[   24.443331][  T497] netdevsim netdevsim17856 eni17856np1: renamed from eth0
[   25.555564][  T508] ==================================================================
[   25.555818][  T508] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[   25.556047][  T508] Read of size 8 at addr ffff88800c841008 by task ip/508
[   25.556223][  T508] 
[   25.556296][  T508] CPU: 2 UID: 0 PID: 508 Comm: ip Not tainted 6.13.0-rc5-virtme #1
[   25.556513][  T508] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   25.556696][  T508] Call Trace:
[   25.556810][  T508]  <TASK>
[   25.556887][  T508]  dump_stack_lvl+0x82/0xd0
[   25.557037][  T508]  print_address_description.constprop.0+0x2c/0x3b0
[   25.557226][  T508]  ? page_pool_item_uninit+0x100/0x130
[   25.557370][  T508]  print_report+0xb4/0x270
[   25.557506][  T508]  ? kasan_addr_to_slab+0x25/0x80
[   25.557643][  T508]  kasan_report+0xbd/0xf0
[   25.557746][  T508]  ? page_pool_item_uninit+0x100/0x130
[   25.557883][  T508]  page_pool_item_uninit+0x100/0x130
[   25.558025][  T508]  page_pool_release+0x44a/0x5b0
[   25.558158][  T508]  ? __pfx_autoremove_wake_function+0x10/0x10
[   25.558350][  T508]  ? __pfx_page_pool_release+0x10/0x10
[   25.558492][  T508]  ? napi_disable+0x383/0x5b0
[   25.558639][  T508]  page_pool_destroy+0x11e/0x560
[   25.558781][  T508]  nsim_stop+0x21a/0x390 [netdevsim]
[   25.558938][  T508]  __dev_close_many+0x1a0/0x2d0
[   25.559080][  T508]  ? __pfx___dev_close_many+0x10/0x10
[   25.559226][  T508]  ? mark_held_locks+0x9e/0xe0
[   25.559371][  T508]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   25.559553][  T508]  __dev_change_flags+0x24f/0x6c0
[   25.559692][  T508]  ? __pfx___dev_change_flags+0x10/0x10
[   25.559827][  T508]  ? unwind_get_return_address+0x5e/0xa0
[   25.559966][  T508]  ? __pfx_validate_chain+0x10/0x10
[   25.560105][  T508]  dev_change_flags+0x80/0x160
[   25.560358][  T508]  do_setlink.constprop.0+0x79d/0x2300
[   25.560501][  T508]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[   25.560680][  T508]  ? lock_acquire.part.0+0xeb/0x330
[   25.560822][  T508]  ? rtnl_newlink+0x653/0xa70
[   25.560966][  T508]  ? rtnl_newlink+0xb9/0xa70
[   25.561107][  T508]  ? rtnetlink_rcv_msg+0x712/0xc10
[   25.561254][  T508]  ? __mutex_trylock_common+0xfa/0x260
[   25.561397][  T508]  ? __pfx___mutex_trylock_common+0x10/0x10
[   25.561576][  T508]  ? lock_acquire+0x32/0xc0
[   25.561717][  T508]  ? trace_contention_end+0xef/0x150
[   25.561861][  T508]  ? __mutex_lock+0x190/0xbc0
[   25.562005][  T508]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   25.562147][  T508]  ? rtnl_newlink+0x653/0xa70
[   25.562290][  T508]  ? __pfx___mutex_lock+0x10/0x10
[   25.562433][  T508]  ? __rtnl_newlink+0x40e/0xa40
[   25.562595][  T508]  rtnl_newlink+0x69c/0xa70
[   25.562742][  T508]  ? __pfx_rtnl_newlink+0x10/0x10
[   25.562886][  T508]  ? find_held_lock+0x2c/0x110
[   25.563031][  T508]  ? __pfx___lock_release+0x10/0x10
[   25.563177][  T508]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   25.563324][  T508]  ? rtnetlink_rcv_msg+0x6ef/0xc10
[   25.563470][  T508]  ? __pfx_rtnl_newlink+0x10/0x10
[   25.563616][  T508]  rtnetlink_rcv_msg+0x712/0xc10
[   25.563772][  T508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   25.563916][  T508]  ? hlock_class+0x4e/0x130
[   25.564065][  T508]  ? mark_lock+0x38/0x3e0
[   25.564174][  T508]  ? __lock_acquire+0xb9a/0x1680
[   25.564318][  T508]  netlink_rcv_skb+0x130/0x360
[   25.564460][  T508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   25.564606][  T508]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   25.564752][  T508]  ? netlink_deliver_tap+0x13e/0x340
[   25.564897][  T508]  ? netlink_deliver_tap+0xc3/0x340
[   25.565042][  T508]  netlink_unicast+0x44b/0x710
[   25.565184][  T508]  ? __pfx_netlink_unicast+0x10/0x10
[   25.565326][  T508]  ? find_held_lock+0x2c/0x110
[   25.565472][  T508]  netlink_sendmsg+0x723/0xbe0
[   25.565616][  T508]  ? __pfx_netlink_sendmsg+0x10/0x10
[   25.565761][  T508]  ____sys_sendmsg+0x7ac/0xa10
[   25.565904][  T508]  ? __pfx_____sys_sendmsg+0x10/0x10
[   25.566045][  T508]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   25.566225][  T508]  ___sys_sendmsg+0xee/0x170
[   25.566367][  T508]  ? __pfx____sys_sendmsg+0x10/0x10
[   25.566511][  T508]  ? kasan_save_stack+0x34/0x50
[   25.566654][  T508]  ? kasan_save_stack+0x24/0x50
[   25.566795][  T508]  ? __kasan_record_aux_stack+0x8e/0xa0
[   25.566936][  T508]  ? __call_rcu_common.constprop.0+0xa1/0x4b0
[   25.567113][  T508]  ? __x64_sys_close+0x7c/0xd0
[   25.567257][  T508]  ? do_syscall_64+0xc1/0x1d0
[   25.567398][  T508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   25.567574][  T508]  ? __lock_acquire+0xb9a/0x1680
[   25.567721][  T508]  ? find_held_lock+0x2c/0x110
[   25.567864][  T508]  ? __lock_release+0x103/0x460
[   25.568004][  T508]  ? __virt_addr_valid+0x22b/0x430
[   25.568148][  T508]  ? __pfx___lock_release+0x10/0x10
[   25.568289][  T508]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   25.568434][  T508]  __sys_sendmsg+0x109/0x1a0
[   25.568576][  T508]  ? __pfx___sys_sendmsg+0x10/0x10
[   25.568722][  T508]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   25.568903][  T508]  do_syscall_64+0xc1/0x1d0
[   25.569044][  T508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   25.569217][  T508] RIP: 0033:0x7f897c94b9a7
[   25.569363][  T508] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   25.569866][  T508] RSP: 002b:00007ffc329ef548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.570081][  T508] RAX: ffffffffffffffda RBX: 00007ffc329efc70 RCX: 00007f897c94b9a7
[   25.570293][  T508] RDX: 0000000000000000 RSI: 00007ffc329ef5b0 RDI: 0000000000000003
[   25.570501][  T508] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   25.570719][  T508] R10: 00007f897c809ef8 R11: 0000000000000246 R12: 0000000000000003
[   25.570933][  T508] R13: 00000000677c5ebd R14: 0000000000498600 R15: 0000000000000000
[   25.571149][  T508]  </TASK>
[   25.571259][  T508] 
[   25.571331][  T508] The buggy address belongs to the physical page:
[   25.571502][  T508] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc841
[   25.571762][  T508] flags: 0x80000000000000(node=0|zone=1)
[   25.571907][  T508] page_type: f5(slab)
[   25.572017][  T508] raw: 0080000000000000 ffff8880010427c0 ffffea00001616d0 ffffea000031be90
[   25.572268][  T508] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[   25.572516][  T508] page dumped because: kasan: bad access detected
[   25.572693][  T508] 
[   25.572765][  T508] Memory state around the buggy address:
[   25.572905][  T508]  ffff88800c840f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.573114][  T508]  ffff88800c840f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.573319][  T508] >ffff88800c841000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[   25.573531][  T508]                       ^
[   25.573638][  T508]  ffff88800c841080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[   25.573875][  T508]  ffff88800c841100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[   25.574095][  T508] ==================================================================
[   25.574417][  T508] Disabling lock debugging due to kernel taint
[   25.574725][  T508] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   25.575087][  T508] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[   25.575329][  T508] CPU: 2 UID: 0 PID: 508 Comm: ip Tainted: G    B              6.13.0-rc5-virtme #1
[   25.575561][  T508] Tainted: [B]=BAD_PAGE
[   25.575665][  T508] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   25.575827][  T508] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   25.575998][  T508] Code: 9b 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   25.576465][  T508] RSP: 0018:ffffc90000576f98 EFLAGS: 00010a06
[   25.576632][  T508] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff99c9f6e3
[   25.576827][  T508] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   25.577021][  T508] RBP: fffffbfff3664c78 R08: 0000000000000000 R09: fffffbfff3a3f688
[   25.577216][  T508] R10: ffffffff9d1fb447 R11: 205d383035542020 R12: ffff88800906c220
[   25.577413][  T508] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   25.577609][  T508] FS:  00007f897c73f800(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   25.577837][  T508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.578001][  T508] CR2: 00000000004e5018 CR3: 0000000005786006 CR4: 0000000000772ef0
[   25.578203][  T508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.578398][  T508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.578593][  T508] PKRU: 55555554
[   25.578692][  T508] Call Trace:
[   25.578791][  T508]  <TASK>
[   25.578860][  T508]  ? die_addr+0x41/0xa0
[   25.578962][  T508]  ? exc_general_protection+0x14d/0x230
[   25.579098][  T508]  ? asm_exc_general_protection+0x26/0x30
[   25.579233][  T508]  ? page_pool_item_uninit+0x73/0x130
[   25.579364][  T508]  ? page_pool_item_uninit+0x7a/0x130
[   25.579496][  T508]  ? page_pool_item_uninit+0x73/0x130
[   25.579627][  T508]  page_pool_release+0x44a/0x5b0
[   25.579762][  T508]  ? __pfx_autoremove_wake_function+0x10/0x10
[   25.579929][  T508]  ? __pfx_page_pool_release+0x10/0x10
[   25.580059][  T508]  ? napi_disable+0x383/0x5b0
[   25.580193][  T508]  page_pool_destroy+0x11e/0x560
[   25.580325][  T508]  nsim_stop+0x21a/0x390 [netdevsim]
[   25.580467][  T508]  __dev_close_many+0x1a0/0x2d0
[   25.580599][  T508]  ? __pfx___dev_close_many+0x10/0x10
[   25.580728][  T508]  ? mark_held_locks+0x9e/0xe0
[   25.580859][  T508]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   25.581027][  T508]  __dev_change_flags+0x24f/0x6c0
[   25.581156][  T508]  ? __pfx___dev_change_flags+0x10/0x10
[   25.581285][  T508]  ? unwind_get_return_address+0x5e/0xa0
[   25.581417][  T508]  ? __pfx_validate_chain+0x10/0x10
[   25.581547][  T508]  dev_change_flags+0x80/0x160
[   25.581677][  T508]  do_setlink.constprop.0+0x79d/0x2300
[   25.581811][  T508]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[   25.581975][  T508]  ? lock_acquire.part.0+0xeb/0x330
[   25.582105][  T508]  ? rtnl_newlink+0x653/0xa70
[   25.582234][  T508]  ? rtnl_newlink+0xb9/0xa70
[   25.582364][  T508]  ? rtnetlink_rcv_msg+0x712/0xc10
[   25.582495][  T508]  ? __mutex_trylock_common+0xfa/0x260
[   25.582625][  T508]  ? __pfx___mutex_trylock_common+0x10/0x10
[   25.582791][  T508]  ? lock_acquire+0x32/0xc0
[   25.582921][  T508]  ? trace_contention_end+0xef/0x150
[   25.583051][  T508]  ? __mutex_lock+0x190/0xbc0
[   25.583181][  T508]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   25.583309][  T508]  ? rtnl_newlink+0x653/0xa70
[   25.583439][  T508]  ? __pfx___mutex_lock+0x10/0x10
[   25.583571][  T508]  ? __rtnl_newlink+0x40e/0xa40
[   25.583703][  T508]  rtnl_newlink+0x69c/0xa70
[   25.583837][  T508]  ? __pfx_rtnl_newlink+0x10/0x10
[   25.583991][  T508]  ? find_held_lock+0x2c/0x110
[   25.584133][  T508]  ? __pfx___lock_release+0x10/0x10
[   25.584273][  T508]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   25.584415][  T508]  ? rtnetlink_rcv_msg+0x6ef/0xc10
[   25.584561][  T508]  ? __pfx_rtnl_newlink+0x10/0x10
[   25.584701][  T508]  rtnetlink_rcv_msg+0x712/0xc10
[   25.584932][  T508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   25.585072][  T508]  ? hlock_class+0x4e/0x130
[   25.585221][  T508]  ? mark_lock+0x38/0x3e0
[   25.585325][  T508]  ? __lock_acquire+0xb9a/0x1680
[   25.585542][  T508]  netlink_rcv_skb+0x130/0x360
[   25.585682][  T508]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   25.585821][  T508]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   25.585962][  T508]  ? netlink_deliver_tap+0x13e/0x340
[   25.586197][  T508]  ? netlink_deliver_tap+0xc3/0x340
[   25.586337][  T508]  netlink_unicast+0x44b/0x710
[   25.586479][  T508]  ? __pfx_netlink_unicast+0x10/0x10
[   25.586622][  T508]  ? find_held_lock+0x2c/0x110
[   25.586768][  T508]  netlink_sendmsg+0x723/0xbe0
[   25.586907][  T508]  ? __pfx_netlink_sendmsg+0x10/0x10
[   25.587053][  T508]  ____sys_sendmsg+0x7ac/0xa10
[   25.587194][  T508]  ? __pfx_____sys_sendmsg+0x10/0x10
[   25.587421][  T508]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   25.587595][  T508]  ___sys_sendmsg+0xee/0x170
[   25.587745][  T508]  ? __pfx____sys_sendmsg+0x10/0x10
[   25.587881][  T508]  ? kasan_save_stack+0x34/0x50
[   25.588097][  T508]  ? kasan_save_stack+0x24/0x50
[   25.588234][  T508]  ? __kasan_record_aux_stack+0x8e/0xa0
[   25.588374][  T508]  ? __call_rcu_common.constprop.0+0xa1/0x4b0
[   25.588543][  T508]  ? __x64_sys_close+0x7c/0xd0
[   25.588681][  T508]  ? do_syscall_64+0xc1/0x1d0
[   25.588816][  T508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   25.588984][  T508]  ? __lock_acquire+0xb9a/0x1680
[   25.589124][  T508]  ? find_held_lock+0x2c/0x110
[   25.589341][  T508]  ? __lock_release+0x103/0x460
[   25.589480][  T508]  ? __virt_addr_valid+0x22b/0x430
[   25.589619][  T508]  ? __pfx___lock_release+0x10/0x10
[   25.589754][  T508]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   25.589971][  T508]  __sys_sendmsg+0x109/0x1a0
[   25.590107][  T508]  ? __pfx___sys_sendmsg+0x10/0x10
[   25.590242][  T508]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   25.590492][  T508]  do_syscall_64+0xc1/0x1d0
[   25.590634][  T508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   25.590804][  T508] RIP: 0033:0x7f897c94b9a7
[   25.590944][  T508] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   25.591507][  T508] RSP: 002b:00007ffc329ef548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.591714][  T508] RAX: ffffffffffffffda RBX: 00007ffc329efc70 RCX: 00007f897c94b9a7
[   25.591909][  T508] RDX: 0000000000000000 RSI: 00007ffc329ef5b0 RDI: 0000000000000003
[   25.592102][  T508] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   25.592373][  T508] R10: 00007f897c809ef8 R11: 0000000000000246 R12: 0000000000000003
[   25.592597][  T508] R13: 00000000677c5ebd R14: 0000000000498600 R15: 0000000000000000
[   25.592803][  T508]  </TASK>
[   25.592986][  T508] Modules linked in: netdevsim psample act_gact cls_flower sch_ingress vxlan
[   25.593346][  T508] ---[ end trace 0000000000000000 ]---
[   25.593504][  T508] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   25.593711][  T508] Code: 9b 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   25.594320][  T508] RSP: 0018:ffffc90000576f98 EFLAGS: 00010a06
[   25.594512][  T508] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff99c9f6e3
[   25.594823][  T508] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   25.595048][  T508] RBP: fffffbfff3664c78 R08: 0000000000000000 R09: fffffbfff3a3f688
[   25.595354][  T508] R10: ffffffff9d1fb447 R11: 205d383035542020 R12: ffff88800906c220
[   25.595567][  T508] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   25.595794][  T508] FS:  00007f897c73f800(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   25.596111][  T508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.596285][  T508] CR2: 00000000004e5018 CR3: 0000000005786006 CR4: 0000000000772ef0
[   25.596487][  T508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.596776][  T508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.596988][  T508] PKRU: 55555554
[   25.597099][  T508] Kernel panic - not syncing: Fatal exception
[   25.597470][  T508] Kernel Offset: 0x16600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   25.597783][  T508] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr