 __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8e7fe7cd29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8e80c6b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f8e7ffabf80 RCX: 00007f8e7fe7cd29
RDX: 000000000000ffc3 RSI: 0000000020001e80 RDI: 0000000000000006
RBP: 00007f8e7fec947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f8e7ffabf80 R15: 00007ffd507f6268
 </TASK>
Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1538/dccp_feat_activate_values()
Negotiation of local Allow Short Seqnos failed in state CHANGING at net/dccp/feat.c:1538/dccp_feat_activate_values()
----------------
Code disassembly (best guess):
   0:	0f 00 85 c0 75 38 65 	sldt   0x653875c0(%rbp)
   7:	48 8b 2d 56 b4 13 12 	mov    0x1213b456(%rip),%rbp        # 0x1213b464
   e:	48 8d bd e0 14 00 00 	lea    0x14e0(%rbp),%rdi
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 87 00 00 00    	jne    0xb7 <-- trapping instruction
  30:	48 89 9d e0 14 00 00 	mov    %rbx,0x14e0(%rbp)
  37:	5b                   	pop    %rbx
  38:	5d                   	pop    %rbp
  39:	c3                   	ret
  3a:	cc                   	int3
  3b:	cc                   	int3
  3c:	cc                   	int3
  3d:	cc                   	int3
  3e:	31 ff                	xor    %edi,%edi