[  377.074157][ T4174] ==================================================================
[  377.074430][ T4174] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[  377.074661][ T4174] Read of size 8 at addr ffff88801cdae008 by task ethtool/4174
[  377.074874][ T4174] 
[  377.074949][ T4174] CPU: 3 UID: 0 PID: 4174 Comm: ethtool Not tainted 6.13.0-rc5-virtme #1
[  377.075181][ T4174] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  377.075368][ T4174] Call Trace:
[  377.075481][ T4174]  <TASK>
[  377.075558][ T4174]  dump_stack_lvl+0x82/0xd0
[  377.075710][ T4174]  print_address_description.constprop.0+0x2c/0x3b0
[  377.075892][ T4174]  ? page_pool_item_uninit+0x100/0x130
[  377.076041][ T4174]  print_report+0xb4/0x270
[  377.076187][ T4174]  ? kasan_addr_to_slab+0x25/0x80
[  377.076341][ T4174]  kasan_report+0xbd/0xf0
[  377.076453][ T4174]  ? page_pool_item_uninit+0x100/0x130
[  377.076599][ T4174]  page_pool_item_uninit+0x100/0x130
[  377.076745][ T4174]  page_pool_release+0x44a/0x5b0
[  377.076889][ T4174]  ? __pfx_page_pool_release+0x10/0x10
[  377.077036][ T4174]  page_pool_destroy+0x11e/0x560
[  377.077179][ T4174]  veth_napi_del_range+0x34d/0x580
[  377.077324][ T4174]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[  377.077508][ T4174]  veth_set_features+0x13e/0x240
[  377.077653][ T4174]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[  377.077837][ T4174]  __netdev_update_features+0x30f/0xc20
[  377.077986][ T4174]  ? __pfx___netdev_update_features+0x10/0x10
[  377.078171][ T4174]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[  377.078364][ T4174]  ethnl_set_features+0x31e/0x620
[  377.078512][ T4174]  ? __pfx_ethnl_set_features+0x10/0x10
[  377.078656][ T4174]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  377.078842][ T4174]  ? __nla_validate_parse+0x1bc/0x3d0
[  377.078993][ T4174]  ? __nla_parse+0x26/0x30
[  377.079139][ T4174]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[  377.079358][ T4174]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[  377.079505][ T4174]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  377.079691][ T4174]  ? rcu_read_lock_any_held+0x43/0xb0
[  377.079841][ T4174]  ? validate_chain+0x1fe/0xae0
[  377.079990][ T4174]  genl_family_rcv_msg+0x347/0x5b0
[  377.080136][ T4174]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[  377.080283][ T4174]  ? __pfx_ethnl_set_features+0x10/0x10
[  377.080435][ T4174]  genl_rcv_msg+0xa3/0x140
[  377.080580][ T4174]  netlink_rcv_skb+0x130/0x360
[  377.080726][ T4174]  ? __pfx_genl_rcv_msg+0x10/0x10
[  377.080869][ T4174]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  377.081018][ T4174]  ? genl_rcv+0x19/0x40
[  377.081128][ T4174]  ? __pfx_down_read+0x10/0x10
[  377.081276][ T4174]  ? netlink_deliver_tap+0x13e/0x340
[  377.081425][ T4174]  genl_rcv+0x28/0x40
[  377.081533][ T4174]  netlink_unicast+0x44b/0x710
[  377.081678][ T4174]  ? __pfx_netlink_unicast+0x10/0x10
[  377.081827][ T4174]  ? find_held_lock+0x2c/0x110
[  377.081975][ T4174]  netlink_sendmsg+0x723/0xbe0
[  377.082123][ T4174]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.082269][ T4174]  ? lock_acquire+0x32/0xc0
[  377.082417][ T4174]  ? __might_fault+0x11b/0x170
[  377.082566][ T4174]  __sys_sendto+0x3c3/0x450
[  377.082713][ T4174]  ? __pfx___sys_sendto+0x10/0x10
[  377.082864][ T4174]  ? __lock_release+0x103/0x460
[  377.083018][ T4174]  ? __sys_recvmsg+0x106/0x190
[  377.083161][ T4174]  ? __pfx___sys_recvmsg+0x10/0x10
[  377.083313][ T4174]  ? do_user_addr_fault+0x97c/0xe30
[  377.083462][ T4174]  __x64_sys_sendto+0xe0/0x1c0
[  377.083606][ T4174]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  377.083784][ T4174]  do_syscall_64+0xc1/0x1d0
[  377.083929][ T4174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.084110][ T4174] RIP: 0033:0x7f581bf97a4a
[  377.084262][ T4174] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[  377.084767][ T4174] RSP: 002b:00007ffd9034f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  377.084988][ T4174] RAX: ffffffffffffffda RBX: 00000000141da2a0 RCX: 00007f581bf97a4a
[  377.085203][ T4174] RDX: 0000000000000044 RSI: 00000000141da3b0 RDI: 0000000000000005
[  377.085421][ T4174] RBP: 0000000000486020 R08: 00007f581c054200 R09: 000000000000000c
[  377.085636][ T4174] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000141da340
[  377.085852][ T4174] R13: 0000000000000000 R14: 00000000141da350 R15: 00000000141da2a0
[  377.086068][ T4174]  </TASK>
[  377.086177][ T4174] 
[  377.086255][ T4174] The buggy address belongs to the physical page:
[  377.086436][ T4174] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cdae
[  377.086693][ T4174] flags: 0x80000000000000(node=0|zone=1)
[  377.086840][ T4174] page_type: f5(slab)
[  377.086956][ T4174] raw: 0080000000000000 ffff8880010427c0 ffffea0000081310 ffffea00004e3610
[  377.087218][ T4174] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[  377.087474][ T4174] page dumped because: kasan: bad access detected
[  377.087651][ T4174] 
[  377.087724][ T4174] Memory state around the buggy address:
[  377.087863][ T4174]  ffff88801cdadf00: fc fc fc fc fc 00 00 00 00 00 fc fc fc fc fc fc
[  377.088074][ T4174]  ffff88801cdadf80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  377.088284][ T4174] >ffff88801cdae000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[  377.088492][ T4174]                       ^
[  377.088598][ T4174]  ffff88801cdae080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[  377.088808][ T4174]  ffff88801cdae100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[  377.089014][ T4174] ==================================================================
[  377.089389][ T4174] Disabling lock debugging due to kernel taint
[  377.089582][ T4174] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  377.089929][ T4174] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[  377.090168][ T4174] CPU: 3 UID: 0 PID: 4174 Comm: ethtool Tainted: G    B              6.13.0-rc5-virtme #1
[  377.090418][ T4174] Tainted: [B]=BAD_PAGE
[  377.090527][ T4174] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  377.090703][ T4174] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[  377.090889][ T4174] Code: 8f 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[  377.091385][ T4174] RSP: 0018:ffffc90000e872e0 EFLAGS: 00010a06
[  377.091567][ T4174] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff8dc9f6e3
[  377.091776][ T4174] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[  377.091984][ T4174] RBP: fffffbfff1e64c78 R08: 0000000000000000 R09: fffffbfff223f688
[  377.092199][ T4174] R10: ffffffff911fb447 R11: 205d343731345420 R12: ffff888004cf1e20
[  377.092408][ T4174] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[  377.092616][ T4174] FS:  00007f581be47000(0000) GS:ffff88806d180000(0000) knlGS:0000000000000000
[  377.092862][ T4174] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  377.093049][ T4174] CR2: 00000000141eb088 CR3: 0000000012898006 CR4: 0000000000772ef0
[  377.093260][ T4174] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  377.093468][ T4174] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  377.093676][ T4174] PKRU: 55555554
[  377.093785][ T4174] Call Trace:
[  377.093894][ T4174]  <TASK>
[  377.093970][ T4174]  ? die_addr+0x41/0xa0
[  377.094080][ T4174]  ? exc_general_protection+0x14d/0x230
[  377.094226][ T4174]  ? asm_exc_general_protection+0x26/0x30
[  377.094370][ T4174]  ? page_pool_item_uninit+0x73/0x130
[  377.094510][ T4174]  ? page_pool_item_uninit+0x7a/0x130
[  377.094653][ T4174]  page_pool_release+0x44a/0x5b0
[  377.094795][ T4174]  ? __pfx_page_pool_release+0x10/0x10
[  377.094942][ T4174]  page_pool_destroy+0x11e/0x560
[  377.095082][ T4174]  veth_napi_del_range+0x34d/0x580
[  377.095224][ T4174]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[  377.095399][ T4174]  veth_set_features+0x13e/0x240
[  377.095542][ T4174]  ? netdev_upper_get_next_dev_rcu+0x91/0xc0
[  377.095716][ T4174]  __netdev_update_features+0x30f/0xc20
[  377.095857][ T4174]  ? __pfx___netdev_update_features+0x10/0x10
[  377.096035][ T4174]  ? __pfx_ethnl_parse_header_dev_get.part.0+0x10/0x10
[  377.096214][ T4174]  ethnl_set_features+0x31e/0x620
[  377.096355][ T4174]  ? __pfx_ethnl_set_features+0x10/0x10
[  377.096494][ T4174]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  377.096670][ T4174]  ? __nla_validate_parse+0x1bc/0x3d0
[  377.096812][ T4174]  ? __nla_parse+0x26/0x30
[  377.096953][ T4174]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x162/0x240
[  377.097162][ T4174]  genl_family_rcv_msg_doit+0x1d4/0x2b0
[  377.097302][ T4174]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  377.097481][ T4174]  ? rcu_read_lock_any_held+0x43/0xb0
[  377.097622][ T4174]  ? validate_chain+0x1fe/0xae0
[  377.097764][ T4174]  genl_family_rcv_msg+0x347/0x5b0
[  377.097909][ T4174]  ? __pfx_genl_family_rcv_msg+0x10/0x10
[  377.098047][ T4174]  ? __pfx_ethnl_set_features+0x10/0x10
[  377.098189][ T4174]  genl_rcv_msg+0xa3/0x140
[  377.098330][ T4174]  netlink_rcv_skb+0x130/0x360
[  377.098468][ T4174]  ? __pfx_genl_rcv_msg+0x10/0x10
[  377.098606][ T4174]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  377.098747][ T4174]  ? genl_rcv+0x19/0x40
[  377.098853][ T4174]  ? __pfx_down_read+0x10/0x10
[  377.098997][ T4174]  ? netlink_deliver_tap+0x13e/0x340
[  377.099140][ T4174]  genl_rcv+0x28/0x40
[  377.099244][ T4174]  netlink_unicast+0x44b/0x710
[  377.099384][ T4174]  ? __pfx_netlink_unicast+0x10/0x10
[  377.099523][ T4174]  ? find_held_lock+0x2c/0x110
[  377.099663][ T4174]  netlink_sendmsg+0x723/0xbe0
[  377.099803][ T4174]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.099945][ T4174]  ? lock_acquire+0x32/0xc0
[  377.100085][ T4174]  ? __might_fault+0x11b/0x170
[  377.100228][ T4174]  __sys_sendto+0x3c3/0x450
[  377.100369][ T4174]  ? __pfx___sys_sendto+0x10/0x10
[  377.100512][ T4174]  ? __lock_release+0x103/0x460
[  377.100654][ T4174]  ? __sys_recvmsg+0x106/0x190
[  377.100793][ T4174]  ? __pfx___sys_recvmsg+0x10/0x10
[  377.100933][ T4174]  ? do_user_addr_fault+0x97c/0xe30
[  377.101077][ T4174]  __x64_sys_sendto+0xe0/0x1c0
[  377.101219][ T4174]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[  377.101395][ T4174]  do_syscall_64+0xc1/0x1d0
[  377.101536][ T4174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.101708][ T4174] RIP: 0033:0x7f581bf97a4a
[  377.101853][ T4174] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[  377.102346][ T4174] RSP: 002b:00007ffd9034f208 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  377.102556][ T4174] RAX: ffffffffffffffda RBX: 00000000141da2a0 RCX: 00007f581bf97a4a
[  377.102766][ T4174] RDX: 0000000000000044 RSI: 00000000141da3b0 RDI: 0000000000000005
[  377.102985][ T4174] RBP: 0000000000486020 R08: 00007f581c054200 R09: 000000000000000c
[  377.103191][ T4174] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000141da340
[  377.103399][ T4174] R13: 0000000000000000 R14: 00000000141da350 R15: 00000000141da2a0
[  377.103609][ T4174]  </TASK>
[  377.103714][ T4174] Modules linked in: ip6t_rpfilter ipt_rpfilter act_mirred act_tunnel_key cls_flower bareudp mpls_gso mpls_iptunnel mpls_router sch_ingress xfrm_interface sha1_generic xfrm_user xt_conntrack nf_conntrack nf_defrag_ipv4 nft_compat nf_tables libcrc32c nf_defrag_ipv6
[  377.104372][ T4174] ---[ end trace 0000000000000000 ]---
[  377.104516][ T4174] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[  377.104707][ T4174] Code: 8f 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[  377.105205][ T4174] RSP: 0018:ffffc90000e872e0 EFLAGS: 00010a06
[  377.105382][ T4174] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff8dc9f6e3
[  377.105590][ T4174] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[  377.105806][ T4174] RBP: fffffbfff1e64c78 R08: 0000000000000000 R09: fffffbfff223f688
[  377.106014][ T4174] R10: ffffffff911fb447 R11: 205d343731345420 R12: ffff888004cf1e20
[  377.106220][ T4174] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[  377.106426][ T4174] FS:  00007f581be47000(0000) GS:ffff88806d180000(0000) knlGS:0000000000000000
[  377.106672][ T4174] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  377.106856][ T4174] CR2: 00000000141eb088 CR3: 0000000012898006 CR4: 0000000000772ef0
[  377.107070][ T4174] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  377.107276][ T4174] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  377.107482][ T4174] PKRU: 55555554
[  377.107592][ T4174] Kernel panic - not syncing: Fatal exception
[  377.107840][ T4174] Kernel Offset: 0xa600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  377.108161][ T4174] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr