[ 1973.026206][T12742] ==================================================================
[ 1973.026532][T12742] BUG: KASAN: null-ptr-deref in sock_def_write_space_wfree+0x210/0x360
[ 1973.026755][T12742] Read of size 8 at addr 0000000000000008 by task cmsg_sender/12742
[ 1973.026972][T12742] 
[ 1973.027053][T12742] CPU: 1 PID: 12742 Comm: cmsg_sender Not tainted 6.9.0-rc2-virtme #1
[ 1973.027269][T12742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1973.027590][T12742] Call Trace:
[ 1973.027702][T12742]  <TASK>
[ 1973.027779][T12742]  dump_stack_lvl+0x82/0xd0
[ 1973.027931][T12742]  kasan_report+0xbd/0xf0
[ 1973.028043][T12742]  ? sock_def_write_space_wfree+0x210/0x360
[ 1973.028228][T12742]  kasan_check_range+0x39/0x1c0
[ 1973.028369][T12742]  sock_def_write_space_wfree+0x210/0x360
[ 1973.028515][T12742]  sock_wfree+0x25f/0x3e0
[ 1973.028624][T12742]  skb_release_head_state+0x7a/0x1e0
[ 1973.028773][T12742]  consume_skb+0x76/0x110
[ 1973.028880][T12742]  dummy_xmit+0x106/0x170
[ 1973.028987][T12742]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1973.029141][T12742]  dev_hard_start_xmit+0x10e/0x360
[ 1973.029287][T12742]  sch_direct_xmit+0x203/0x11c0
[ 1973.029437][T12742]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1973.029581][T12742]  __qdisc_run+0x1cd/0x3d0
[ 1973.029722][T12742]  ? __lock_acquire+0xaf0/0x1570
[ 1973.029867][T12742]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1973.030010][T12742]  ? __pfx___qdisc_run+0x10/0x10
[ 1973.030151][T12742]  ? do_raw_spin_lock+0x131/0x270
[ 1973.030293][T12742]  ? spin_bug+0x180/0x1d0
[ 1973.030400][T12742]  __dev_xmit_skb+0x69d/0xfa0
[ 1973.030541][T12742]  ? lock_sync+0xa0/0x180
[ 1973.030649][T12742]  ? __pfx___dev_xmit_skb+0x10/0x10
[ 1973.030794][T12742]  __dev_queue_xmit+0x8be/0x16e0
[ 1973.030938][T12742]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1973.031120][T12742]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1973.031266][T12742]  ip6_finish_output2+0x59b/0xf60
[ 1973.031411][T12742]  ip6_finish_output+0x553/0xdf0
[ 1973.031557][T12742]  ip6_output+0x1f3/0x770
[ 1973.031668][T12742]  ? __pfx_ip6_output+0x10/0x10
[ 1973.031820][T12742]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1973.031966][T12742]  ? ip6_local_out+0x25/0x3b0
[ 1973.032110][T12742]  ip6_send_skb+0xbd/0x280
[ 1973.032255][T12742]  udp_v6_send_skb+0x84c/0x1d20
[ 1973.032405][T12742]  udpv6_sendmsg+0x1bad/0x2830
[ 1973.032549][T12742]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1973.032690][T12742]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1973.032839][T12742]  ? __might_fault+0xc3/0x170
[ 1973.032980][T12742]  ? lock_acquire+0x32/0xc0
[ 1973.033123][T12742]  ? __might_fault+0xc3/0x170
[ 1973.033264][T12742]  ? __might_fault+0x11b/0x170
[ 1973.033403][T12742]  ? __pfx_inet6_sendmsg+0x10/0x10
[ 1973.033545][T12742]  ? ____sys_sendmsg+0x3f9/0xa10
[ 1973.033688][T12742]  ____sys_sendmsg+0x3f9/0xa10
[ 1973.033831][T12742]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1973.033971][T12742]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1973.034149][T12742]  ? lookup_memtype+0x64/0x190
[ 1973.034301][T12742]  ? trace_kfree+0x2a/0xd0
[ 1973.034444][T12742]  ? kfree+0x2d/0x230
[ 1973.034552][T12742]  ___sys_sendmsg+0xee/0x170
[ 1973.034696][T12742]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1973.034839][T12742]  ? udp_lib_setsockopt+0x531/0xda0
[ 1973.034983][T12742]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[ 1973.035124][T12742]  ? __do_fault+0xed/0x3a0
[ 1973.035267][T12742]  ? trace_kfree+0x2a/0xd0
[ 1973.035413][T12742]  ? kfree+0x2d/0x230
[ 1973.035522][T12742]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1973.035666][T12742]  ? __fget_light+0x53/0x1e0
[ 1973.035813][T12742]  __sys_sendmsg+0xcd/0x170
[ 1973.035953][T12742]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1973.036097][T12742]  ? __sys_setsockopt+0x104/0x1a0
[ 1973.036239][T12742]  ? __pfx___sys_setsockopt+0x10/0x10
[ 1973.036383][T12742]  do_syscall_64+0xc6/0x1e0
[ 1973.036525][T12742]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1973.036704][T12742] RIP: 0033:0x7f055c8a97b7
[ 1973.036852][T12742] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 1973.037351][T12742] RSP: 002b:00007fff828656b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1973.037570][T12742] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f055c8a97b7
[ 1973.037789][T12742] RDX: 0000000000000000 RSI: 00007fff82865730 RDI: 0000000000000005
[ 1973.038003][T12742] RBP: 0000000038d072a0 R08: 0000000000000008 R09: 00007f055c969080
[ 1973.038214][T12742] R10: 00007f055c762708 R11: 0000000000000246 R12: 0000000000000005
[ 1973.038427][T12742] R13: 00007fff82865730 R14: 0000000000403e00 R15: 00007f055c9a4000
[ 1973.038649][T12742]  </TASK>
[ 1973.038757][T12742] ==================================================================
[ 1973.038976][T12742] Disabling lock debugging due to kernel taint
[ 1973.039194][T12742] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 1973.039503][T12742] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1973.039706][T12742] CPU: 1 PID: 12742 Comm: cmsg_sender Tainted: G    B              6.9.0-rc2-virtme #1
[ 1973.039952][T12742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1973.040258][T12742] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1973.040442][T12742] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1973.040935][T12742] RSP: 0018:ffffc90000fff130 EFLAGS: 00010202
[ 1973.041110][T12742] RAX: dffffc0000000000 RBX: ffff88800bb10040 RCX: ffffffffb479564a
[ 1973.041317][T12742] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffb9cfda00
[ 1973.041527][T12742] RBP: ffff88800bb100a0 R08: 0000000000000001 R09: fffffbfff739fb40
[ 1973.041742][T12742] R10: ffffffffb9cfda07 R11: 205d323437323154 R12: 0000000000000000
[ 1973.041949][T12742] R13: ffff88800bb101c0 R14: 0000000000000008 R15: 0000000000000000
[ 1973.042158][T12742] FS:  00007f055c757740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 1973.042398][T12742] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1973.042570][T12742] CR2: 00007f055c96a000 CR3: 0000000009a4c001 CR4: 0000000000770ef0
[ 1973.042786][T12742] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1973.042992][T12742] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1973.043198][T12742] PKRU: 55555554
[ 1973.043306][T12742] Call Trace:
[ 1973.043412][T12742]  <TASK>
[ 1973.043482][T12742]  ? die_addr+0x41/0xa0
[ 1973.043589][T12742]  ? exc_general_protection+0x149/0x220
[ 1973.043730][T12742]  ? asm_exc_general_protection+0x26/0x30
[ 1973.043873][T12742]  ? add_taint+0x2a/0x90
[ 1973.043979][T12742]  ? sock_def_write_space_wfree+0x221/0x360
[ 1973.044149][T12742]  sock_wfree+0x25f/0x3e0
[ 1973.044255][T12742]  skb_release_head_state+0x7a/0x1e0
[ 1973.044394][T12742]  consume_skb+0x76/0x110
[ 1973.044499][T12742]  dummy_xmit+0x106/0x170
[ 1973.044605][T12742]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1973.044747][T12742]  dev_hard_start_xmit+0x10e/0x360
[ 1973.044890][T12742]  sch_direct_xmit+0x203/0x11c0
[ 1973.045032][T12742]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1973.045174][T12742]  __qdisc_run+0x1cd/0x3d0
[ 1973.045312][T12742]  ? __lock_acquire+0xaf0/0x1570
[ 1973.045452][T12742]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1973.045591][T12742]  ? __pfx___qdisc_run+0x10/0x10
[ 1973.045730][T12742]  ? do_raw_spin_lock+0x131/0x270
[ 1973.045868][T12742]  ? spin_bug+0x180/0x1d0
[ 1973.045977][T12742]  __dev_xmit_skb+0x69d/0xfa0
[ 1973.046113][T12742]  ? lock_sync+0xa0/0x180
[ 1973.046216][T12742]  ? __pfx___dev_xmit_skb+0x10/0x10
[ 1973.046358][T12742]  __dev_queue_xmit+0x8be/0x16e0
[ 1973.046496][T12742]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1973.046665][T12742]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1973.046804][T12742]  ip6_finish_output2+0x59b/0xf60
[ 1973.046947][T12742]  ip6_finish_output+0x553/0xdf0
[ 1973.047090][T12742]  ip6_output+0x1f3/0x770
[ 1973.047194][T12742]  ? __pfx_ip6_output+0x10/0x10
[ 1973.047332][T12742]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1973.047475][T12742]  ? ip6_local_out+0x25/0x3b0
[ 1973.047616][T12742]  ip6_send_skb+0xbd/0x280
[ 1973.047753][T12742]  udp_v6_send_skb+0x84c/0x1d20
[ 1973.047893][T12742]  udpv6_sendmsg+0x1bad/0x2830
[ 1973.048033][T12742]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1973.048252][T12742]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1973.048399][T12742]  ? __might_fault+0xc3/0x170
[ 1973.048540][T12742]  ? lock_acquire+0x32/0xc0
[ 1973.048675][T12742]  ? __might_fault+0xc3/0x170
[ 1973.048895][T12742]  ? __might_fault+0x11b/0x170
[ 1973.049032][T12742]  ? __pfx_inet6_sendmsg+0x10/0x10
[ 1973.049179][T12742]  ? ____sys_sendmsg+0x3f9/0xa10
[ 1973.049315][T12742]  ____sys_sendmsg+0x3f9/0xa10
[ 1973.049536][T12742]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1973.049675][T12742]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1973.049846][T12742]  ? lookup_memtype+0x64/0x190
[ 1973.049984][T12742]  ? trace_kfree+0x2a/0xd0
[ 1973.050123][T12742]  ? kfree+0x2d/0x230
[ 1973.050227][T12742]  ___sys_sendmsg+0xee/0x170
[ 1973.050363][T12742]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1973.050498][T12742]  ? udp_lib_setsockopt+0x531/0xda0
[ 1973.050636][T12742]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[ 1973.050853][T12742]  ? __do_fault+0xed/0x3a0
[ 1973.050993][T12742]  ? trace_kfree+0x2a/0xd0
[ 1973.051134][T12742]  ? kfree+0x2d/0x230
[ 1973.051239][T12742]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1973.051456][T12742]  ? __fget_light+0x53/0x1e0
[ 1973.051598][T12742]  __sys_sendmsg+0xcd/0x170
[ 1973.051739][T12742]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1973.051877][T12742]  ? __sys_setsockopt+0x104/0x1a0
[ 1973.052097][T12742]  ? __pfx___sys_setsockopt+0x10/0x10
[ 1973.052240][T12742]  do_syscall_64+0xc6/0x1e0
[ 1973.052377][T12742]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1973.052550][T12742] RIP: 0033:0x7f055c8a97b7
[ 1973.052857][T12742] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 1973.053348][T12742] RSP: 002b:00007fff828656b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1973.053645][T12742] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f055c8a97b7
[ 1973.053850][T12742] RDX: 0000000000000000 RSI: 00007fff82865730 RDI: 0000000000000005
[ 1973.054053][T12742] RBP: 0000000038d072a0 R08: 0000000000000008 R09: 00007f055c969080
[ 1973.054339][T12742] R10: 00007f055c762708 R11: 0000000000000246 R12: 0000000000000005
[ 1973.054551][T12742] R13: 00007fff82865730 R14: 0000000000403e00 R15: 00007f055c9a4000
[ 1973.054760][T12742]  </TASK>
[ 1973.054943][T12742] Modules linked in: bonding sch_etf sch_fq cls_matchall xt_HL amt xfrm_user l2tp_ip6 l2tp_eth l2tp_ip l2tp_netlink l2tp_core sctp_diag sctp cls_u32 ifb nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 act_gact cls_flower geneve vxlan ip6_gre ip_gre gre xt_mark nft_compat nf_tables libcrc32c sch_ingress act_mirred cls_basic sch_fq_codel
[ 1973.055886][T12742] ---[ end trace 0000000000000000 ]---
[ 1973.056024][T12742] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1973.056282][T12742] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1973.056765][T12742] RSP: 0018:ffffc90000fff130 EFLAGS: 00010202
[ 1973.057023][T12742] RAX: dffffc0000000000 RBX: ffff88800bb10040 RCX: ffffffffb479564a
[ 1973.057224][T12742] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffb9cfda00
[ 1973.057437][T12742] RBP: ffff88800bb100a0 R08: 0000000000000001 R09: fffffbfff739fb40
[ 1973.057722][T12742] R10: ffffffffb9cfda07 R11: 205d323437323154 R12: 0000000000000000
[ 1973.057926][T12742] R13: ffff88800bb101c0 R14: 0000000000000008 R15: 0000000000000000
[ 1973.058132][T12742] FS:  00007f055c757740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 1973.058460][T12742] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1973.058631][T12742] CR2: 00007f055c96a000 CR3: 0000000009a4c001 CR4: 0000000000770ef0
[ 1973.058915][T12742] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1973.059137][T12742] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1973.059339][T12742] PKRU: 55555554
[ 1973.059448][T12742] Kernel panic - not syncing: Fatal exception in interrupt
[ 1973.059934][T12742] Kernel Offset: 0x33400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1973.060251][T12742] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr