[   51.435902][  T810] ==================================================================
[   51.436215][  T810] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[   51.436432][  T810] Read of size 8 at addr ffff88800b5e8008 by task ethtool/810
[   51.436642][  T810] 
[   51.436715][  T810] CPU: 2 UID: 0 PID: 810 Comm: ethtool Not tainted 6.13.0-rc5-virtme #1
[   51.436932][  T810] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   51.437111][  T810] Call Trace:
[   51.437222][  T810]  <TASK>
[   51.437299][  T810]  dump_stack_lvl+0x82/0xd0
[   51.437449][  T810]  print_address_description.constprop.0+0x2c/0x3b0
[   51.437628][  T810]  ? page_pool_item_uninit+0x100/0x130
[   51.437779][  T810]  print_report+0xb4/0x270
[   51.437923][  T810]  ? kasan_addr_to_slab+0x25/0x80
[   51.438097][  T810]  kasan_report+0xbd/0xf0
[   51.438206][  T810]  ? page_pool_item_uninit+0x100/0x130
[   51.438354][  T810]  page_pool_item_uninit+0x100/0x130
[   51.438496][  T810]  page_pool_release+0x44a/0x5b0
[   51.438638][  T810]  ? __pfx_page_pool_release+0x10/0x10
[   51.438790][  T810]  page_pool_destroy+0x11e/0x560
[   51.438934][  T810]  veth_napi_del_range+0x34d/0x580
[   51.439081][  T810]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[   51.439263][  T810]  veth_set_features+0x13e/0x240
[   51.439408][  T810]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[   51.439587][  T810]  __netdev_update_features+0x30f/0xc20
[   51.439730][  T810]  ? __pfx___netdev_update_features+0x10/0x10
[   51.439905][  T810]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[   51.440095][  T810]  ethnl_set_features+0x31e/0x620
[   51.440237][  T810]  ? __pfx_ethnl_set_features+0x10/0x10
[   51.440379][  T810]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   51.440559][  T810]  ? __nla_validate_parse+0x1bc/0x3d0
[   51.440705][  T810]  ? __nla_parse+0x26/0x30
[   51.440845][  T810]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[   51.441059][  T810]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[   51.441202][  T810]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   51.441382][  T810]  ? rcu_read_lock_any_held+0x43/0xb0
[   51.441528][  T810]  ? validate_chain+0x1fe/0xae0
[   51.441674][  T810]  genl_family_rcv_msg+0x347/0x5b0
[   51.441822][  T810]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[   51.441963][  T810]  ? __pfx_ethnl_set_features+0x10/0x10
[   51.442110][  T810]  genl_rcv_msg+0xa3/0x140
[   51.442252][  T810]  netlink_rcv_skb+0x130/0x360
[   51.442393][  T810]  ? __pfx_genl_rcv_msg+0x10/0x10
[   51.442535][  T810]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   51.442681][  T810]  ? genl_rcv+0x19/0x40
[   51.442793][  T810]  ? __pfx_down_read+0x10/0x10
[   51.442938][  T810]  ? netlink_deliver_tap+0x13e/0x340
[   51.443081][  T810]  genl_rcv+0x28/0x40
[   51.443188][  T810]  netlink_unicast+0x44b/0x710
[   51.443332][  T810]  ? __pfx_netlink_unicast+0x10/0x10
[   51.443479][  T810]  ? find_held_lock+0x2c/0x110
[   51.443621][  T810]  netlink_sendmsg+0x723/0xbe0
[   51.443764][  T810]  ? __pfx_netlink_sendmsg+0x10/0x10
[   51.443904][  T810]  ? lock_acquire+0x32/0xc0
[   51.444047][  T810]  ? __might_fault+0x11b/0x170
[   51.444191][  T810]  __sys_sendto+0x3c3/0x450
[   51.444333][  T810]  ? __pfx___sys_sendto+0x10/0x10
[   51.444476][  T810]  ? __lock_release+0x103/0x460
[   51.444625][  T810]  ? __sys_recvmsg+0x106/0x190
[   51.444764][  T810]  ? __pfx___sys_recvmsg+0x10/0x10
[   51.444906][  T810]  ? do_user_addr_fault+0x97c/0xe30
[   51.445048][  T810]  __x64_sys_sendto+0xe0/0x1c0
[   51.445190][  T810]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   51.445363][  T810]  do_syscall_64+0xc1/0x1d0
[   51.445503][  T810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.445683][  T810] RIP: 0033:0x7f9ca23d8a4a
[   51.445831][  T810] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[   51.446327][  T810] RSP: 002b:00007ffe89130578 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   51.446543][  T810] RAX: ffffffffffffffda RBX: 000000002a87c2a0 RCX: 00007f9ca23d8a4a
[   51.446757][  T810] RDX: 0000000000000044 RSI: 000000002a87c3b0 RDI: 0000000000000005
[   51.446969][  T810] RBP: 0000000000486020 R08: 00007f9ca2495200 R09: 000000000000000c
[   51.447181][  T810] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002a87c340
[   51.447395][  T810] R13: 0000000000000000 R14: 000000002a87c350 R15: 000000002a87c2a0
[   51.447614][  T810]  </TASK>
[   51.447722][  T810] 
[   51.447794][  T810] The buggy address belongs to the physical page:
[   51.447967][  T810] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb5e8
[   51.448218][  T810] flags: 0x80000000000000(node=0|zone=1)
[   51.448366][  T810] page_type: f5(slab)
[   51.448479][  T810] raw: 0080000000000000 ffff8880010427c0 ffffea000008ed10 ffffea0000426010
[   51.448733][  T810] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[   51.448982][  T810] page dumped because: kasan: bad access detected
[   51.449157][  T810] 
[   51.449227][  T810] Memory state around the buggy address:
[   51.449373][  T810]  ffff88800b5e7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   51.449581][  T810]  ffff88800b5e7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   51.449785][  T810] >ffff88800b5e8000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[   51.449988][  T810]                       ^
[   51.450093][  T810]  ffff88800b5e8080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[   51.450300][  T810]  ffff88800b5e8100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[   51.450505][  T810] ==================================================================
[   51.451427][  T810] Disabling lock debugging due to kernel taint
[   51.451701][  T810] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   51.452043][  T810] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[   51.452279][  T810] CPU: 2 UID: 0 PID: 810 Comm: ethtool Tainted: G    B              6.13.0-rc5-virtme #1
[   51.452521][  T810] Tainted: [B]=BAD_PAGE
[   51.452625][  T810] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   51.452799][  T810] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   51.452981][  T810] Code: 9b 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   51.453460][  T810] RSP: 0018:ffffc900005672e0 EFLAGS: 00010a06
[   51.453636][  T810] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff9a89f6e3
[   51.453844][  T810] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   51.454052][  T810] RBP: fffffbfff37e4c78 R08: 0000000000000000 R09: fffffbfff3bbf688
[   51.454256][  T810] R10: ffffffff9ddfb447 R11: 205d303138542020 R12: ffff8880091fe620
[   51.454461][  T810] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   51.454670][  T810] FS:  00007f9ca2288000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   51.454911][  T810] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.455086][  T810] CR2: 000000002a88d088 CR3: 000000001131c001 CR4: 0000000000772ef0
[   51.455293][  T810] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.455499][  T810] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.455709][  T810] PKRU: 55555554
[   51.455813][  T810] Call Trace:
[   51.455916][  T810]  <TASK>
[   51.455987][  T810]  ? die_addr+0x41/0xa0
[   51.456093][  T810]  ? exc_general_protection+0x14d/0x230
[   51.456235][  T810]  ? asm_exc_general_protection+0x26/0x30
[   51.456378][  T810]  ? page_pool_item_uninit+0x73/0x130
[   51.456515][  T810]  ? page_pool_item_uninit+0x7a/0x130
[   51.456656][  T810]  page_pool_release+0x44a/0x5b0
[   51.456796][  T810]  ? __pfx_page_pool_release+0x10/0x10
[   51.456934][  T810]  page_pool_destroy+0x11e/0x560
[   51.457071][  T810]  veth_napi_del_range+0x34d/0x580
[   51.457210][  T810]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[   51.457385][  T810]  veth_set_features+0x13e/0x240
[   51.457521][  T810]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[   51.457693][  T810]  __netdev_update_features+0x30f/0xc20
[   51.457833][  T810]  ? __pfx___netdev_update_features+0x10/0x10
[   51.458002][  T810]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[   51.458179][  T810]  ethnl_set_features+0x31e/0x620
[   51.458315][  T810]  ? __pfx_ethnl_set_features+0x10/0x10
[   51.458454][  T810]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   51.458628][  T810]  ? __nla_validate_parse+0x1bc/0x3d0
[   51.458772][  T810]  ? __nla_parse+0x26/0x30
[   51.458907][  T810]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[   51.459113][  T810]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[   51.459250][  T810]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   51.459422][  T810]  ? rcu_read_lock_any_held+0x43/0xb0
[   51.459563][  T810]  ? validate_chain+0x1fe/0xae0
[   51.459700][  T810]  genl_family_rcv_msg+0x347/0x5b0
[   51.459836][  T810]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[   51.459976][  T810]  ? __pfx_ethnl_set_features+0x10/0x10
[   51.460116][  T810]  genl_rcv_msg+0xa3/0x140
[   51.460254][  T810]  netlink_rcv_skb+0x130/0x360
[   51.460391][  T810]  ? __pfx_genl_rcv_msg+0x10/0x10
[   51.460529][  T810]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   51.460670][  T810]  ? genl_rcv+0x19/0x40
[   51.460774][  T810]  ? __pfx_down_read+0x10/0x10
[   51.460912][  T810]  ? netlink_deliver_tap+0x13e/0x340
[   51.461053][  T810]  genl_rcv+0x28/0x40
[   51.461158][  T810]  netlink_unicast+0x44b/0x710
[   51.461375][  T810]  ? __pfx_netlink_unicast+0x10/0x10
[   51.461511][  T810]  ? find_held_lock+0x2c/0x110
[   51.461651][  T810]  netlink_sendmsg+0x723/0xbe0
[   51.461789][  T810]  ? __pfx_netlink_sendmsg+0x10/0x10
[   51.462005][  T810]  ? lock_acquire+0x32/0xc0
[   51.462141][  T810]  ? __might_fault+0x11b/0x170
[   51.462280][  T810]  __sys_sendto+0x3c3/0x450
[   51.462419][  T810]  ? __pfx___sys_sendto+0x10/0x10
[   51.462635][  T810]  ? __lock_release+0x103/0x460
[   51.462772][  T810]  ? __sys_recvmsg+0x106/0x190
[   51.462912][  T810]  ? __pfx___sys_recvmsg+0x10/0x10
[   51.463052][  T810]  ? do_user_addr_fault+0x97c/0xe30
[   51.463190][  T810]  __x64_sys_sendto+0xe0/0x1c0
[   51.463326][  T810]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   51.463494][  T810]  do_syscall_64+0xc1/0x1d0
[   51.463632][  T810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.463881][  T810] RIP: 0033:0x7f9ca23d8a4a
[   51.464025][  T810] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[   51.464587][  T810] RSP: 002b:00007ffe89130578 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   51.464794][  T810] RAX: ffffffffffffffda RBX: 000000002a87c2a0 RCX: 00007f9ca23d8a4a
[   51.465085][  T810] RDX: 0000000000000044 RSI: 000000002a87c3b0 RDI: 0000000000000005
[   51.465288][  T810] RBP: 0000000000486020 R08: 00007f9ca2495200 R09: 000000000000000c
[   51.465493][  T810] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002a87c340
[   51.465775][  T810] R13: 0000000000000000 R14: 000000002a87c350 R15: 000000002a87c2a0
[   51.465988][  T810]  </TASK>
[   51.466093][  T810] Modules linked in: xt_length nft_compat nf_tables act_ct nf_flow_table nf_nat nf_conntrack libcrc32c nf_defrag_ipv6 nf_defrag_ipv4 act_gact cls_flower sch_ingress
[   51.466673][  T810] ---[ end trace 0000000000000000 ]---
[   51.466870][  T810] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   51.467148][  T810] Code: 9b 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   51.467644][  T810] RSP: 0018:ffffc900005672e0 EFLAGS: 00010a06
[   51.467909][  T810] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff9a89f6e3
[   51.468131][  T810] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   51.468353][  T810] RBP: fffffbfff37e4c78 R08: 0000000000000000 R09: fffffbfff3bbf688
[   51.468649][  T810] R10: ffffffff9ddfb447 R11: 205d303138542020 R12: ffff8880091fe620
[   51.468883][  T810] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   51.469103][  T810] FS:  00007f9ca2288000(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   51.469360][  T810] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.469543][  T810] CR2: 000000002a88d088 CR3: 000000001131c001 CR4: 0000000000772ef0
[   51.469839][  T810] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.470065][  T810] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.470287][  T810] PKRU: 55555554
[   51.470482][  T810] Kernel panic - not syncing: Fatal exception
[   51.470771][  T810] Kernel Offset: 0x17200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   51.471169][  T810] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr