[   24.622346][   T67] ==================================================================
[   24.622589][   T67] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[   24.622808][   T67] Read of size 8 at addr ffff8880024f9008 by task kworker/u16:1/67
[   24.623018][   T67] 
[   24.623092][   T67] CPU: 1 UID: 0 PID: 67 Comm: kworker/u16:1 Not tainted 6.13.0-rc5-virtme #1
[   24.623351][   T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   24.623538][   T67] Workqueue: netns cleanup_net
[   24.623695][   T67] Call Trace:
[   24.623807][   T67]  <TASK>
[   24.623884][   T67]  dump_stack_lvl+0x82/0xd0
[   24.624038][   T67]  print_address_description.constprop.0+0x2c/0x3b0
[   24.624230][   T67]  ? page_pool_item_uninit+0x100/0x130
[   24.624377][   T67]  print_report+0xb4/0x270
[   24.624522][   T67]  ? kasan_addr_to_slab+0x25/0x80
[   24.624668][   T67]  kasan_report+0xbd/0xf0
[   24.624783][   T67]  ? page_pool_item_uninit+0x100/0x130
[   24.624931][   T67]  page_pool_item_uninit+0x100/0x130
[   24.625079][   T67]  page_pool_release+0x44a/0x5b0
[   24.625224][   T67]  ? __pfx_page_pool_release+0x10/0x10
[   24.625374][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.625564][   T67]  page_pool_destroy+0x11e/0x560
[   24.625711][   T67]  veth_napi_del_range+0x34d/0x580
[   24.625862][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.626044][   T67]  veth_close+0x104/0x190
[   24.626155][   T67]  __dev_close_many+0x1a0/0x2d0
[   24.626302][   T67]  ? __pfx___dev_close_many+0x10/0x10
[   24.626453][   T67]  dev_close_many+0x202/0x650
[   24.626600][   T67]  ? fou_exit_net+0x2f/0xf0
[   24.626746][   T67]  ? __pfx_dev_close_many+0x10/0x10
[   24.626892][   T67]  ? __mutex_trylock_common+0xfa/0x260
[   24.627043][   T67]  ? __pfx___mutex_trylock_common+0x10/0x10
[   24.627225][   T67]  unregister_netdevice_many_notify+0x8ed/0x1580
[   24.627408][   T67]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   24.627589][   T67]  ? default_device_exit_batch+0x81/0x2e0
[   24.627734][   T67]  ? mutex_is_locked+0x1c/0x60
[   24.627881][   T67]  ? rtnl_is_locked+0x15/0x20
[   24.628029][   T67]  ? unregister_netdevice_queue+0x70/0x410
[   24.628208][   T67]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   24.628387][   T67]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   24.628566][   T67]  default_device_exit_batch+0x241/0x2e0
[   24.628714][   T67]  ? __pfx_default_device_exit_batch+0x10/0x10
[   24.628903][   T67]  ? ops_exit_list+0xb4/0x170
[   24.629050][   T67]  cleanup_net+0x4ef/0xba0
[   24.629194][   T67]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   24.629337][   T67]  ? __pfx_cleanup_net+0x10/0x10
[   24.629482][   T67]  ? trace_lock_acquire+0x14c/0x1f0
[   24.629627][   T67]  ? lock_acquire+0x32/0xc0
[   24.629768][   T67]  ? process_one_work+0xe0b/0x16d0
[   24.629916][   T67]  process_one_work+0xe55/0x16d0
[   24.630063][   T67]  ? __pfx___lock_release+0x10/0x10
[   24.630207][   T67]  ? __pfx_process_one_work+0x10/0x10
[   24.630354][   T67]  ? assign_work+0x16c/0x240
[   24.630498][   T67]  worker_thread+0x58c/0xce0
[   24.630643][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.630822][   T67]  ? __pfx_worker_thread+0x10/0x10
[   24.630980][   T67]  ? __pfx_worker_thread+0x10/0x10
[   24.631124][   T67]  kthread+0x28a/0x350
[   24.631236][   T67]  ? __pfx_kthread+0x10/0x10
[   24.631381][   T67]  ret_from_fork+0x31/0x70
[   24.631526][   T67]  ? __pfx_kthread+0x10/0x10
[   24.631670][   T67]  ret_from_fork_asm+0x1a/0x30
[   24.631822][   T67]  </TASK>
[   24.631932][   T67] 
[   24.632006][   T67] The buggy address belongs to the physical page:
[   24.632187][   T67] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24f9
[   24.632459][   T67] flags: 0x80000000000000(node=0|zone=1)
[   24.632606][   T67] page_type: f5(slab)
[   24.632719][   T67] raw: 0080000000000000 ffff8880010427c0 ffffea000012f690 ffffea0000387d90
[   24.632974][   T67] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[   24.633230][   T67] page dumped because: kasan: bad access detected
[   24.633407][   T67] 
[   24.633480][   T67] Memory state around the buggy address:
[   24.633620][   T67]  ffff8880024f8f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.633829][   T67]  ffff8880024f8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   24.634045][   T67] >ffff8880024f9000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[   24.634253][   T67]                       ^
[   24.634361][   T67]  ffff8880024f9080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[   24.634567][   T67]  ffff8880024f9100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[   24.634773][   T67] ==================================================================
[   24.635077][   T67] Disabling lock debugging due to kernel taint
[   24.635262][   T67] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   24.635599][   T67] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[   24.635834][   T67] CPU: 1 UID: 0 PID: 67 Comm: kworker/u16:1 Tainted: G    B              6.13.0-rc5-virtme #1
[   24.636126][   T67] Tainted: [B]=BAD_PAGE
[   24.636232][   T67] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   24.636406][   T67] Workqueue: netns cleanup_net
[   24.636552][   T67] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   24.636731][   T67] Code: b1 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   24.637230][   T67] RSP: 0000:ffffc90000487698 EFLAGS: 00010a06
[   24.637404][   T67] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffafa9f6e3
[   24.637610][   T67] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   24.637822][   T67] RBP: fffffbfff6224c78 R08: 0000000000000000 R09: fffffbfff65ff688
[   24.638036][   T67] R10: ffffffffb2ffb447 R11: 205d373654202020 R12: ffff888009a9e620
[   24.638245][   T67] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   24.638449][   T67] FS:  0000000000000000(0000) GS:ffff88806d080000(0000) knlGS:0000000000000000
[   24.638689][   T67] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.638876][   T67] CR2: 00007f151f2cb000 CR3: 000000000dbfa005 CR4: 0000000000772ef0
[   24.639085][   T67] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.639293][   T67] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.639501][   T67] PKRU: 55555554
[   24.639606][   T67] Call Trace:
[   24.639720][   T67]  <TASK>
[   24.639794][   T67]  ? die_addr+0x41/0xa0
[   24.639904][   T67]  ? exc_general_protection+0x14d/0x230
[   24.640046][   T67]  ? asm_exc_general_protection+0x26/0x30
[   24.640187][   T67]  ? page_pool_item_uninit+0x73/0x130
[   24.640401][   T67]  ? page_pool_item_uninit+0x7a/0x130
[   24.640540][   T67]  ? page_pool_item_uninit+0x73/0x130
[   24.640686][   T67]  page_pool_release+0x44a/0x5b0
[   24.640828][   T67]  ? __pfx_page_pool_release+0x10/0x10
[   24.640967][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.641142][   T67]  page_pool_destroy+0x11e/0x560
[   24.641281][   T67]  veth_napi_del_range+0x34d/0x580
[   24.641420][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.641667][   T67]  veth_close+0x104/0x190
[   24.641778][   T67]  __dev_close_many+0x1a0/0x2d0
[   24.641917][   T67]  ? __pfx___dev_close_many+0x10/0x10
[   24.642059][   T67]  dev_close_many+0x202/0x650
[   24.642278][   T67]  ? fou_exit_net+0x2f/0xf0
[   24.642421][   T67]  ? __pfx_dev_close_many+0x10/0x10
[   24.642558][   T67]  ? __mutex_trylock_common+0xfa/0x260
[   24.642698][   T67]  ? __pfx___mutex_trylock_common+0x10/0x10
[   24.642952][   T67]  unregister_netdevice_many_notify+0x8ed/0x1580
[   24.643128][   T67]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[   24.643302][   T67]  ? default_device_exit_batch+0x81/0x2e0
[   24.643515][   T67]  ? mutex_is_locked+0x1c/0x60
[   24.643647][   T67]  ? rtnl_is_locked+0x15/0x20
[   24.643779][   T67]  ? unregister_netdevice_queue+0x70/0x410
[   24.643946][   T67]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   24.644195][   T67]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   24.644362][   T67]  default_device_exit_batch+0x241/0x2e0
[   24.644495][   T67]  ? __pfx_default_device_exit_batch+0x10/0x10
[   24.644738][   T67]  ? ops_exit_list+0xb4/0x170
[   24.644872][   T67]  cleanup_net+0x4ef/0xba0
[   24.645005][   T67]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   24.645139][   T67]  ? __pfx_cleanup_net+0x10/0x10
[   24.645358][   T67]  ? trace_lock_acquire+0x14c/0x1f0
[   24.645492][   T67]  ? lock_acquire+0x32/0xc0
[   24.645623][   T67]  ? process_one_work+0xe0b/0x16d0
[   24.645765][   T67]  process_one_work+0xe55/0x16d0
[   24.645973][   T67]  ? __pfx___lock_release+0x10/0x10
[   24.646105][   T67]  ? __pfx_process_one_work+0x10/0x10
[   24.646238][   T67]  ? assign_work+0x16c/0x240
[   24.646380][   T67]  worker_thread+0x58c/0xce0
[   24.646586][   T67]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   24.646750][   T67]  ? __pfx_worker_thread+0x10/0x10
[   24.646883][   T67]  ? __pfx_worker_thread+0x10/0x10
[   24.647016][   T67]  kthread+0x28a/0x350
[   24.647190][   T67]  ? __pfx_kthread+0x10/0x10
[   24.647323][   T67]  ret_from_fork+0x31/0x70
[   24.647466][   T67]  ? __pfx_kthread+0x10/0x10
[   24.647600][   T67]  ret_from_fork_asm+0x1a/0x30
[   24.647811][   T67]  </TASK>
[   24.647913][   T67] Modules linked in: sch_fq
[   24.648105][   T67] ---[ end trace 0000000000000000 ]---
[   24.648243][   T67] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   24.648415][   T67] Code: b1 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   24.649020][   T67] RSP: 0000:ffffc90000487698 EFLAGS: 00010a06
[   24.649189][   T67] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffafa9f6e3
[   24.649387][   T67] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   24.649591][   T67] RBP: fffffbfff6224c78 R08: 0000000000000000 R09: fffffbfff65ff688
[   24.649918][   T67] R10: ffffffffb2ffb447 R11: 205d373654202020 R12: ffff888009a9e620
[   24.650117][   T67] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   24.650314][   T67] FS:  0000000000000000(0000) GS:ffff88806d080000(0000) knlGS:0000000000000000
[   24.650540][   T67] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.650787][   T67] CR2: 00007f151f2cb000 CR3: 000000000dbfa005 CR4: 0000000000772ef0
[   24.651033][   T67] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.651231][   T67] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.651428][   T67] PKRU: 55555554
[   24.651529][   T67] Kernel panic - not syncing: Fatal exception
[   24.651854][   T67] Kernel Offset: 0x2c400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   24.652157][   T67] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr