------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_output.c:2591! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 17386 Comm: syz-executor404 Not tainted 4.4.132-g4b08356 #50 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d8a96000 task.stack: ffff8800b3b58000 RIP: 0010:[] [] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP: 0018:ffff8801db307b60 EFLAGS: 00010206 RAX: ffff8801d8a96000 RBX: ffff8800b63b9428 RCX: ffff8801d3c01744 RDX: 0000000000000100 RSI: ffffffff8328aff5 RDI: ffff8800b63b942c RBP: ffff8801db307c08 R08: 0000007cce8d44e7 R09: 0000000000000006 R10: ffffed0043fffa09 R11: 0000000000000001 R12: 00000000c7600113 R13: 00000000c7511c5b R14: ffff8800b63b9400 R15: ffff8801d3c01500 FS: 00007ff725e36700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020600000 CR3: 00000001d2389000 CR4: 00000000001606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000007cce8d44e7 ffffffffffffffff 0000007cce8f01c9 ffff8801d3c01500 0000000000000004 00000000c751208b dffffc0000000000 ffff8801d3c01744 ffff8801db307bc8 ffffffff833a936e ffff8801d3c01500 ffffffff833a8f50 Call Trace: [] tcp_retransmit_skb+0x23/0x2c0 net/ipv4/tcp_output.c:2664 [] tcp_retransmit_timer+0x7bd/0x1ed0 net/ipv4/tcp_timer.c:461 [] tcp_write_timer_handler+0x1f1/0x6f0 net/ipv4/tcp_timer.c:543 [] tcp_write_timer+0xba/0xd0 net/ipv4/tcp_timer.c:561 [] call_timer_fn+0x18c/0x870 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x642/0xb90 kernel/time/timer.c:1444 [] __do_softirq+0x22c/0xa1a kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10d/0x140 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:653 [inline] [] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:741 [] release_task.part.17+0xa94/0x1200 kernel/exit.c:212 [] release_task kernel/exit.c:630 [inline] [] exit_notify kernel/exit.c:632 [inline] [] do_exit+0x164b/0x26b0 kernel/exit.c:780 [] do_group_exit+0x111/0x330 kernel/exit.c:889 [] get_signal+0x4ec/0x14b0 kernel/signal.c:2317 [] do_signal+0x8b/0x1d30 arch/x86/kernel/signal.c:712 [] exit_to_usermode_loop+0x11a/0x160 arch/x86/entry/common.c:248 [] prepare_exit_to_usermode arch/x86/entry/common.c:283 [inline] [] syscall_return_slowpath+0x1b5/0x1f0 arch/x86/entry/common.c:348 [] int_ret_from_sys_call+0x25/0xa3 Code: e0 26 fe e9 aa ed ff ff e8 89 e0 26 fe e9 4f f5 ff ff e8 7f e0 26 fe e9 6b f5 ff ff e8 95 e0 26 fe e9 d3 ef ff ff e8 fb 61 0c fe <0f> 0b 4c 89 f7 e8 81 e0 26 fe e9 d9 ec ff ff e8 f7 e0 26 fe e9 RIP [] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP ---[ end trace 61a5349a41bafffe ]---