------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:2257!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 18089 Comm: syz-executor.3 Not tainted 4.9.205-syzkaller #0
task: 00000000cba0b991 task.stack: 0000000080ace922
RIP: 0010:[<ffffffff822d91fd>]  [<00000000bb6b09f0>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
RSP: 0000:ffff8801db607230  EFLAGS: 00010206
RAX: ffff88013c464740 RBX: 0000000000000000 RCX: 1ffff10026b26449
RDX: 0000000000000100 RSI: ffffffff822d91fd RDI: ffff880135932248
RBP: ffff8801db6072c0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000003c R11: ffff8801a902875f R12: 00000000d0e71175
R13: 0000000000000000 R14: ffff880135932240 R15: 000000000000003c
FS:  0000000001799940(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000179a938 CR3: 0000000135953000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff88014912c5c8 ffffffff825350e5 ffffffff812685e7 ffff8801a90284e8
 0000003c8126930f ffffffff8282007d ffffffff810f2729 ffffffff8281ebbe
 ffff88014912c5c4 ffffffffffffffff 000001e8d0e71175 ffff88014912c500
Call Trace:
 [<00000000c3fc6017>] icmp_glue_bits+0x7f/0x1d0 net/ipv4/icmp.c:344
 [<000000008b258ccd>] __ip_append_data.isra.0+0x1de1/0x2940 net/ipv4/ip_output.c:1082
 [<00000000f5081755>] ip_append_data.part.0+0xf5/0x160 net/ipv4/ip_output.c:1232
 [<0000000066915ef2>] ip_append_data+0x69/0x90 net/ipv4/ip_output.c:1221
 [<00000000ef024165>] icmp_push_reply+0x199/0x510 net/ipv4/icmp.c:362
 [<00000000e02b20e5>] __icmp_send+0xad9/0x1420 net/ipv4/icmp.c:728
 [<00000000be489f2a>] icmp_send include/net/icmp.h:47 [inline]
 [<00000000be489f2a>] ip_fragment net/ipv4/ip_output.c:551 [inline]
 [<00000000be489f2a>] ip_fragment.constprop.0+0x1b9/0x210 net/ipv4/ip_output.c:538
 [<00000000fb78077d>] ip_finish_output+0x7cb/0xce0 net/ipv4/ip_output.c:311
 [<00000000df6b7554>] NF_HOOK_COND include/linux/netfilter.h:246 [inline]
 [<00000000df6b7554>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401
 [<00000000e55ca437>] dst_output include/net/dst.h:507 [inline]
 [<00000000e55ca437>] ip_local_out+0x9c/0x180 net/ipv4/ip_output.c:124
 [<000000001cd6d76d>] ip_queue_xmit+0x8a5/0x1890 net/ipv4/ip_output.c:500
 [<00000000f83eacf2>] __tcp_transmit_skb+0x1943/0x2f20 net/ipv4/tcp_output.c:1041
 [<000000003d32c0f4>] tcp_transmit_skb net/ipv4/tcp_output.c:1057 [inline]
 [<000000003d32c0f4>] __tcp_retransmit_skb+0x61a/0x1b30 net/ipv4/tcp_output.c:2781
 [<000000006a2d54aa>] tcp_retransmit_skb+0x29/0x2b0 net/ipv4/tcp_output.c:2800
 [<000000003910bbfc>] tcp_retransmit_timer+0x948/0x2320 net/ipv4/tcp_timer.c:508
 [<000000002bb914a6>] tcp_write_timer_handler+0x412/0x7a0 net/ipv4/tcp_timer.c:592
 [<00000000b077fab9>] tcp_write_timer+0xc5/0x190 net/ipv4/tcp_timer.c:610
 [<00000000dcb00b45>] call_timer_fn+0x167/0x6d0 kernel/time/timer.c:1319
 [<000000002fafd878>] expire_timers+0x25b/0x5c0 kernel/time/timer.c:1359
 [<0000000083534dab>] __run_timers kernel/time/timer.c:1676 [inline]
 [<0000000083534dab>] run_timer_softirq+0x1ff/0x620 kernel/time/timer.c:1689
 [<00000000d355eff4>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<00000000515ae13e>] invoke_softirq kernel/softirq.c:368 [inline]
 [<00000000515ae13e>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<000000002d7af9b0>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<000000002d7af9b0>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:1000
 [<000000009f769e30>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
 <EOI> [ 3048.204798] Code: 
ff ff e8 47 95 04 ff be bf 08 00 00 48 c7 c7 e0 50 c7 82 e8 36 56 e0 fe e9 5d fe ff ff 44 8b 7d d4 e9 d9 fd ff ff e8 23 95 04 ff <0f> 0b 4c 89 f7 e8 99 54 22 ff e9 dc fa ff ff 48 89 55 b8 e8 cb 
RIP  [<00000000bb6b09f0>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
 RSP <ffff8801db607230>
---[ end trace 31d27dc0e650a128 ]---