[   16.798874][  T327] ==================================================================
[   16.799120][  T327] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[   16.799339][  T327] Read of size 8 at addr ffff88800c300008 by task ethtool/327
[   16.799549][  T327] 
[   16.799622][  T327] CPU: 0 UID: 0 PID: 327 Comm: ethtool Not tainted 6.13.0-rc5-virtme #1
[   16.799839][  T327] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   16.800016][  T327] Call Trace:
[   16.800124][  T327]  <TASK>
[   16.800199][  T327]  dump_stack_lvl+0x82/0xd0
[   16.800354][  T327]  print_address_description.constprop.0+0x2c/0x3b0
[   16.800535][  T327]  ? page_pool_item_uninit+0x100/0x130
[   16.800681][  T327]  print_report+0xb4/0x270
[   16.800825][  T327]  ? kasan_addr_to_slab+0x25/0x80
[   16.800974][  T327]  kasan_report+0xbd/0xf0
[   16.801083][  T327]  ? page_pool_item_uninit+0x100/0x130
[   16.801230][  T327]  page_pool_item_uninit+0x100/0x130
[   16.801375][  T327]  page_pool_release+0x44a/0x5b0
[   16.801520][  T327]  ? __pfx_page_pool_release+0x10/0x10
[   16.801665][  T327]  page_pool_destroy+0x11e/0x560
[   16.801808][  T327]  veth_napi_del_range+0x34d/0x580
[   16.801957][  T327]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[   16.802140][  T327]  veth_set_features+0x13e/0x240
[   16.802284][  T327]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[   16.802463][  T327]  __netdev_update_features+0x30f/0xc20
[   16.802610][  T327]  ? __pfx___netdev_update_features+0x10/0x10
[   16.802787][  T327]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[   16.802972][  T327]  ethnl_set_features+0x31e/0x620
[   16.803116][  T327]  ? __pfx_ethnl_set_features+0x10/0x10
[   16.803261][  T327]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   16.803441][  T327]  ? __nla_validate_parse+0x1bc/0x3d0
[   16.803588][  T327]  ? __nla_parse+0x26/0x30
[   16.803731][  T327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[   16.803946][  T327]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[   16.804089][  T327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   16.804269][  T327]  ? rcu_read_lock_any_held+0x43/0xb0
[   16.804415][  T327]  ? validate_chain+0x1fe/0xae0
[   16.804561][  T327]  genl_family_rcv_msg+0x347/0x5b0
[   16.804706][  T327]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[   16.804850][  T327]  ? __pfx_ethnl_set_features+0x10/0x10
[   16.804999][  T327]  genl_rcv_msg+0xa3/0x140
[   16.805143][  T327]  netlink_rcv_skb+0x130/0x360
[   16.805287][  T327]  ? __pfx_genl_rcv_msg+0x10/0x10
[   16.805435][  T327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   16.805583][  T327]  ? genl_rcv+0x19/0x40
[   16.805694][  T327]  ? __pfx_down_read+0x10/0x10
[   16.805839][  T327]  ? netlink_deliver_tap+0x13e/0x340
[   16.805986][  T327]  genl_rcv+0x28/0x40
[   16.806096][  T327]  netlink_unicast+0x44b/0x710
[   16.806240][  T327]  ? __pfx_netlink_unicast+0x10/0x10
[   16.806385][  T327]  ? find_held_lock+0x2c/0x110
[   16.806534][  T327]  netlink_sendmsg+0x723/0xbe0
[   16.806685][  T327]  ? __pfx_netlink_sendmsg+0x10/0x10
[   16.806834][  T327]  ? lock_acquire+0x32/0xc0
[   16.806979][  T327]  ? __might_fault+0x11b/0x170
[   16.807127][  T327]  __sys_sendto+0x3c3/0x450
[   16.807274][  T327]  ? __pfx___sys_sendto+0x10/0x10
[   16.807420][  T327]  ? __lock_release+0x103/0x460
[   16.807564][  T327]  ? __sys_recvmsg+0x106/0x190
[   16.807707][  T327]  ? __pfx___sys_recvmsg+0x10/0x10
[   16.807858][  T327]  ? do_user_addr_fault+0x97c/0xe30
[   16.808004][  T327]  __x64_sys_sendto+0xe0/0x1c0
[   16.808148][  T327]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   16.808324][  T327]  do_syscall_64+0xc1/0x1d0
[   16.808466][  T327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   16.808645][  T327] RIP: 0033:0x7ff3c8891a4a
[   16.808795][  T327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[   16.809301][  T327] RSP: 002b:00007ffd8babfd48 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   16.809521][  T327] RAX: ffffffffffffffda RBX: 00000000280ab2a0 RCX: 00007ff3c8891a4a
[   16.809733][  T327] RDX: 0000000000000044 RSI: 00000000280ab3b0 RDI: 0000000000000005
[   16.809949][  T327] RBP: 0000000000486020 R08: 00007ff3c894e200 R09: 000000000000000c
[   16.810164][  T327] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000280ab340
[   16.810376][  T327] R13: 0000000000000000 R14: 00000000280ab350 R15: 00000000280ab2a0
[   16.810591][  T327]  </TASK>
[   16.810705][  T327] 
[   16.810783][  T327] The buggy address belongs to the physical page:
[   16.810958][  T327] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc300
[   16.811213][  T327] flags: 0x80000000000000(node=0|zone=1)
[   16.811361][  T327] page_type: f5(slab)
[   16.811473][  T327] raw: 0080000000000000 ffff8880010427c0 ffffea00000a3190 ffffea00003e4f50
[   16.811724][  T327] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[   16.811979][  T327] page dumped because: kasan: bad access detected
[   16.812154][  T327] 
[   16.812227][  T327] Memory state around the buggy address:
[   16.812365][  T327]  ffff88800c2fff00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   16.812573][  T327]  ffff88800c2fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.812783][  T327] >ffff88800c300000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[   16.812990][  T327]                       ^
[   16.813097][  T327]  ffff88800c300080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[   16.813302][  T327]  ffff88800c300100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[   16.813507][  T327] ==================================================================
[   16.813761][  T327] Disabling lock debugging due to kernel taint
[   16.813946][  T327] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   16.814287][  T327] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[   16.814526][  T327] CPU: 0 UID: 0 PID: 327 Comm: ethtool Tainted: G    B              6.13.0-rc5-virtme #1
[   16.814775][  T327] Tainted: [B]=BAD_PAGE
[   16.814884][  T327] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   16.815058][  T327] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   16.815240][  T327] Code: a8 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   16.815734][  T327] RSP: 0018:ffffc900005a72e0 EFLAGS: 00010a06
[   16.815911][  T327] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffa6c9f6e3
[   16.816118][  T327] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   16.816325][  T327] RBP: fffffbfff5064c78 R08: 0000000000000000 R09: fffffbfff543f688
[   16.816536][  T327] R10: ffffffffaa1fb447 R11: 205d373233542020 R12: ffff88800b6c7220
[   16.816740][  T327] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   16.816960][  T327] FS:  00007ff3c8741000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[   16.817200][  T327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   16.817379][  T327] CR2: 00000000280bc088 CR3: 0000000009a0e002 CR4: 0000000000772ef0
[   16.817588][  T327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   16.817796][  T327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   16.818005][  T327] PKRU: 55555554
[   16.818110][  T327] Call Trace:
[   16.818214][  T327]  <TASK>
[   16.818287][  T327]  ? die_addr+0x41/0xa0
[   16.818398][  T327]  ? exc_general_protection+0x14d/0x230
[   16.818540][  T327]  ? asm_exc_general_protection+0x26/0x30
[   16.818681][  T327]  ? page_pool_item_uninit+0x73/0x130
[   16.818821][  T327]  ? page_pool_item_uninit+0x7a/0x130
[   16.818961][  T327]  page_pool_release+0x44a/0x5b0
[   16.819103][  T327]  ? __pfx_page_pool_release+0x10/0x10
[   16.819244][  T327]  page_pool_destroy+0x11e/0x560
[   16.819384][  T327]  veth_napi_del_range+0x34d/0x580
[   16.819526][  T327]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[   16.819700][  T327]  veth_set_features+0x13e/0x240
[   16.819837][  T327]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[   16.820008][  T327]  __netdev_update_features+0x30f/0xc20
[   16.820151][  T327]  ? __pfx___netdev_update_features+0x10/0x10
[   16.820326][  T327]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[   16.820503][  T327]  ethnl_set_features+0x31e/0x620
[   16.820644][  T327]  ? __pfx_ethnl_set_features+0x10/0x10
[   16.820784][  T327]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   16.820957][  T327]  ? __nla_validate_parse+0x1bc/0x3d0
[   16.821098][  T327]  ? __nla_parse+0x26/0x30
[   16.821240][  T327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[   16.821446][  T327]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[   16.821586][  T327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   16.821762][  T327]  ? rcu_read_lock_any_held+0x43/0xb0
[   16.821901][  T327]  ? validate_chain+0x1fe/0xae0
[   16.822040][  T327]  genl_family_rcv_msg+0x347/0x5b0
[   16.822183][  T327]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[   16.822322][  T327]  ? __pfx_ethnl_set_features+0x10/0x10
[   16.822463][  T327]  genl_rcv_msg+0xa3/0x140
[   16.822601][  T327]  netlink_rcv_skb+0x130/0x360
[   16.822738][  T327]  ? __pfx_genl_rcv_msg+0x10/0x10
[   16.822878][  T327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   16.823020][  T327]  ? genl_rcv+0x19/0x40
[   16.823125][  T327]  ? __pfx_down_read+0x10/0x10
[   16.823266][  T327]  ? netlink_deliver_tap+0x13e/0x340
[   16.823408][  T327]  genl_rcv+0x28/0x40
[   16.823515][  T327]  netlink_unicast+0x44b/0x710
[   16.823656][  T327]  ? __pfx_netlink_unicast+0x10/0x10
[   16.823795][  T327]  ? find_held_lock+0x2c/0x110
[   16.824017][  T327]  netlink_sendmsg+0x723/0xbe0
[   16.824160][  T327]  ? __pfx_netlink_sendmsg+0x10/0x10
[   16.824301][  T327]  ? lock_acquire+0x32/0xc0
[   16.824441][  T327]  ? __might_fault+0x11b/0x170
[   16.824661][  T327]  __sys_sendto+0x3c3/0x450
[   16.824804][  T327]  ? __pfx___sys_sendto+0x10/0x10
[   16.824946][  T327]  ? __lock_release+0x103/0x460
[   16.825086][  T327]  ? __sys_recvmsg+0x106/0x190
[   16.825303][  T327]  ? __pfx___sys_recvmsg+0x10/0x10
[   16.825445][  T327]  ? do_user_addr_fault+0x97c/0xe30
[   16.825589][  T327]  __x64_sys_sendto+0xe0/0x1c0
[   16.825728][  T327]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   16.825981][  T327]  do_syscall_64+0xc1/0x1d0
[   16.826123][  T327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   16.826295][  T327] RIP: 0033:0x7ff3c8891a4a
[   16.826437][  T327] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[   16.827010][  T327] RSP: 002b:00007ffd8babfd48 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   16.827304][  T327] RAX: ffffffffffffffda RBX: 00000000280ab2a0 RCX: 00007ff3c8891a4a
[   16.827512][  T327] RDX: 0000000000000044 RSI: 00000000280ab3b0 RDI: 0000000000000005
[   16.827720][  T327] RBP: 0000000000486020 R08: 00007ff3c894e200 R09: 000000000000000c
[   16.828006][  T327] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000280ab340
[   16.828214][  T327] R13: 0000000000000000 R14: 00000000280ab350 R15: 00000000280ab2a0
[   16.828503][  T327]  </TASK>
[   16.828609][  T327] Modules linked in: xt_length nft_compat nf_tables act_ct nf_flow_table nf_nat nf_conntrack libcrc32c nf_defrag_ipv6 nf_defrag_ipv4 cls_flower sch_ingress
[   16.829127][  T327] ---[ end trace 0000000000000000 ]---
[   16.829274][  T327] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   16.829453][  T327] Code: a8 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   16.830015][  T327] RSP: 0018:ffffc900005a72e0 EFLAGS: 00010a06
[   16.830193][  T327] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffa6c9f6e3
[   16.830480][  T327] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   16.830683][  T327] RBP: fffffbfff5064c78 R08: 0000000000000000 R09: fffffbfff543f688
[   16.830890][  T327] R10: ffffffffaa1fb447 R11: 205d373233542020 R12: ffff88800b6c7220
[   16.831181][  T327] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   16.831390][  T327] FS:  00007ff3c8741000(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
[   16.831705][  T327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   16.831877][  T327] CR2: 00000000280bc088 CR3: 0000000009a0e002 CR4: 0000000000772ef0
[   16.832086][  T327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   16.832373][  T327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   16.832581][  T327] PKRU: 55555554
[   16.832685][  T327] Kernel panic - not syncing: Fatal exception
[   16.833000][  T327] Kernel Offset: 0x23600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   16.833319][  T327] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr