[ 4380.109914][ T7030] ==================================================================
[ 4380.110221][ T7030] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[ 4380.110424][ T7030] Read of size 8 at addr ffff888011361008 by task kworker/0:2/7030
[ 4380.110614][ T7030]
[ 4380.110684][ T7030] CPU: 0 UID: 0 PID: 7030 Comm: kworker/0:2 Not tainted 6.13.0-rc5-virtme #1
[ 4380.110910][ T7030] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4380.111070][ T7030] Workqueue: events page_pool_release_retry
[ 4380.111240][ T7030] Call Trace:
[ 4380.111337][ T7030]
[ 4380.111408][ T7030] dump_stack_lvl+0x82/0xd0
[ 4380.111549][ T7030] print_address_description.constprop.0+0x2c/0x3b0
[ 4380.111710][ T7030] ? page_pool_item_uninit+0x100/0x130
[ 4380.111839][ T7030] print_report+0xb4/0x270
[ 4380.111966][ T7030] ? kasan_addr_to_slab+0x25/0x80
[ 4380.112097][ T7030] kasan_report+0xbd/0xf0
[ 4380.112193][ T7030] ? page_pool_item_uninit+0x100/0x130
[ 4380.112321][ T7030] page_pool_item_uninit+0x100/0x130
[ 4380.112451][ T7030] page_pool_release+0x44a/0x5b0
[ 4380.112594][ T7030] ? __pfx_page_pool_release+0x10/0x10
[ 4380.112744][ T7030] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 4380.112875][ T7030] ? trace_lock_acquire+0x14c/0x1f0
[ 4380.112999][ T7030] ? trace_lock_acquire+0x14c/0x1f0
[ 4380.113128][ T7030] page_pool_release_retry+0x21/0x290
[ 4380.113260][ T7030] ? trace_workqueue_execute_start+0xe7/0x150
[ 4380.113418][ T7030] process_one_work+0xe55/0x16d0
[ 4380.113548][ T7030] ? __pfx___lock_release+0x10/0x10
[ 4380.113674][ T7030] ? __pfx_process_one_work+0x10/0x10
[ 4380.113803][ T7030] ? assign_work+0x16c/0x240
[ 4380.113929][ T7030] worker_thread+0x58c/0xce0
[ 4380.114054][ T7030] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 4380.114217][ T7030] ? __pfx_worker_thread+0x10/0x10
[ 4380.114345][ T7030] ? __pfx_worker_thread+0x10/0x10
[ 4380.114472][ T7030] kthread+0x28a/0x350
[ 4380.114573][ T7030] ? __pfx_kthread+0x10/0x10
[ 4380.114702][ T7030] ret_from_fork+0x31/0x70
[ 4380.114835][ T7030] ? __pfx_kthread+0x10/0x10
[ 4380.114963][ T7030] ret_from_fork_asm+0x1a/0x30
[ 4380.115100][ T7030]
[ 4380.115202][ T7030]
[ 4380.115268][ T7030] The buggy address belongs to the physical page:
[ 4380.115427][ T7030] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11361
[ 4380.115654][ T7030] flags: 0x80000000000000(node=0|zone=1)
[ 4380.115791][ T7030] page_type: f5(slab)
[ 4380.115893][ T7030] raw: 0080000000000000 ffff8880010427c0 ffffea00000938d0 ffffea000022d090
[ 4380.116125][ T7030] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[ 4380.116349][ T7030] page dumped because: kasan: bad access detected
[ 4380.116506][ T7030]
[ 4380.116571][ T7030] Memory state around the buggy address:
[ 4380.116696][ T7030] ffff888011360f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 4380.116881][ T7030] ffff888011360f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 4380.117068][ T7030] >ffff888011361000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 4380.117252][ T7030] ^
[ 4380.117345][ T7030] ffff888011361080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[ 4380.117526][ T7030] ffff888011361100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[ 4380.117711][ T7030] ==================================================================
[ 4380.117948][ T7030] Disabling lock debugging due to kernel taint
[ 4380.118126][ T7030] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 4380.118429][ T7030] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[ 4380.118643][ T7030] CPU: 0 UID: 0 PID: 7030 Comm: kworker/0:2 Tainted: G B 6.13.0-rc5-virtme #1
[ 4380.118888][ T7030] Tainted: [B]=BAD_PAGE
[ 4380.118984][ T7030] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4380.119141][ T7030] Workqueue: events page_pool_release_retry
[ 4380.119303][ T7030] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[ 4380.119466][ T7030] Code: ad 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[ 4380.119906][ T7030] RSP: 0018:ffffc90004f87bc0 EFLAGS: 00010a06
[ 4380.120068][ T7030] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffac49f6e3
[ 4380.120254][ T7030] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[ 4380.120443][ T7030] RBP: fffffbfff5b64c78 R08: 0000000000000000 R09: fffffbfff5f3f688
[ 4380.120627][ T7030] R10: ffffffffaf9fb447 R11: 205d303330375420 R12: ffff888011d9b620
[ 4380.120812][ T7030] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: ffffea000022d080
[ 4380.120998][ T7030] FS: 0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[ 4380.121218][ T7030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4380.121375][ T7030] CR2: 00007f5d94760000 CR3: 00000000050c0002 CR4: 0000000000772ef0
[ 4380.121563][ T7030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4380.121746][ T7030] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4380.121936][ T7030] PKRU: 55555554
[ 4380.122030][ T7030] Call Trace:
[ 4380.122123][ T7030]
[ 4380.122187][ T7030] ? die_addr+0x41/0xa0
[ 4380.122285][ T7030] ? exc_general_protection+0x14d/0x230
[ 4380.122416][ T7030] ? asm_exc_general_protection+0x26/0x30
[ 4380.122545][ T7030] ? page_pool_item_uninit+0x73/0x130
[ 4380.122670][ T7030] ? page_pool_item_uninit+0x7a/0x130
[ 4380.122801][ T7030] page_pool_release+0x44a/0x5b0
[ 4380.122926][ T7030] ? __pfx_page_pool_release+0x10/0x10
[ 4380.123048][ T7030] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 4380.123171][ T7030] ? trace_lock_acquire+0x14c/0x1f0
[ 4380.123294][ T7030] ? trace_lock_acquire+0x14c/0x1f0
[ 4380.123416][ T7030] page_pool_release_retry+0x21/0x290
[ 4380.123537][ T7030] ? trace_workqueue_execute_start+0xe7/0x150
[ 4380.123692][ T7030] process_one_work+0xe55/0x16d0
[ 4380.123818][ T7030] ? __pfx___lock_release+0x10/0x10
[ 4380.123941][ T7030] ? __pfx_process_one_work+0x10/0x10
[ 4380.124067][ T7030] ? assign_work+0x16c/0x240
[ 4380.124188][ T7030] worker_thread+0x58c/0xce0
[ 4380.124312][ T7030] ? lockdep_hardirqs_on_prepare+0x275/0x410
[ 4380.124464][ T7030] ? __pfx_worker_thread+0x10/0x10
[ 4380.124590][ T7030] ? __pfx_worker_thread+0x10/0x10
[ 4380.124712][ T7030] kthread+0x28a/0x350
[ 4380.124806][ T7030] ? __pfx_kthread+0x10/0x10
[ 4380.124928][ T7030] ret_from_fork+0x31/0x70
[ 4380.125053][ T7030] ? __pfx_kthread+0x10/0x10
[ 4380.125173][ T7030] ret_from_fork_asm+0x1a/0x30
[ 4380.125369][ T7030]
[ 4380.125464][ T7030] Modules linked in: nft_chain_nat xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT ipt_REJECT nft_compat nf_tables libcrc32c
[ 4380.125932][ T7030] ---[ end trace 0000000000000000 ]---
[ 4380.126056][ T7030] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[ 4380.126213][ T7030] Code: ad 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[ 4380.126685][ T7030] RSP: 0018:ffffc90004f87bc0 EFLAGS: 00010a06
[ 4380.126837][ T7030] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffac49f6e3
[ 4380.127018][ T7030] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[ 4380.127262][ T7030] RBP: fffffbfff5b64c78 R08: 0000000000000000 R09: fffffbfff5f3f688
[ 4380.127450][ T7030] R10: ffffffffaf9fb447 R11: 205d303330375420 R12: ffff888011d9b620
[ 4380.127739][ T7030] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: ffffea000022d080
[ 4380.127924][ T7030] FS: 0000000000000000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[ 4380.128134][ T7030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4380.128288][ T7030] CR2: 00007f5d94760000 CR3: 00000000050c0002 CR4: 0000000000772ef0
[ 4380.128471][ T7030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4380.128695][ T7030] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4380.128878][ T7030] PKRU: 55555554
[ 4380.128969][ T7030] Kernel panic - not syncing: Fatal exception
[ 4380.129272][ T7030] Kernel Offset: 0x28e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4380.129621][ T7030] ---[ end Kernel panic - not syncing: Fatal exception ]---
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr
WAIT TIMEOUT stderr