[ 1968.022766][T17680] ==================================================================
[ 1968.023018][T17680] BUG: KASAN: null-ptr-deref in sock_def_write_space_wfree+0x210/0x360
[ 1968.023236][T17680] Read of size 8 at addr 0000000000000008 by task cmsg_sender/17680
[ 1968.023465][T17680] 
[ 1968.023546][T17680] CPU: 1 PID: 17680 Comm: cmsg_sender Not tainted 6.9.0-rc2-virtme #1
[ 1968.023770][T17680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1968.024088][T17680] Call Trace:
[ 1968.024199][T17680]  <TASK>
[ 1968.024272][T17680]  dump_stack_lvl+0x82/0xd0
[ 1968.024415][T17680]  kasan_report+0xbd/0xf0
[ 1968.024522][T17680]  ? sock_def_write_space_wfree+0x210/0x360
[ 1968.024697][T17680]  kasan_check_range+0x39/0x1c0
[ 1968.024840][T17680]  sock_def_write_space_wfree+0x210/0x360
[ 1968.024982][T17680]  sock_wfree+0x25f/0x3e0
[ 1968.025093][T17680]  skb_release_head_state+0x7a/0x1e0
[ 1968.025235][T17680]  consume_skb+0x76/0x110
[ 1968.025339][T17680]  dummy_xmit+0x106/0x170
[ 1968.025447][T17680]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1968.025590][T17680]  dev_hard_start_xmit+0x10e/0x360
[ 1968.025738][T17680]  sch_direct_xmit+0x203/0x11c0
[ 1968.025881][T17680]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1968.026023][T17680]  ? __pfx_fq_classify+0x10/0x10 [sch_fq]
[ 1968.026171][T17680]  ? trace_lock_acquire+0x135/0x1c0
[ 1968.026313][T17680]  __qdisc_run+0x1cd/0x3d0
[ 1968.026453][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x14f/0x370
[ 1968.026629][T17680]  ? __pfx___qdisc_run+0x10/0x10
[ 1968.026769][T17680]  ? fq_enqueue+0xf1/0x11c0 [sch_fq]
[ 1968.026915][T17680]  ? spin_bug+0x180/0x1d0
[ 1968.027024][T17680]  __dev_xmit_skb+0x69d/0xfa0
[ 1968.027162][T17680]  ? lock_sync+0xa0/0x180
[ 1968.027269][T17680]  ? __pfx___dev_xmit_skb+0x10/0x10
[ 1968.027412][T17680]  __dev_queue_xmit+0x8be/0x16e0
[ 1968.027555][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1968.027727][T17680]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1968.027871][T17680]  ip6_finish_output2+0x59b/0xf60
[ 1968.028016][T17680]  ip6_finish_output+0x553/0xdf0
[ 1968.028158][T17680]  ip6_output+0x1f3/0x770
[ 1968.028263][T17680]  ? __pfx_ip6_output+0x10/0x10
[ 1968.028402][T17680]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1968.028546][T17680]  ? ip6_local_out+0x25/0x3b0
[ 1968.028687][T17680]  ip6_send_skb+0xbd/0x280
[ 1968.028828][T17680]  udp_v6_send_skb+0x84c/0x1d20
[ 1968.028972][T17680]  udpv6_sendmsg+0x1bad/0x2830
[ 1968.029111][T17680]  ? __lock_acquire+0xaf0/0x1570
[ 1968.029254][T17680]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1968.029394][T17680]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1968.029533][T17680]  ? reacquire_held_locks+0x22f/0x4f0
[ 1968.029678][T17680]  ? __lock_release+0x103/0x460
[ 1968.029825][T17680]  ? inet_autobind+0x117/0x170
[ 1968.029982][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1968.030155][T17680]  ? inet_autobind+0x117/0x170
[ 1968.030296][T17680]  ? __local_bh_enable_ip+0xa6/0x120
[ 1968.030441][T17680]  ? inet_autobind+0x117/0x170
[ 1968.030578][T17680]  ? __pfx_inet6_sendmsg+0x10/0x10
[ 1968.030718][T17680]  ? ____sys_sendmsg+0x3f9/0xa10
[ 1968.030858][T17680]  ____sys_sendmsg+0x3f9/0xa10
[ 1968.030997][T17680]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1968.031136][T17680]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1968.031309][T17680]  ? lookup_memtype+0x64/0x190
[ 1968.031455][T17680]  ___sys_sendmsg+0xee/0x170
[ 1968.031598][T17680]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1968.031736][T17680]  ? udp_lib_setsockopt+0x531/0xda0
[ 1968.031877][T17680]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[ 1968.032018][T17680]  ? __do_fault+0xed/0x3a0
[ 1968.032161][T17680]  ? trace_kfree+0x2a/0xd0
[ 1968.032300][T17680]  ? kfree+0x2d/0x230
[ 1968.032406][T17680]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1968.032548][T17680]  ? __fget_light+0x53/0x1e0
[ 1968.032695][T17680]  __sys_sendmsg+0xcd/0x170
[ 1968.032833][T17680]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1968.032973][T17680]  ? __sys_setsockopt+0x104/0x1a0
[ 1968.033115][T17680]  ? __pfx___sys_setsockopt+0x10/0x10
[ 1968.033259][T17680]  do_syscall_64+0xc6/0x1e0
[ 1968.033399][T17680]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1968.033573][T17680] RIP: 0033:0x7f2b182927b7
[ 1968.033722][T17680] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 1968.034216][T17680] RSP: 002b:00007fff28616f48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1968.034434][T17680] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2b182927b7
[ 1968.034644][T17680] RDX: 0000000000000000 RSI: 00007fff28616fc0 RDI: 0000000000000005
[ 1968.034855][T17680] RBP: 000000002cc9e2a0 R08: 0000000000000008 R09: 00007f2b18352080
[ 1968.035064][T17680] R10: 00007f2b1814b708 R11: 0000000000000246 R12: 0000000000000005
[ 1968.035272][T17680] R13: 00007fff28616fc0 R14: 0000000000403e00 R15: 00007f2b1838d000
[ 1968.035483][T17680]  </TASK>
[ 1968.035589][T17680] ==================================================================
[ 1968.035884][T17680] Disabling lock debugging due to kernel taint
[ 1968.036086][T17680] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 1968.036469][T17680] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1968.036669][T17680] CPU: 1 PID: 17680 Comm: cmsg_sender Tainted: G    B              6.9.0-rc2-virtme #1
[ 1968.036905][T17680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1968.037207][T17680] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1968.037383][T17680] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1968.037949][T17680] RSP: 0018:ffffc90000aaf130 EFLAGS: 00010202
[ 1968.038126][T17680] RAX: dffffc0000000000 RBX: ffff8880067ce640 RCX: ffffffffb759564a
[ 1968.038408][T17680] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbcafda00
[ 1968.038609][T17680] RBP: ffff8880067ce6a0 R08: 0000000000000001 R09: fffffbfff795fb40
[ 1968.038810][T17680] R10: ffffffffbcafda07 R11: 205d303836373154 R12: 0000000000000000
[ 1968.039091][T17680] R13: ffff8880067ce7c0 R14: 0000000000000008 R15: 0000000000000000
[ 1968.039295][T17680] FS:  00007f2b18140740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 1968.039534][T17680] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1968.039786][T17680] CR2: 00007f2b18353000 CR3: 000000000bd84006 CR4: 0000000000770ef0
[ 1968.039997][T17680] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1968.040198][T17680] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1968.040485][T17680] PKRU: 55555554
[ 1968.040589][T17680] Call Trace:
[ 1968.040695][T17680]  <TASK>
[ 1968.040768][T17680]  ? die_addr+0x41/0xa0
[ 1968.040874][T17680]  ? exc_general_protection+0x149/0x220
[ 1968.041087][T17680]  ? asm_exc_general_protection+0x26/0x30
[ 1968.041222][T17680]  ? add_taint+0x2a/0x90
[ 1968.041326][T17680]  ? sock_def_write_space_wfree+0x221/0x360
[ 1968.041499][T17680]  sock_wfree+0x25f/0x3e0
[ 1968.041680][T17680]  skb_release_head_state+0x7a/0x1e0
[ 1968.041817][T17680]  consume_skb+0x76/0x110
[ 1968.041919][T17680]  dummy_xmit+0x106/0x170
[ 1968.042023][T17680]  ? trace_net_dev_start_xmit+0xff/0x170
[ 1968.042159][T17680]  dev_hard_start_xmit+0x10e/0x360
[ 1968.042372][T17680]  sch_direct_xmit+0x203/0x11c0
[ 1968.042510][T17680]  ? __pfx_sch_direct_xmit+0x10/0x10
[ 1968.042649][T17680]  ? __pfx_fq_classify+0x10/0x10 [sch_fq]
[ 1968.042784][T17680]  ? trace_lock_acquire+0x135/0x1c0
[ 1968.042995][T17680]  __qdisc_run+0x1cd/0x3d0
[ 1968.043130][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x14f/0x370
[ 1968.043298][T17680]  ? __pfx___qdisc_run+0x10/0x10
[ 1968.043433][T17680]  ? fq_enqueue+0xf1/0x11c0 [sch_fq]
[ 1968.043647][T17680]  ? spin_bug+0x180/0x1d0
[ 1968.043751][T17680]  __dev_xmit_skb+0x69d/0xfa0
[ 1968.043889][T17680]  ? lock_sync+0xa0/0x180
[ 1968.043992][T17680]  ? __pfx___dev_xmit_skb+0x10/0x10
[ 1968.044127][T17680]  __dev_queue_xmit+0x8be/0x16e0
[ 1968.044338][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1968.044507][T17680]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1968.044643][T17680]  ip6_finish_output2+0x59b/0xf60
[ 1968.044777][T17680]  ip6_finish_output+0x553/0xdf0
[ 1968.045072][T17680]  ip6_output+0x1f3/0x770
[ 1968.045179][T17680]  ? __pfx_ip6_output+0x10/0x10
[ 1968.045314][T17680]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1968.045451][T17680]  ? ip6_local_out+0x25/0x3b0
[ 1968.045587][T17680]  ip6_send_skb+0xbd/0x280
[ 1968.045800][T17680]  udp_v6_send_skb+0x84c/0x1d20
[ 1968.045935][T17680]  udpv6_sendmsg+0x1bad/0x2830
[ 1968.046069][T17680]  ? __lock_acquire+0xaf0/0x1570
[ 1968.046205][T17680]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1968.046419][T17680]  ? __pfx_udpv6_sendmsg+0x10/0x10
[ 1968.046557][T17680]  ? reacquire_held_locks+0x22f/0x4f0
[ 1968.046695][T17680]  ? __lock_release+0x103/0x460
[ 1968.046828][T17680]  ? inet_autobind+0x117/0x170
[ 1968.047044][T17680]  ? lockdep_hardirqs_on_prepare.part.0+0x1af/0x370
[ 1968.047211][T17680]  ? inet_autobind+0x117/0x170
[ 1968.047343][T17680]  ? __local_bh_enable_ip+0xa6/0x120
[ 1968.047477][T17680]  ? inet_autobind+0x117/0x170
[ 1968.047693][T17680]  ? __pfx_inet6_sendmsg+0x10/0x10
[ 1968.047828][T17680]  ? ____sys_sendmsg+0x3f9/0xa10
[ 1968.047963][T17680]  ____sys_sendmsg+0x3f9/0xa10
[ 1968.048098][T17680]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1968.048307][T17680]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1968.048473][T17680]  ? lookup_memtype+0x64/0x190
[ 1968.048611][T17680]  ___sys_sendmsg+0xee/0x170
[ 1968.048746][T17680]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1968.048960][T17680]  ? udp_lib_setsockopt+0x531/0xda0
[ 1968.049095][T17680]  ? __pfx_udp_lib_setsockopt+0x10/0x10
[ 1968.049230][T17680]  ? __do_fault+0xed/0x3a0
[ 1968.049366][T17680]  ? trace_kfree+0x2a/0xd0
[ 1968.049502][T17680]  ? kfree+0x2d/0x230
[ 1968.049683][T17680]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1968.049819][T17680]  ? __fget_light+0x53/0x1e0
[ 1968.049964][T17680]  __sys_sendmsg+0xcd/0x170
[ 1968.050103][T17680]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1968.050317][T17680]  ? __sys_setsockopt+0x104/0x1a0
[ 1968.050455][T17680]  ? __pfx___sys_setsockopt+0x10/0x10
[ 1968.050593][T17680]  do_syscall_64+0xc6/0x1e0
[ 1968.050729][T17680]  entry_SYSCALL_64_after_hwframe+0x72/0x7a
[ 1968.050972][T17680] RIP: 0033:0x7f2b182927b7
[ 1968.051111][T17680] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 1968.051673][T17680] RSP: 002b:00007fff28616f48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1968.051877][T17680] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2b182927b7
[ 1968.052084][T17680] RDX: 0000000000000000 RSI: 00007fff28616fc0 RDI: 0000000000000005
[ 1968.052368][T17680] RBP: 000000002cc9e2a0 R08: 0000000000000008 R09: 00007f2b18352080
[ 1968.052577][T17680] R10: 00007f2b1814b708 R11: 0000000000000246 R12: 0000000000000005
[ 1968.052777][T17680] R13: 00007fff28616fc0 R14: 0000000000403e00 R15: 00007f2b1838d000
[ 1968.053062][T17680]  </TASK>
[ 1968.053168][T17680] Modules linked in: sctp sch_fq xt_HL amt l2tp_ip6 l2tp_eth l2tp_ip l2tp_netlink l2tp_core xt_length act_ct nf_flow_table nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ifb bonding xfrm_user psample macsec cls_u32 sch_htb act_gact cls_flower xt_mark nft_compat nf_tables libcrc32c sch_ingress act_mirred cls_basic sch_fq_codel geneve vxlan ip6_gre ip_gre gre [last unloaded: test_blackhole_dev]
[ 1968.054278][T17680] ---[ end trace 0000000000000000 ]---
[ 1968.054420][T17680] RIP: 0010:sock_def_write_space_wfree+0x221/0x360
[ 1968.054595][T17680] Code: 00 4c 8b bb a0 01 00 00 be 08 00 00 00 4d 8d 77 08 4c 89 f7 e8 e0 0e 8b fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 00 00 00 49 8b 47 08 a8 04 0f 85 dc fe ff ff
[ 1968.055151][T17680] RSP: 0018:ffffc90000aaf130 EFLAGS: 00010202
[ 1968.055320][T17680] RAX: dffffc0000000000 RBX: ffff8880067ce640 RCX: ffffffffb759564a
[ 1968.055679][T17680] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbcafda00
[ 1968.055878][T17680] RBP: ffff8880067ce6a0 R08: 0000000000000001 R09: fffffbfff795fb40
[ 1968.056082][T17680] R10: ffffffffbcafda07 R11: 205d303836373154 R12: 0000000000000000
[ 1968.056359][T17680] R13: ffff8880067ce7c0 R14: 0000000000000008 R15: 0000000000000000
[ 1968.056564][T17680] FS:  00007f2b18140740(0000) GS:ffff888036080000(0000) knlGS:0000000000000000
[ 1968.056797][T17680] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1968.057042][T17680] CR2: 00007f2b18353000 CR3: 000000000bd84006 CR4: 0000000000770ef0
[ 1968.057247][T17680] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1968.057453][T17680] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1968.057731][T17680] PKRU: 55555554
[ 1968.057835][T17680] Kernel panic - not syncing: Fatal exception in interrupt
[ 1968.058270][T17680] Kernel Offset: 0x36200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1968.058667][T17680] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr