======================================
| [ 4045.448123][    C0] ==================================================================
| [ 4045.448424][ C0] BUG: KASAN: null-ptr-deref in sock_def_write_space_wfree (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 net/core/sock.c:3397) 
| [ 4045.448712][    C0] Read of size 8 at addr 0000000000000008 by task cmsg_sender/27431
| [ 4045.448985][    C0]
[ 4045.449348][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 4045.449748][    C0] Call Trace:
[ 4045.449888][    C0]  <IRQ>
[ 4045.449980][ C0] dump_stack_lvl (lib/dump_stack.c:117) 
[ 4045.450173][ C0] kasan_report (mm/kasan/report.c:603) 
[ 4045.450309][ C0] ? sock_def_write_space_wfree (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 net/core/sock.c:3397) 
[ 4045.450537][ C0] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) 
[ 4045.450722][ C0] sock_def_write_space_wfree (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 net/core/sock.c:3397) 
[ 4045.450899][ C0] sock_wfree (./include/linux/rcupdate.h:810 net/core/sock.c:2471) 
[ 4045.451033][ C0] skb_release_head_state (net/core/skbuff.c:1162 (discriminator 3)) 
[ 4045.451211][ C0] consume_skb (net/core/skbuff.c:1174 net/core/skbuff.c:1189 net/core/skbuff.c:1405 net/core/skbuff.c:1399) 
[ 4045.451343][ C0] dummy_xmit (drivers/net/dummy.c:66) 
[ 4045.451475][ C0] ? trace_net_dev_start_xmit (./include/trace/events/net.h:14 (discriminator 52)) 
[ 4045.451660][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4875 ./include/linux/netdevice.h:4889 net/core/dev.c:3563 net/core/dev.c:3579) 
[ 4045.451841][ C0] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 4045.452019][ C0] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 4045.452199][ C0] __qdisc_run (net/sched/sch_generic.c:416) 
[ 4045.452376][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.452555][ C0] ? __pfx___qdisc_run (net/sched/sch_generic.c:412) 
[ 4045.452732][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:115 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 4045.452915][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.453097][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 4045.453275][ C0] ? net_tx_action (./include/linux/spinlock.h:352 net/core/dev.c:5250) 
[ 4045.453456][ C0] net_tx_action (./include/net/sch_generic.h:217 ./include/net/pkt_sched.h:128 ./include/net/pkt_sched.h:124 net/core/dev.c:5266) 
[ 4045.453638][ C0] __do_softirq (kernel/softirq.c:554) 
[ 4045.453825][ C0] irq_exit_rcu (kernel/softirq.c:428 kernel/softirq.c:633 kernel/softirq.c:645) 
[ 4045.453958][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) 
[ 4045.454138][    C0]  </IRQ>
[ 4045.454228][    C0]  <TASK>
[ 4045.454329][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 4045.454571][ C0] RIP: 0010:lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.454800][ C0] Code: ff 48 83 c4 28 65 0f c1 05 44 18 33 64 83 f8 01 0f 85 b5 01 00 00 9c 58 f6 c4 02 0f 85 be 01 00 00 48 85 ed 0f 85 9b 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
All code
========
   0:	ff 48 83             	decl   -0x7d(%rax)
   3:	c4                   	(bad)
   4:	28 65 0f             	sub    %ah,0xf(%rbp)
   7:	c1 05 44 18 33 64 83 	roll   $0x83,0x64331844(%rip)        # 0x64331852
   e:	f8                   	clc
   f:	01 0f                	add    %ecx,(%rdi)
  11:	85 b5 01 00 00 9c    	test   %esi,-0x63ffffff(%rbp)
  17:	58                   	pop    %rax
  18:	f6 c4 02             	test   $0x2,%ah
  1b:	0f 85 be 01 00 00    	jne    0x1df
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 9b 01 00 00    	jne    0x1c5
  2a:*	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax		<-- trapping instruction
  31:	fc ff df 
  34:	48 01 c3             	add    %rax,%rbx
  37:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7

Code starting with the faulting instruction
===========================================
   0:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   7:	fc ff df 
   a:	48 01 c3             	add    %rax,%rbx
   d:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  14:	48                   	rex.W
  15:	c7                   	.byte 0xc7
[ 4045.455431][    C0] RSP: 0018:ffffc90000a9f3e0 EFLAGS: 00000206
[ 4045.455665][    C0] RAX: 0000000000000046 RBX: 1ffff92000153e7f RCX: 0000000000000001
[ 4045.455934][    C0] RDX: 1ffff11000c5614d RSI: ffff8880062b0a70 RDI: ffff8880062b0a92
[ 4045.456202][    C0] RBP: 0000000000000200 R08: 0000000000000000 R09: ffff8880062b0a70
[ 4045.456470][    C0] R10: 1ffff92000153e51 R11: ffffc90000a9f561 R12: ffffffff9f7663a0
[ 4045.456750][    C0] R13: 0000000000000000 R14: ffff8880062b0040 R15: 0000000000000000
[ 4045.457020][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 4045.457202][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.457382][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 4045.457560][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.457739][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 4045.457920][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.458106][ C0] is_bpf_text_address (./include/linux/rcupdate.h:782 kernel/bpf/core.c:767) 
[ 4045.458287][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.458467][ C0] kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
[ 4045.458654][ C0] __kernel_text_address (kernel/extable.c:79) 
[ 4045.458834][ C0] unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) 
[ 4045.459014][ C0] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 4045.459234][ C0] arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 4045.459418][ C0] stack_trace_save (kernel/stacktrace.c:123) 
[ 4045.459595][ C0] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 4045.459774][ C0] kasan_save_stack (mm/kasan/common.c:48) 
[ 4045.459961][ C0] ? kasan_save_stack (mm/kasan/common.c:48) 
[ 4045.460136][ C0] ? kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 4045.460313][ C0] ? kasan_save_free_info (mm/kasan/generic.c:582) 
[ 4045.460492][ C0] ? __kasan_slab_free (mm/kasan/common.c:274) 
[ 4045.460670][ C0] ? kfree (mm/slub.c:4280 mm/slub.c:4390) 
[ 4045.460804][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.460987][ C0] ? p9_client_clunk (net/9p/client.c:1452) 
[ 4045.461162][ C0] ? v9fs_dentry_release (fs/9p/vfs_dentry.c:54) 
[ 4045.461342][ C0] ? __dentry_kill (fs/dcache.c:608) 
[ 4045.461526][ C0] ? dput.part.0 (fs/dcache.c:845) 
[ 4045.461708][ C0] ? walk_component (fs/namei.c:562 fs/namei.c:1027 fs/namei.c:2009) 
[ 4045.461889][ C0] ? link_path_walk.part.0.constprop.0 (fs/namei.c:2328) 
[ 4045.462106][ C0] ? path_openat (fs/namei.c:3795) 
[ 4045.462283][ C0] ? do_filp_open (fs/namei.c:3826) 
[ 4045.462463][ C0] ? do_sys_openat2 (fs/open.c:1406) 
[ 4045.462642][ C0] ? __x64_sys_openat (fs/open.c:1432) 
[ 4045.462821][ C0] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 4045.462996][ C0] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[ 4045.463218][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.463396][ C0] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) 
[ 4045.463617][ C0] ? __debug_check_no_obj_freed (lib/debugobjects.c:1000) 
[ 4045.463837][ C0] ? __pfx___debug_check_no_obj_freed (lib/debugobjects.c:960) 
[ 4045.464057][ C0] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:94 ./include/linux/rcupdate.h:896 ./include/linux/mmzone.h:2029 arch/x86/mm/physaddr.c:65) 
[ 4045.464232][ C0] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) 
[ 4045.464463][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.464636][ C0] kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 4045.464813][ C0] kasan_save_free_info (mm/kasan/generic.c:582) 
[ 4045.464997][ C0] __kasan_slab_free (mm/kasan/common.c:274) 
[ 4045.465171][ C0] kfree (mm/slub.c:4280 mm/slub.c:4390) 
[ 4045.465304][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.465483][ C0] p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.465624][ C0] p9_client_clunk (net/9p/client.c:1452) 
[ 4045.465806][ C0] v9fs_dentry_release (fs/9p/vfs_dentry.c:54) 
[ 4045.465992][ C0] __dentry_kill (fs/dcache.c:608) 
[ 4045.466175][ C0] ? __pfx_kfree_link (fs/libfs.c:1573) 
[ 4045.466353][ C0] dput.part.0 (fs/dcache.c:845) 
[ 4045.466532][ C0] walk_component (fs/namei.c:562 fs/namei.c:1027 fs/namei.c:2009) 
[ 4045.466716][ C0] link_path_walk.part.0.constprop.0 (fs/namei.c:2328) 
[ 4045.466935][ C0] ? __pfx_link_path_walk.part.0.constprop.0 (fs/namei.c:2249) 
[ 4045.467155][ C0] path_openat (fs/namei.c:3795) 
[ 4045.467335][ C0] ? __pfx_path_openat (fs/namei.c:3781) 
[ 4045.467513][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5137) 
[ 4045.467699][ C0] do_filp_open (fs/namei.c:3826) 
[ 4045.467878][ C0] ? __pfx_do_filp_open (fs/namei.c:3820) 
[ 4045.468057][ C0] ? find_held_lock (kernel/locking/lockdep.c:5244) 
[ 4045.468239][ C0] ? __pfx_kfree_link (fs/libfs.c:1573) 
[ 4045.468413][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.468591][ C0] ? alloc_fd (fs/file.c:555 (discriminator 10)) 
[ 4045.468724][ C0] ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141) 
[ 4045.468901][ C0] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 4045.469084][ C0] ? alloc_fd (fs/file.c:555 (discriminator 10)) 
[ 4045.469219][ C0] do_sys_openat2 (fs/open.c:1406) 
[ 4045.469397][ C0] ? vfs_fstatat (fs/stat.c:308) 
[ 4045.469579][ C0] ? __pfx_do_sys_openat2 (fs/open.c:1392) 
[ 4045.469753][ C0] ? __pfx___do_sys_newfstatat (fs/stat.c:464) 
[ 4045.469930][ C0] __x64_sys_openat (fs/open.c:1432) 
[ 4045.470105][ C0] ? __pfx___x64_sys_openat (fs/open.c:1432) 
[ 4045.470277][ C0] ? __pfx_do_faccessat (fs/open.c:465) 
[ 4045.470459][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 4045.470641][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[ 4045.470861][    C0] RIP: 0033:0x7f894bbd20e8
[ 4045.471044][ C0] Code: f9 41 89 f0 41 83 e2 40 75 30 89 f0 25 00 00 41 00 3d 00 00 41 00 74 22 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 30 c3 0f 1f 80 00 00 00 00 48 8d 44 24 08 c7
All code
========
   0:	f9                   	stc
   1:	41 89 f0             	mov    %esi,%r8d
   4:	41 83 e2 40          	and    $0x40,%r10d
   8:	75 30                	jne    0x3a
   a:	89 f0                	mov    %esi,%eax
   c:	25 00 00 41 00       	and    $0x410000,%eax
  11:	3d 00 00 41 00       	cmp    $0x410000,%eax
  16:	74 22                	je     0x3a
  18:	44 89 c2             	mov    %r8d,%edx
  1b:	4c 89 ce             	mov    %r9,%rsi
  1e:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  23:	b8 01 01 00 00       	mov    $0x101,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 30                	ja     0x62
  32:	c3                   	ret
  33:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  3a:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  3f:	c7                   	.byte 0xc7

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 30                	ja     0x38
   8:	c3                   	ret
   9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  10:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  15:	c7                   	.byte 0xc7
[ 4045.471665][    C0] RSP: 002b:00007ffc98dd9098 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[ 4045.471937][    C0] RAX: ffffffffffffffda RBX: 00007ffc98dd931f RCX: 00007f894bbd20e8
[ 4045.472198][    C0] RDX: 0000000000080000 RSI: 00007ffc98dd9110 RDI: 00000000ffffff9c
[ 4045.472457][    C0] RBP: 00007ffc98dd9100 R08: 0000000000080000 R09: 00007ffc98dd9110
[ 4045.472720][    C0] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffc98dd9117
[ 4045.472979][    C0] R13: 00007ffc98dd9330 R14: 00007ffc98dd9110 R15: 00007f894bba3000
| [ 4045.473382][    C0] ==================================================================
| [ 4045.473654][    C0] Disabling lock debugging due to kernel taint
| [ 4045.473914][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [ 4045.474305][    C0] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 4045.474895][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 4045.475284][ C0] RIP: 0010:sock_def_write_space_wfree (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 net/core/sock.c:3397) 
[ 4045.475507][ C0] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
All code
========
   0:	00 4c 8b bb          	add    %cl,-0x45(%rbx,%rcx,4)
   4:	a0 01 00 00 be 08 00 	movabs 0x8be000001,%al
   b:	00 00 
   d:	4d 8d 77 08          	lea    0x8(%r15),%r14
  11:	4c 89 f7             	mov    %r14,%rdi
  14:	e8 e0 0e 8b fe       	call   0xfffffffffe8b0ef9
  19:	4c 89 f2             	mov    %r14,%rdx
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df 
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	0f 85 fe 00 00 00    	jne    0x132
  34:	49 8b 47 08          	mov    0x8(%r15),%rax
  38:	a8 04                	test   $0x4,%al
  3a:	0f 85 dc fe ff ff    	jne    0xffffffffffffff1c

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 fe 00 00 00    	jne    0x108
   a:	49 8b 47 08          	mov    0x8(%r15),%rax
   e:	a8 04                	test   $0x4,%al
  10:	0f 85 dc fe ff ff    	jne    0xfffffffffffffef2
[ 4045.476125][    C0] RSP: 0018:ffffc90000007c30 EFLAGS: 00010202
[ 4045.476345][    C0] RAX: dffffc0000000000 RBX: ffff888007d0ddc0 RCX: ffffffff9bb9564a
[ 4045.476609][    C0] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffa10fda00
[ 4045.476866][    C0] RBP: ffff888007d0de20 R08: 0000000000000001 R09: fffffbfff421fb40
[ 4045.477136][    C0] R10: ffffffffa10fda07 R11: 205d304320202020 R12: 0000000000000000
[ 4045.477397][    C0] R13: ffff888007d0df40 R14: 0000000000000008 R15: 0000000000000000
[ 4045.477658][    C0] FS:  0000000000000000(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[ 4045.477960][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4045.478177][    C0] CR2: 00007f894bb9e270 CR3: 00000000062d0003 CR4: 0000000000770ef0
[ 4045.478443][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4045.478706][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4045.478967][    C0] PKRU: 55555554
[ 4045.479106][    C0] Call Trace:
[ 4045.479236][    C0]  <IRQ>
[ 4045.479325][ C0] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 4045.479458][ C0] ? exc_general_protection (arch/x86/kernel/traps.c:702 arch/x86/kernel/traps.c:644) 
[ 4045.479648][ C0] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 4045.479824][ C0] ? add_taint (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 kernel/panic.c:555) 
[ 4045.479957][ C0] ? sock_def_write_space_wfree (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 net/core/sock.c:3397) 
[ 4045.480280][ C0] sock_wfree (./include/linux/rcupdate.h:810 net/core/sock.c:2471) 
[ 4045.480412][ C0] skb_release_head_state (net/core/skbuff.c:1162 (discriminator 3)) 
[ 4045.480588][ C0] consume_skb (net/core/skbuff.c:1174 net/core/skbuff.c:1189 net/core/skbuff.c:1405 net/core/skbuff.c:1399) 
[ 4045.480719][ C0] dummy_xmit (drivers/net/dummy.c:66) 
[ 4045.480851][ C0] ? trace_net_dev_start_xmit (./include/trace/events/net.h:14 (discriminator 52)) 
[ 4045.481135][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4875 ./include/linux/netdevice.h:4889 net/core/dev.c:3563 net/core/dev.c:3579) 
[ 4045.481312][ C0] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 4045.481487][ C0] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 4045.481665][ C0] __qdisc_run (net/sched/sch_generic.c:416) 
[ 4045.481837][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.482113][ C0] ? __pfx___qdisc_run (net/sched/sch_generic.c:412) 
[ 4045.482285][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:115 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 4045.482457][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.482636][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 4045.482919][ C0] ? net_tx_action (./include/linux/spinlock.h:352 net/core/dev.c:5250) 
[ 4045.483090][ C0] net_tx_action (./include/net/sch_generic.h:217 ./include/net/pkt_sched.h:128 ./include/net/pkt_sched.h:124 net/core/dev.c:5266) 
[ 4045.483261][ C0] __do_softirq (kernel/softirq.c:554) 
[ 4045.483435][ C0] irq_exit_rcu (kernel/softirq.c:428 kernel/softirq.c:633 kernel/softirq.c:645) 
[ 4045.483569][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) 
[ 4045.483748][    C0]  </IRQ>
[ 4045.483837][    C0]  <TASK>
[ 4045.483923][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 4045.484140][ C0] RIP: 0010:lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.484594][ C0] Code: ff 48 83 c4 28 65 0f c1 05 44 18 33 64 83 f8 01 0f 85 b5 01 00 00 9c 58 f6 c4 02 0f 85 be 01 00 00 48 85 ed 0f 85 9b 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
All code
========
   0:	ff 48 83             	decl   -0x7d(%rax)
   3:	c4                   	(bad)
   4:	28 65 0f             	sub    %ah,0xf(%rbp)
   7:	c1 05 44 18 33 64 83 	roll   $0x83,0x64331844(%rip)        # 0x64331852
   e:	f8                   	clc
   f:	01 0f                	add    %ecx,(%rdi)
  11:	85 b5 01 00 00 9c    	test   %esi,-0x63ffffff(%rbp)
  17:	58                   	pop    %rax
  18:	f6 c4 02             	test   $0x2,%ah
  1b:	0f 85 be 01 00 00    	jne    0x1df
  21:	48 85 ed             	test   %rbp,%rbp
  24:	0f 85 9b 01 00 00    	jne    0x1c5
  2a:*	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax		<-- trapping instruction
  31:	fc ff df 
  34:	48 01 c3             	add    %rax,%rbx
  37:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  3e:	48                   	rex.W
  3f:	c7                   	.byte 0xc7

Code starting with the faulting instruction
===========================================
   0:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   7:	fc ff df 
   a:	48 01 c3             	add    %rax,%rbx
   d:	48 c7 03 00 00 00 00 	movq   $0x0,(%rbx)
  14:	48                   	rex.W
  15:	c7                   	.byte 0xc7
[ 4045.485205][    C0] RSP: 0018:ffffc90000a9f3e0 EFLAGS: 00000206
[ 4045.485525][    C0] RAX: 0000000000000046 RBX: 1ffff92000153e7f RCX: 0000000000000001
[ 4045.485790][    C0] RDX: 1ffff11000c5614d RSI: ffff8880062b0a70 RDI: ffff8880062b0a92
[ 4045.486053][    C0] RBP: 0000000000000200 R08: 0000000000000000 R09: ffff8880062b0a70
[ 4045.486408][    C0] R10: 1ffff92000153e51 R11: ffffc90000a9f561 R12: ffffffff9f7663a0
[ 4045.486672][    C0] R13: 0000000000000000 R14: ffff8880062b0040 R15: 0000000000000000
[ 4045.486931][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 4045.487207][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 4045.487380][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 4045.487552][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.487725][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 4045.487999][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.488173][ C0] is_bpf_text_address (./include/linux/rcupdate.h:782 kernel/bpf/core.c:767) 
[ 4045.488348][ C0] ? is_bpf_text_address (./include/linux/rcupdate.h:329 ./include/linux/rcupdate.h:781 kernel/bpf/core.c:767) 
[ 4045.488518][ C0] kernel_text_address (kernel/extable.c:97 kernel/extable.c:94) 
[ 4045.488801][ C0] __kernel_text_address (kernel/extable.c:79) 
[ 4045.488972][ C0] unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) 
[ 4045.489145][ C0] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 4045.489362][ C0] arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 4045.489640][ C0] stack_trace_save (kernel/stacktrace.c:123) 
[ 4045.489814][ C0] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 4045.489988][ C0] kasan_save_stack (mm/kasan/common.c:48) 
[ 4045.490161][ C0] ? kasan_save_stack (mm/kasan/common.c:48) 
[ 4045.490439][ C0] ? kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 4045.490622][ C0] ? kasan_save_free_info (mm/kasan/generic.c:582) 
[ 4045.490797][ C0] ? __kasan_slab_free (mm/kasan/common.c:274) 
[ 4045.490970][ C0] ? kfree (mm/slub.c:4280 mm/slub.c:4390) 
[ 4045.491101][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.491376][ C0] ? p9_client_clunk (net/9p/client.c:1452) 
[ 4045.491550][ C0] ? v9fs_dentry_release (fs/9p/vfs_dentry.c:54) 
[ 4045.491722][ C0] ? __dentry_kill (fs/dcache.c:608) 
[ 4045.491895][ C0] ? dput.part.0 (fs/dcache.c:845) 
[ 4045.492176][ C0] ? walk_component (fs/namei.c:562 fs/namei.c:1027 fs/namei.c:2009) 
[ 4045.492350][ C0] ? link_path_walk.part.0.constprop.0 (fs/namei.c:2328) 
[ 4045.492565][ C0] ? path_openat (fs/namei.c:3795) 
[ 4045.492751][ C0] ? do_filp_open (fs/namei.c:3826) 
[ 4045.492937][ C0] ? do_sys_openat2 (fs/open.c:1406) 
[ 4045.493122][ C0] ? __x64_sys_openat (fs/open.c:1432) 
[ 4045.493307][ C0] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 4045.493494][ C0] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[ 4045.493832][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.494016][ C0] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) 
[ 4045.494245][ C0] ? __debug_check_no_obj_freed (lib/debugobjects.c:1000) 
[ 4045.494486][ C0] ? __pfx___debug_check_no_obj_freed (lib/debugobjects.c:960) 
[ 4045.494721][ C0] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:94 ./include/linux/rcupdate.h:896 ./include/linux/mmzone.h:2029 arch/x86/mm/physaddr.c:65) 
[ 4045.494907][ C0] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) 
[ 4045.495135][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.495324][ C0] kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 4045.495611][ C0] kasan_save_free_info (mm/kasan/generic.c:582) 
[ 4045.495800][ C0] __kasan_slab_free (mm/kasan/common.c:274) 
[ 4045.495970][ C0] kfree (mm/slub.c:4280 mm/slub.c:4390) 
[ 4045.496100][ C0] ? p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.496385][ C0] p9_req_put (net/9p/client.c:252 net/9p/client.c:404 net/9p/client.c:399) 
[ 4045.496515][ C0] p9_client_clunk (net/9p/client.c:1452) 
[ 4045.496695][ C0] v9fs_dentry_release (fs/9p/vfs_dentry.c:54) 
[ 4045.496867][ C0] __dentry_kill (fs/dcache.c:608) 
[ 4045.497043][ C0] ? __pfx_kfree_link (fs/libfs.c:1573) 
[ 4045.497316][ C0] dput.part.0 (fs/dcache.c:845) 
[ 4045.497488][ C0] walk_component (fs/namei.c:562 fs/namei.c:1027 fs/namei.c:2009) 
[ 4045.497666][ C0] link_path_walk.part.0.constprop.0 (fs/namei.c:2328) 
[ 4045.497882][ C0] ? __pfx_link_path_walk.part.0.constprop.0 (fs/namei.c:2249) 
[ 4045.498300][ C0] path_openat (fs/namei.c:3795) 
[ 4045.498472][ C0] ? __pfx_path_openat (fs/namei.c:3781) 
[ 4045.498647][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5137) 
[ 4045.498825][ C0] do_filp_open (fs/namei.c:3826) 
[ 4045.499099][ C0] ? __pfx_do_filp_open (fs/namei.c:3820) 
[ 4045.499274][ C0] ? find_held_lock (kernel/locking/lockdep.c:5244) 
[ 4045.499449][ C0] ? __pfx_kfree_link (fs/libfs.c:1573) 
[ 4045.499630][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4045.499911][ C0] ? alloc_fd (fs/file.c:555 (discriminator 10)) 
[ 4045.500041][ C0] ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141) 
[ 4045.500212][ C0] ? _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 4045.500384][ C0] ? alloc_fd (fs/file.c:555 (discriminator 10)) 
[ 4045.500522][ C0] do_sys_openat2 (fs/open.c:1406) 
[ 4045.500700][ C0] ? vfs_fstatat (fs/stat.c:308) 
[ 4045.500872][ C0] ? __pfx_do_sys_openat2 (fs/open.c:1392) 
[ 4045.501044][ C0] ? __pfx___do_sys_newfstatat (fs/stat.c:464) 
[ 4045.501217][ C0] __x64_sys_openat (fs/open.c:1432) 
[ 4045.501492][ C0] ? __pfx___x64_sys_openat (fs/open.c:1432) 
[ 4045.501666][ C0] ? __pfx_do_faccessat (fs/open.c:465) 
[ 4045.501841][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 4045.502020][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[ 4045.502334][    C0] RIP: 0033:0x7f894bbd20e8
[ 4045.502509][ C0] Code: f9 41 89 f0 41 83 e2 40 75 30 89 f0 25 00 00 41 00 3d 00 00 41 00 74 22 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 30 c3 0f 1f 80 00 00 00 00 48 8d 44 24 08 c7
All code
========
   0:	f9                   	stc
   1:	41 89 f0             	mov    %esi,%r8d
   4:	41 83 e2 40          	and    $0x40,%r10d
   8:	75 30                	jne    0x3a
   a:	89 f0                	mov    %esi,%eax
   c:	25 00 00 41 00       	and    $0x410000,%eax
  11:	3d 00 00 41 00       	cmp    $0x410000,%eax
  16:	74 22                	je     0x3a
  18:	44 89 c2             	mov    %r8d,%edx
  1b:	4c 89 ce             	mov    %r9,%rsi
  1e:	bf 9c ff ff ff       	mov    $0xffffff9c,%edi
  23:	b8 01 01 00 00       	mov    $0x101,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 30                	ja     0x62
  32:	c3                   	ret
  33:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  3a:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  3f:	c7                   	.byte 0xc7

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 30                	ja     0x38
   8:	c3                   	ret
   9:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  10:	48 8d 44 24 08       	lea    0x8(%rsp),%rax
  15:	c7                   	.byte 0xc7
[ 4045.503232][    C0] RSP: 002b:00007ffc98dd9098 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[ 4045.503496][    C0] RAX: ffffffffffffffda RBX: 00007ffc98dd931f RCX: 00007f894bbd20e8
[ 4045.503758][    C0] RDX: 0000000000080000 RSI: 00007ffc98dd9110 RDI: 00000000ffffff9c
[ 4045.504122][    C0] RBP: 00007ffc98dd9100 R08: 0000000000080000 R09: 00007ffc98dd9110
[ 4045.504393][    C0] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffc98dd9117


Finger prints:
dump_stack_lvl:kasan_report:kasan_check_range:sock_def_write_space_wfree
sock_def_write_space_wfree:sock_wfree:skb_release_head_state:consume_skb