ip6_tunnel: U xmit: Local address not yet configured!
ip6_tunnel: W xmit: Local address not yet configured!
: renamed from ip_vti0
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:2257!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 17451 Comm: syz-executor.5 Not tainted 4.9.194+ #0
task: 00000000129a1c76 task.stack: 000000000fa8f159
RIP: 0010:[<ffffffff822e902d>]  [<00000000f92ba98a>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
RSP: 0018:ffff8801db707230  EFLAGS: 00010206
RAX: ffff88018afec740 RBX: 0000000000000000 RCX: 1ffff1002e58cb29
RDX: 0000000000000100 RSI: ffffffff822e902d RDI: ffff880172c65948
RBP: ffff8801db7072c0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000003c R11: ffff8801c683fd5f R12: 0000000023c3843a
R13: 0000000000000000 R14: ffff880172c65940 R15: 000000000000003c
FS:  00007fb7ab11c700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e922000 CR3: 00000001d19b3000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffff8801d0a7ac08 1ffffffff063fc70 0000000000000000 ffff8801c683fae8
 0000003c8afecfbc ffff8801db707480 ffffffff8282beee ffff8801d0a7a000
 ffff8801d0a7ac04 0000000000000000 000001e823c3843a ffff8801d0a7ab40
Call Trace:
 [<00000000a863fa4f>] icmp_glue_bits+0x7f/0x1d0 net/ipv4/icmp.c:344
 [<00000000a92bf48d>] __ip_append_data.isra.0+0x1de1/0x2940 net/ipv4/ip_output.c:1082
 [<00000000dc0e9b1b>] ip_append_data.part.0+0xec/0x160 net/ipv4/ip_output.c:1232
 [<000000005465ecfa>] ip_append_data+0x69/0x90 net/ipv4/ip_output.c:1221
 [<0000000022d5fd09>] icmp_push_reply+0x199/0x510 net/ipv4/icmp.c:362
 [<000000008001d59c>] __icmp_send+0xad9/0x1420 net/ipv4/icmp.c:728
 [<000000007cfc835f>] icmp_send include/net/icmp.h:47 [inline]
 [<000000007cfc835f>] ip_fragment net/ipv4/ip_output.c:551 [inline]
 [<000000007cfc835f>] ip_fragment.constprop.0+0x1b9/0x210 net/ipv4/ip_output.c:538
 [<00000000ce9ab193>] ip_finish_output+0x7cb/0xce0 net/ipv4/ip_output.c:311
 [<0000000041468741>] NF_HOOK_COND include/linux/netfilter.h:246 [inline]
 [<0000000041468741>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401
 [<00000000825e4c52>] dst_output include/net/dst.h:507 [inline]
 [<00000000825e4c52>] ip_local_out+0x9c/0x180 net/ipv4/ip_output.c:124
 [<00000000ef8218e1>] ip_queue_xmit+0x8a5/0x1890 net/ipv4/ip_output.c:500
 [<0000000029cdbb19>] __tcp_transmit_skb+0x1943/0x2f20 net/ipv4/tcp_output.c:1041
 [<0000000023bfd771>] tcp_transmit_skb net/ipv4/tcp_output.c:1057 [inline]
 [<0000000023bfd771>] __tcp_retransmit_skb+0x61a/0x1b30 net/ipv4/tcp_output.c:2781
 [<00000000e7dd6b60>] tcp_retransmit_skb+0x29/0x2b0 net/ipv4/tcp_output.c:2800
 [<000000007abc542d>] tcp_retransmit_timer+0x948/0x2320 net/ipv4/tcp_timer.c:508
 [<0000000048d8fa9b>] tcp_write_timer_handler+0x412/0x7a0 net/ipv4/tcp_timer.c:592
 [<0000000085128dad>] tcp_write_timer+0xc5/0x190 net/ipv4/tcp_timer.c:610
 [<000000005389fa76>] call_timer_fn+0x167/0x6d0 kernel/time/timer.c:1319
 [<0000000031e9ad35>] expire_timers+0x25b/0x5c0 kernel/time/timer.c:1359
 [<00000000b677c024>] __run_timers kernel/time/timer.c:1674 [inline]
 [<00000000b677c024>] run_timer_softirq+0x1ff/0x620 kernel/time/timer.c:1687
 [<000000002a61acbd>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<0000000044f49244>] invoke_softirq kernel/softirq.c:368 [inline]
 [<0000000044f49244>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<000000003ed13b4d>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<000000003ed13b4d>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:1000
 [<00000000a40b8947>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
 <EOI> [ 1121.195383]  [<0000000096bd5fb6>] ? shmem_getpage_gfp+0xc09/0x1b00 mm/shmem.c:1829
 [<0000000072ea2e48>] shmem_fault+0x216/0x6b0 mm/shmem.c:1966
 [<00000000bdabe237>] __do_fault+0x2a8/0x6c0 mm/memory.c:2855
 [<00000000bb49589e>] do_read_fault mm/memory.c:3202 [inline]
 [<00000000bb49589e>] do_fault mm/memory.c:3338 [inline]
 [<00000000bb49589e>] handle_pte_fault mm/memory.c:3547 [inline]
 [<00000000bb49589e>] __handle_mm_fault mm/memory.c:3634 [inline]
 [<00000000bb49589e>] handle_mm_fault+0x11bc/0x2420 mm/memory.c:3671
 [<0000000039ede693>] faultin_page mm/gup.c:395 [inline]
 [<0000000039ede693>] __get_user_pages+0x3c7/0x10b0 mm/gup.c:597
 [<00000000f15e7a95>] populate_vma_page_range+0x19a/0x230 mm/gup.c:1115
 [<00000000bb1ff665>] __mm_populate+0x1b9/0x300 mm/gup.c:1163
 [<00000000bc871365>] mm_populate include/linux/mm.h:2080 [inline]
 [<00000000bc871365>] vm_mmap_pgoff+0x1aa/0x1c0 mm/util.c:333
 [<00000000beccdf2c>] SYSC_mmap_pgoff mm/mmap.c:1555 [inline]
 [<00000000beccdf2c>] SyS_mmap_pgoff+0x14d/0x1b0 mm/mmap.c:1513
 [<0000000086627d65>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:96 [inline]
 [<0000000086627d65>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:87
 [<000000009bb6120f>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<0000000073c45a31>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: ff ff e8 f7 96 03 ff be bf 08 00 00 48 c7 c7 80 62 c7 82 e8 b6 55 df fe e9 5d fe ff ff 44 8b 7d d4 e9 d9 fd ff ff e8 d3 96 03 ff <0f> 0b 4c 89 f7 e8 f9 57 21 ff e9 dc fa ff ff 48 89 55 b8 e8 2b 
RIP  [<00000000f92ba98a>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
 RSP <ffff8801db707230>
---[ end trace 5f36e99a788389be ]---