audit: type=1400 audit(1542412860.468:22): avc:  denied  { transfer } for  pid=5816 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
------------[ cut here ]------------
kernel BUG at net/ipv4/tcp_input.c:4839!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 5859 Comm: syz-executor2 Not tainted 4.4.163+ #12
task: ffff8801d4c297c0 task.stack: ffff8800a6d70000
RIP: 0010:[<ffffffff8240bf0d>]  [<ffffffff8240bf0d>] tcp_collapse+0x98d/0xd00 net/ipv4/tcp_input.c:4839
RSP: 0018:ffff8801db707358  EFLAGS: 00010206
RAX: ffff8801d4c297c0 RBX: 0000000000000350 RCX: 000000005f4ae35a
RDX: 0000000000000100 RSI: ffffffff8240bf0d RDI: ffff8800b8325398
RBP: ffff8801db707490 R08: ffffed00164e08fb R09: ffffed00164e08f5
R10: ffffed00164e08fa R11: ffff8800b27047d7 R12: ffff8800b96e728c
R13: ffff8800b96e7260 R14: dffffc0000000000 R15: ffff8800b2704780
FS:  0000000000000000(0000) GS:ffff8801db700000(0063) knlGS:00000000f5753b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007ff6a0950000 CR3: 00000001d63b8000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8800b8325340 ffffed0017064a68 ffff8800b27047ac ffff8801db7073e8
 ffffffff82c7da3d ffff8800b96e7288 0000000000000000 ffff8800b8325200
 1ffff1003b6e0e79 00000350db7073b0 0000000000000000 00000000fffffd1a
Call Trace:
 <IRQ> 
 [<ffffffff8240c91b>] tcp_prune_queue net/ipv4/tcp_input.c:4990 [inline]
 [<ffffffff8240c91b>] tcp_try_rmem_schedule+0x69b/0x1270 net/ipv4/tcp_input.c:4386
 [<ffffffff8240f02f>] tcp_data_queue_ofo net/ipv4/tcp_input.c:4410 [inline]
 [<ffffffff8240f02f>] tcp_data_queue+0x10ff/0x3ad0 net/ipv4/tcp_input.c:4713
 [<ffffffff8241c3fa>] tcp_rcv_established+0x57a/0x1fd0 net/ipv4/tcp_input.c:5538
 [<ffffffff82443a53>] tcp_v4_do_rcv+0x553/0x7a0 net/ipv4/tcp_ipv4.c:1397
 [<ffffffff82448669>] sk_backlog_rcv include/net/sock.h:871 [inline]
 [<ffffffff82448669>] tcp_prequeue+0x4d9/0xdf0 net/ipv4/tcp_ipv4.c:1519
 [<ffffffff8244edab>] tcp_v4_rcv+0x2a6b/0x3750 net/ipv4/tcp_ipv4.c:1679
 [<ffffffff823af7d0>] ip_local_deliver_finish+0x3c0/0xa70 net/ipv4/ip_input.c:216
 [<ffffffff823b178c>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
 [<ffffffff823b178c>] NF_HOOK include/linux/netfilter.h:249 [inline]
 [<ffffffff823b178c>] ip_local_deliver+0x1ac/0x390 net/ipv4/ip_input.c:257
 [<ffffffff823b05d9>] dst_input include/net/dst.h:504 [inline]
 [<ffffffff823b05d9>] ip_rcv_finish+0x759/0x1220 net/ipv4/ip_input.c:365
 [<ffffffff823b2209>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
 [<ffffffff823b2209>] NF_HOOK include/linux/netfilter.h:249 [inline]
 [<ffffffff823b2209>] ip_rcv+0x899/0xfc0 net/ipv4/ip_input.c:455
 [<ffffffff822282f8>] __netif_receive_skb_core+0x12c8/0x2820 net/core/dev.c:4041
 [<ffffffff822309ab>] __netif_receive_skb+0x5b/0x1c0 net/core/dev.c:4076
 [<ffffffff82237d4a>] process_backlog+0x20a/0x670 net/core/dev.c:4669
 [<ffffffff82237157>] napi_poll net/core/dev.c:4907 [inline]
 [<ffffffff82237157>] net_rx_action+0x367/0xd50 net/core/dev.c:4972
 [<ffffffff827152ea>] __do_softirq+0x22a/0xa3e kernel/softirq.c:273
 [<ffffffff827134dc>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:929
 <EOI> 
 [<ffffffff810e1c74>] do_softirq.part.2+0x54/0x60 kernel/softirq.c:317
 [<ffffffff810e1d54>] do_softirq kernel/softirq.c:309 [inline]
 [<ffffffff810e1d54>] __local_bh_enable_ip+0xd4/0xe0 kernel/softirq.c:170
 [<ffffffff82711820>] __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:178 [inline]
 [<ffffffff82711820>] _raw_spin_unlock_bh+0x30/0x40 kernel/locking/spinlock.c:207
 [<ffffffff821dd806>] spin_unlock_bh include/linux/spinlock.h:352 [inline]
 [<ffffffff821dd806>] release_sock+0x3b6/0x500 net/core/sock.c:2484
 [<ffffffff821dda74>] sk_wait_data+0x124/0x3a0 net/core/sock.c:2064
 [<ffffffff823ee0a2>] tcp_recvmsg+0x19d2/0x2de0 net/ipv4/tcp.c:1777
 [<ffffffff824a233e>] inet_recvmsg+0x23e/0x4c0 net/ipv4/af_inet.c:786
 [<ffffffff821d03e1>] sock_recvmsg_nosec net/socket.c:740 [inline]
 [<ffffffff821d03e1>] sock_recvmsg+0x91/0xc0 net/socket.c:748
 [<ffffffff821d1bd5>] ___sys_recvmsg+0x265/0x550 net/socket.c:2129
 [<ffffffff821d4da6>] __sys_recvmsg+0xd6/0x190 net/socket.c:2175
 [<ffffffff822a5baa>] C_SYSC_recvmsg net/compat.c:734 [inline]
 [<ffffffff822a5baa>] compat_SyS_recvmsg+0x2a/0x40 net/compat.c:732
 [<ffffffff8100629e>] do_syscall_32_irqs_on arch/x86/entry/common.c:396 [inline]
 [<ffffffff8100629e>] do_fast_syscall_32+0x31e/0xa80 arch/x86/entry/common.c:463
 [<ffffffff82713b50>] sysenter_flags_fixed+0xd/0x1a
Code: 03 38 ca 7c 08 84 c9 0f 85 ef 01 00 00 45 39 7c 24 28 0f 89 77 ff ff ff e8 81 b3 ef fe 4d 8d 75 10 e9 72 ff ff ff e8 73 b3 ef fe <0f> 0b e8 6c b3 ef fe 48 8b 8d f8 fe ff ff 4c 89 ee 48 8b 95 28 
RIP  [<ffffffff8240bf0d>] tcp_collapse+0x98d/0xd00 net/ipv4/tcp_input.c:4839
 RSP <ffff8801db707358>
---[ end trace 29189a59848d08f6 ]---