------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_output.c:2815! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 20421 Comm: syz-executor5 Not tainted 4.13.0-rc6+ #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801c9c10240 task.stack: ffff8801c3018000 RIP: 0010:__tcp_retransmit_skb+0x1d18/0x1fa0 net/ipv4/tcp_output.c:2815 RSP: 0018:ffff8801db307408 EFLAGS: 00010206 RAX: ffff8801c9c10240 RBX: 0000000000000001 RCX: 000000004c132679 RDX: 0000000000000100 RSI: ffff8801cf18fac0 RDI: ffff8801cf18faec RBP: ffff8801db3075c8 R08: ffff88021fff905c R09: ffff88021fff9048 R10: 0000000000000000 R11: ffff88021fff905d R12: ffff8801cf18fb46 R13: 000000004c132a09 R14: ffff8801cf18fac0 R15: ffff8801d6bd0000 FS: 0000000002192940(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000202dfffc CR3: 00000001ca40d000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tcp_retransmit_skb+0x2e/0x230 net/ipv4/tcp_output.c:2889 tcp_retransmit_timer+0xcee/0x2a10 net/ipv4/tcp_timer.c:476 tcp_write_timer_handler+0x335/0x810 net/ipv4/tcp_timer.c:561 tcp_write_timer+0x146/0x160 net/ipv4/tcp_timer.c:579 call_timer_fn+0x233/0x830 kernel/time/timer.c:1268 expire_timers kernel/time/timer.c:1307 [inline] __run_timers+0x7fd/0xb90 kernel/time/timer.c:1601 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614 __do_softirq+0x2f5/0xba3 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:1044 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:702 RIP: 0010:clear_page_erms+0x9/0x10 arch/x86/lib/clear_page_64.S:50 RSP: 0018:ffff8801c301f860 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: 0000000006850000 RCX: 0000000000000000 RDX: 0000000080000000 RSI: ffffffff85b38240 RDI: ffff8801a138f000 RBP: ffff8801c301f8b8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffed0039382299 R13: dffffc0000000000 R14: ffff8801c9c10240 R15: 000000000684e380 __do_huge_pmd_anonymous_page mm/huge_memory.c:570 [inline] do_huge_pmd_anonymous_page+0x584/0x1b90 mm/huge_memory.c:728 create_huge_pmd mm/memory.c:3643 [inline] __handle_mm_fault+0x172f/0x3860 mm/memory.c:3846 handle_mm_fault+0x3bb/0x860 mm/memory.c:3906 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1508 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1007 RIP: 0033:0x4053ac RSP: 002b:0000000000a6f8e0 EFLAGS: 00010246 RAX: 00000000202dfffc RBX: 0000000000000000 RCX: 0000000000000000 RDX: 41b6478cc7e0c346 RSI: 0000000000000000 RDI: 0000000002192848 RBP: 0000000000000000 R08: 0000000000000000 R09: 00000001000188ec R10: 0000000000a6f980 R11: 0000000000000206 R12: fffffffffffffffe R13: 0000000000718000 R14: 00000000202dfffc R15: 0000000000000016 Code: ff e8 bd a5 95 fd e9 4b fb ff ff 48 8b bd a0 fe ff ff e8 0c a6 95 fd e9 fc f8 ff ff e8 02 a6 95 fd e9 53 f6 ff ff e8 88 be 61 fd <0f> 0b e8 f1 a5 95 fd e9 9e e5 ff ff 4c 89 e7 e8 84 a5 95 fd e9 RIP: __tcp_retransmit_skb+0x1d18/0x1fa0 net/ipv4/tcp_output.c:2815 RSP: ffff8801db307408 ---[ end trace ce8de3e7a91d4205 ]---