NULL pointer dereference at 000000000000005d in tcp_enter_frto+0x102

Issue

• kernel panic with tcp_write_queue_head() return null, so that skb=null
• NULL pointer dereference at 000000000000005d in tcp_enter_frto+0x102

PANIC: "BUG: unable to handle kernel NULL pointer dereference at 000000000000005d"

crash> bt
PID: 77     TASK: ffff887fceab7520  CPU: 18  COMMAND: "ksoftirqd/18"
 #0 [ffff88c1c2203a10] machine_kexec at ffffffff8103fdcb
 #1 [ffff88c1c2203a70] crash_kexec at ffffffff810d1dc2
 #2 [ffff88c1c2203b40] oops_end at ffffffff8154d340
 #3 [ffff88c1c2203b70] no_context at ffffffff810518cb
 #4 [ffff88c1c2203bc0] __bad_area_nosemaphore at ffffffff81051b55
 #5 [ffff88c1c2203c10] bad_area_nosemaphore at ffffffff81051c23
 #6 [ffff88c1c2203c20] __do_page_fault at ffffffff8105231c
 #7 [ffff88c1c2203d40] do_page_fault at ffffffff8154f2ce
 #8 [ffff88c1c2203d70] page_fault at ffffffff8154c5d5
    [exception RIP: tcp_enter_frto+0x102]
    RIP: ffffffff814c9b42  RSP: ffff88c1c2203e28  RFLAGS: 00010246
    RAX: 0000000000000000  RBX: ffff8811cde7b880  RCX: 0000000000000000
    RDX: 0000000000000000  RSI: 0000000000000038  RDI: ffff8811cde7b880
    RBP: ffff88c1c2203e38   R8: 0000000000000000   R9: 0000000000000000
    R10: 000000000000000f  R11: 0000000000000006  R12: ffff8811cde7b948
    R13: 0000000000000003  R14: ffff8811cde7b880  R15: ffffffff814d4e70
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
 #9 [ffff88c1c2203e40] tcp_retransmit_timer at ffffffff814d4a78
#10 [ffff88c1c2203e70] tcp_write_timer at ffffffff814d5008
#11 [ffff88c1c2203ea0] run_timer_softirq at ffffffff8108f907
#12 [ffff88c1c2203f30] __do_softirq at ffffffff81085275
#13 [ffff88c1c2203fb0] call_softirq at ffffffff8100c38c
--- <IRQ stack> ---
#14 [ffff887fceac3e68] do_softirq at ffffffff8100fc90
#15 [ffff887fceac3e88] do_softirq at ffffffff8100fca5
#16 [ffff887fceac3ea8] ksoftirqd at ffffffff81084e10
#17 [ffff887fceac3ee8] kthread at ffffffff810a640e
#18 [ffff887fceac3f48] kernel_thread at ffffffff8100c28a