------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:2257!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 13345 Comm: syz-executor.2 Not tainted 4.9.202+ #0
task: 000000006f6d0f81 task.stack: 000000003292bd09
RIP: 0010:[<ffffffff822d8e5d>]  [<000000001ab8f4f0>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
RSP: 0018:ffff8801db707230  EFLAGS: 00010206
RAX: ffff8801a333df00 RBX: 0000000000000000 RCX: 1ffff1003940f8e9
RDX: 0000000000000100 RSI: ffffffff822d8e5d RDI: ffff8801ca07c748
RBP: ffff8801db7072c0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000003c R11: ffff8801afd8625f R12: 0000000071e2fde9
R13: 0000000000000000 R14: ffff8801ca07c740 R15: 000000000000003c
FS:  00007fea90114700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e635000 CR3: 00000001a9e2e000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801af1b9708 ffffffff82534c55 ffffffff812684a7 ffff8801afd85fe8
 0000003c812691cf ffffffff8281fbbd ffffffff810f2719 ffffffff8281e6fe
 ffff8801af1b9704 ffffffff8175a901 000001e871e2fde9 ffff8801af1b9640
Call Trace:
 [<00000000834c140b>] icmp_glue_bits+0x7f/0x1d0 net/ipv4/icmp.c:344
 [<00000000e9417d7e>] __ip_append_data.isra.0+0x1de1/0x2940 net/ipv4/ip_output.c:1082
 [<00000000b6e159c4>] ip_append_data.part.0+0xf5/0x160 net/ipv4/ip_output.c:1232
 [<00000000a03f93cd>] ip_append_data+0x69/0x90 net/ipv4/ip_output.c:1221
 [<00000000067f37e8>] icmp_push_reply+0x199/0x510 net/ipv4/icmp.c:362
 [<00000000be45fe9e>] __icmp_send+0xad9/0x1420 net/ipv4/icmp.c:728
 [<00000000b8307cb1>] icmp_send include/net/icmp.h:47 [inline]
 [<00000000b8307cb1>] ip_fragment net/ipv4/ip_output.c:551 [inline]
 [<00000000b8307cb1>] ip_fragment.constprop.0+0x1b9/0x210 net/ipv4/ip_output.c:538
 [<0000000022e804d5>] ip_finish_output+0x7cb/0xce0 net/ipv4/ip_output.c:311
 [<00000000459c693c>] NF_HOOK_COND include/linux/netfilter.h:246 [inline]
 [<00000000459c693c>] ip_output+0x1ec/0x5b0 net/ipv4/ip_output.c:401
 [<000000006a40e00c>] dst_output include/net/dst.h:507 [inline]
 [<000000006a40e00c>] ip_local_out+0x9c/0x180 net/ipv4/ip_output.c:124
 [<00000000b15afa13>] ip_queue_xmit+0x8a5/0x1890 net/ipv4/ip_output.c:500
 [<000000002ab22ef8>] __tcp_transmit_skb+0x1943/0x2f20 net/ipv4/tcp_output.c:1041
 [<0000000042d4a7a0>] tcp_transmit_skb net/ipv4/tcp_output.c:1057 [inline]
 [<0000000042d4a7a0>] __tcp_retransmit_skb+0x61a/0x1b30 net/ipv4/tcp_output.c:2781
 [<000000003b7f3f51>] tcp_retransmit_skb+0x29/0x2b0 net/ipv4/tcp_output.c:2800
 [<00000000358e8ae2>] tcp_retransmit_timer+0x948/0x2320 net/ipv4/tcp_timer.c:508
 [<0000000038dc5dd6>] tcp_write_timer_handler+0x412/0x7a0 net/ipv4/tcp_timer.c:592
 [<00000000f465e849>] tcp_write_timer+0xc5/0x190 net/ipv4/tcp_timer.c:610
 [<000000000ae89a29>] call_timer_fn+0x167/0x6d0 kernel/time/timer.c:1319
 [<0000000077868735>] expire_timers+0x25b/0x5c0 kernel/time/timer.c:1359
 [<0000000039454fd4>] __run_timers kernel/time/timer.c:1676 [inline]
 [<0000000039454fd4>] run_timer_softirq+0x1ff/0x620 kernel/time/timer.c:1689
 [<00000000aa752aca>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<000000000a3940f9>] invoke_softirq kernel/softirq.c:368 [inline]
 [<000000000a3940f9>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<000000007b89ef95>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<000000007b89ef95>] smp_apic_timer_interrupt+0x7e/0xb0 arch/x86/kernel/apic/apic.c:1000
 [<000000007faf5d3c>] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:653
 <EOI> [  225.858357]  [<000000002b2a293c>] ? crc16+0x32/0xc0 lib/crc16.c:60
 [<00000000265f6426>] ext4_group_desc_csum.isra.0+0x661/0xa40 fs/ext4/super.c:2210
 [<000000002fd2e0db>] ext4_group_desc_csum_set+0xe6/0x160 fs/ext4/super.c:2240
 [<00000000670a9b19>] ext4_mb_mark_diskspace_used+0x819/0x1400 fs/ext4/mballoc.c:2986
 [<00000000fb762a89>] ext4_mb_new_blocks+0x7ec/0x3930 fs/ext4/mballoc.c:4537
 [<00000000b1da36dc>] ext4_alloc_branch fs/ext4/indirect.c:334 [inline]
 [<00000000b1da36dc>] ext4_ind_map_blocks+0x116b/0x2340 fs/ext4/indirect.c:618
 [<000000007c2d9913>] ext4_map_blocks+0xca5/0x1710 fs/ext4/inode.c:614
 [<00000000afdb571f>] _ext4_get_block+0x20c/0x4f0 fs/ext4/inode.c:763
 [<0000000040806794>] ext4_get_block_trans+0x16f/0x270 fs/ext4/inode.c:821
 [<0000000018d0f5c0>] ext4_dio_get_block+0x73/0xe0 fs/ext4/inode.c:838
 [<000000006d45f65c>] get_more_blocks fs/direct-io.c:654 [inline]
 [<000000006d45f65c>] do_direct_IO fs/direct-io.c:956 [inline]
 [<000000006d45f65c>] do_blockdev_direct_IO fs/direct-io.c:1275 [inline]
 [<000000006d45f65c>] __blockdev_direct_IO+0x3232/0xd370 fs/direct-io.c:1361
 [<00000000e6dd6ef8>] ext4_direct_IO_write fs/ext4/inode.c:3508 [inline]
 [<00000000e6dd6ef8>] ext4_direct_IO+0xa17/0x29c0 fs/ext4/inode.c:3664
 [<0000000012ee1b65>] generic_file_direct_write+0x293/0x520 mm/filemap.c:2842
 [<0000000063f57ebf>] __generic_file_write_iter+0x20f/0x530 mm/filemap.c:3022
 [<00000000b4f38260>] ext4_file_write_iter+0x6dd/0xcd0 fs/ext4/file.c:165
 [<00000000c59d69c5>] new_sync_write fs/read_write.c:498 [inline]
 [<00000000c59d69c5>] __vfs_write+0x3c1/0x560 fs/read_write.c:511
 [<000000001f0591cf>] vfs_write+0x185/0x520 fs/read_write.c:559
 [<0000000080c19fcb>] SYSC_write fs/read_write.c:607 [inline]
 [<0000000080c19fcb>] SyS_write+0x121/0x270 fs/read_write.c:599
 [<00000000f07c0b51>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<000000008be0ddac>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: ff ff e8 b7 97 04 ff be bf 08 00 00 48 c7 c7 e0 50 c7 82 e8 c6 59 e0 fe e9 5d fe ff ff 44 8b 7d d4 e9 d9 fd ff ff e8 93 97 04 ff <0f> 0b 4c 89 f7 e8 f9 57 22 ff e9 dc fa ff ff 48 89 55 b8 e8 2b 
RIP  [<000000001ab8f4f0>] skb_copy_and_csum_bits+0x6bd/0x7e0 net/core/skbuff.c:2257
 RSP <ffff8801db707230>
---[ end trace 567471336299b88f ]---