[ 1198.178024][    C2] ==================================================================
[ 1198.178301][    C2] BUG: KASAN: null-ptr-deref in sock_def_write_space_wfree+0x210/0x360
[ 1198.178545][    C2] Read of size 8 at addr 0000000000000008 by task cmsg_sender/10411
[ 1198.178782][    C2] 
[ 1198.178869][    C2] CPU: 2 PID: 10411 Comm: cmsg_sender Not tainted 6.9.0-rc2-virtme #1
[ 1198.179106][    C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1198.179458][    C2] Call Trace:
[ 1198.179582][    C2]  <IRQ>
[ 1198.179662][    C2]  dump_stack_lvl+0x82/0xd0
[ 1198.179827][    C2]  kasan_report+0xbd/0xf0
[ 1198.179947][    C2]  ? sock_def_write_space_wfree+0x210/0x360
[ 1198.180156][    C2]  kasan_check_range+0x39/0x1c0
[ 1198.180315][    C2]  sock_def_write_space_wfree+0x210/0x360
[ 1198.180477][    C2]  sock_wfree+0x25f/0x3e0
[ 1198.180597][    C2]  skb_release_head_state+0x7a/0x1e0
[ 1198.180761][    C2]  consume_skb+0x76/0x110
[ 1198.180879][    C2]  dummy_xmit+0x106/0x170
[ 1198.180999][    C2]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1198.181157][    C2]  dev_hard_start_xmit+0x10e/0x360
[ 1198.181320][    C2]  sch_direct_xmit+0x203/0x11c0
[ 1198.181488][    C2]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1198.181658][    C2]  __qdisc_run+0x1cd/0x3d0
[ 1198.181817][    C2]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1198.181975][    C2]  ? __pfx___qdisc_run+0x10/0x10
[ 1198.182136][    C2]  ? do_raw_spin_lock+0x131/0x270
[ 1198.182288][    C2]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1198.182445][    C2]  ? lock_acquire+0x32/0xc0
[ 1198.182604][    C2]  ? net_tx_action+0x3a5/0x680
[ 1198.182762][    C2]  net_tx_action+0x3f6/0x680
[ 1198.182921][    C2]  __do_softirq+0x1f8/0x5df
[ 1198.183077][    C2]  irq_exit_rcu+0x97/0xc0
[ 1198.183197][    C2]  sysvec_apic_timer_interrupt+0x75/0x80
[ 1198.183354][    C2]  </IRQ>
[ 1198.183438][    C2]  <TASK>
[ 1198.183517][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1198.183711][    C2] RIP: 0010:lock_acquire.part.0+0x21/0x330
[ 1198.183909][    C2] Code: 90 90 90 90 90 90 90 90 90 41 54 49 89 fc 48 bf 00 00 00 00 00 fc ff df 55 53 48 81 ec b8 00 00 00 48 c7 44 24 18 b3 8a b5 41 <48> 8d 5c 24 18 48 c7 44 24 20 da 68 66 b5 48 c1 eb 03 48 c7 44 24
[ 1198.184458][    C2] RSP: 0018:ffffc9000125f730 EFLAGS: 00000286
[ 1198.184654][    C2] RAX: 0000000000000001 RBX: ffffffffb5bee200 RCX: 0000000000000002
[ 1198.184888][    C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: dffffc0000000000
[ 1198.185117][    C2] RBP: 00007f4f3afdda8d R08: 0000000000000000 R09: 0000000000000000
[ 1198.185352][    C2] R10: ffffffffb6595f57 R11: ffffc9000125f8c1 R12: ffffffffb5b663a0
[ 1198.185583][    C2] R13: 0000000000000000 R14: ffff888001a6c5c0 R15: 0000000000000000
[ 1198.185822][    C2]  ? get_reg+0x119/0x190
[ 1198.185941][    C2]  ? trace_lock_acquire+0x135/0x1c0
[ 1198.186100][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.186255][    C2]  ? lock_acquire+0x32/0xc0
[ 1198.186422][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.186575][    C2]  __is_insn_slot_addr+0x3d/0x1e0
[ 1198.186728][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.186879][    C2]  kernel_text_address+0x5d/0xe0
[ 1198.187036][    C2]  __kernel_text_address+0x12/0x40
[ 1198.187189][    C2]  unwind_get_return_address+0x5e/0xa0
[ 1198.187339][    C2]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1198.187536][    C2]  arch_stack_walk+0xa2/0xf0
[ 1198.187715][    C2]  stack_trace_save+0x94/0xd0
[ 1198.187870][    C2]  ? __pfx_stack_trace_save+0x10/0x10
[ 1198.188027][    C2]  kasan_save_stack+0x24/0x50
[ 1198.188185][    C2]  ? kasan_save_stack+0x24/0x50
[ 1198.188338][    C2]  ? kasan_save_track+0x14/0x30
[ 1198.188492][    C2]  ? kasan_save_free_info+0x3b/0x60
[ 1198.188646][    C2]  ? __kasan_slab_free+0xf4/0x180
[ 1198.188803][    C2]  ? kmem_cache_free+0xd7/0x220
[ 1198.188966][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.189123][    C2]  ? __mmput+0x76/0x3b0
[ 1198.189240][    C2]  ? exit_mm+0x146/0x1d0
[ 1198.189359][    C2]  ? do_exit+0x6b6/0xcf0
[ 1198.189476][    C2]  ? do_group_exit+0xb8/0x260
[ 1198.189630][    C2]  ? __x64_sys_exit_group+0x3e/0x50
[ 1198.189783][    C2]  ? do_syscall_64+0xc6/0x1e0
[ 1198.189938][    C2]  ? entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1198.190139][    C2]  ? hlock_class+0x4e/0x130
[ 1198.190296][    C2]  ? mark_lock+0x38/0x3e0
[ 1198.190413][    C2]  ? mark_held_locks+0x9e/0xe0
[ 1198.190567][    C2]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1198.190760][    C2]  ? __debug_check_no_obj_freed+0x253/0x520
[ 1198.190956][    C2]  ? __pfx___debug_check_no_obj_freed+0x10/0x10
[ 1198.191156][    C2]  ? mark_held_locks+0x9e/0xe0
[ 1198.191312][    C2]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1198.191512][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.191666][    C2]  kasan_save_track+0x14/0x30
[ 1198.191821][    C2]  kasan_save_free_info+0x3b/0x60
[ 1198.191973][    C2]  __kasan_slab_free+0xf4/0x180
[ 1198.192129][    C2]  kmem_cache_free+0xd7/0x220
[ 1198.192283][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.192441][    C2]  exit_mmap+0x38e/0x7d0
[ 1198.192557][    C2]  ? __pfx_exit_mmap+0x10/0x10
[ 1198.192716][    C2]  ? __mutex_unlock_slowpath+0x145/0x3b0
[ 1198.192882][    C2]  __mmput+0x76/0x3b0
[ 1198.193000][    C2]  exit_mm+0x146/0x1d0
[ 1198.193115][    C2]  do_exit+0x6b6/0xcf0
[ 1198.193230][    C2]  ? do_raw_spin_lock+0x131/0x270
[ 1198.193386][    C2]  ? __pfx_do_exit+0x10/0x10
[ 1198.193537][    C2]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1198.193693][    C2]  do_group_exit+0xb8/0x260
[ 1198.193846][    C2]  __x64_sys_exit_group+0x3e/0x50
[ 1198.193997][    C2]  do_syscall_64+0xc6/0x1e0
[ 1198.194157][    C2]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1198.194349][    C2] RIP: 0033:0x7f4f3afdda8d
[ 1198.194506][    C2] Code: Unable to access opcode bytes at 0x7f4f3afdda63.
[ 1198.194705][    C2] RSP: 002b:00007fff5a879da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1198.194937][    C2] RAX: ffffffffffffffda RBX: 00007f4f3b0ba9c0 RCX: 00007f4f3afdda8d
[ 1198.195165][    C2] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1198.195397][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000028
[ 1198.195626][    C2] R10: 00007fff5a879c30 R11: 0000000000000246 R12: 00007f4f3b0ba9c0
[ 1198.195853][    C2] R13: 0000000000000000 R14: 00007f4f3b0bfec8 R15: 00007f4f3b0bfee0
[ 1198.196187][    C2]  </TASK>
[ 1198.196304][    C2] ==================================================================
[ 1198.196548][    C2] Disabling lock debugging due to kernel taint
[ 1198.196781][    C2] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 1198.197214][    C2] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1198.197438][    C2] CPU: 2 PID: 10411 Comm: cmsg_sender Tainted: G    B              6.9.0-rc2-virtme #1
[ 1198.197810][    C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1198.198162][    C2] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1198.198456][    C2] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1198.198991][    C2] RSP: 0018:ffffc90000230c30 EFLAGS: 00010202
[ 1198.199289][    C2] RAX: dffffc0000000000 RBX: ffff88800a5199c0 RCX: ffffffffb1f9564a
[ 1198.199516][    C2] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffb74fda00
[ 1198.199743][    C2] RBP: ffff88800a519a20 R08: 0000000000000001 R09: fffffbfff6e9fb40
[ 1198.200068][    C2] R10: ffffffffb74fda07 R11: 205d324320202020 R12: 0000000000000000
[ 1198.200295][    C2] R13: ffff88800a519b40 R14: 0000000000000008 R15: 0000000000000000
[ 1198.200528][    C2] FS:  0000000000000000(0000) GS:ffff88802f700000(0000) knlGS:0000000000000000
[ 1198.200982][    C2] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1198.201177][    C2] CR2: 00007f4f3b0d1000 CR3: 0000000039b38005 CR4: 0000000000770ef0
[ 1198.201436][    C2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1198.201764][    C2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1198.201993][    C2] PKRU: 55555554
[ 1198.202107][    C2] Call Trace:
[ 1198.202319][    C2]  <IRQ>
[ 1198.202401][    C2]  ? die_addr+0x41/0xa0
[ 1198.202520][    C2]  ? exc_general_protection+0x149/0x220
[ 1198.202674][    C2]  ? asm_exc_general_protection+0x26/0x30
[ 1198.202825][    C2]  ? add_taint+0x2a/0x90
[ 1198.202940][    C2]  ? sock_def_write_space_wfree+0x221/0x360
[ 1198.203231][    C2]  sock_wfree+0x25f/0x3e0
[ 1198.203347][    C2]  skb_release_head_state+0x7a/0x1e0
[ 1198.203497][    C2]  consume_skb+0x76/0x110
[ 1198.203610][    C2]  dummy_xmit+0x106/0x170
[ 1198.203821][    C2]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1198.203977][    C2]  dev_hard_start_xmit+0x10e/0x360
[ 1198.204130][    C2]  sch_direct_xmit+0x203/0x11c0
[ 1198.204288][    C2]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1198.204447][    C2]  __qdisc_run+0x1cd/0x3d0
[ 1198.204695][    C2]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1198.204847][    C2]  ? __pfx___qdisc_run+0x10/0x10
[ 1198.204997][    C2]  ? do_raw_spin_lock+0x131/0x270
[ 1198.205147][    C2]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1198.205392][    C2]  ? lock_acquire+0x32/0xc0
[ 1198.205544][    C2]  ? net_tx_action+0x3a5/0x680
[ 1198.205696][    C2]  net_tx_action+0x3f6/0x680
[ 1198.205855][    C2]  __do_softirq+0x1f8/0x5df
[ 1198.206103][    C2]  irq_exit_rcu+0x97/0xc0
[ 1198.206217][    C2]  sysvec_apic_timer_interrupt+0x75/0x80
[ 1198.206370][    C2]  </IRQ>
[ 1198.206449][    C2]  <TASK>
[ 1198.206527][    C2]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1198.206808][    C2] RIP: 0010:lock_acquire.part.0+0x21/0x330
[ 1198.207001][    C2] Code: 90 90 90 90 90 90 90 90 90 41 54 49 89 fc 48 bf 00 00 00 00 00 fc ff df 55 53 48 81 ec b8 00 00 00 48 c7 44 24 18 b3 8a b5 41 <48> 8d 5c 24 18 48 c7 44 24 20 da 68 66 b5 48 c1 eb 03 48 c7 44 24
[ 1198.207653][    C2] RSP: 0018:ffffc9000125f730 EFLAGS: 00000286
[ 1198.207853][    C2] RAX: 0000000000000001 RBX: ffffffffb5bee200 RCX: 0000000000000002
[ 1198.208081][    C2] RDX: 0000000000000000 RSI: 0000000000000000 RDI: dffffc0000000000
[ 1198.208404][    C2] RBP: 00007f4f3afdda8d R08: 0000000000000000 R09: 0000000000000000
[ 1198.208636][    C2] R10: ffffffffb6595f57 R11: ffffc9000125f8c1 R12: ffffffffb5b663a0
[ 1198.208864][    C2] R13: 0000000000000000 R14: ffff888001a6c5c0 R15: 0000000000000000
[ 1198.209194][    C2]  ? get_reg+0x119/0x190
[ 1198.209311][    C2]  ? trace_lock_acquire+0x135/0x1c0
[ 1198.209465][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.209614][    C2]  ? lock_acquire+0x32/0xc0
[ 1198.209867][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.210018][    C2]  __is_insn_slot_addr+0x3d/0x1e0
[ 1198.210166][    C2]  ? __is_insn_slot_addr+0x29/0x1e0
[ 1198.210317][    C2]  kernel_text_address+0x5d/0xe0
[ 1198.210565][    C2]  __kernel_text_address+0x12/0x40
[ 1198.210716][    C2]  unwind_get_return_address+0x5e/0xa0
[ 1198.210867][    C2]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1198.211055][    C2]  arch_stack_walk+0xa2/0xf0
[ 1198.211309][    C2]  stack_trace_save+0x94/0xd0
[ 1198.211457][    C2]  ? __pfx_stack_trace_save+0x10/0x10
[ 1198.211609][    C2]  kasan_save_stack+0x24/0x50
[ 1198.211761][    C2]  ? kasan_save_stack+0x24/0x50
[ 1198.211910][    C2]  ? kasan_save_track+0x14/0x30
[ 1198.212156][    C2]  ? kasan_save_free_info+0x3b/0x60
[ 1198.212304][    C2]  ? __kasan_slab_free+0xf4/0x180
[ 1198.212456][    C2]  ? kmem_cache_free+0xd7/0x220
[ 1198.212607][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.212955][    C2]  ? __mmput+0x76/0x3b0
[ 1198.213068][    C2]  ? exit_mm+0x146/0x1d0
[ 1198.213181][    C2]  ? do_exit+0x6b6/0xcf0
[ 1198.213295][    C2]  ? do_group_exit+0xb8/0x260
[ 1198.213443][    C2]  ? __x64_sys_exit_group+0x3e/0x50
[ 1198.213687][    C2]  ? do_syscall_64+0xc6/0x1e0
[ 1198.213837][    C2]  ? entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1198.214023][    C2]  ? hlock_class+0x4e/0x130
[ 1198.214179][    C2]  ? mark_lock+0x38/0x3e0
[ 1198.214416][    C2]  ? mark_held_locks+0x9e/0xe0
[ 1198.214570][    C2]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1198.214757][    C2]  ? __debug_check_no_obj_freed+0x253/0x520
[ 1198.214945][    C2]  ? __pfx___debug_check_no_obj_freed+0x10/0x10
[ 1198.215397][    C2]  ? mark_held_locks+0x9e/0xe0
[ 1198.215550][    C2]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1198.215738][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.215894][    C2]  kasan_save_track+0x14/0x30
[ 1198.216140][    C2]  kasan_save_free_info+0x3b/0x60
[ 1198.216288][    C2]  __kasan_slab_free+0xf4/0x180
[ 1198.216440][    C2]  kmem_cache_free+0xd7/0x220
[ 1198.216590][    C2]  ? exit_mmap+0x38e/0x7d0
[ 1198.216836][    C2]  exit_mmap+0x38e/0x7d0
[ 1198.216951][    C2]  ? __pfx_exit_mmap+0x10/0x10
[ 1198.217109][    C2]  ? __mutex_unlock_slowpath+0x145/0x3b0
[ 1198.217266][    C2]  __mmput+0x76/0x3b0
[ 1198.217388][    C2]  exit_mm+0x146/0x1d0
[ 1198.217607][    C2]  do_exit+0x6b6/0xcf0
[ 1198.217729][    C2]  ? do_raw_spin_lock+0x131/0x270
[ 1198.217885][    C2]  ? __pfx_do_exit+0x10/0x10
[ 1198.218038][    C2]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1198.218287][    C2]  do_group_exit+0xb8/0x260
[ 1198.218438][    C2]  __x64_sys_exit_group+0x3e/0x50
[ 1198.218590][    C2]  do_syscall_64+0xc6/0x1e0
[ 1198.218747][    C2]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1198.219034][    C2] RIP: 0033:0x7f4f3afdda8d
[ 1198.219189][    C2] Code: Unable to access opcode bytes at 0x7f4f3afdda63.
[ 1198.219382][    C2] RSP: 002b:00007fff5a879da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1198.219609][    C2] RAX: ffffffffffffffda RBX: 00007f4f3b0ba9c0 RCX: 00007f4f3afdda8d
[ 1198.219933][    C2] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1198.220160][    C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000028
[ 1198.220384][    C2] R10: 00007fff5a879c30 R11: 0000000000000246 R12: 00007f4f3b0ba9c0
[ 1198.220817][    C2] R13: 0000000000000000 R14: 00007f4f3b0bfec8 R15: 00007f4f3b0bfee0
[ 1198.221044][    C2]  </TASK>
[ 1198.221159][    C2] Modules linked in: sch_etf sch_fq xt_HL amt xt_conntrack nf_conntrack nf_defrag_ipv4 nft_compat nf_tables nf_defrag_ipv6 cls_bpf sctp_diag sctp libcrc32c cls_matchall act_gact cls_flower sch_ingress bonding xfrm_user psample macsec vxlan ip6_gre ip_gre gre cls_u32 sch_htb [last unloaded: test_bpf]
[ 1198.222197][    C2] ---[ end trace 0000000000000000 ]---
[ 1198.222354][    C2] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1198.222548][    C2] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1198.223185][    C2] RSP: 0018:ffffc90000230c30 EFLAGS: 00010202
[ 1198.223395][    C2] RAX: dffffc0000000000 RBX: ffff88800a5199c0 RCX: ffffffffb1f9564a
[ 1198.223713][    C2] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffb74fda00
[ 1198.223945][    C2] RBP: ffff88800a519a20 R08: 0000000000000001 R09: fffffbfff6e9fb40
[ 1198.224181][    C2] R10: ffffffffb74fda07 R11: 205d324320202020 R12: 0000000000000000
[ 1198.224509][    C2] R13: ffff88800a519b40 R14: 0000000000000008 R15: 0000000000000000
[ 1198.224735][    C2] FS:  0000000000000000(0000) GS:ffff88802f700000(0000) knlGS:0000000000000000
[ 1198.225009][    C2] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1198.225394][    C2] CR2: 00007f4f3b0d1000 CR3: 0000000039b38005 CR4: 0000000000770ef0
[ 1198.225625][    C2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1198.225865][    C2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1198.226183][    C2] PKRU: 55555554
[ 1198.226302][    C2] Kernel panic - not syncing: Fatal exception in interrupt
[ 1198.226754][    C2] Kernel Offset: 0x30c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1198.227209][    C2] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr