[  702.429430][   T68] ==================================================================
[  702.429665][   T68] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[  702.429876][   T68] Read of size 8 at addr ffff88801175b008 by task kworker/u16:1/68
[  702.430077][   T68] 
[  702.430147][   T68] CPU: 3 UID: 0 PID: 68 Comm: kworker/u16:1 Not tainted 6.13.0-rc5-virtme #1
[  702.430387][   T68] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  702.430557][   T68] Workqueue: netns cleanup_net
[  702.430702][   T68] Call Trace:
[  702.430807][   T68]  <TASK>
[  702.430881][   T68]  dump_stack_lvl+0x82/0xd0
[  702.431030][   T68]  print_address_description.constprop.0+0x2c/0x3b0
[  702.431202][   T68]  ? page_pool_item_uninit+0x100/0x130
[  702.431340][   T68]  print_report+0xb4/0x270
[  702.431484][   T68]  ? kasan_addr_to_slab+0x25/0x80
[  702.431624][   T68]  kasan_report+0xbd/0xf0
[  702.431731][   T68]  ? page_pool_item_uninit+0x100/0x130
[  702.431867][   T68]  page_pool_item_uninit+0x100/0x130
[  702.432005][   T68]  page_pool_release+0x44a/0x5b0
[  702.432144][   T68]  ? __pfx_page_pool_release+0x10/0x10
[  702.432280][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.432449][   T68]  page_pool_destroy+0x11e/0x560
[  702.432587][   T68]  veth_napi_del_range+0x34d/0x580
[  702.432730][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.432899][   T68]  veth_close+0x104/0x190
[  702.433003][   T68]  __dev_close_many+0x1a0/0x2d0
[  702.433141][   T68]  ? __pfx___dev_close_many+0x10/0x10
[  702.433278][   T68]  dev_close_many+0x202/0x650
[  702.433416][   T68]  ? fou_exit_net+0x2f/0xf0
[  702.433553][   T68]  ? __pfx_dev_close_many+0x10/0x10
[  702.433694][   T68]  ? __mutex_trylock_common+0xfa/0x260
[  702.433833][   T68]  ? __pfx___mutex_trylock_common+0x10/0x10
[  702.434001][   T68]  unregister_netdevice_many_notify+0x8ed/0x1580
[  702.434173][   T68]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  702.434342][   T68]  ? default_device_exit_batch+0x81/0x2e0
[  702.434476][   T68]  ? mutex_is_locked+0x1c/0x60
[  702.434615][   T68]  ? rtnl_is_locked+0x15/0x20
[  702.434753][   T68]  ? unregister_netdevice_queue+0x70/0x410
[  702.434924][   T68]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  702.435093][   T68]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  702.435266][   T68]  default_device_exit_batch+0x241/0x2e0
[  702.435406][   T68]  ? __pfx_default_device_exit_batch+0x10/0x10
[  702.435577][   T68]  ? ops_exit_list+0xb4/0x170
[  702.435717][   T68]  cleanup_net+0x4ef/0xba0
[  702.435855][   T68]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  702.435992][   T68]  ? __pfx_cleanup_net+0x10/0x10
[  702.436127][   T68]  ? trace_lock_acquire+0x14c/0x1f0
[  702.436266][   T68]  ? lock_acquire+0x32/0xc0
[  702.436402][   T68]  ? process_one_work+0xe0b/0x16d0
[  702.436543][   T68]  process_one_work+0xe55/0x16d0
[  702.436685][   T68]  ? __pfx___lock_release+0x10/0x10
[  702.436821][   T68]  ? __pfx_process_one_work+0x10/0x10
[  702.436959][   T68]  ? assign_work+0x16c/0x240
[  702.437095][   T68]  worker_thread+0x58c/0xce0
[  702.437233][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.437402][   T68]  ? __pfx_worker_thread+0x10/0x10
[  702.437539][   T68]  ? __pfx_worker_thread+0x10/0x10
[  702.437678][   T68]  kthread+0x28a/0x350
[  702.437783][   T68]  ? __pfx_kthread+0x10/0x10
[  702.437920][   T68]  ret_from_fork+0x31/0x70
[  702.438060][   T68]  ? __pfx_kthread+0x10/0x10
[  702.438195][   T68]  ret_from_fork_asm+0x1a/0x30
[  702.438335][   T68]  </TASK>
[  702.438438][   T68] 
[  702.438511][   T68] The buggy address belongs to the physical page:
[  702.438680][   T68] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1175b
[  702.438923][   T68] flags: 0x80000000000000(node=0|zone=1)
[  702.439092][   T68] page_type: f5(slab)
[  702.439206][   T68] raw: 0080000000000000 ffff8880010427c0 ffffea0000133210 ffffea00002e1d90
[  702.439448][   T68] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[  702.439690][   T68] page dumped because: kasan: bad access detected
[  702.439855][   T68] 
[  702.439926][   T68] Memory state around the buggy address:
[  702.440057][   T68]  ffff88801175af00: fc fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[  702.440256][   T68]  ffff88801175af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  702.440454][   T68] >ffff88801175b000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[  702.440654][   T68]                       ^
[  702.440758][   T68]  ffff88801175b080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[  702.440951][   T68]  ffff88801175b100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[  702.441143][   T68] ==================================================================
[  702.441359][   T68] Disabling lock debugging due to kernel taint
[  702.441540][   T68] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  702.441867][   T68] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[  702.442094][   T68] CPU: 3 UID: 0 PID: 68 Comm: kworker/u16:1 Tainted: G    B              6.13.0-rc5-virtme #1
[  702.442372][   T68] Tainted: [B]=BAD_PAGE
[  702.442475][   T68] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  702.442640][   T68] Workqueue: netns cleanup_net
[  702.442782][   T68] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[  702.442958][   T68] Code: ad 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[  702.443428][   T68] RSP: 0018:ffffc90000497698 EFLAGS: 00010a06
[  702.443595][   T68] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffabe9f6e3
[  702.443791][   T68] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[  702.443987][   T68] RBP: fffffbfff5aa4c78 R08: 0000000000000000 R09: fffffbfff5e7f688
[  702.444185][   T68] R10: ffffffffaf3fb447 R11: 205d383654202020 R12: ffff88801161e620
[  702.444383][   T68] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[  702.444582][   T68] FS:  0000000000000000(0000) GS:ffff88806d180000(0000) knlGS:0000000000000000
[  702.444813][   T68] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  702.444984][   T68] CR2: 00007f17ca77c000 CR3: 000000003573a001 CR4: 0000000000772ef0
[  702.445184][   T68] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  702.445385][   T68] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  702.445584][   T68] PKRU: 55555554
[  702.445684][   T68] Call Trace:
[  702.445786][   T68]  <TASK>
[  702.445855][   T68]  ? die_addr+0x41/0xa0
[  702.445960][   T68]  ? exc_general_protection+0x14d/0x230
[  702.446098][   T68]  ? asm_exc_general_protection+0x26/0x30
[  702.446234][   T68]  ? page_pool_item_uninit+0x73/0x130
[  702.446367][   T68]  ? page_pool_item_uninit+0x7a/0x130
[  702.446500][   T68]  ? page_pool_item_uninit+0x73/0x130
[  702.446636][   T68]  page_pool_release+0x44a/0x5b0
[  702.446770][   T68]  ? __pfx_page_pool_release+0x10/0x10
[  702.446901][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.447068][   T68]  page_pool_destroy+0x11e/0x560
[  702.447201][   T68]  veth_napi_del_range+0x34d/0x580
[  702.447335][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.447501][   T68]  veth_close+0x104/0x190
[  702.447608][   T68]  __dev_close_many+0x1a0/0x2d0
[  702.447743][   T68]  ? __pfx___dev_close_many+0x10/0x10
[  702.447879][   T68]  dev_close_many+0x202/0x650
[  702.448016][   T68]  ? fou_exit_net+0x2f/0xf0
[  702.448151][   T68]  ? __pfx_dev_close_many+0x10/0x10
[  702.448283][   T68]  ? __mutex_trylock_common+0xfa/0x260
[  702.448419][   T68]  ? __pfx___mutex_trylock_common+0x10/0x10
[  702.448589][   T68]  unregister_netdevice_many_notify+0x8ed/0x1580
[  702.448757][   T68]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  702.448919][   T68]  ? default_device_exit_batch+0x81/0x2e0
[  702.449052][   T68]  ? mutex_is_locked+0x1c/0x60
[  702.449191][   T68]  ? rtnl_is_locked+0x15/0x20
[  702.449325][   T68]  ? unregister_netdevice_queue+0x70/0x410
[  702.449489][   T68]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  702.449655][   T68]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  702.449824][   T68]  default_device_exit_batch+0x241/0x2e0
[  702.449960][   T68]  ? __pfx_default_device_exit_batch+0x10/0x10
[  702.450128][   T68]  ? ops_exit_list+0xb4/0x170
[  702.450262][   T68]  cleanup_net+0x4ef/0xba0
[  702.450396][   T68]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  702.450541][   T68]  ? __pfx_cleanup_net+0x10/0x10
[  702.450672][   T68]  ? trace_lock_acquire+0x14c/0x1f0
[  702.450807][   T68]  ? lock_acquire+0x32/0xc0
[  702.450939][   T68]  ? process_one_work+0xe0b/0x16d0
[  702.451074][   T68]  process_one_work+0xe55/0x16d0
[  702.451209][   T68]  ? __pfx___lock_release+0x10/0x10
[  702.451344][   T68]  ? __pfx_process_one_work+0x10/0x10
[  702.451483][   T68]  ? assign_work+0x16c/0x240
[  702.451616][   T68]  worker_thread+0x58c/0xce0
[  702.451750][   T68]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  702.451917][   T68]  ? __pfx_worker_thread+0x10/0x10
[  702.452050][   T68]  ? __pfx_worker_thread+0x10/0x10
[  702.452177][   T68]  kthread+0x28a/0x350
[  702.452278][   T68]  ? __pfx_kthread+0x10/0x10
[  702.452414][   T68]  ret_from_fork+0x31/0x70
[  702.452549][   T68]  ? __pfx_kthread+0x10/0x10
[  702.452680][   T68]  ret_from_fork_asm+0x1a/0x30
[  702.452820][   T68]  </TASK>
[  702.452923][   T68] Modules linked in: act_gact cls_flower sctp_diag sctp libcrc32c vxcan can_dev xfrm_interface ip6_gre ip_gre gre macsec ipvlan act_mirred cls_u32 sch_ingress ifb unix_diag vxlan
[  702.453377][   T68] ---[ end trace 0000000000000000 ]---
[  702.453516][   T68] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[  702.453685][   T68] Code: ad 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[  702.454143][   T68] RSP: 0018:ffffc90000497698 EFLAGS: 00010a06
[  702.454314][   T68] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffabe9f6e3
[  702.454518][   T68] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[  702.454714][   T68] RBP: fffffbfff5aa4c78 R08: 0000000000000000 R09: fffffbfff5e7f688
[  702.454911][   T68] R10: ffffffffaf3fb447 R11: 205d383654202020 R12: ffff88801161e620
[  702.455127][   T68] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[  702.455327][   T68] FS:  0000000000000000(0000) GS:ffff88806d180000(0000) knlGS:0000000000000000
[  702.455567][   T68] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  702.455732][   T68] CR2: 00007f17ca77c000 CR3: 000000003573a001 CR4: 0000000000772ef0
[  702.455929][   T68] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  702.456129][   T68] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  702.456322][   T68] PKRU: 55555554
[  702.456683][   T68] Kernel panic - not syncing: Fatal exception
[  702.456976][   T68] Kernel Offset: 0x28800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  702.457278][   T68] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr