------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:2632!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 2 PID: 2570 Comm: syz-executor7 Not tainted 4.13.0-rc4-next-20170811 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff880039ed4640 task.stack: ffff88002f548000
RIP: 0010:skb_copy_and_csum_bits+0x60f/0x710 net/core/skbuff.c:2632
RSP: 0018:ffff88006de067a8 EFLAGS: 00010206
RAX: ffff880039ed4640 RBX: 000000005d7fce31 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffff880069e3dd84 RDI: ffff880065463988
RBP: ffff88006de06830 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000003c R11: ffffed000d56a7bc R12: ffff88006ab53b68
R13: ffff8800699068c0 R14: 000000000000003c R15: 00000000000001e8
FS:  00007f9875015700(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f43f24d6000 CR3: 0000000066b59000 CR4: 00000000000026e0
Call Trace:
 <IRQ>
 icmp_glue_bits+0x7f/0x1d0 net/ipv4/icmp.c:357
 __ip_append_data.isra.47+0x1716/0x24a0 net/ipv4/ip_output.c:1018
 ip_append_data.part.49+0xde/0x150 net/ipv4/ip_output.c:1170
 ip_append_data+0x5a/0x80 net/ipv4/ip_output.c:1159
 icmp_push_reply+0x169/0x4c0 net/ipv4/icmp.c:375
 icmp_send+0x1127/0x19a0 net/ipv4/icmp.c:741
 ip_fragment.constprop.50+0x1ac/0x200 net/ipv4/ip_output.c:552
 ip_finish_output+0x5b5/0xb00 net/ipv4/ip_output.c:315
 NF_HOOK_COND include/linux/netfilter.h:237 [inline]
 ip_output+0x1cc/0x850 net/ipv4/ip_output.c:405
 dst_output include/net/dst.h:471 [inline]
 ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
 ip_queue_xmit+0x8c6/0x18e0 net/ipv4/ip_output.c:504
 tcp_transmit_skb+0x1923/0x32d0 net/ipv4/tcp_output.c:1121
 __tcp_retransmit_skb+0x608/0x1ff0 net/ipv4/tcp_output.c:2875
 tcp_retransmit_skb+0x2e/0x230 net/ipv4/tcp_output.c:2889
 tcp_retransmit_timer+0xcee/0x2a10 net/ipv4/tcp_timer.c:476
 tcp_write_timer_handler+0x335/0x810 net/ipv4/tcp_timer.c:561
 tcp_write_timer+0x146/0x160 net/ipv4/tcp_timer.c:579
 call_timer_fn+0x233/0x830 kernel/time/timer.c:1268
 expire_timers kernel/time/timer.c:1307 [inline]
 __run_timers+0x7fd/0xb90 kernel/time/timer.c:1601
 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614
 __do_softirq+0x2f5/0xba3 kernel/softirq.c:284
 invoke_softirq kernel/softirq.c:364 [inline]
 irq_exit+0x1cc/0x200 kernel/softirq.c:405
 exiting_irq arch/x86/include/asm/apic.h:638 [inline]
 smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:1044
 apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:577
 </IRQ>
RIP: 0010:rep_nop arch/x86/include/asm/processor.h:634 [inline]
RIP: 0010:cpu_relax arch/x86/include/asm/processor.h:639 [inline]
RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline]
RIP: 0010:smp_call_function_many+0x6fc/0x950 kernel/smp.c:466
RSP: 0018:ffff88002f54f018 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000010000 RBX: ffff88003ed2ffb8 RCX: ffffc90001699000
RDX: 0000000000010000 RSI: ffffffff8162869a RDI: ffffffff857efa88
RBP: ffff88002f54f148 R08: fffffbffffeaf1da R09: fffffbffffeaf1da
R10: 0000000000000001 R11: fffffbffffeaf1d9 R12: ffff88003ed2ffd0
R13: dffffc0000000000 R14: ffff88002f54f120 R15: ffffed0005ea9e1c
 smp_call_function kernel/smp.c:490 [inline]
 on_each_cpu+0x3d/0x1b0 kernel/smp.c:600
 text_poke_bp+0xbb/0x170 arch/x86/kernel/alternative.c:807
 __jump_label_transform.isra.0+0x6a3/0x8a0 arch/x86/kernel/jump_label.c:101
 arch_jump_label_transform+0x2f/0x40 arch/x86/kernel/jump_label.c:109
 __jump_label_update+0x207/0x2d0 kernel/jump_label.c:368
 jump_label_update+0x22c/0x2b0 kernel/jump_label.c:735
 static_key_slow_inc_cpuslocked kernel/jump_label.c:109 [inline]
 static_key_slow_inc+0x32f/0x3c0 kernel/jump_label.c:124
 kvm_arch_vcpu_init+0x33e/0x920 arch/x86/kvm/x86.c:7956
 kvm_vcpu_init+0x2f9/0x400 arch/x86/kvm/../../../virt/kvm/kvm_main.c:294
 vmx_create_vcpu+0x133/0x2e80 arch/x86/kvm/vmx.c:9414
 kvm_arch_vcpu_create+0x12c/0x1a0 arch/x86/kvm/x86.c:7664
 kvm_vm_ioctl_create_vcpu arch/x86/kvm/../../../virt/kvm/kvm_main.c:2479 [inline]
 kvm_vm_ioctl+0x469/0x1c40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2983
 vfs_ioctl fs/ioctl.c:45 [inline]
 do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:685
 SYSC_ioctl fs/ioctl.c:700 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x446739
RSP: 002b:00007f9875014c08 EFLAGS: 00000282 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 0000000000446739
RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000019
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f98750159c0 R15: 00007f9875015700
Code: fd 49 63 c4 48 01 45 c8 01 45 b8 41 01 c5 e9 23 ff ff ff 8b 5d d4 e8 81 99 8e fd 8b 45 c0 85 c0 0f 84 b1 fe ff ff e8 71 99 8e fd <0f> 0b 45 31 f6 e9 15 fb ff ff 8b 5d d4 e9 9a fe ff ff e8 5a 99 
RIP: skb_copy_and_csum_bits+0x60f/0x710 net/core/skbuff.c:2632 RSP: ffff88006de067a8
---[ end trace 629024952e78e2c8 ]---