======================================
| [   25.555564][  T508] ==================================================================
| [ 25.555818][ T508] BUG: KASAN: use-after-free in page_pool_item_uninit (net/core/page_pool.c:523)
| [   25.556047][  T508] Read of size 8 at addr ffff88800c841008 by task ip/508
| [   25.556223][  T508]
[   25.556513][  T508] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   25.556696][  T508] Call Trace:
[   25.556810][  T508]  <TASK>
[ 25.556887][ T508] dump_stack_lvl (lib/dump_stack.c:123)
[ 25.557037][ T508] print_address_description.constprop.0 (mm/kasan/report.c:379)
[ 25.557226][ T508] ? page_pool_item_uninit (net/core/page_pool.c:523)
[ 25.557370][ T508] print_report (mm/kasan/report.c:490)
[ 25.557506][ T508] ? kasan_addr_to_slab (./include/linux/mm.h:1295 mm/kasan/../slab.h:211 mm/kasan/common.c:38)
[ 25.557643][ T508] kasan_report (mm/kasan/report.c:604)
[ 25.557746][ T508] ? page_pool_item_uninit (net/core/page_pool.c:523)
[ 25.557883][ T508] page_pool_item_uninit (net/core/page_pool.c:523)
[ 25.558025][ T508] page_pool_release (net/core/page_pool.c:1431 net/core/page_pool.c:1484)
[ 25.558158][ T508] ? __pfx_autoremove_wake_function (kernel/sched/wait.c:383)
[ 25.558350][ T508] ? __pfx_page_pool_release (net/core/page_pool.c:1478)
[ 25.558492][ T508] ? napi_disable (./arch/x86/include/asm/bitops.h:75 ./include/asm-generic/bitops/instrumented-atomic.h:42 net/core/dev.c:6832)
[ 25.558639][ T508] page_pool_destroy (net/core/page_pool.c:1555)
[ 25.558781][ T508] nsim_stop (drivers/net/netdevsim/netdev.c:469 drivers/net/netdevsim/netdev.c:483) netdevsim
[ 25.558938][ T508] __dev_close_many (net/core/dev.c:1591)
[ 25.559080][ T508] ? __pfx___dev_close_many (net/core/dev.c:1555)
[ 25.559226][ T508] ? mark_held_locks (kernel/locking/lockdep.c:4321)
[ 25.559371][ T508] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 25.559553][ T508] __dev_change_flags (./include/linux/list.h:111 ./include/linux/list.h:215 ./include/linux/list.h:229 net/core/dev.c:1604 net/core/dev.c:8977)
[ 25.559692][ T508] ? __pfx___dev_change_flags (net/core/dev.c:8943)
[ 25.559827][ T508] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364)
[ 25.559966][ T508] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860)
[ 25.560105][ T508] dev_change_flags (net/core/dev.c:9051)
[ 25.560358][ T508] do_setlink.constprop.0 (net/core/rtnetlink.c:3118)
[ 25.560501][ T508] ? __pfx_do_setlink.constprop.0 (net/core/rtnetlink.c:2999)
[ 25.560680][ T508] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)
[ 25.560822][ T508] ? rtnl_newlink (net/core/rtnetlink.c:337 net/core/rtnetlink.c:4025)
[ 25.560966][ T508] ? rtnl_newlink (./include/linux/slab.h:901 net/core/rtnetlink.c:3926)
[ 25.561107][ T508] ? rtnetlink_rcv_msg (net/core/rtnetlink.c:6916)
[ 25.561254][ T508] ? __mutex_trylock_common (./arch/x86/include/asm/atomic64_64.h:101 ./include/linux/atomic/atomic-arch-fallback.h:4296 ./include/linux/atomic/atomic-long.h:1482 ./include/linux/atomic/atomic-instrumented.h:4458 kernel/locking/mutex.c:104)
[ 25.561397][ T508] ? __pfx___mutex_trylock_common (kernel/locking/mutex.c:79)
[ 25.561576][ T508] ? lock_acquire (kernel/locking/lockdep.c:5822)
[ 25.561717][ T508] ? trace_contention_end (./include/trace/events/lock.h:122 (discriminator 37))
[ 25.561861][ T508] ? __mutex_lock (./arch/x86/include/asm/preempt.h:94 kernel/locking/mutex.c:595 kernel/locking/mutex.c:735)
[ 25.562005][ T508] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)
[ 25.562147][ T508] ? rtnl_newlink (net/core/rtnetlink.c:337 net/core/rtnetlink.c:4025)
[ 25.562290][ T508] ? __pfx___mutex_lock (kernel/locking/mutex.c:734)
[ 25.562433][ T508] ? __rtnl_newlink (net/core/rtnetlink.c:3876)
[ 25.562595][ T508] rtnl_newlink (net/core/rtnetlink.c:345 net/core/rtnetlink.c:4027)
[ 25.562742][ T508] ? __pfx_rtnl_newlink (net/core/rtnetlink.c:3917)
[ 25.562886][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.563031][ T508] ? __pfx___lock_release (kernel/locking/lockdep.c:5501)
[ 25.563177][ T508] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5814)
[ 25.563324][ T508] ? rtnetlink_rcv_msg (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/rtnetlink.c:6914)
[ 25.563470][ T508] ? __pfx_rtnl_newlink (net/core/rtnetlink.c:3917)
[ 25.563616][ T508] rtnetlink_rcv_msg (net/core/rtnetlink.c:6916)
[ 25.563772][ T508] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6819)
[ 25.563916][ T508] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228)
[ 25.564065][ T508] ? mark_lock (kernel/locking/lockdep.c:4727 (discriminator 3))
[ 25.564174][ T508] ? __lock_acquire (kernel/locking/lockdep.c:5226)
[ 25.564318][ T508] netlink_rcv_skb (net/netlink/af_netlink.c:2543)
[ 25.564460][ T508] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6819)
[ 25.564606][ T508] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2520)
[ 25.564752][ T508] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340)
[ 25.564897][ T508] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333)
[ 25.565042][ T508] netlink_unicast (net/netlink/af_netlink.c:1322 net/netlink/af_netlink.c:1348)
[ 25.565184][ T508] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1333)
[ 25.565326][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.565472][ T508] netlink_sendmsg (net/netlink/af_netlink.c:1892)
[ 25.565616][ T508] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1811)
[ 25.565761][ T508] ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2594)
[ 25.565904][ T508] ? __pfx_____sys_sendmsg (net/socket.c:2540)
[ 25.566045][ T508] ? __pfx_copy_msghdr_from_user (net/socket.c:2520)
[ 25.566225][ T508] ___sys_sendmsg (net/socket.c:2650)
[ 25.566367][ T508] ? __pfx____sys_sendmsg (net/socket.c:2637)
[ 25.566511][ T508] ? kasan_save_stack (mm/kasan/common.c:49)
[ 25.566654][ T508] ? kasan_save_stack (mm/kasan/common.c:48)
[ 25.566795][ T508] ? __kasan_record_aux_stack (mm/kasan/generic.c:544)
[ 25.566936][ T508] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087)
[ 25.567113][ T508] ? __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)
[ 25.567257][ T508] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 25.567398][ T508] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 25.567574][ T508] ? __lock_acquire (kernel/locking/lockdep.c:5226)
[ 25.567721][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.567864][ T508] ? __lock_release (kernel/locking/lockdep.c:5525)
[ 25.568004][ T508] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2058 arch/x86/mm/physaddr.c:65)
[ 25.568148][ T508] ? __pfx___lock_release (kernel/locking/lockdep.c:5501)
[ 25.568289][ T508] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5814)
[ 25.568434][ T508] __sys_sendmsg (net/socket.c:2680)
[ 25.568576][ T508] ? __pfx___sys_sendmsg (net/socket.c:2665)
[ 25.568722][ T508] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4643)
[ 25.568903][ T508] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 25.569044][ T508] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[   25.569217][  T508] RIP: 0033:0x7f897c94b9a7
[ 25.569363][ T508] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
All code
========
   0:	0a 00                	or     (%rax),%al
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b9                	jmp    0xffffffffffffffc9
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 2e 00 00 00       	mov    $0x2e,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  3b:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  11:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
[   25.569866][  T508] RSP: 002b:00007ffc329ef548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.570081][  T508] RAX: ffffffffffffffda RBX: 00007ffc329efc70 RCX: 00007f897c94b9a7
[   25.570293][  T508] RDX: 0000000000000000 RSI: 00007ffc329ef5b0 RDI: 0000000000000003
[   25.570501][  T508] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   25.570719][  T508] R10: 00007f897c809ef8 R11: 0000000000000246 R12: 0000000000000003
[   25.570933][  T508] R13: 00000000677c5ebd R14: 0000000000498600 R15: 0000000000000000
| [   25.574417][  T508] Disabling lock debugging due to kernel taint
| [   25.574725][  T508] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [   25.575087][  T508] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
| [   25.575561][  T508] Tainted: [B]=BAD_PAGE
[   25.575665][  T508] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 25.575827][ T508] RIP: 0010:page_pool_item_uninit (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/core/page_pool.c:524)
[ 25.575998][ T508] Code: 9b 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 ad 6d 63 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
All code
========
   0:	9b                   	fwait
   1:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
   8:	fc ff df 
   b:	48 c1 ed 03          	shr    $0x3,%rbp
   f:	48 01 dd             	add    %rbx,%rbp
  12:	4d 8d 75 1c          	lea    0x1c(%r13),%r14
  16:	be 04 00 00 00       	mov    $0x4,%esi
  1b:	4c 89 f7             	mov    %r14,%rdi
  1e:	e8 ad 6d 63 fe       	call   0xfffffffffe636dd0
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx		<-- trapping instruction
  2e:	4c 89 f0             	mov    %r14,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 03             	add    $0x3,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 04                	jl     0x3f
  3b:	84 d2                	test   %dl,%dl
  3d:	75 62                	jne    0xa1
  3f:	41                   	rex.B

Code starting with the faulting instruction
===========================================
   0:	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx
   4:	4c 89 f0             	mov    %r14,%rax
   7:	83 e0 07             	and    $0x7,%eax
   a:	83 c0 03             	add    $0x3,%eax
   d:	38 d0                	cmp    %dl,%al
   f:	7c 04                	jl     0x15
  11:	84 d2                	test   %dl,%dl
  13:	75 62                	jne    0x77
  15:	41                   	rex.B
[   25.576465][  T508] RSP: 0018:ffffc90000576f98 EFLAGS: 00010a06
[   25.576632][  T508] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffff99c9f6e3
[   25.576827][  T508] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   25.577021][  T508] RBP: fffffbfff3664c78 R08: 0000000000000000 R09: fffffbfff3a3f688
[   25.577216][  T508] R10: ffffffff9d1fb447 R11: 205d383035542020 R12: ffff88800906c220
[   25.577413][  T508] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   25.577609][  T508] FS:  00007f897c73f800(0000) GS:ffff88806d100000(0000) knlGS:0000000000000000
[   25.577837][  T508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.578001][  T508] CR2: 00000000004e5018 CR3: 0000000005786006 CR4: 0000000000772ef0
[   25.578203][  T508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.578398][  T508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.578593][  T508] PKRU: 55555554
[   25.578692][  T508] Call Trace:
[   25.578791][  T508]  <TASK>
[ 25.578860][ T508] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460)
[ 25.578962][ T508] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693)
[ 25.579098][ T508] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617)
[ 25.579233][ T508] ? page_pool_item_uninit (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/core/page_pool.c:524)
[ 25.579364][ T508] ? page_pool_item_uninit (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/core/page_pool.c:524)
[ 25.579496][ T508] ? page_pool_item_uninit (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/core/page_pool.c:524)
[ 25.579627][ T508] page_pool_release (net/core/page_pool.c:1431 net/core/page_pool.c:1484)
[ 25.579762][ T508] ? __pfx_autoremove_wake_function (kernel/sched/wait.c:383)
[ 25.579929][ T508] ? __pfx_page_pool_release (net/core/page_pool.c:1478)
[ 25.580059][ T508] ? napi_disable (./arch/x86/include/asm/bitops.h:75 ./include/asm-generic/bitops/instrumented-atomic.h:42 net/core/dev.c:6832)
[ 25.580193][ T508] page_pool_destroy (net/core/page_pool.c:1555)
[ 25.580325][ T508] nsim_stop (drivers/net/netdevsim/netdev.c:469 drivers/net/netdevsim/netdev.c:483) netdevsim
[ 25.580467][ T508] __dev_close_many (net/core/dev.c:1591)
[ 25.580599][ T508] ? __pfx___dev_close_many (net/core/dev.c:1555)
[ 25.580728][ T508] ? mark_held_locks (kernel/locking/lockdep.c:4321)
[ 25.580859][ T508] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 25.581027][ T508] __dev_change_flags (./include/linux/list.h:111 ./include/linux/list.h:215 ./include/linux/list.h:229 net/core/dev.c:1604 net/core/dev.c:8977)
[ 25.581156][ T508] ? __pfx___dev_change_flags (net/core/dev.c:8943)
[ 25.581285][ T508] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364)
[ 25.581417][ T508] ? __pfx_validate_chain (kernel/locking/lockdep.c:3860)
[ 25.581547][ T508] dev_change_flags (net/core/dev.c:9051)
[ 25.581677][ T508] do_setlink.constprop.0 (net/core/rtnetlink.c:3118)
[ 25.581811][ T508] ? __pfx_do_setlink.constprop.0 (net/core/rtnetlink.c:2999)
[ 25.581975][ T508] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)
[ 25.582105][ T508] ? rtnl_newlink (net/core/rtnetlink.c:337 net/core/rtnetlink.c:4025)
[ 25.582234][ T508] ? rtnl_newlink (./include/linux/slab.h:901 net/core/rtnetlink.c:3926)
[ 25.582364][ T508] ? rtnetlink_rcv_msg (net/core/rtnetlink.c:6916)
[ 25.582495][ T508] ? __mutex_trylock_common (./arch/x86/include/asm/atomic64_64.h:101 ./include/linux/atomic/atomic-arch-fallback.h:4296 ./include/linux/atomic/atomic-long.h:1482 ./include/linux/atomic/atomic-instrumented.h:4458 kernel/locking/mutex.c:104)
[ 25.582625][ T508] ? __pfx___mutex_trylock_common (kernel/locking/mutex.c:79)
[ 25.582791][ T508] ? lock_acquire (kernel/locking/lockdep.c:5822)
[ 25.582921][ T508] ? trace_contention_end (./include/trace/events/lock.h:122 (discriminator 37))
[ 25.583051][ T508] ? __mutex_lock (./arch/x86/include/asm/preempt.h:94 kernel/locking/mutex.c:595 kernel/locking/mutex.c:735)
[ 25.583181][ T508] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)
[ 25.583309][ T508] ? rtnl_newlink (net/core/rtnetlink.c:337 net/core/rtnetlink.c:4025)
[ 25.583439][ T508] ? __pfx___mutex_lock (kernel/locking/mutex.c:734)
[ 25.583571][ T508] ? __rtnl_newlink (net/core/rtnetlink.c:3876)
[ 25.583703][ T508] rtnl_newlink (net/core/rtnetlink.c:345 net/core/rtnetlink.c:4027)
[ 25.583837][ T508] ? __pfx_rtnl_newlink (net/core/rtnetlink.c:3917)
[ 25.583991][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.584133][ T508] ? __pfx___lock_release (kernel/locking/lockdep.c:5501)
[ 25.584273][ T508] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5814)
[ 25.584415][ T508] ? rtnetlink_rcv_msg (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/rtnetlink.c:6914)
[ 25.584561][ T508] ? __pfx_rtnl_newlink (net/core/rtnetlink.c:3917)
[ 25.584701][ T508] rtnetlink_rcv_msg (net/core/rtnetlink.c:6916)
[ 25.584932][ T508] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6819)
[ 25.585072][ T508] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228)
[ 25.585221][ T508] ? mark_lock (kernel/locking/lockdep.c:4727 (discriminator 3))
[ 25.585325][ T508] ? __lock_acquire (kernel/locking/lockdep.c:5226)
[ 25.585542][ T508] netlink_rcv_skb (net/netlink/af_netlink.c:2543)
[ 25.585682][ T508] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6819)
[ 25.585821][ T508] ? __pfx_netlink_rcv_skb (net/netlink/af_netlink.c:2520)
[ 25.585962][ T508] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/netlink/af_netlink.c:340)
[ 25.586197][ T508] ? netlink_deliver_tap (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/net/netns/generic.h:48 net/netlink/af_netlink.c:333)
[ 25.586337][ T508] netlink_unicast (net/netlink/af_netlink.c:1322 net/netlink/af_netlink.c:1348)
[ 25.586479][ T508] ? __pfx_netlink_unicast (net/netlink/af_netlink.c:1333)
[ 25.586622][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.586768][ T508] netlink_sendmsg (net/netlink/af_netlink.c:1892)
[ 25.586907][ T508] ? __pfx_netlink_sendmsg (net/netlink/af_netlink.c:1811)
[ 25.587053][ T508] ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2594)
[ 25.587194][ T508] ? __pfx_____sys_sendmsg (net/socket.c:2540)
[ 25.587421][ T508] ? __pfx_copy_msghdr_from_user (net/socket.c:2520)
[ 25.587595][ T508] ___sys_sendmsg (net/socket.c:2650)
[ 25.587745][ T508] ? __pfx____sys_sendmsg (net/socket.c:2637)
[ 25.587881][ T508] ? kasan_save_stack (mm/kasan/common.c:49)
[ 25.588097][ T508] ? kasan_save_stack (mm/kasan/common.c:48)
[ 25.588234][ T508] ? __kasan_record_aux_stack (mm/kasan/generic.c:544)
[ 25.588374][ T508] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3087)
[ 25.588543][ T508] ? __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)
[ 25.588681][ T508] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 25.588816][ T508] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 25.588984][ T508] ? __lock_acquire (kernel/locking/lockdep.c:5226)
[ 25.589124][ T508] ? find_held_lock (kernel/locking/lockdep.c:5339)
[ 25.589341][ T508] ? __lock_release (kernel/locking/lockdep.c:5525)
[ 25.589480][ T508] ? __virt_addr_valid (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:962 ./include/linux/mmzone.h:2058 arch/x86/mm/physaddr.c:65)
[ 25.589619][ T508] ? __pfx___lock_release (kernel/locking/lockdep.c:5501)
[ 25.589754][ T508] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5814)
[ 25.589971][ T508] __sys_sendmsg (net/socket.c:2680)
[ 25.590107][ T508] ? __pfx___sys_sendmsg (net/socket.c:2665)
[ 25.590242][ T508] ? __pfx_slab_free_after_rcu_debug (mm/slub.c:4643)
[ 25.590492][ T508] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 25.590634][ T508] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[   25.590804][  T508] RIP: 0033:0x7f897c94b9a7
[ 25.590944][ T508] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
All code
========
   0:	0a 00                	or     (%rax),%al
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b9                	jmp    0xffffffffffffffc9
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 2e 00 00 00       	mov    $0x2e,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  3b:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  11:	48 89 74 24 10       	mov    %rsi,0x10(%rsp)
[   25.591507][  T508] RSP: 002b:00007ffc329ef548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   25.591714][  T508] RAX: ffffffffffffffda RBX: 00007ffc329efc70 RCX: 00007f897c94b9a7
[   25.591909][  T508] RDX: 0000000000000000 RSI: 00007ffc329ef5b0 RDI: 0000000000000003
[   25.592102][  T508] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   25.592373][  T508] R10: 00007f897c809ef8 R11: 0000000000000246 R12: 0000000000000003


Finger prints:
print_report:kasan_report:page_pool_item_uninit:page_pool_release:page_pool_destroy
page_pool_item_uninit:page_pool_release:page_pool_destroy:nsim_stop:__dev_close_many