EXT4-fs error (device loop4): ext4_fill_super:4450: inode #2: comm syz-executor.4: iget: root inode unallocated
EXT4-fs (loop4): get root inode failed
EXT4-fs (loop4): mount failed
EXT4-fs (loop5): bad geometry: block count 1946157568 exceeds size of device (527 blocks)
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:2663!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8757 Comm: systemd-udevd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_copy_and_csum_bits+0x73d/0x840 net/core/skbuff.c:2663
Code: e8 f8 36 f2 fa 44 89 e0 48 83 c4 58 5b 5d 41 5c 41 5d 41 5e 41 5f c3 44 8b 64 24 04 eb e2 44 8b 64 24 04 eb c5 e8 d3 36 f2 fa <0f> 0b 48 8b 7c 24 20 e8 27 13 28 fb e9 43 fc ff ff e8 1d 13 28 fb
RSP: 0018:ffff8880ba107120 EFLAGS: 00010206
RAX: ffff88804fa222c0 RBX: 00000000000001e8 RCX: ffffffff86704e6f
RDX: 0000000000000100 RSI: ffffffff86704e9d RDI: 0000000000000005
RBP: ffff8880a8bca9a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000c049d4b5
R13: 000000000000003c R14: 000000000000003c R15: 000000000000003c
FS:  00007fb6d5ad98c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007feb8900d1b8 CR3: 000000005ca8c000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 icmp_glue_bits+0x7c/0x1e0 net/ipv4/icmp.c:361
 __ip_append_data+0x16f0/0x2590 net/ipv4/ip_output.c:1037
 ip_append_data net/ipv4/ip_output.c:1207 [inline]
 ip_append_data+0x114/0x1a0 net/ipv4/ip_output.c:1186
 icmp_push_reply+0x18a/0x530 net/ipv4/icmp.c:379
 __icmp_send+0x11d1/0x1520 net/ipv4/icmp.c:773
EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (60935!=0)
 icmp_send include/net/icmp.h:47 [inline]
 ip_fragment.constprop.0+0x1ea/0x240 net/ipv4/ip_output.c:558
 ip_finish_output+0xa35/0x10b0 net/ipv4/ip_output.c:316
EXT4-fs (loop2): orphan cleanup on readonly fs
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x5f0 net/ipv4/ip_output.c:406
EXT4-fs error (device loop2): __ext4_iget:5088: inode #3: block 1792: comm syz-executor.2: invalid block
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x91e/0x1c10 net/ipv4/ip_output.c:507
EXT4-fs (loop2): Remounting filesystem read-only
 __tcp_transmit_skb+0x1b9c/0x3400 net/ipv4/tcp_output.c:1148
 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline]
 __tcp_retransmit_skb+0x7e0/0x26f0 net/ipv4/tcp_output.c:2932
EXT4-fs error (device loop2): ext4_quota_enable:5846: comm syz-executor.2: Bad quota inode # 3
EXT4-fs warning (device loop2): ext4_enable_quotas:5883: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix.
 tcp_retransmit_skb+0x2a/0x380 net/ipv4/tcp_output.c:2951
 tcp_retransmit_timer+0xd8b/0x33f0 net/ipv4/tcp_timer.c:507
 tcp_write_timer_handler+0x5e6/0xa60 net/ipv4/tcp_timer.c:593
 tcp_write_timer+0x103/0x1b0 net/ipv4/tcp_timer.c:613
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
EXT4-fs (loop2): Cannot turn on quotas: error -117
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:kmem_cache_free+0x11c/0x260 mm/slab.c:3766
Code: 11 48 63 75 74 48 89 df e8 51 21 df 01 e9 68 ff ff ff e8 a7 80 cf ff 48 83 3d e7 59 59 08 00 0f 84 f8 00 00 00 4c 89 e7 57 9d <0f> 1f 44 00 00 eb 86 65 8b 05 76 58 69 7e 83 f8 07 0f 87 e7 00 00
RSP: 0018:ffff88809ef9fc28 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: ffff888052c76a40 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000286
EXT4-fs (loop5): bad geometry: block count 2046820864 exceeds size of device (527 blocks)
RBP: ffff88823b843380 R08: 0000000000400000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
R13: ffffffff81a6b5c1 R14: ffff888052c76a40 R15: ffff88809ef9fd00
 putname+0xe1/0x120 fs/namei.c:261
 filename_lookup+0x3d0/0x5a0 fs/namei.c:2358
EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (60729!=0)
 do_readlinkat+0xcd/0x2f0 fs/stat.c:394
 __do_sys_readlinkat fs/stat.c:421 [inline]
 __se_sys_readlinkat fs/stat.c:418 [inline]
 __x64_sys_readlinkat+0x93/0xf0 fs/stat.c:418
EXT4-fs error (device loop4): ext4_fill_super:4450: inode #2: comm syz-executor.4: iget: root inode unallocated
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb6d494d0ba
Code: 48 8b 0d e1 bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 0b 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdb2452f58 EFLAGS: 00000206 ORIG_RAX: 000000000000010b
RAX: ffffffffffffffda RBX: 000055d02a392f00 RCX: 00007fb6d494d0ba
RDX: 000055d02a392f00 RSI: 000055d02a38f800 RDI: 00000000ffffff9c
RBP: 0000000000000064 R08: 000055d0287de670 R09: 0000000000000070
R10: 0000000000000063 R11: 0000000000000206 R12: 000055d02a38f800
R13: 00000000ffffff9c R14: 00007ffdb2452fb0 R15: 0000000000000063
Modules linked in:
---[ end trace 305d18de35590a12 ]---
RIP: 0010:skb_copy_and_csum_bits+0x73d/0x840 net/core/skbuff.c:2663
Code: e8 f8 36 f2 fa 44 89 e0 48 83 c4 58 5b 5d 41 5c 41 5d 41 5e 41 5f c3 44 8b 64 24 04 eb e2 44 8b 64 24 04 eb c5 e8 d3 36 f2 fa <0f> 0b 48 8b 7c 24 20 e8 27 13 28 fb e9 43 fc ff ff e8 1d 13 28 fb
RSP: 0018:ffff8880ba107120 EFLAGS: 00010206
EXT4-fs (loop4): get root inode failed
RAX: ffff88804fa222c0 RBX: 00000000000001e8 RCX: ffffffff86704e6f
RDX: 0000000000000100 RSI: ffffffff86704e9d RDI: 0000000000000005
RBP: ffff8880a8bca9a8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000c049d4b5
R13: 000000000000003c R14: 000000000000003c R15: 000000000000003c
FS:  00007fb6d5ad98c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
EXT4-fs (loop4): mount failed
CR2: 00007feb8900d1b8 CR3: 000000005ca8c000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	11 48 63             	adc    %ecx,0x63(%rax)
   3:	75 74                	jne    0x79
   5:	48 89 df             	mov    %rbx,%rdi
   8:	e8 51 21 df 01       	callq  0x1df215e
   d:	e9 68 ff ff ff       	jmpq   0xffffff7a
  12:	e8 a7 80 cf ff       	callq  0xffcf80be
  17:	48 83 3d e7 59 59 08 	cmpq   $0x0,0x85959e7(%rip)        # 0x8595a06
  1e:	00
  1f:	0f 84 f8 00 00 00    	je     0x11d
  25:	4c 89 e7             	mov    %r12,%rdi
  28:	57                   	push   %rdi
  29:	9d                   	popfq
* 2a:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1) <-- trapping instruction
  2f:	eb 86                	jmp    0xffffffb7
  31:	65 8b 05 76 58 69 7e 	mov    %gs:0x7e695876(%rip),%eax        # 0x7e6958ae
  38:	83 f8 07             	cmp    $0x7,%eax
  3b:	0f                   	.byte 0xf
  3c:	87 e7                	xchg   %esp,%edi