[  329.325459][ T6553] ==================================================================
[  329.325751][ T6553] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[  329.325954][ T6553] Read of size 128 at addr ff11000021d8c640 by task ncdevmem/6553
[  329.326132][ T6553] 
[  329.326193][ T6553] CPU: 4 UID: 0 PID: 6553 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[  329.326197][ T6553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  329.326199][ T6553] Call Trace:
[  329.326200][ T6553]  <TASK>
[  329.326202][ T6553]  dump_stack_lvl+0x6f/0xa0
[  329.326207][ T6553]  print_address_description.constprop.0+0x56/0x2d0
[  329.326212][ T6553]  print_report+0xfc/0x1fa
[  329.326214][ T6553]  ? __virt_addr_valid+0x102/0x440
[  329.326217][ T6553]  ? __virt_addr_valid+0x1da/0x440
[  329.326219][ T6553]  kasan_report+0x108/0x130
[  329.326223][ T6553]  ? snapshot_page+0x2a7/0x510
[  329.326225][ T6553]  ? snapshot_page+0x2a7/0x510
[  329.326227][ T6553]  kasan_check_range+0x130/0x200
[  329.326229][ T6553]  __asan_memcpy+0x23/0x60
[  329.326231][ T6553]  snapshot_page+0x2a7/0x510
[  329.326233][ T6553]  ? fourcc_string+0xb97/0xc40
[  329.326237][ T6553]  __dump_page+0x8a/0x100
[  329.326239][ T6553]  ? __dump_folio+0x4d0/0x4d0
[  329.326244][ T6553]  ? net_devmem_alloc_dmabuf+0x199/0x270
[  329.326247][ T6553]  dump_page+0x3a/0x60
[  329.326249][ T6553]  page_pool_set_pp_info+0x185/0x1e0
[  329.326253][ T6553]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  329.326254][ T6553]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  329.326257][ T6553]  fbnic_fill_bdq+0x238/0x400
[  329.326261][ T6553]  __fbnic_nv_restart+0x145/0x440
[  329.326264][ T6553]  fbnic_queue_start+0x183/0x260
[  329.326266][ T6553]  netdev_rx_queue_reconfig+0x322/0x580
[  329.326268][ T6553]  __netif_mp_open_rxq+0x3be/0x600
[  329.326270][ T6553]  ? netdev_rx_queue_restart+0xb0/0xb0
[  329.326272][ T6553]  ? do_raw_spin_unlock+0x59/0x250
[  329.326276][ T6553]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  329.326277][ T6553]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  329.326280][ T6553]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  329.326284][ T6553]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  329.326286][ T6553]  ? __nla_parse+0x22/0x30
[  329.326290][ T6553]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  329.326293][ T6553]  genl_family_rcv_msg_doit+0x206/0x300
[  329.326294][ T6553]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  329.326297][ T6553]  ? rcu_is_watching+0x15/0xd0
[  329.326300][ T6553]  ? cap_capable+0x1d6/0x3e0
[  329.326303][ T6553]  genl_family_rcv_msg+0x3a4/0x640
[  329.326305][ T6553]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  329.326306][ T6553]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  329.326308][ T6553]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  329.326310][ T6553]  ? __lock_acquire+0x508/0xc10
[  329.326313][ T6553]  genl_rcv_msg+0xbb/0x160
[  329.326315][ T6553]  netlink_rcv_skb+0x14e/0x3a0
[  329.326317][ T6553]  ? genl_family_rcv_msg+0x640/0x640
[  329.326319][ T6553]  ? netlink_ack+0xcd0/0xcd0
[  329.326322][ T6553]  ? netlink_deliver_tap+0xc5/0x330
[  329.326324][ T6553]  ? netlink_deliver_tap+0x13c/0x330
[  329.326326][ T6553]  genl_rcv+0x28/0x40
[  329.326327][ T6553]  netlink_unicast+0x47c/0x740
[  329.326330][ T6553]  ? netlink_attachskb+0x800/0x800
[  329.326331][ T6553]  ? lockdep_hardirqs_on+0x8c/0x130
[  329.326334][ T6553]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  329.326336][ T6553]  ? __wake_up+0x44/0x60
[  329.326339][ T6553]  netlink_sendmsg+0x735/0xc60
[  329.326342][ T6553]  ? netlink_unicast+0x740/0x740
[  329.326344][ T6553]  ? lock_acquire.part.0+0xbc/0x260
[  329.326346][ T6553]  ? __might_fault+0x97/0x140
[  329.326348][ T6553]  __sys_sendto+0x2c9/0x400
[  329.326352][ T6553]  ? __ia32_sys_getpeername+0xd0/0xd0
[  329.326353][ T6553]  ? __might_fault+0x97/0x140
[  329.326356][ T6553]  ? __ia32_sys_connect+0xd0/0xd0
[  329.326357][ T6553]  ? __sys_bind+0x191/0x260
[  329.326361][ T6553]  __x64_sys_sendto+0xe4/0x1f0
[  329.326362][ T6553]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  329.326365][ T6553]  ? lockdep_hardirqs_on+0x8c/0x130
[  329.326366][ T6553]  ? do_syscall_64+0x82/0xfc0
[  329.326368][ T6553]  do_syscall_64+0x117/0xfc0
[  329.326370][ T6553]  ? trace_hardirqs_off+0xd/0x30
[  329.326372][ T6553]  ? exc_page_fault+0xee/0x100
[  329.326373][ T6553]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  329.326376][ T6553] RIP: 0033:0x7f334e6fc0ee
[  329.326379][ T6553] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  329.326381][ T6553] RSP: 002b:00007ffd7bff00d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  329.326385][ T6553] RAX: ffffffffffffffda RBX: 00007ffd7bff0140 RCX: 00007f334e6fc0ee
[  329.326386][ T6553] RDX: 0000000000000038 RSI: 000000001b62c988 RDI: 0000000000000006
[  329.326387][ T6553] RBP: 00007ffd7bff00e0 R08: 0000000000000000 R09: 0000000000000000
[  329.326388][ T6553] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001b62c988
[  329.326389][ T6553] R13: 000000001b62c720 R14: 00007f334e8cd000 R15: 000000000042ee00
[  329.326391][ T6553]  </TASK>
[  329.326392][ T6553] 
[  329.335487][ T6553] Allocated by task 6553:
[  329.335567][ T6553]  kasan_save_stack+0x2f/0x50
[  329.335667][ T6553]  kasan_save_track+0x14/0x30
[  329.335763][ T6553]  __kasan_kmalloc+0x7b/0x90
[  329.335866][ T6553]  __kvmalloc_node_noprof+0x2e8/0x8a0
[  329.335966][ T6553]  net_devmem_bind_dmabuf+0x60e/0x1260
[  329.336063][ T6553]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[  329.336162][ T6553]  genl_family_rcv_msg_doit+0x206/0x300
[  329.336259][ T6553]  genl_family_rcv_msg+0x3a4/0x640
[  329.336355][ T6553]  genl_rcv_msg+0xbb/0x160
[  329.336457][ T6553]  netlink_rcv_skb+0x14e/0x3a0
[  329.336556][ T6553]  genl_rcv+0x28/0x40
[  329.336628][ T6553]  netlink_unicast+0x47c/0x740
[  329.336727][ T6553]  netlink_sendmsg+0x735/0xc60
[  329.336824][ T6553]  __sys_sendto+0x2c9/0x400
[  329.336921][ T6553]  __x64_sys_sendto+0xe4/0x1f0
[  329.337018][ T6553]  do_syscall_64+0x117/0xfc0
[  329.337121][ T6553]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  329.337241][ T6553] 
[  329.337292][ T6553] The buggy address belongs to the object at ff11000021d8c640
[  329.337292][ T6553]  which belongs to the cache kmalloc-64 of size 64
[  329.337538][ T6553] The buggy address is located 0 bytes inside of
[  329.337538][ T6553]  allocated 64-byte region [ff11000021d8c640, ff11000021d8c680)
[  329.337786][ T6553] 
[  329.337837][ T6553] The buggy address belongs to the physical page:
[  329.337960][ T6553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000021d8c840 pfn:0x21d8c
[  329.338164][ T6553] flags: 0x80000000000200(workingset|node=0|zone=1)
[  329.338292][ T6553] page_type: f5(slab)
[  329.338376][ T6553] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[  329.338555][ T6553] raw: ff11000021d8c840 0000000000100008 00000000f5000000 0000000000000000
[  329.338729][ T6553] page dumped because: kasan: bad access detected
[  329.338851][ T6553] 
[  329.338901][ T6553] Memory state around the buggy address:
[  329.338998][ T6553]  ff11000021d8c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  329.339151][ T6553]  ff11000021d8c600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  329.339293][ T6553] >ff11000021d8c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  329.339434][ T6553]                    ^
[  329.339507][ T6553]  ff11000021d8c700: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[  329.339663][ T6553]  ff11000021d8c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  329.339806][ T6553] ==================================================================
[  329.339986][ T6553] Disabling lock debugging due to kernel taint
[  329.340210][ T6553] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf40000876319
[  329.340390][ T6553] flags: 0x0(node=0|zone=0)
[  329.340486][ T6553] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff11000019c6e800 6b6b6b6b6b6b6b6b
[  329.340651][ T6553] raw: 000000001eeb6000 0000000000000000 000000006b6b6b6b ff11000021d8c540
[  329.340807][ T6553] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[  329.341079][ T6553] ------------[ cut here ]------------
[  329.341174][ T6553] kernel BUG at ./include/linux/page-flags.h:1062!
[  329.341295][ T6553] Oops: invalid opcode: 0000 [#1] SMP KASAN
[  329.341415][ T6553] CPU: 4 UID: 0 PID: 6553 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[  329.341607][ T6553] Tainted: [B]=BAD_PAGE
[  329.341685][ T6553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  329.341891][ T6553] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  329.342013][ T6553] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 0d 88 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  329.342349][ T6553] RSP: 0018:ffa000000a98f368 EFLAGS: 00010286
[  329.342467][ T6553] RAX: 0000000000000096 RBX: ff11000021d8c640 RCX: 0000000000000000
[  329.342609][ T6553] RDX: 0000000000000096 RSI: 1ffffffff1717b44 RDI: fff3fc0001531e58
[  329.342749][ T6553] RBP: ff11000019c6e800 R08: ffffffff853bf47a R09: 1ffffffff11bea44
[  329.342893][ T6553] R10: 0000000000000003 R11: fffffbfff11bea45 R12: ff11000021d8c641
[  329.343034][ T6553] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  329.343175][ T6553] FS:  00007f334e689740(0000) GS:ff110000dacc6000(0000) knlGS:0000000000000000
[  329.343339][ T6553] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  329.343458][ T6553] CR2: 00007f6f9e373730 CR3: 0000000018883002 CR4: 0000000000771ef0
[  329.343611][ T6553] PKRU: 55555554
[  329.343681][ T6553] Call Trace:
[  329.343750][ T6553]  <TASK>
[  329.343802][ T6553]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  329.343918][ T6553]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  329.344012][ T6553]  fbnic_fill_bdq+0x238/0x400
[  329.344105][ T6553]  __fbnic_nv_restart+0x145/0x440
[  329.344203][ T6553]  fbnic_queue_start+0x183/0x260
[  329.344295][ T6553]  netdev_rx_queue_reconfig+0x322/0x580
[  329.344389][ T6553]  __netif_mp_open_rxq+0x3be/0x600
[  329.344480][ T6553]  ? netdev_rx_queue_restart+0xb0/0xb0
[  329.344576][ T6553]  ? do_raw_spin_unlock+0x59/0x250
[  329.344669][ T6553]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  329.344789][ T6553]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  329.344881][ T6553]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  329.344973][ T6553]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  329.345086][ T6553]  ? __nla_parse+0x22/0x30
[  329.345179][ T6553]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  329.345295][ T6553]  genl_family_rcv_msg_doit+0x206/0x300
[  329.345392][ T6553]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  329.345507][ T6553]  ? rcu_is_watching+0x15/0xd0
[  329.345604][ T6553]  ? cap_capable+0x1d6/0x3e0
[  329.345696][ T6553]  genl_family_rcv_msg+0x3a4/0x640
[  329.345789][ T6553]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  329.345904][ T6553]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  329.346023][ T6553]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  329.346138][ T6553]  ? __lock_acquire+0x508/0xc10
[  329.346231][ T6553]  genl_rcv_msg+0xbb/0x160
[  329.346325][ T6553]  netlink_rcv_skb+0x14e/0x3a0
[  329.346415][ T6553]  ? genl_family_rcv_msg+0x640/0x640
[  329.346506][ T6553]  ? netlink_ack+0xcd0/0xcd0
[  329.346608][ T6553]  ? netlink_deliver_tap+0xc5/0x330
[  329.346702][ T6553]  ? netlink_deliver_tap+0x13c/0x330
[  329.346794][ T6553]  genl_rcv+0x28/0x40
[  329.346865][ T6553]  netlink_unicast+0x47c/0x740
[  329.346957][ T6553]  ? netlink_attachskb+0x800/0x800
[  329.347049][ T6553]  ? lockdep_hardirqs_on+0x8c/0x130
[  329.347141][ T6553]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  329.347262][ T6553]  ? __wake_up+0x44/0x60
[  329.347332][ T6553]  netlink_sendmsg+0x735/0xc60
[  329.347426][ T6553]  ? netlink_unicast+0x740/0x740
[  329.347523][ T6553]  ? lock_acquire.part.0+0xbc/0x260
[  329.347614][ T6553]  ? __might_fault+0x97/0x140
[  329.347707][ T6553]  __sys_sendto+0x2c9/0x400
[  329.347805][ T6553]  ? __ia32_sys_getpeername+0xd0/0xd0
[  329.347896][ T6553]  ? __might_fault+0x97/0x140
[  329.347989][ T6553]  ? __ia32_sys_connect+0xd0/0xd0
[  329.348082][ T6553]  ? __sys_bind+0x191/0x260
[  329.348175][ T6553]  __x64_sys_sendto+0xe4/0x1f0
[  329.348266][ T6553]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  329.348385][ T6553]  ? lockdep_hardirqs_on+0x8c/0x130
[  329.348478][ T6553]  ? do_syscall_64+0x82/0xfc0
[  329.348571][ T6553]  do_syscall_64+0x117/0xfc0
[  329.348664][ T6553]  ? trace_hardirqs_off+0xd/0x30
[  329.348754][ T6553]  ? exc_page_fault+0xee/0x100
[  329.348848][ T6553]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  329.348965][ T6553] RIP: 0033:0x7f334e6fc0ee
[  329.349065][ T6553] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  329.349388][ T6553] RSP: 002b:00007ffd7bff00d0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  329.349529][ T6553] RAX: ffffffffffffffda RBX: 00007ffd7bff0140 RCX: 00007f334e6fc0ee
[  329.349673][ T6553] RDX: 0000000000000038 RSI: 000000001b62c988 RDI: 0000000000000006
[  329.349812][ T6553] RBP: 00007ffd7bff00e0 R08: 0000000000000000 R09: 0000000000000000
[  329.349949][ T6553] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001b62c988
[  329.350088][ T6553] R13: 000000001b62c720 R14: 00007f334e8cd000 R15: 000000000042ee00
[  329.350234][ T6553]  </TASK>
[  329.350304][ T6553] Modules linked in:
[  329.350387][ T6553] ---[ end trace 0000000000000000 ]---
[  329.350487][ T6553] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  329.350610][ T6553] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 0d 88 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  329.350934][ T6553] RSP: 0018:ffa000000a98f368 EFLAGS: 00010286
[  329.351818][ T6553] RAX: 0000000000000096 RBX: ff11000021d8c640 RCX: 0000000000000000
[  329.351955][ T6553] RDX: 0000000000000096 RSI: 1ffffffff1717b44 RDI: fff3fc0001531e58
[  329.352095][ T6553] RBP: ff11000019c6e800 R08: ffffffff853bf47a R09: 1ffffffff11bea44
[  329.352237][ T6553] R10: 0000000000000003 R11: fffffbfff11bea45 R12: ff11000021d8c641
[  329.352371][ T6553] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  329.352509][ T6553] FS:  00007f334e689740(0000) GS:ff110000dacc6000(0000) knlGS:0000000000000000
[  329.352670][ T6553] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  329.352784][ T6553] CR2: 00007f6f9e373730 CR3: 0000000018883002 CR4: 0000000000771ef0
[  329.352926][ T6553] PKRU: 55555554
[  329.353001][ T6553] Kernel panic - not syncing: Fatal exception
[  329.353255][ T6553] Kernel Offset: 0x3c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  329.353465][ T6553] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr