audit: type=1400 audit(2000000004.037:6919): avc:  denied  { create } for  pid=16600 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(2000000004.037:6920): avc:  denied  { write } for  pid=16600 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(2000000004.096:6921): avc:  denied  { read } for  pid=16611 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
------------[ cut here ]------------
kernel BUG at ./include/linux/skbuff.h:1294!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 16611 Comm: syz-executor.1 Not tainted 4.9.190+ #2
task: 000000001f274aab task.stack: 00000000812a5819
RIP: 0010:[<ffffffff8252c406>]  [<000000001f752e62>] skb_queue_prev include/linux/skbuff.h:1294 [inline]
RIP: 0010:[<ffffffff8252c406>]  [<000000001f752e62>] tcp_write_queue_prev include/net/tcp.h:1563 [inline]
RIP: 0010:[<ffffffff8252c406>]  [<000000001f752e62>] tcp_rtx_queue_tail include/net/tcp.h:1616 [inline]
RIP: 0010:[<ffffffff8252c406>]  [<000000001f752e62>] tcp_fragment+0x1266/0x1390 net/ipv4/tcp_output.c:1195
RSP: 0018:ffff8801db707b90  EFLAGS: 00010206
RAX: ffff8801d6d84740 RBX: ffff8801d4c47380 RCX: 1ffff1003a988eed
RDX: 0000000000000100 RSI: ffffffff8252c406 RDI: ffff8801c6792788
RBP: ffff8801db707be0 R08: 0000000002080020 R09: ffff8801c67927a8
R10: ffff88021fffd050 R11: 000001eda6fad07f R12: 0000000000000000
R13: ffff8801d4c47570 R14: ffff8801c6792780 R15: ffff8801d4c475c4
FS:  0000000000de8940(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e323000 CR3: 00000001cf419000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801c6792780 ffff8801d4c47570 ffff8801c67927f8 ffff880102080020
 0000048000005580 0000000000000480 ffff8801d4c47380 ffff8801c6792780
 0000000000005580 ffff8801c67927b4 ffff8801db707c30 ffffffff8253fd65
Call Trace:
 <IRQ> 
 [<00000000b76c801f>] tcp_write_wakeup+0x345/0x5b0 net/ipv4/tcp_output.c:3613
 [<000000001579cd5c>] tcp_send_probe0+0x4b/0x400 net/ipv4/tcp_output.c:3641
 [<00000000832bdc4b>] tcp_probe_timer net/ipv4/tcp_timer.c:379 [inline]
 [<00000000832bdc4b>] tcp_write_timer_handler+0x6a0/0x7a0 net/ipv4/tcp_timer.c:596
 [<0000000043a1fa2b>] tcp_write_timer+0xc5/0x190 net/ipv4/tcp_timer.c:610
 [<00000000f6cf9921>] call_timer_fn+0x167/0x6d0 kernel/time/timer.c:1319
 [<00000000b5e0e144>] expire_timers+0x25b/0x5c0 kernel/time/timer.c:1359
 [<00000000c3ba39c7>] __run_timers kernel/time/timer.c:1674 [inline]
 [<00000000c3ba39c7>] run_timer_softirq+0x1ff/0x620 kernel/time/timer.c:1687
 [<00000000d6400d2e>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<00000000c0b422db>] invoke_softirq kernel/softirq.c:368 [inline]
 [<00000000c0b422db>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<000000003a354a83>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<000000003a354a83>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:962
 [<000000000791c277>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
 <EOI> 
 [<000000007d3e5d92>] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
 [<000000007d3e5d92>] avc_reclaim_node security/selinux/avc.c:541 [inline]
 [<000000007d3e5d92>] avc_alloc_node security/selinux/avc.c:559 [inline]
 [<000000007d3e5d92>] avc_alloc_node+0x29a/0x3c0 security/selinux/avc.c:547
 [<000000004ce53469>] avc_insert security/selinux/avc.c:670 [inline]
 [<000000004ce53469>] avc_compute_av+0x182/0x610 security/selinux/avc.c:976
 [<00000000f931b63c>] avc_has_perm_noaudit+0x2a8/0x300 security/selinux/avc.c:1112
 [<00000000d1782c18>] cred_has_capability+0x138/0x2a0 security/selinux/hooks.c:1688
 [<00000000e35efcba>] selinux_vm_enough_memory+0x4e/0x60 security/selinux/hooks.c:2277
 [<0000000075accf6d>] security_vm_enough_memory_mm+0x77/0xc0 security/security.c:232
 [<000000000d94a9cf>] mmap_region+0x4a8/0xfa0 mm/mmap.c:1676
 [<00000000e3650c69>] do_mmap+0x539/0xbc0 mm/mmap.c:1505
 [<0000000033c2f1d0>] do_mmap_pgoff include/linux/mm.h:2071 [inline]
 [<0000000033c2f1d0>] vm_mmap_pgoff+0x179/0x1c0 mm/util.c:329
 [<00000000101e6002>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline]
 [<00000000101e6002>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513
 [<0000000036c27a14>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline]
 [<0000000036c27a14>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87
 [<0000000003743b1a>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<00000000b8ed3b37>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: c1 ea 03 80 3c 02 00 0f 85 3a 01 00 00 4c 8b ab f8 01 00 00 ba 00 00 00 00 4c 3b 6d b8 4c 0f 44 ea e9 f9 fc ff ff e8 6a 5f df fe <0f> 0b e8 f3 20 fd fe e9 6e f0 ff ff e8 e9 20 fd fe e9 68 f3 ff 
RIP  [<000000001f752e62>] skb_queue_prev include/linux/skbuff.h:1294 [inline]
RIP  [<000000001f752e62>] tcp_write_queue_prev include/net/tcp.h:1563 [inline]
RIP  [<000000001f752e62>] tcp_rtx_queue_tail include/net/tcp.h:1616 [inline]
RIP  [<000000001f752e62>] tcp_fragment+0x1266/0x1390 net/ipv4/tcp_output.c:1195
 RSP <ffff8801db707b90>
---[ end trace db6f08eaa94e8d0c ]---