------------[ cut here ]------------ kernel BUG at ./include/linux/skbuff.h:1406! invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Modules linked in: CPU: 1 PID: 29418 Comm: syz-executor.2 Not tainted 4.14.139+ #37 task: 0000000050997f31 task.stack: 00000000f9cf3e75 RIP: 0010:skb_queue_prev include/linux/skbuff.h:1406 [inline] RIP: 0010:tcp_write_queue_prev include/net/tcp.h:1654 [inline] RIP: 0010:tcp_rtx_queue_tail include/net/tcp.h:1709 [inline] RIP: 0010:tcp_fragment+0x12c6/0x13e0 net/ipv4/tcp_output.c:1284 RSP: 0018:ffff8881dbb07bf8 EFLAGS: 00010206 RAX: ffff88819599c680 RBX: ffff8881d353b480 RCX: 1ffff1103a6a76d9 RDX: 0000000000000100 RSI: ffff888173c39b80 RDI: ffff888173c39b88 RBP: ffff888173c39b80 R08: 0000000001080020 R09: ffff88821ffff048 R10: ffff88821ffff057 R11: ffff88821ffff050 R12: 0000000000000000 R13: 0000000000006800 R14: 0000000001080020 R15: ffff8881d353b6d0 FS: 00007f5cfafe5700(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31a26000 CR3: 0000000199c44004 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: tcp_write_wakeup+0x32b/0x570 net/ipv4/tcp_output.c:3708 tcp_send_probe0+0x46/0x3cc net/ipv4/tcp_output.c:3736 tcp_probe_timer net/ipv4/tcp_timer.c:365 [inline] tcp_write_timer_handler+0x687/0x780 net/ipv4/tcp_timer.c:583 tcp_write_timer+0xc9/0x170 net/ipv4/tcp_timer.c:597 call_timer_fn+0x15b/0x6a0 kernel/time/timer.c:1279 expire_timers+0x227/0x4c0 kernel/time/timer.c:1318 __run_timers kernel/time/timer.c:1634 [inline] run_timer_softirq+0x1eb/0x5d0 kernel/time/timer.c:1647 __do_softirq+0x234/0x9ec kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x114/0x150 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x1a7/0x650 arch/x86/kernel/apic/apic.c:1064 apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:792 RIP: 0010:debug_lockdep_rcu_enabled+0x5e/0x90 kernel/rcu/update.c:299 RSP: 0018:ffff888181bc7b00 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000003 RBX: ffff8881d6e14e40 RCX: 1ffffffff3b428e0 RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000246 RBP: ffffea00075b8500 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff9be56be5 R13: ffffffff9be56be5 R14: 0000000000000246 R15: ffffed103a75df82 trace_kmem_cache_free include/trace/events/kmem.h:144 [inline] kmem_cache_free+0x16b/0x340 mm/slub.c:3022 ebitmap_destroy+0x75/0xe0 security/selinux/ss/ebitmap.c:338 mls_context_destroy security/selinux/ss/context.h:109 [inline] context_destroy security/selinux/ss/context.h:148 [inline] security_compute_sid.part.0+0xad6/0x10a0 security/selinux/ss/services.c:1743 security_compute_sid security/selinux/ss/services.c:1764 [inline] security_transition_sid+0xcb/0x120 security/selinux/ss/services.c:1764 socket_sockcreate_sid security/selinux/hooks.c:4373 [inline] socket_sockcreate_sid security/selinux/hooks.c:4365 [inline] selinux_socket_create+0x2e0/0x4e7 security/selinux/hooks.c:4406 security_socket_create+0x84/0xc0 security/security.c:1348 __sock_create+0x61/0x620 net/socket.c:1230 sock_create net/socket.c:1315 [inline] SYSC_socket net/socket.c:1345 [inline] SyS_socket+0xe1/0x1e0 net/socket.c:1325 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c3c7 RSP: 002b:00007f5cfafe49c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007f5cfafe4a58 RCX: 000000000045c3c7 RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 000000000075bf20 R08: 0000000000000009 R09: 0000000000000000 R10: ffffffffffffffff R11: 0000000000000202 R12: 00007f5cfafe4a40 R13: 00000000004d0828 R14: 00000000004df748 R15: 00000000ffffffff Code: ea 03 80 3c 02 00 0f 85 2c 01 00 00 4c 8b bb 58 02 00 00 ba 00 00 00 00 4c 3b 7c 24 18 4c 0f 44 fa e9 bd fc ff ff e8 fa ee da fe <0f> 0b e8 13 b2 fd fe e9 4d ef ff ff e8 09 b2 fd fe e9 2d f2 ff RIP: skb_queue_prev include/linux/skbuff.h:1406 [inline] RSP: ffff8881dbb07bf8 RIP: tcp_write_queue_prev include/net/tcp.h:1654 [inline] RSP: ffff8881dbb07bf8 RIP: tcp_rtx_queue_tail include/net/tcp.h:1709 [inline] RSP: ffff8881dbb07bf8 RIP: tcp_fragment+0x12c6/0x13e0 net/ipv4/tcp_output.c:1284 RSP: ffff8881dbb07bf8 ---[ end trace 6bb724cd378ea55c ]---