Comment 3 for bug 1749419

I was able to reproduce the issue with linux-image-4.4.0-113-generic=4.4.0-113.136~14.04.1 in a local VM running Trusty. When I run 'ping' I get the following stack trace on the console:

===============================================================
[ 18.434331] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[ 18.436852] IP: [<ffffffff813f6d54>] csum_and_copy_from_iter+0x14/0x4a0
[ 18.438236] PGD 800000003db9b067 PUD 3b81e067 PMD 0
[ 18.439299] Oops: 0000 [#1] SMP
[ 18.439993] Modules linked in: ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc 8250_fintek parport i2c_piix4 mac_hid psmouse pata_acpi floppy
[ 18.442997] CPU: 0 PID: 914 Comm: ping Not tainted 4.4.0-113-generic #136~14.04.1
[ 18.444535] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 18.445918] task: ffff880036766600 ti: ffff88003d31c000 task.ti: ffff88003d31c000
[ 18.447084] RIP: 0010:[<ffffffff813f6d54>] [<ffffffff813f6d54>] csum_and_copy_from_iter+0x14/0x4a0
[ 18.448376] RSP: 0018:ffff88003d31f980 EFLAGS: 00010282
[ 18.449036] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000010
[ 18.449866] RDX: ffff88003d31f9f4 RSI: 0000000000000040 RDI: ffff88003b1f2234
[ 18.450695] RBP: ffff88003d31f9e0 R08: 0000000000000000 R09: ffff8800368f0200
[ 18.451658] R10: ffff88003b1f2234 R11: 0000000000000040 R12: 0000000000000040
[ 18.452702] R13: 0000000000000000 R14: ffff880036766f20 R15: ffff88003b1f2234
[ 18.453688] FS: 00007f2ea8586740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[ 18.454829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 18.455598] CR2: 0000000000000020 CR3: 000000003d31a000 CR4: 0000000000000670
[ 18.456543] Stack:
[ 18.456812] ffffffff816ff48e ffff8800368f0200 ffff88003d31fa0f 00000000024000c0
[ 18.458128] 0000000000000200 00000000ffffffff ffff88003d31f9f0 ffff8800368f0200
[ 18.460484] 0000000000000040 0000000000000000 ffff880036766f20 ffff88003b1f2234
[ 18.461653] Call Trace:
[ 18.462045] [<ffffffff816ff48e>] ? __alloc_skb+0x7e/0x280
[ 18.463098] [<ffffffff81752f17>] ip_generic_getfrag+0x47/0xd0
[ 18.464110] [<ffffffff8177aecd>] raw_getfrag+0xad/0x100
[ 18.465068] [<ffffffff817547a2>] __ip_append_data.isra.46+0x832/0xa30
[ 18.466215] [<ffffffff8177ae20>] ? raw_recvmsg+0x1b0/0x1b0
[ 18.467195] [<ffffffff81752e17>] ? ip_setup_cork+0xc7/0x120
[ 18.468158] [<ffffffff8177ae20>] ? raw_recvmsg+0x1b0/0x1b0
[ 18.469097] [<ffffffff817553f3>] ip_append_data+0x83/0xf0
[ 18.470003] [<ffffffff8177bb4e>] raw_sendmsg+0x71e/0xb60
[ 18.470934] [<ffffffff8138a528>] ? aa_sk_perm+0x78/0x230
[ 18.471848] [<ffffffff8138aded>] ? aa_sock_msg_perm+0x5d/0x140
[ 18.472888] [<ffffffff8178b01d>] inet_sendmsg+0x6d/0xa0
[ 18.473811] [<ffffffff816f6b8e>] sock_sendmsg+0x3e/0x50
[ 18.474702] [<ffffffff816f74c6>] ___sys_sendmsg+0x276/0x290
[ 18.475644] [<ffffffff814e3fc7>] ? n_tty_ioctl_helper+0x27/0x110
[ 18.476655] [<ffffffff814df760>] ? n_tty_ioctl+0x70/0xe0
[ 18.477552] [<ffffffff81817e52>] ? mutex_lock+0x12/0x2f
[ 18.478471] [<ffffffff814dd670>] ? tty_ioctl+0x220/0xc30
[ 18.479221] [<ffffffff818195ae>] ? _raw_spin_unlock_bh+0x1e/0x20
[ 18.480061] [<ffffffff816f7e22>] __sys_sendmsg+0x42/0x80
[ 18.480867] [<ffffffff816f7e72>] SyS_sendmsg+0x12/0x20
[ 18.481657] [<ffffffff81819b5f>] entry_SYSCALL_64_fastpath+0x1c/0x97
[ 18.482576] Code: e7 e8 04 ec 01 00 48 89 d8 e9 5d fe ff ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 89 cb 48 83 ec 38 <4c> 8b 61 10 48 89 55 c0 4c 39 e6 4c 0f 46 e6 4d 85 e4 0f 84 f2
[ 18.485891] RIP [<ffffffff813f6d54>] csum_and_copy_from_iter+0x14/0x4a0
[ 18.486789] RSP <ffff88003d31f980>
[ 18.487252] CR2: 0000000000000020
[ 18.487725] ---[ end trace ff8d78050aa340a1 ]---
===============================================================

Which is the same stack trace as reported on bug 1748671.

A fix for this issue has been released with the latest linux-lts-xenial kernel on -proposed (currently linux-image-4.4.0-116-generic=4.4.0-116.140~14.04.1), and I am not able to reproduce the issue with this kernel.

So I suggest we mark this bug as duplicate of bug 1748671.