skbuff: skb_over_panic: text:ffffffff823cae0e len:4188 put:4188 head:ffff8801d3f5cc80 data:ffff8801d3f5cd10 tail:0x10ec end:0xc0 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:104!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 18994 Comm: syz-executor.0 Not tainted 4.4.174+ #4
task: ffff8801b8da4740 task.stack: ffff880097e18000
RIP: 0010:[<ffffffff826fb09c>]  [<ffffffff826fb09c>] skb_panic+0x176/0x178 net/core/skbuff.c:104
RSP: 0018:ffff880097e1f290  EFLAGS: 00010282
RAX: 000000000000008b RBX: ffff8801d05aba00 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81220458 RDI: ffffed0012fc3e44
RBP: ffff880097e1f2f8 R08: 000000000000008b R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff82a52b20
R13: ffffffff823cae0e R14: 000000000000105c R15: ffffffff82a527c0
FS:  00007faefe715700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000073c000 CR3: 00000000a7810000 CR4: 00000000001606b0
Stack:
 ffff8801d3f5cd10 00000000000010ec 00000000000000c0 ffffffff82a527c0
 ffff880097e1f438 ffff8801d3f5cd10 00000000000010ec 00000000000000c0
 00000000000010ec ffff8801d05aba00 000000000000105c ffffffff823cae0e
Call Trace:
 [<ffffffff826fb0e4>] skb_over_panic net/core/skbuff.c:109 [inline]
 [<ffffffff826fb0e4>] skb_put.cold+0x23/0x23 net/core/skbuff.c:1363
 [<ffffffff823cae0e>] __ip_append_data.isra.0+0x1d5e/0x2a20 net/ipv4/ip_output.c:1028
 [<ffffffff823cbbbc>] ip_append_data.part.0+0xec/0x160 net/ipv4/ip_output.c:1195
 [<ffffffff823d07a9>] ip_append_data+0x69/0x90 net/ipv4/ip_output.c:1184
 [<ffffffff8247f148>] udp_sendmsg+0xc78/0x1c60 net/ipv4/udp.c:1098
 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755
 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
 [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
 [<ffffffff821d87f4>] kernel_sendmsg+0x44/0x50 net/socket.c:656
 [<ffffffff821e30a6>] sock_no_sendpage+0x116/0x150 net/core/sock.c:2283
 [<ffffffff8248093c>] udp_sendpage+0x39c/0x410 net/ipv4/udp.c:1173
 [<ffffffff824aa083>] inet_sendpage+0x223/0x520 net/ipv4/af_inet.c:772
 [<ffffffff821d81b5>] kernel_sendpage+0x95/0xf0 net/socket.c:3320
 [<ffffffff821d829b>] sock_sendpage+0x8b/0xc0 net/socket.c:793
 [<ffffffff81530f1d>] pipe_to_sendpage+0x28d/0x3d0 fs/splice.c:724
 [<ffffffff81533b6e>] splice_from_pipe_feed fs/splice.c:776 [inline]
 [<ffffffff81533b6e>] __splice_from_pipe+0x37e/0x7a0 fs/splice.c:901
 [<ffffffff81536be8>] splice_from_pipe+0x108/0x170 fs/splice.c:936
 [<ffffffff81536c8c>] generic_splice_sendpage+0x3c/0x50 fs/splice.c:1109
 [<ffffffff81537d31>] do_splice_from fs/splice.c:1128 [inline]
 [<ffffffff81537d31>] do_splice fs/splice.c:1404 [inline]
 [<ffffffff81537d31>] SYSC_splice fs/splice.c:1707 [inline]
 [<ffffffff81537d31>] SyS_splice+0xd71/0x13a0 fs/splice.c:1690
 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
syz-executor.5 (18972) used greatest stack depth: 23856 bytes left
Code: 2b 9e d8 fe 4c 8b 4d b8 8b 4b 78 41 57 45 89 f0 4c 89 ea ff 75 d0 4c 89 e6 48 c7 c7 00 28 a5 82 ff 75 c8 ff 75 c0 e8 11 4c cb fe <0f> 0b e8 4d e5 c0 fe 4c 8b 6d 08 e8 34 87 d8 fe 48 c7 c1 e0 2a 
RIP  [<ffffffff826fb09c>] skb_panic+0x176/0x178 net/core/skbuff.c:100
 RSP <ffff880097e1f290>
---[ end trace 0011fed96237fb7e ]---