------------[ cut here ]------------
kernel BUG at net/ipv4/tcp_output.c:2815!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 20421 Comm: syz-executor5 Not tainted 4.13.0-rc6+ #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c9c10240 task.stack: ffff8801c3018000
RIP: 0010:__tcp_retransmit_skb+0x1d18/0x1fa0 net/ipv4/tcp_output.c:2815
RSP: 0018:ffff8801db307408 EFLAGS: 00010206
RAX: ffff8801c9c10240 RBX: 0000000000000001 RCX: 000000004c132679
RDX: 0000000000000100 RSI: ffff8801cf18fac0 RDI: ffff8801cf18faec
RBP: ffff8801db3075c8 R08: ffff88021fff905c R09: ffff88021fff9048
R10: 0000000000000000 R11: ffff88021fff905d R12: ffff8801cf18fb46
R13: 000000004c132a09 R14: ffff8801cf18fac0 R15: ffff8801d6bd0000
FS:  0000000002192940(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000202dfffc CR3: 00000001ca40d000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 tcp_retransmit_skb+0x2e/0x230 net/ipv4/tcp_output.c:2889
 tcp_retransmit_timer+0xcee/0x2a10 net/ipv4/tcp_timer.c:476
 tcp_write_timer_handler+0x335/0x810 net/ipv4/tcp_timer.c:561
 tcp_write_timer+0x146/0x160 net/ipv4/tcp_timer.c:579
 call_timer_fn+0x233/0x830 kernel/time/timer.c:1268
 expire_timers kernel/time/timer.c:1307 [inline]
 __run_timers+0x7fd/0xb90 kernel/time/timer.c:1601
 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614
 __do_softirq+0x2f5/0xba3 kernel/softirq.c:284
 invoke_softirq kernel/softirq.c:364 [inline]
 irq_exit+0x1cc/0x200 kernel/softirq.c:405
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:1044
 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:702
RIP: 0010:clear_page_erms+0x9/0x10 arch/x86/lib/clear_page_64.S:50
RSP: 0018:ffff8801c301f860 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000000 RBX: 0000000006850000 RCX: 0000000000000000
RDX: 0000000080000000 RSI: ffffffff85b38240 RDI: ffff8801a138f000
RBP: ffff8801c301f8b8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffed0039382299
R13: dffffc0000000000 R14: ffff8801c9c10240 R15: 000000000684e380
 </IRQ>
 __do_huge_pmd_anonymous_page mm/huge_memory.c:570 [inline]
 do_huge_pmd_anonymous_page+0x584/0x1b90 mm/huge_memory.c:728
 create_huge_pmd mm/memory.c:3643 [inline]
 __handle_mm_fault+0x172f/0x3860 mm/memory.c:3846
 handle_mm_fault+0x3bb/0x860 mm/memory.c:3906
 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445
 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1508
 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1007
RIP: 0033:0x4053ac
RSP: 002b:0000000000a6f8e0 EFLAGS: 00010246
RAX: 00000000202dfffc RBX: 0000000000000000 RCX: 0000000000000000
RDX: 41b6478cc7e0c346 RSI: 0000000000000000 RDI: 0000000002192848
RBP: 0000000000000000 R08: 0000000000000000 R09: 00000001000188ec
R10: 0000000000a6f980 R11: 0000000000000206 R12: fffffffffffffffe
R13: 0000000000718000 R14: 00000000202dfffc R15: 0000000000000016
Code: ff e8 bd a5 95 fd e9 4b fb ff ff 48 8b bd a0 fe ff ff e8 0c a6 95 fd e9 fc f8 ff ff e8 02 a6 95 fd e9 53 f6 ff ff e8 88 be 61 fd <0f> 0b e8 f1 a5 95 fd e9 9e e5 ff ff 4c 89 e7 e8 84 a5 95 fd e9 
RIP: __tcp_retransmit_skb+0x1d18/0x1fa0 net/ipv4/tcp_output.c:2815 RSP: ffff8801db307408
---[ end trace ce8de3e7a91d4205 ]---