[  423.817685][ T4271] ==================================================================
[  423.817947][ T4271] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[  423.818108][ T4271] Read of size 128 at addr ff1100004ca61d40 by task ncdevmem/4271
[  423.818270][ T4271] 
[  423.818353][ T4271] CPU: 2 UID: 0 PID: 4271 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[  423.818356][ T4271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  423.818359][ T4271] Call Trace:
[  423.818360][ T4271]  <TASK>
[  423.818362][ T4271]  dump_stack_lvl+0x6f/0xa0
[  423.818368][ T4271]  print_address_description.constprop.0+0x56/0x2d0
[  423.818373][ T4271]  print_report+0xfc/0x1fa
[  423.818375][ T4271]  ? __virt_addr_valid+0x102/0x440
[  423.818378][ T4271]  ? __virt_addr_valid+0x1da/0x440
[  423.818380][ T4271]  kasan_report+0x108/0x130
[  423.818384][ T4271]  ? snapshot_page+0x2a7/0x510
[  423.818386][ T4271]  ? snapshot_page+0x2a7/0x510
[  423.818388][ T4271]  kasan_check_range+0x130/0x200
[  423.818391][ T4271]  __asan_memcpy+0x23/0x60
[  423.818393][ T4271]  snapshot_page+0x2a7/0x510
[  423.818395][ T4271]  ? fourcc_string+0xb97/0xc40
[  423.818399][ T4271]  __dump_page+0x8a/0x100
[  423.818401][ T4271]  ? __dump_folio+0x4d0/0x4d0
[  423.818407][ T4271]  ? net_devmem_alloc_dmabuf+0x199/0x270
[  423.818410][ T4271]  ? sysvec_apic_timer_interrupt+0xaa/0xe0
[  423.818412][ T4271]  dump_page+0x3a/0x60
[  423.818414][ T4271]  page_pool_set_pp_info+0x185/0x1e0
[  423.818418][ T4271]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  423.818420][ T4271]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  423.818422][ T4271]  fbnic_fill_bdq+0x238/0x400
[  423.818427][ T4271]  __fbnic_nv_restart+0x145/0x440
[  423.818429][ T4271]  fbnic_queue_start+0x183/0x260
[  423.818432][ T4271]  netdev_rx_queue_reconfig+0x322/0x580
[  423.818434][ T4271]  __netif_mp_open_rxq+0x3be/0x600
[  423.818436][ T4271]  ? netdev_rx_queue_restart+0xb0/0xb0
[  423.818438][ T4271]  ? do_raw_spin_unlock+0x59/0x250
[  423.818443][ T4271]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  423.818444][ T4271]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  423.818447][ T4271]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  423.818451][ T4271]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  423.818453][ T4271]  ? __nla_parse+0x22/0x30
[  423.818457][ T4271]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  423.818461][ T4271]  genl_family_rcv_msg_doit+0x206/0x300
[  423.818462][ T4271]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  423.818465][ T4271]  ? rcu_is_watching+0x15/0xd0
[  423.818468][ T4271]  ? cap_capable+0x1d6/0x3e0
[  423.818472][ T4271]  genl_family_rcv_msg+0x3a4/0x640
[  423.818474][ T4271]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  423.818475][ T4271]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  423.818477][ T4271]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  423.818480][ T4271]  ? __lock_acquire+0x508/0xc10
[  423.818483][ T4271]  genl_rcv_msg+0xbb/0x160
[  423.818485][ T4271]  netlink_rcv_skb+0x14e/0x3a0
[  423.818488][ T4271]  ? genl_family_rcv_msg+0x640/0x640
[  423.818489][ T4271]  ? netlink_ack+0xcd0/0xcd0
[  423.818493][ T4271]  ? netlink_deliver_tap+0xc5/0x330
[  423.818495][ T4271]  ? netlink_deliver_tap+0x13c/0x330
[  423.818497][ T4271]  genl_rcv+0x28/0x40
[  423.818499][ T4271]  netlink_unicast+0x47c/0x740
[  423.818501][ T4271]  ? netlink_attachskb+0x800/0x800
[  423.818503][ T4271]  ? lockdep_hardirqs_on+0x8c/0x130
[  423.818505][ T4271]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  423.818507][ T4271]  ? __wake_up+0x44/0x60
[  423.818511][ T4271]  netlink_sendmsg+0x735/0xc60
[  423.818513][ T4271]  ? netlink_unicast+0x740/0x740
[  423.818516][ T4271]  ? lock_acquire.part.0+0xbc/0x260
[  423.818518][ T4271]  ? __might_fault+0x97/0x140
[  423.818521][ T4271]  __sys_sendto+0x2c9/0x400
[  423.818524][ T4271]  ? __ia32_sys_getpeername+0xd0/0xd0
[  423.818526][ T4271]  ? __might_fault+0x97/0x140
[  423.818529][ T4271]  ? __ia32_sys_connect+0xd0/0xd0
[  423.818531][ T4271]  ? __sys_bind+0x191/0x260
[  423.818535][ T4271]  __x64_sys_sendto+0xe4/0x1f0
[  423.818536][ T4271]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  423.818539][ T4271]  ? lockdep_hardirqs_on+0x8c/0x130
[  423.818540][ T4271]  ? do_syscall_64+0x82/0xfc0
[  423.818543][ T4271]  do_syscall_64+0x117/0xfc0
[  423.818544][ T4271]  ? trace_hardirqs_off+0xd/0x30
[  423.818546][ T4271]  ? exc_page_fault+0xee/0x100
[  423.818547][ T4271]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  423.818550][ T4271] RIP: 0033:0x7f694a7c50ee
[  423.818553][ T4271] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  423.818555][ T4271] RSP: 002b:00007ffdcac851c0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  423.818559][ T4271] RAX: ffffffffffffffda RBX: 00007ffdcac85230 RCX: 00007f694a7c50ee
[  423.818561][ T4271] RDX: 0000000000000038 RSI: 000000001f46f988 RDI: 0000000000000006
[  423.818562][ T4271] RBP: 00007ffdcac851d0 R08: 0000000000000000 R09: 0000000000000000
[  423.818563][ T4271] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001f46f988
[  423.818564][ T4271] R13: 000000001f46f720 R14: 00007f694a996000 R15: 000000000042ee00
[  423.818567][ T4271]  </TASK>
[  423.818568][ T4271] 
[  423.827935][ T4271] Allocated by task 4271:
[  423.828014][ T4271]  kasan_save_stack+0x2f/0x50
[  423.828118][ T4271]  kasan_save_track+0x14/0x30
[  423.828218][ T4271]  __kasan_kmalloc+0x7b/0x90
[  423.828324][ T4271]  __kvmalloc_node_noprof+0x2e8/0x8a0
[  423.828436][ T4271]  net_devmem_bind_dmabuf+0x60e/0x1260
[  423.828538][ T4271]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[  423.828640][ T4271]  genl_family_rcv_msg_doit+0x206/0x300
[  423.828743][ T4271]  genl_family_rcv_msg+0x3a4/0x640
[  423.828842][ T4271]  genl_rcv_msg+0xbb/0x160
[  423.828942][ T4271]  netlink_rcv_skb+0x14e/0x3a0
[  423.829046][ T4271]  genl_rcv+0x28/0x40
[  423.829120][ T4271]  netlink_unicast+0x47c/0x740
[  423.829226][ T4271]  netlink_sendmsg+0x735/0xc60
[  423.829332][ T4271]  __sys_sendto+0x2c9/0x400
[  423.829433][ T4271]  __x64_sys_sendto+0xe4/0x1f0
[  423.829531][ T4271]  do_syscall_64+0x117/0xfc0
[  423.829632][ T4271]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  423.829773][ T4271] 
[  423.829826][ T4271] The buggy address belongs to the object at ff1100004ca61d40
[  423.829826][ T4271]  which belongs to the cache kmalloc-64 of size 64
[  423.830071][ T4271] The buggy address is located 0 bytes inside of
[  423.830071][ T4271]  allocated 64-byte region [ff1100004ca61d40, ff1100004ca61d80)
[  423.830336][ T4271] 
[  423.830396][ T4271] The buggy address belongs to the physical page:
[  423.830521][ T4271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100004ca61f40 pfn:0x4ca61
[  423.830731][ T4271] flags: 0x80000000000200(workingset|node=0|zone=1)
[  423.830859][ T4271] page_type: f5(slab)
[  423.830938][ T4271] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[  423.831122][ T4271] raw: ff1100004ca61f40 000000000010000f 00000000f5000000 0000000000000000
[  423.831308][ T4271] page dumped because: kasan: bad access detected
[  423.831432][ T4271] 
[  423.831482][ T4271] Memory state around the buggy address:
[  423.831581][ T4271]  ff1100004ca61c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  423.831735][ T4271]  ff1100004ca61d00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  423.831886][ T4271] >ff1100004ca61d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  423.832031][ T4271]                    ^
[  423.832106][ T4271]  ff1100004ca61e00: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[  423.832262][ T4271]  ff1100004ca61e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  423.832420][ T4271] ==================================================================
[  423.832608][ T4271] Disabling lock debugging due to kernel taint
[  423.832734][ T4271] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf40001329875
[  423.832929][ T4271] flags: 0x0(node=0|zone=0)
[  423.833037][ T4271] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff11000005650800 6b6b6b6b6b6b6b6b
[  423.833330][ T4271] raw: 00000000238b6000 0000000000000000 000000006b6b6b6b ff1100004ca61c40
[  423.833492][ T4271] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[  423.833763][ T4271] ------------[ cut here ]------------
[  423.833868][ T4271] kernel BUG at ./include/linux/page-flags.h:1062!
[  423.833997][ T4271] Oops: invalid opcode: 0000 [#1] SMP KASAN
[  423.834121][ T4271] CPU: 2 UID: 0 PID: 4271 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[  423.834322][ T4271] Tainted: [B]=BAD_PAGE
[  423.834398][ T4271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  423.834618][ T4271] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  423.834744][ T4271] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad b9 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  423.835079][ T4271] RSP: 0018:ffa00000088a7368 EFLAGS: 00010286
[  423.835209][ T4271] RAX: 0000000000000096 RBX: ff1100004ca61d40 RCX: 0000000000000000
[  423.835360][ T4271] RDX: 0000000000000096 RSI: 1ffffffff7a57b44 RDI: fff3fc0001114e58
[  423.835506][ T4271] RBP: ff11000005650800 R08: ffffffffb6dbf47a R09: 1ffffffff74fea44
[  423.835653][ T4271] R10: 0000000000000003 R11: fffffbfff74fea45 R12: ff1100004ca61d41
[  423.835801][ T4271] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  423.835945][ T4271] FS:  00007f694a752740(0000) GS:ff110000b03c6000(0000) knlGS:0000000000000000
[  423.836117][ T4271] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  423.836241][ T4271] CR2: 0000558664ba7608 CR3: 0000000010e4d004 CR4: 0000000000771ef0
[  423.836393][ T4271] PKRU: 55555554
[  423.836473][ T4271] Call Trace:
[  423.836554][ T4271]  <TASK>
[  423.836605][ T4271]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  423.836724][ T4271]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  423.836819][ T4271]  fbnic_fill_bdq+0x238/0x400
[  423.836919][ T4271]  __fbnic_nv_restart+0x145/0x440
[  423.837014][ T4271]  fbnic_queue_start+0x183/0x260
[  423.837114][ T4271]  netdev_rx_queue_reconfig+0x322/0x580
[  423.837213][ T4271]  __netif_mp_open_rxq+0x3be/0x600
[  423.837319][ T4271]  ? netdev_rx_queue_restart+0xb0/0xb0
[  423.837413][ T4271]  ? do_raw_spin_unlock+0x59/0x250
[  423.837512][ T4271]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  423.837628][ T4271]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  423.837733][ T4271]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  423.837831][ T4271]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  423.837951][ T4271]  ? __nla_parse+0x22/0x30
[  423.838046][ T4271]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  423.838166][ T4271]  genl_family_rcv_msg_doit+0x206/0x300
[  423.838260][ T4271]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  423.838390][ T4271]  ? rcu_is_watching+0x15/0xd0
[  423.838489][ T4271]  ? cap_capable+0x1d6/0x3e0
[  423.838585][ T4271]  genl_family_rcv_msg+0x3a4/0x640
[  423.838680][ T4271]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  423.838796][ T4271]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  423.838912][ T4271]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  423.839041][ T4271]  ? __lock_acquire+0x508/0xc10
[  423.839138][ T4271]  genl_rcv_msg+0xbb/0x160
[  423.839233][ T4271]  netlink_rcv_skb+0x14e/0x3a0
[  423.839336][ T4271]  ? genl_family_rcv_msg+0x640/0x640
[  423.839429][ T4271]  ? netlink_ack+0xcd0/0xcd0
[  423.839523][ T4271]  ? netlink_deliver_tap+0xc5/0x330
[  423.839626][ T4271]  ? netlink_deliver_tap+0x13c/0x330
[  423.839724][ T4271]  genl_rcv+0x28/0x40
[  423.839795][ T4271]  netlink_unicast+0x47c/0x740
[  423.839888][ T4271]  ? netlink_attachskb+0x800/0x800
[  423.839981][ T4271]  ? lockdep_hardirqs_on+0x8c/0x130
[  423.840076][ T4271]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  423.840194][ T4271]  ? __wake_up+0x44/0x60
[  423.840274][ T4271]  netlink_sendmsg+0x735/0xc60
[  423.840373][ T4271]  ? netlink_unicast+0x740/0x740
[  423.840469][ T4271]  ? lock_acquire.part.0+0xbc/0x260
[  423.840564][ T4271]  ? __might_fault+0x97/0x140
[  423.840659][ T4271]  __sys_sendto+0x2c9/0x400
[  423.840752][ T4271]  ? __ia32_sys_getpeername+0xd0/0xd0
[  423.840851][ T4271]  ? __might_fault+0x97/0x140
[  423.840945][ T4271]  ? __ia32_sys_connect+0xd0/0xd0
[  423.841038][ T4271]  ? __sys_bind+0x191/0x260
[  423.841137][ T4271]  __x64_sys_sendto+0xe4/0x1f0
[  423.841232][ T4271]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  423.841353][ T4271]  ? lockdep_hardirqs_on+0x8c/0x130
[  423.841447][ T4271]  ? do_syscall_64+0x82/0xfc0
[  423.841553][ T4271]  do_syscall_64+0x117/0xfc0
[  423.841647][ T4271]  ? trace_hardirqs_off+0xd/0x30
[  423.841743][ T4271]  ? exc_page_fault+0xee/0x100
[  423.841841][ T4271]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  423.841958][ T4271] RIP: 0033:0x7f694a7c50ee
[  423.842059][ T4271] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  423.842412][ T4271] RSP: 002b:00007ffdcac851c0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  423.842555][ T4271] RAX: ffffffffffffffda RBX: 00007ffdcac85230 RCX: 00007f694a7c50ee
[  423.842697][ T4271] RDX: 0000000000000038 RSI: 000000001f46f988 RDI: 0000000000000006
[  423.842844][ T4271] RBP: 00007ffdcac851d0 R08: 0000000000000000 R09: 0000000000000000
[  423.842990][ T4271] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001f46f988
[  423.843132][ T4271] R13: 000000001f46f720 R14: 00007f694a996000 R15: 000000000042ee00
[  423.843280][ T4271]  </TASK>
[  423.843357][ T4271] Modules linked in: netconsole 8021q macsec
[  423.843495][ T4271] ---[ end trace 0000000000000000 ]---
[  423.843599][ T4271] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  423.843720][ T4271] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad b9 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  423.844057][ T4271] RSP: 0018:ffa00000088a7368 EFLAGS: 00010286
[  423.844189][ T4271] RAX: 0000000000000096 RBX: ff1100004ca61d40 RCX: 0000000000000000
[  423.844337][ T4271] RDX: 0000000000000096 RSI: 1ffffffff7a57b44 RDI: fff3fc0001114e58
[  423.844478][ T4271] RBP: ff11000005650800 R08: ffffffffb6dbf47a R09: 1ffffffff74fea44
[  423.844624][ T4271] R10: 0000000000000003 R11: fffffbfff74fea45 R12: ff1100004ca61d41
[  423.844778][ T4271] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  423.844926][ T4271] FS:  00007f694a752740(0000) GS:ff110000b03c6000(0000) knlGS:0000000000000000
[  423.845093][ T4271] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  423.846046][ T4271] CR2: 0000558664ba7608 CR3: 0000000010e4d004 CR4: 0000000000771ef0
[  423.846211][ T4271] PKRU: 55555554
[  423.846287][ T4271] Kernel panic - not syncing: Fatal exception
[  423.846542][ T4271] Kernel Offset: 0x35600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  423.846758][ T4271] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr