netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=6 nlmsg_type=42193 sclass=netlink_xfrm_socket pig=20276 comm=syz-executor0 ------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_output.c:2668! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 20278 Comm: syz-executor7 Not tainted 4.9.78-g68d447c #23 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801cfcc0000 task.stack: ffff8801cddb0000 RIP: 0010:[] [] __tcp_retransmit_skb+0x1882/0x1ce0 net/ipv4/tcp_output.c:2668 RSP: 0018:ffff8801db207b58 EFLAGS: 00010206 RAX: ffff8801cfcc0000 RBX: 0000000000000001 RCX: ffffffff83278c02 RDX: 0000000000000100 RSI: ffff8801cbfce304 RDI: ffff8801d620c2ac RBP: ffff8801db207c10 R08: ffff88021fffd01c R09: 0000000000000000 R10: ffff88021fffd018 R11: ffff88021fffd010 R12: ffff8801d620c306 R13: 000000000ac55a89 R14: ffff8801d620c280 R15: ffff8801cbfce0c0 FS: 00007f1c9b2a2700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020f67ff0 CR3: 00000001cf5b4000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 150df4d4874e45d6 0000001dc567f82a ffff8801cbfce0c0 0000000000000004 0000000000000000 dffffc0000000000 ffff8801c8c50030 ffff8801db207bb8 ffffffff8339e0c7 ffff8801cbfce974 ffff8801cbfce0c0 ffffffff8339dca0 Call Trace: [] tcp_retransmit_skb+0x29/0x2b0 net/ipv4/tcp_output.c:2741 [] tcp_retransmit_timer+0xc4f/0x22c0 net/ipv4/tcp_timer.c:492 [] tcp_write_timer_handler+0x21e/0x780 net/ipv4/tcp_timer.c:576 [] tcp_write_timer+0x15a/0x170 net/ipv4/tcp_timer.c:594 [] call_timer_fn+0x164/0x700 kernel/time/timer.c:1319 [] expire_timers kernel/time/timer.c:1359 [inline] [] __run_timers kernel/time/timer.c:1658 [inline] [] run_timer_softirq+0xe8c/0x1650 kernel/time/timer.c:1684 [] __do_softirq+0x206/0x951 kernel/softirq.c:284 [] invoke_softirq kernel/softirq.c:364 [inline] [] irq_exit+0x165/0x190 kernel/softirq.c:405 [] exiting_irq arch/x86/include/asm/apic.h:659 [inline] [] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:960 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:752 [] elements_fit_in_base lib/flex_array.c:41 [inline] [] flex_array_get+0x8e/0x230 lib/flex_array.c:324 [] flex_array_get_ptr+0x1d/0x60 lib/flex_array.c:349 [] avtab_write+0x172/0x270 security/selinux/ss/avtab.c:648 [] policydb_write+0x622/0x2520 security/selinux/ss/policydb.c:3427 [] security_read_policy+0x13e/0x230 security/selinux/ss/services.c:3437 [] sel_open_policy+0x1b8/0x2b0 security/selinux/selinuxfs.c:388 [] do_dentry_open+0x607/0xc60 fs/open.c:766 [] vfs_open+0x105/0x220 fs/open.c:879 [] do_last fs/namei.c:3408 [inline] [] path_openat+0x5ac/0x2910 fs/namei.c:3531 [] do_filp_open+0x197/0x290 fs/namei.c:3566 [] do_sys_open+0x352/0x4c0 fs/open.c:1072 [] SYSC_openat fs/open.c:1099 [inline] [] SyS_openat+0x30/0x40 fs/open.c:1093 [] entry_SYSCALL_64_fastpath+0x29/0xe8 Code: ff 48 8b 7d c0 e8 4f 56 2c fe e9 cc f8 ff ff 48 89 cf e8 82 56 2c fe e9 aa f1 ff ff e8 58 56 2c fe e9 79 f8 ff ff e8 7e 25 0f fe <0f> 0b e8 67 56 2c fe e9 53 fb ff ff e8 5d 56 2c fe e9 1b fe ff RIP [] __tcp_retransmit_skb+0x1882/0x1ce0 net/ipv4/tcp_output.c:2668 RSP ---[ end trace 12657c2cacd3c2a6 ]---