======================================
| [   11.496655][  T245] virtio_net virtio2 enp0s1: renamed from eth0
| [   11.710220][  T247] virtio_net virtio3 enp0s2: renamed from eth1
| [   12.050481][    C2] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN
| [   12.050781][    C2] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   12.051128][    C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   12.051264][    C2] RIP: 0010:page_pool_alloc_frag_netmem (net/core/page_pool.c:1057)
[   12.051406][    C2] Code: b8 00 00 00 00 00 fc ff df 41 57 41 89 c8 41 56 41 55 41 89 d5 48 89 fa 41 54 48 c1 ea 03 49 89 f4 55 53 48 89 fb 48 83 ec 30 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 32 05 00 00 8b 0b 83 f9 3f 0f
All code
========
   0:	b8 00 00 00 00       	mov    $0x0,%eax
   5:	00 fc                	add    %bh,%ah
   7:	ff                   	lcall  (bad)
   8:	df 41 57             	filds  0x57(%rcx)
   b:	41 89 c8             	mov    %ecx,%r8d
   e:	41 56                	push   %r14
  10:	41 55                	push   %r13
  12:	41 89 d5             	mov    %edx,%r13d
  15:	48 89 fa             	mov    %rdi,%rdx
  18:	41 54                	push   %r12
  1a:	48 c1 ea 03          	shr    $0x3,%rdx
  1e:	49 89 f4             	mov    %rsi,%r12
  21:	55                   	push   %rbp
  22:	53                   	push   %rbx
  23:	48 89 fb             	mov    %rdi,%rbx
  26:	48 83 ec 30          	sub    $0x30,%rsp
  2a:*	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax		<-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 08                	je     0x3a
  32:	3c 03                	cmp    $0x3,%al
  34:	0f 8e 32 05 00 00    	jle    0x56c
  3a:	8b 0b                	mov    (%rbx),%ecx
  3c:	83 f9 3f             	cmp    $0x3f,%ecx
  3f:	0f                   	.byte 0xf

Code starting with the faulting instruction
===========================================
   0:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
   4:	84 c0                	test   %al,%al
   6:	74 08                	je     0x10
   8:	3c 03                	cmp    $0x3,%al
   a:	0f 8e 32 05 00 00    	jle    0x542
  10:	8b 0b                	mov    (%rbx),%ecx
  12:	83 f9 3f             	cmp    $0x3f,%ecx
  15:	0f                   	.byte 0xf
[   12.051785][    C2] RSP: 0018:ffa0000000218a00 EFLAGS: 00010286
[   12.051918][    C2] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000820
[   12.052082][    C2] RDX: 0000000000000000 RSI: ffa0000000218ac0 RDI: 0000000000000000
[   12.052245][    C2] RBP: 1ff4000000043154 R08: 0000000000000820 R09: fff3fc000004318f
[   12.052409][    C2] R10: fff3fc0000043190 R11: 0000000000000001 R12: ffa0000000218ac0
[   12.052567][    C2] R13: 0000000000000600 R14: ff11000008701d00 R15: ff1100000c5cde00
[   12.052732][    C2] FS:  00007fb8ddd1d400(0000) GS:ff110000803fe000(0000) knlGS:0000000000000000
[   12.052929][    C2] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   12.053067][    C2] CR2: 00000000004e5e60 CR3: 0000000004f15006 CR4: 0000000000771ef0
[   12.053235][    C2] PKRU: 55555554
[   12.053319][    C2] Call Trace:
[   12.053401][    C2]  <IRQ>
[   12.053457][    C2]  ? buf_to_xdp.isra.0 (drivers/net/virtio_net.c:599)
[   12.053568][    C2]  page_pool_alloc_frag (./include/net/netmem.h:191 (discriminator 2) net/core/page_pool.c:1101 (discriminator 2))
[   12.053675][    C2]  add_recvbuf_mergeable (drivers/net/virtio_net.c:2733 (discriminator 1))
[   12.053786][    C2]  ? page_to_skb (drivers/net/virtio_net.c:2715)
[   12.053890][    C2]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870)
[   12.053998][    C2]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[   12.054109][    C2]  try_fill_recv (drivers/net/virtio_net.c:2792)
[   12.054214][    C2]  virtnet_poll (drivers/net/virtio_net.c:2953 (discriminator 1) drivers/net/virtio_net.c:3038 (discriminator 1))
[   12.054319][    C2]  ? receive_buf (drivers/net/virtio_net.c:3027)
[   12.054426][    C2]  ? virtnet_xdp_handler (drivers/net/virtio_net.c:3242)
[   12.054534][    C2]  ? __enqueue_entity (kernel/sched/fair.c:824)
[   12.054642][    C2]  ? update_load_avg (kernel/sched/fair.c:4370 kernel/sched/fair.c:4707)
[   12.054746][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.054858][    C2]  __napi_poll.constprop.0 (net/core/dev.c:7681)
[   12.054964][    C2]  net_rx_action (net/core/dev.c:7743 net/core/dev.c:7895)
[   12.055072][    C2]  ? run_backlog_napi (net/core/dev.c:7857)
[   12.055180][    C2]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[   12.055286][    C2]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[   12.055394][    C2]  ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1))
[   12.055497][    C2]  handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623)
[   12.055608][    C2]  ? _local_bh_enable (kernel/softirq.c:580)
[   12.055716][    C2]  ? __flush_smp_call_function_queue (kernel/smp.c:137 kernel/smp.c:593)
[   12.055856][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.055961][    C2]  do_softirq (kernel/softirq.c:523 (discriminator 25) kernel/softirq.c:510 (discriminator 25))
[   12.056040][    C2]  </IRQ>
[   12.056095][    C2]  <TASK>
[   12.056151][    C2]  __local_bh_enable_ip (kernel/softirq.c:450)
[   12.056258][    C2]  virtnet_napi_enable (drivers/net/virtio_net.c:2843)
[   12.056364][    C2]  virtnet_open (drivers/net/virtio_net.c:3094 drivers/net/virtio_net.c:3216)
[   12.056470][    C2]  __dev_open (net/core/dev.c:1697)
[   12.056549][    C2]  ? dev_set_rx_mode (net/core/dev.c:1661)
[   12.056655][    C2]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[   12.056762][    C2]  ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1))
[   12.056866][    C2]  __dev_change_flags (net/core/dev.c:9748)
[   12.056971][    C2]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[   12.057075][    C2]  ? netif_set_allmulti (net/core/dev.c:9712)
[   12.057180][    C2]  ? is_bpf_text_address (./include/linux/rcupdate.h:341 (discriminator 1) ./include/linux/rcupdate.h:897 (discriminator 1) kernel/bpf/core.c:746 (discriminator 1))
[   12.057285][    C2]  netif_change_flags (net/core/dev.c:9812)
[   12.057392][    C2]  ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:385 (discriminator 1))
[   12.057499][    C2]  do_setlink.isra.0 (net/core/rtnetlink.c:3158 (discriminator 1))
[   12.057603][    C2]  ? rtnl_newlink_create (net/core/rtnetlink.c:3036)
[   12.057706][    C2]  ? rcu_lockdep_current_cpu_online (kernel/rcu/tree.c:4028 (discriminator 2) kernel/rcu/tree.c:4020 (discriminator 2))
[   12.057845][    C2]  ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1))
[   12.057955][    C2]  ? validate_chain (kernel/locking/lockdep.c:3801 (discriminator 4) kernel/locking/lockdep.c:3821 (discriminator 4) kernel/locking/lockdep.c:3876 (discriminator 4))
[   12.058064][    C2]  ? rcu_read_lock_any_held (./include/linux/lockdep.h:249 kernel/rcu/update.c:388 kernel/rcu/update.c:380)
[   12.058170][    C2]  ? stack_depot_save_flags (lib/stackdepot.c:601 (discriminator 4) lib/stackdepot.c:668 (discriminator 4))
[   12.058278][    C2]  ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1))
[   12.058382][    C2]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870)
[   12.058486][    C2]  ? rtnl_newlink (net/core/rtnetlink.c:343 (discriminator 1) net/core/rtnetlink.c:4071 (discriminator 1))
[   12.058591][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.058696][    C2]  ? perf_trace_sched_switch (kernel/sched/core.c:8784)
[   12.058808][    C2]  ? rtnl_newlink (net/core/rtnetlink.c:343 (discriminator 1) net/core/rtnetlink.c:4071 (discriminator 1))
[   12.058914][    C2]  ? lock_acquire (./include/trace/events/lock.h:24 (discriminator 33) kernel/locking/lockdep.c:5831 (discriminator 33))
[   12.059019][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.059123][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.059234][    C2]  ? trace_contention_end (./include/trace/events/lock.h:122 (discriminator 33))
[   12.059338][    C2]  ? __mutex_lock (kernel/locking/mutex.c:624 (discriminator 3) kernel/locking/mutex.c:776 (discriminator 3))
[   12.059449][    C2]  ? rtnl_newlink (net/core/rtnetlink.c:343 (discriminator 1) net/core/rtnetlink.c:4071 (discriminator 1))
[   12.059557][    C2]  ? ww_mutex_lock (kernel/locking/mutex.c:775)
[   12.059666][    C2]  ? __rtnl_newlink (net/core/rtnetlink.c:3922)
[   12.059774][    C2]  rtnl_newlink (net/core/rtnetlink.c:351 (discriminator 1) net/core/rtnetlink.c:4073 (discriminator 1))
[   12.059884][    C2]  ? rtnl_setlink (net/core/rtnetlink.c:3963)
[   12.059992][    C2]  ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1))
[   12.060095][    C2]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870)
[   12.060198][    C2]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[   12.060301][    C2]  ? rtnl_setlink (net/core/rtnetlink.c:3963)
[   12.060404][    C2]  ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536)
[   12.060511][    C2]  ? rtnl_setlink (net/core/rtnetlink.c:3963)
[   12.060614][    C2]  rtnetlink_rcv_msg (net/core/rtnetlink.c:6958)
[   12.060720][    C2]  ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1))
[   12.060829][    C2]  ? rtnl_fdb_dump (net/core/rtnetlink.c:6861)
[   12.060931][    C2]  ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1))
[   12.061037][    C2]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870)
[   12.061140][    C2]  ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1))
[   12.061247][    C2]  netlink_rcv_skb (net/netlink/af_netlink.c:2550)
[   12.061357][    C2]  ? rtnl_fdb_dump (net/core/rtnetlink.c:6861)
[   12.061462][    C2]  ? netlink_ack (net/netlink/af_netlink.c:2527)
[   12.061565][    C2]  ? netlink_deliver_tap (./include/linux/rcupdate.h:341 (discriminator 1) ./include/linux/rcupdate.h:897 (discriminator 1) ./include/net/netns/generic.h:48 (discriminator 1) net/netlink/af_netlink.c:333 (discriminator 1))
[   12.061671][    C2]  ? netlink_deliver_tap (./include/linux/rcupdate.h:341 (discriminator 1) ./include/linux/rcupdate.h:897 (discriminator 1) net/netlink/af_netlink.c:340 (discriminator 1))
[   12.061779][    C2]  netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)
[   12.061892][    C2]  ? netlink_attachskb (net/netlink/af_netlink.c:1329)
[   12.061994][    C2]  ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:695 (discriminator 1))
[   12.062099][    C2]  ? napi_skb_cache_get (net/core/skbuff.c:674)
[   12.062205][    C2]  ? lock_acquire.part.0 (kernel/locking/lockdep.c:470 kernel/locking/lockdep.c:5870)
[   12.062310][    C2]  ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1))
[   12.062415][    C2]  netlink_sendmsg (net/netlink/af_netlink.c:1894)
[   12.062520][    C2]  ? netlink_unicast (net/netlink/af_netlink.c:1813)
[   12.062627][    C2]  ____sys_sendmsg (net/socket.c:727 (discriminator 4) net/socket.c:742 (discriminator 4) net/socket.c:2592 (discriminator 4))
[   12.062732][    C2]  ? copy_msghdr_from_user (net/socket.c:2532)
[   12.062843][    C2]  ? get_timestamp.constprop.0 (net/socket.c:2538)
[   12.062969][    C2]  ? move_addr_to_kernel (net/socket.c:2518)
[   12.063072][    C2]  ? stack_depot_save_flags (lib/stackdepot.c:601 (discriminator 4) lib/stackdepot.c:668 (discriminator 4))
[   12.063178][    C2]  ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1))
[   12.063283][    C2]  ___sys_sendmsg (net/socket.c:2648)
[   12.063388][    C2]  ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:127 kernel/rcu/tree.c:3121)
[   12.063517][    C2]  ? copy_msghdr_from_user (net/socket.c:2635)
[   12.063624][    C2]  __sys_sendmsg (net/socket.c:2678 (discriminator 1))
[   12.063727][    C2]  ? __sys_sendmsg_sock (net/socket.c:2663)
[   12.063833][    C2]  ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473)
[   12.063934][    C2]  ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 kernel/rcu/tree.c:3144)
[   12.064064][    C2]  ? do_raw_spin_unlock (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/asm-generic/qspinlock.h:57 kernel/locking/spinlock_debug.c:101 kernel/locking/spinlock_debug.c:141)
[   12.064167][    C2]  ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1))
[   12.064271][    C2]  do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
[   12.064377][    C2]  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
[   12.064507][    C2] RIP: 0033:0x7fb8dde77c5e
[   12.064617][    C2] Code: 4d 89 d8 e8 34 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
All code
========
   0:	4d 89 d8             	mov    %r11,%r8
   3:	e8 34 bd 00 00       	call   0xbd3c
   8:	4c 8b 5d f8          	mov    -0x8(%rbp),%r11
   c:	41 8b 93 08 03 00 00 	mov    0x308(%r11),%edx
  13:	59                   	pop    %rcx
  14:	5e                   	pop    %rsi
  15:	48 83 f8 fc          	cmp    $0xfffffffffffffffc,%rax
  19:	74 11                	je     0x2c
  1b:	c9                   	leave
  1c:	c3                   	ret
  1d:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  24:	48 8b 45 10          	mov    0x10(%rbp),%rax
  28:	0f 05                	syscall
  2a:*	c9                   	leave		<-- trapping instruction
  2b:	c3                   	ret
  2c:	83 e2 39             	and    $0x39,%edx
  2f:	83 fa 08             	cmp    $0x8,%edx
  32:	75 e7                	jne    0x1b
  34:	e8 13 ff ff ff       	call   0xffffffffffffff4c
  39:	0f 1f 00             	nopl   (%rax)
  3c:	f3 0f 1e fa          	endbr64

Code starting with the faulting instruction
===========================================
   0:	c9                   	leave
   1:	c3                   	ret
   2:	83 e2 39             	and    $0x39,%edx
   5:	83 fa 08             	cmp    $0x8,%edx
   8:	75 e7                	jne    0xfffffffffffffff1
   a:	e8 13 ff ff ff       	call   0xffffffffffffff22
   f:	0f 1f 00             	nopl   (%rax)
  12:	f3 0f 1e fa          	endbr64
[   12.064987][    C2] RSP: 002b:00007fff7c4c1770 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[   12.065145][    C2] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb8dde77c5e
[   12.065300][    C2] RDX: 0000000000000000 RSI: 00007fff7c4c1830 RDI: 0000000000000005
[   12.065456][    C2] RBP: 00007fff7c4c1780 R08: 0000000000000000 R09: 0000000000000000
[   12.065612][    C2] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff7c4c1ef0


Finger prints:
page_pool_alloc_frag_netmem:page_pool_alloc_frag:add_recvbuf_mergeable:try_fill_recv:virtnet_poll