[   28.043670][  T383] netdevsim netdevsim1337 eni1337np2: renamed from eth0
[   42.895217][  T982] ==================================================================
[   42.895504][  T982] BUG: KASAN: use-after-free in page_pool_item_uninit+0x100/0x130
[   42.895755][  T982] Read of size 8 at addr ffff888004c5c008 by task ip/982
[   42.895951][  T982] 
[   42.896038][  T982] CPU: 0 UID: 0 PID: 982 Comm: ip Not tainted 6.13.0-rc5-virtme #1
[   42.896277][  T982] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   42.896474][  T982] Call Trace:
[   42.896595][  T982]  <TASK>
[   42.896677][  T982]  dump_stack_lvl+0x82/0xd0
[   42.896846][  T982]  print_address_description.constprop.0+0x2c/0x3b0
[   42.897049][  T982]  ? page_pool_item_uninit+0x100/0x130
[   42.897210][  T982]  print_report+0xb4/0x270
[   42.897366][  T982]  ? kasan_addr_to_slab+0x25/0x80
[   42.897523][  T982]  kasan_report+0xbd/0xf0
[   42.897645][  T982]  ? page_pool_item_uninit+0x100/0x130
[   42.897809][  T982]  page_pool_item_uninit+0x100/0x130
[   42.897968][  T982]  page_pool_release+0x44a/0x5b0
[   42.898126][  T982]  ? __pfx_autoremove_wake_function+0x10/0x10
[   42.898326][  T982]  ? __pfx_page_pool_release+0x10/0x10
[   42.898488][  T982]  ? napi_disable+0x383/0x5b0
[   42.898649][  T982]  page_pool_destroy+0x11e/0x560
[   42.898808][  T982]  nsim_stop+0x21a/0x390 [netdevsim]
[   42.898983][  T982]  __dev_close_many+0x1a0/0x2d0
[   42.899143][  T982]  ? __pfx___dev_close_many+0x10/0x10
[   42.899306][  T982]  ? mark_held_locks+0x9e/0xe0
[   42.899463][  T982]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   42.899661][  T982]  __dev_change_flags+0x24f/0x6c0
[   42.899821][  T982]  ? __pfx___dev_change_flags+0x10/0x10
[   42.899981][  T982]  ? unwind_get_return_address+0x5e/0xa0
[   42.900143][  T982]  ? __pfx_validate_chain+0x10/0x10
[   42.900307][  T982]  dev_change_flags+0x80/0x160
[   42.900469][  T982]  do_setlink.constprop.0+0x79d/0x2300
[   42.900631][  T982]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[   42.900833][  T982]  ? lock_acquire.part.0+0xeb/0x330
[   42.900995][  T982]  ? rtnl_newlink+0x653/0xa70
[   42.901155][  T982]  ? rtnl_newlink+0xb9/0xa70
[   42.901318][  T982]  ? rtnetlink_rcv_msg+0x712/0xc10
[   42.901479][  T982]  ? __mutex_trylock_common+0xfa/0x260
[   42.901641][  T982]  ? __pfx___mutex_trylock_common+0x10/0x10
[   42.901841][  T982]  ? lock_acquire+0x32/0xc0
[   42.902001][  T982]  ? trace_contention_end+0xef/0x150
[   42.902160][  T982]  ? __mutex_lock+0x190/0xbc0
[   42.902322][  T982]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   42.902480][  T982]  ? rtnl_newlink+0x653/0xa70
[   42.902638][  T982]  ? __pfx___mutex_lock+0x10/0x10
[   42.902810][  T982]  ? __rtnl_newlink+0x40e/0xa40
[   42.902972][  T982]  rtnl_newlink+0x69c/0xa70
[   42.903130][  T982]  ? __pfx_rtnl_newlink+0x10/0x10
[   42.903287][  T982]  ? find_held_lock+0x2c/0x110
[   42.903450][  T982]  ? __pfx___lock_release+0x10/0x10
[   42.903609][  T982]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   42.903771][  T982]  ? rtnetlink_rcv_msg+0x6ef/0xc10
[   42.903930][  T982]  ? __pfx_rtnl_newlink+0x10/0x10
[   42.904090][  T982]  rtnetlink_rcv_msg+0x712/0xc10
[   42.904249][  T982]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   42.904407][  T982]  ? hlock_class+0x4e/0x130
[   42.904564][  T982]  ? mark_lock+0x38/0x3e0
[   42.904686][  T982]  ? __lock_acquire+0xb9a/0x1680
[   42.904846][  T982]  netlink_rcv_skb+0x130/0x360
[   42.905003][  T982]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   42.905162][  T982]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   42.905326][  T982]  ? netlink_deliver_tap+0x13e/0x340
[   42.905488][  T982]  ? netlink_deliver_tap+0xc3/0x340
[   42.905649][  T982]  netlink_unicast+0x44b/0x710
[   42.905805][  T982]  ? __pfx_netlink_unicast+0x10/0x10
[   42.905963][  T982]  ? find_held_lock+0x2c/0x110
[   42.906124][  T982]  netlink_sendmsg+0x723/0xbe0
[   42.906282][  T982]  ? __pfx_netlink_sendmsg+0x10/0x10
[   42.906444][  T982]  ____sys_sendmsg+0x7ac/0xa10
[   42.906603][  T982]  ? __pfx_____sys_sendmsg+0x10/0x10
[   42.906762][  T982]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   42.906963][  T982]  ___sys_sendmsg+0xee/0x170
[   42.907121][  T982]  ? __pfx____sys_sendmsg+0x10/0x10
[   42.907284][  T982]  ? kasan_save_stack+0x34/0x50
[   42.907443][  T982]  ? kasan_save_stack+0x24/0x50
[   42.907600][  T982]  ? __kasan_record_aux_stack+0x8e/0xa0
[   42.907757][  T982]  ? __call_rcu_common.constprop.0+0xa1/0x4b0
[   42.907953][  T982]  ? __x64_sys_close+0x7c/0xd0
[   42.908113][  T982]  ? do_syscall_64+0xc1/0x1d0
[   42.908271][  T982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.908472][  T982]  ? __lock_acquire+0xb9a/0x1680
[   42.908634][  T982]  ? find_held_lock+0x2c/0x110
[   42.908792][  T982]  ? __lock_release+0x103/0x460
[   42.908948][  T982]  ? __virt_addr_valid+0x22b/0x430
[   42.909108][  T982]  ? __pfx___lock_release+0x10/0x10
[   42.909267][  T982]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   42.909426][  T982]  __sys_sendmsg+0x109/0x1a0
[   42.909586][  T982]  ? __pfx___sys_sendmsg+0x10/0x10
[   42.909742][  T982]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   42.909948][  T982]  do_syscall_64+0xc1/0x1d0
[   42.910104][  T982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.910299][  T982] RIP: 0033:0x7ff344b889a7
[   42.910465][  T982] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   42.911025][  T982] RSP: 002b:00007fff2dd787c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   42.911266][  T982] RAX: ffffffffffffffda RBX: 00007fff2dd78ef0 RCX: 00007ff344b889a7
[   42.911504][  T982] RDX: 0000000000000000 RSI: 00007fff2dd78830 RDI: 0000000000000005
[   42.911746][  T982] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   42.911981][  T982] R10: 00007ff344a46ef8 R11: 0000000000000246 R12: 0000000000000003
[   42.912219][  T982] R13: 00000000677c51a1 R14: 0000000000498600 R15: 0000000000000000
[   42.912461][  T982]  </TASK>
[   42.912581][  T982] 
[   42.912663][  T982] The buggy address belongs to the physical page:
[   42.912865][  T982] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c5c
[   42.913144][  T982] flags: 0x80000000000000(node=0|zone=1)
[   42.913307][  T982] page_type: f5(slab)
[   42.913429][  T982] raw: 0080000000000000 ffff8880010427c0 ffffea000021b390 ffffea0000356a50
[   42.913709][  T982] raw: 0000000000000000 0000000000190019 00000001f5000000 0000000000000000
[   42.913987][  T982] page dumped because: kasan: bad access detected
[   42.914180][  T982] 
[   42.914261][  T982] Memory state around the buggy address:
[   42.914417][  T982]  ffff888004c5bf00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   42.914649][  T982]  ffff888004c5bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.914879][  T982] >ffff888004c5c000: fc fc fa fb fc fc fc fc fc fc fc fc fc fc fc fc
[   42.915111][  T982]                       ^
[   42.915228][  T982]  ffff888004c5c080: fc fc fc fc fc fc fa fb fc fc fc fc fc fc fc fc
[   42.915459][  T982]  ffff888004c5c100: fc fc fc fc fc fc fc fc fc fc fa fb fc fc fc fc
[   42.915691][  T982] ==================================================================
[   42.916004][  T982] Disabling lock debugging due to kernel taint
[   42.916221][  T982] Oops: general protection fault, probably for non-canonical address 0xf99995999999999c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   42.916604][  T982] KASAN: maybe wild-memory-access in range [0xcccccccccccccce0-0xcccccccccccccce7]
[   42.916872][  T982] CPU: 0 UID: 0 PID: 982 Comm: ip Tainted: G    B              6.13.0-rc5-virtme #1
[   42.917152][  T982] Tainted: [B]=BAD_PAGE
[   42.917281][  T982] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   42.917476][  T982] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   42.917680][  T982] Code: a9 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 dd 9c 69 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   42.918228][  T982] RSP: 0018:ffffc90001556f98 EFLAGS: 00010a06
[   42.918423][  T982] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffa8229ac3
[   42.918655][  T982] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   42.918886][  T982] RBP: fffffbfff52d8a78 R08: 0000000000000000 R09: fffffbfff569a088
[   42.919117][  T982] R10: ffffffffab4d0447 R11: 205d323839542020 R12: ffff8880098c1220
[   42.919352][  T982] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   42.919585][  T982] FS:  00007ff34497c800(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[   42.919854][  T982] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.920049][  T982] CR2: 00000000004e5438 CR3: 000000000ed7e001 CR4: 0000000000772ef0
[   42.920281][  T982] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.920515][  T982] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.920746][  T982] PKRU: 55555554
[   42.920866][  T982] Call Trace:
[   42.920984][  T982]  <TASK>
[   42.921066][  T982]  ? die_addr+0x41/0xa0
[   42.921190][  T982]  ? exc_general_protection+0x14d/0x230
[   42.921349][  T982]  ? asm_exc_general_protection+0x26/0x30
[   42.921507][  T982]  ? page_pool_item_uninit+0x73/0x130
[   42.921662][  T982]  ? page_pool_item_uninit+0x7a/0x130
[   42.921816][  T982]  ? page_pool_item_uninit+0x73/0x130
[   42.921969][  T982]  page_pool_release+0x44a/0x5b0
[   42.922126][  T982]  ? __pfx_autoremove_wake_function+0x10/0x10
[   42.922323][  T982]  ? __pfx_page_pool_release+0x10/0x10
[   42.922477][  T982]  ? napi_disable+0x383/0x5b0
[   42.922634][  T982]  page_pool_destroy+0x11e/0x560
[   42.922796][  T982]  nsim_stop+0x21a/0x390 [netdevsim]
[   42.922965][  T982]  __dev_close_many+0x1a0/0x2d0
[   42.923121][  T982]  ? __pfx___dev_close_many+0x10/0x10
[   42.923274][  T982]  ? mark_held_locks+0x9e/0xe0
[   42.923429][  T982]  ? lockdep_hardirqs_on_prepare+0x275/0x410
[   42.923622][  T982]  __dev_change_flags+0x24f/0x6c0
[   42.923777][  T982]  ? __pfx___dev_change_flags+0x10/0x10
[   42.923931][  T982]  ? unwind_get_return_address+0x5e/0xa0
[   42.924087][  T982]  ? __pfx_validate_chain+0x10/0x10
[   42.924245][  T982]  dev_change_flags+0x80/0x160
[   42.924400][  T982]  do_setlink.constprop.0+0x79d/0x2300
[   42.924558][  T982]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[   42.924752][  T982]  ? lock_acquire.part.0+0xeb/0x330
[   42.924907][  T982]  ? rtnl_newlink+0x653/0xa70
[   42.925062][  T982]  ? rtnl_newlink+0xb9/0xa70
[   42.925215][  T982]  ? rtnetlink_rcv_msg+0x712/0xc10
[   42.925455][  T982]  ? __mutex_trylock_common+0xfa/0x260
[   42.925614][  T982]  ? __pfx___mutex_trylock_common+0x10/0x10
[   42.925811][  T982]  ? lock_acquire+0x32/0xc0
[   42.925963][  T982]  ? trace_contention_end+0xef/0x150
[   42.926198][  T982]  ? __mutex_lock+0x190/0xbc0
[   42.926356][  T982]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   42.926510][  T982]  ? rtnl_newlink+0x653/0xa70
[   42.926668][  T982]  ? __pfx___mutex_lock+0x10/0x10
[   42.926904][  T982]  ? __rtnl_newlink+0x40e/0xa40
[   42.927064][  T982]  rtnl_newlink+0x69c/0xa70
[   42.927219][  T982]  ? __pfx_rtnl_newlink+0x10/0x10
[   42.927373][  T982]  ? find_held_lock+0x2c/0x110
[   42.927610][  T982]  ? __pfx___lock_release+0x10/0x10
[   42.927763][  T982]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   42.927918][  T982]  ? rtnetlink_rcv_msg+0x6ef/0xc10
[   42.928074][  T982]  ? __pfx_rtnl_newlink+0x10/0x10
[   42.928316][  T982]  rtnetlink_rcv_msg+0x712/0xc10
[   42.928472][  T982]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   42.928624][  T982]  ? hlock_class+0x4e/0x130
[   42.928776][  T982]  ? mark_lock+0x38/0x3e0
[   42.928976][  T982]  ? __lock_acquire+0xb9a/0x1680
[   42.929133][  T982]  netlink_rcv_skb+0x130/0x360
[   42.929291][  T982]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   42.929447][  T982]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   42.929690][  T982]  ? netlink_deliver_tap+0x13e/0x340
[   42.929846][  T982]  ? netlink_deliver_tap+0xc3/0x340
[   42.930002][  T982]  netlink_unicast+0x44b/0x710
[   42.930160][  T982]  ? __pfx_netlink_unicast+0x10/0x10
[   42.930395][  T982]  ? find_held_lock+0x2c/0x110
[   42.930553][  T982]  netlink_sendmsg+0x723/0xbe0
[   42.930705][  T982]  ? __pfx_netlink_sendmsg+0x10/0x10
[   42.930864][  T982]  ____sys_sendmsg+0x7ac/0xa10
[   42.931098][  T982]  ? __pfx_____sys_sendmsg+0x10/0x10
[   42.931255][  T982]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   42.931450][  T982]  ___sys_sendmsg+0xee/0x170
[   42.931607][  T982]  ? __pfx____sys_sendmsg+0x10/0x10
[   42.931842][  T982]  ? kasan_save_stack+0x34/0x50
[   42.931998][  T982]  ? kasan_save_stack+0x24/0x50
[   42.932154][  T982]  ? __kasan_record_aux_stack+0x8e/0xa0
[   42.932306][  T982]  ? __call_rcu_common.constprop.0+0xa1/0x4b0
[   42.932581][  T982]  ? __x64_sys_close+0x7c/0xd0
[   42.932743][  T982]  ? do_syscall_64+0xc1/0x1d0
[   42.932897][  T982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.933087][  T982]  ? __lock_acquire+0xb9a/0x1680
[   42.933323][  T982]  ? find_held_lock+0x2c/0x110
[   42.933480][  T982]  ? __lock_release+0x103/0x460
[   42.933634][  T982]  ? __virt_addr_valid+0x22b/0x430
[   42.933790][  T982]  ? __pfx___lock_release+0x10/0x10
[   42.934026][  T982]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   42.934186][  T982]  __sys_sendmsg+0x109/0x1a0
[   42.934340][  T982]  ? __pfx___sys_sendmsg+0x10/0x10
[   42.934493][  T982]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[   42.934772][  T982]  do_syscall_64+0xc1/0x1d0
[   42.934923][  T982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.935114][  T982] RIP: 0033:0x7ff344b889a7
[   42.935359][  T982] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[   42.935897][  T982] RSP: 002b:00007fff2dd787c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   42.936209][  T982] RAX: ffffffffffffffda RBX: 00007fff2dd78ef0 RCX: 00007ff344b889a7
[   42.936441][  T982] RDX: 0000000000000000 RSI: 00007fff2dd78830 RDI: 0000000000000005
[   42.936755][  T982] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
[   42.936983][  T982] R10: 00007ff344a46ef8 R11: 0000000000000246 R12: 0000000000000003
[   42.937213][  T982] R13: 00000000677c51a1 R14: 0000000000498600 R15: 0000000000000000
[   42.937529][  T982]  </TASK>
[   42.937646][  T982] Modules linked in: netdevsim [last unloaded: netdevsim]
[   42.937916][  T982] ---[ end trace 0000000000000000 ]---
[   42.938075][  T982] RIP: 0010:page_pool_item_uninit+0x7a/0x130
[   42.938274][  T982] Code: a9 48 bb 00 00 00 00 00 fc ff df 48 c1 ed 03 48 01 dd 4d 8d 75 1c be 04 00 00 00 4c 89 f7 e8 dd 9c 69 fe 4c 89 f0 48 c1 e8 03 <0f> b6 14 18 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41
[   42.938900][  T982] RSP: 0018:ffffc90001556f98 EFLAGS: 00010a06
[   42.939096][  T982] RAX: 199999999999999c RBX: dffffc0000000000 RCX: ffffffffa8229ac3
[   42.939411][  T982] RDX: 0000000000000000 RSI: 0000000000000004 RDI: cccccccccccccce0
[   42.939694][  T982] RBP: fffffbfff52d8a78 R08: 0000000000000000 R09: fffffbfff569a088
[   42.939927][  T982] R10: ffffffffab4d0447 R11: 205d323839542020 R12: ffff8880098c1220
[   42.940155][  T982] R13: ccccccccccccccc4 R14: cccccccccccccce0 R15: 0000000000000000
[   42.940383][  T982] FS:  00007ff34497c800(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[   42.940791][  T982] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.940984][  T982] CR2: 00000000004e5438 CR3: 000000000ed7e001 CR4: 0000000000772ef0
[   42.941216][  T982] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.941507][  T982] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.941738][  T982] PKRU: 55555554
[   42.941855][  T982] Kernel panic - not syncing: Fatal exception
[   42.942277][  T982] Kernel Offset: 0x24c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   42.942630][  T982] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr