[  819.974052][T11808] ==================================================================
[  819.974331][T11808] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[  819.974520][T11808] Read of size 128 at addr ff1100001c44fa40 by task ncdevmem/11808
[  819.974702][T11808] 
[  819.974767][T11808] CPU: 4 UID: 0 PID: 11808 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[  819.974771][T11808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  819.974773][T11808] Call Trace:
[  819.974775][T11808]  <TASK>
[  819.974782][T11808]  dump_stack_lvl+0x6f/0xa0
[  819.974787][T11808]  print_address_description.constprop.0+0x56/0x2d0
[  819.974792][T11808]  print_report+0xfc/0x1fa
[  819.974794][T11808]  ? __virt_addr_valid+0x102/0x440
[  819.974798][T11808]  ? __virt_addr_valid+0x1da/0x440
[  819.974799][T11808]  kasan_report+0x108/0x130
[  819.974803][T11808]  ? snapshot_page+0x2a7/0x510
[  819.974805][T11808]  ? snapshot_page+0x2a7/0x510
[  819.974807][T11808]  kasan_check_range+0x130/0x200
[  819.974809][T11808]  __asan_memcpy+0x23/0x60
[  819.974811][T11808]  snapshot_page+0x2a7/0x510
[  819.974813][T11808]  ? fourcc_string+0xb97/0xc40
[  819.974817][T11808]  __dump_page+0x8a/0x100
[  819.974820][T11808]  ? __dump_folio+0x4d0/0x4d0
[  819.974825][T11808]  ? net_devmem_alloc_dmabuf+0x199/0x270
[  819.974828][T11808]  dump_page+0x3a/0x60
[  819.974830][T11808]  page_pool_set_pp_info+0x185/0x1e0
[  819.974833][T11808]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  819.974835][T11808]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  819.974838][T11808]  fbnic_fill_bdq+0x238/0x400
[  819.974842][T11808]  __fbnic_nv_restart+0x145/0x440
[  819.974844][T11808]  fbnic_queue_start+0x183/0x260
[  819.974846][T11808]  netdev_rx_queue_reconfig+0x322/0x580
[  819.974849][T11808]  __netif_mp_open_rxq+0x3be/0x600
[  819.974851][T11808]  ? netdev_rx_queue_restart+0xb0/0xb0
[  819.974853][T11808]  ? do_raw_spin_unlock+0x59/0x250
[  819.974857][T11808]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  819.974858][T11808]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  819.974861][T11808]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  819.974865][T11808]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  819.974867][T11808]  ? __nla_parse+0x22/0x30
[  819.974871][T11808]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  819.974874][T11808]  genl_family_rcv_msg_doit+0x206/0x300
[  819.974876][T11808]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  819.974878][T11808]  ? rcu_is_watching+0x15/0xd0
[  819.974881][T11808]  ? cap_capable+0x1d6/0x3e0
[  819.974885][T11808]  genl_family_rcv_msg+0x3a4/0x640
[  819.974887][T11808]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  819.974888][T11808]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  819.974890][T11808]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  819.974892][T11808]  ? __lock_acquire+0x508/0xc10
[  819.974895][T11808]  genl_rcv_msg+0xbb/0x160
[  819.974897][T11808]  netlink_rcv_skb+0x14e/0x3a0
[  819.974900][T11808]  ? genl_family_rcv_msg+0x640/0x640
[  819.974901][T11808]  ? netlink_ack+0xcd0/0xcd0
[  819.974905][T11808]  ? netlink_deliver_tap+0xc5/0x330
[  819.974907][T11808]  ? netlink_deliver_tap+0x13c/0x330
[  819.974909][T11808]  genl_rcv+0x28/0x40
[  819.974910][T11808]  netlink_unicast+0x47c/0x740
[  819.974913][T11808]  ? netlink_attachskb+0x800/0x800
[  819.974915][T11808]  ? lockdep_hardirqs_on+0x8c/0x130
[  819.974917][T11808]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  819.974919][T11808]  ? __wake_up+0x44/0x60
[  819.974923][T11808]  netlink_sendmsg+0x735/0xc60
[  819.974925][T11808]  ? netlink_unicast+0x740/0x740
[  819.974927][T11808]  ? lock_acquire.part.0+0xbc/0x260
[  819.974929][T11808]  ? __might_fault+0x97/0x140
[  819.974932][T11808]  __sys_sendto+0x2c9/0x400
[  819.974935][T11808]  ? __ia32_sys_getpeername+0xd0/0xd0
[  819.974937][T11808]  ? __might_fault+0x97/0x140
[  819.974940][T11808]  ? __ia32_sys_connect+0xd0/0xd0
[  819.974941][T11808]  ? __sys_bind+0x191/0x260
[  819.974945][T11808]  __x64_sys_sendto+0xe4/0x1f0
[  819.974946][T11808]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  819.974949][T11808]  ? lockdep_hardirqs_on+0x8c/0x130
[  819.974950][T11808]  ? do_syscall_64+0x82/0xfc0
[  819.974953][T11808]  do_syscall_64+0x117/0xfc0
[  819.974954][T11808]  ? trace_hardirqs_off+0xd/0x30
[  819.974956][T11808]  ? exc_page_fault+0xee/0x100
[  819.974957][T11808]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  819.974960][T11808] RIP: 0033:0x7f187fe550ee
[  819.974964][T11808] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  819.974966][T11808] RSP: 002b:00007ffdb24a5a50 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  819.974971][T11808] RAX: ffffffffffffffda RBX: 00007ffdb24a5ac0 RCX: 00007f187fe550ee
[  819.974972][T11808] RDX: 0000000000000038 RSI: 0000000003d26988 RDI: 0000000000000006
[  819.974973][T11808] RBP: 00007ffdb24a5a60 R08: 0000000000000000 R09: 0000000000000000
[  819.974974][T11808] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000003d26988
[  819.974975][T11808] R13: 0000000003d26720 R14: 00007f1880026000 R15: 000000000042ee00
[  819.974978][T11808]  </TASK>
[  819.974979][T11808] 
[  819.983935][T11808] Allocated by task 11808:
[  819.984034][T11808]  kasan_save_stack+0x2f/0x50
[  819.984133][T11808]  kasan_save_track+0x14/0x30
[  819.984232][T11808]  __kasan_kmalloc+0x7b/0x90
[  819.984330][T11808]  __kvmalloc_node_noprof+0x2e8/0x8a0
[  819.984429][T11808]  net_devmem_bind_dmabuf+0x60e/0x1260
[  819.984526][T11808]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[  819.984623][T11808]  genl_family_rcv_msg_doit+0x206/0x300
[  819.984720][T11808]  genl_family_rcv_msg+0x3a4/0x640
[  819.984820][T11808]  genl_rcv_msg+0xbb/0x160
[  819.984917][T11808]  netlink_rcv_skb+0x14e/0x3a0
[  819.985013][T11808]  genl_rcv+0x28/0x40
[  819.985088][T11808]  netlink_unicast+0x47c/0x740
[  819.985188][T11808]  netlink_sendmsg+0x735/0xc60
[  819.985285][T11808]  __sys_sendto+0x2c9/0x400
[  819.985382][T11808]  __x64_sys_sendto+0xe4/0x1f0
[  819.985481][T11808]  do_syscall_64+0x117/0xfc0
[  819.985577][T11808]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  819.985694][T11808] 
[  819.985750][T11808] The buggy address belongs to the object at ff1100001c44fa40
[  819.985750][T11808]  which belongs to the cache kmalloc-64 of size 64
[  819.985991][T11808] The buggy address is located 0 bytes inside of
[  819.985991][T11808]  allocated 64-byte region [ff1100001c44fa40, ff1100001c44fa80)
[  819.986233][T11808] 
[  819.986285][T11808] The buggy address belongs to the physical page:
[  819.986407][T11808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100001c44fc40 pfn:0x1c44f
[  819.986606][T11808] flags: 0x80000000000200(workingset|node=0|zone=1)
[  819.986730][T11808] page_type: f5(slab)
[  819.986807][T11808] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[  819.986983][T11808] raw: ff1100001c44fc40 000000000010000c 00000000f5000000 0000000000000000
[  819.987159][T11808] page dumped because: kasan: bad access detected
[  819.987281][T11808] 
[  819.987330][T11808] Memory state around the buggy address:
[  819.987426][T11808]  ff1100001c44f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  819.987577][T11808]  ff1100001c44fa00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  819.987722][T11808] >ff1100001c44fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  819.987866][T11808]                    ^
[  819.987940][T11808]  ff1100001c44fb00: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[  819.988085][T11808]  ff1100001c44fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  819.988228][T11808] ==================================================================
[  819.988517][T11808] Disabling lock debugging due to kernel taint
[  819.988646][T11808] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf400007113e9
[  819.988840][T11808] flags: 0x0(node=0|zone=0)
[  819.988938][T11808] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff1100000588a000 6b6b6b6b6b6b6b6b
[  819.989102][T11808] raw: 000000001df91000 0000000000000000 000000006b6b6b6b ff1100001c44f940
[  819.989272][T11808] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[  819.989537][T11808] ------------[ cut here ]------------
[  819.989633][T11808] kernel BUG at ./include/linux/page-flags.h:1062!
[  819.989758][T11808] Oops: invalid opcode: 0000 [#1] SMP KASAN
[  819.989880][T11808] CPU: 4 UID: 0 PID: 11808 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[  819.990089][T11808] Tainted: [B]=BAD_PAGE
[  819.990164][T11808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  819.990372][T11808] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  819.990493][T11808] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad 96 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  819.990860][T11808] RSP: 0018:ffa000000b2df368 EFLAGS: 00010286
[  819.990981][T11808] RAX: 0000000000000096 RBX: ff1100001c44fa40 RCX: 0000000000000000
[  819.991123][T11808] RDX: 0000000000000096 RSI: 1ffffffff3457b44 RDI: fff3fc000165be58
[  819.991262][T11808] RBP: ff1100000588a000 R08: ffffffff93dbf47a R09: 1ffffffff2efea44
[  819.991402][T11808] R10: 0000000000000003 R11: fffffbfff2efea45 R12: ff1100001c44fa41
[  819.991546][T11808] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  819.991684][T11808] FS:  00007f187fde2740(0000) GS:ff110000cc2c6000(0000) knlGS:0000000000000000
[  819.991849][T11808] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  819.991972][T11808] CR2: 0000557d77b11608 CR3: 0000000019316004 CR4: 0000000000771ef0
[  819.992114][T11808] PKRU: 55555554
[  819.992185][T11808] Call Trace:
[  819.992256][T11808]  <TASK>
[  819.992305][T11808]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  819.992420][T11808]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  819.992510][T11808]  fbnic_fill_bdq+0x238/0x400
[  819.992605][T11808]  __fbnic_nv_restart+0x145/0x440
[  819.992697][T11808]  fbnic_queue_start+0x183/0x260
[  819.992789][T11808]  netdev_rx_queue_reconfig+0x322/0x580
[  819.992884][T11808]  __netif_mp_open_rxq+0x3be/0x600
[  819.992977][T11808]  ? netdev_rx_queue_restart+0xb0/0xb0
[  819.993071][T11808]  ? do_raw_spin_unlock+0x59/0x250
[  819.993166][T11808]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  819.993280][T11808]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  819.993374][T11808]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  819.993470][T11808]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  819.993587][T11808]  ? __nla_parse+0x22/0x30
[  819.993679][T11808]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  819.993802][T11808]  genl_family_rcv_msg_doit+0x206/0x300
[  819.993895][T11808]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  819.994013][T11808]  ? rcu_is_watching+0x15/0xd0
[  819.994107][T11808]  ? cap_capable+0x1d6/0x3e0
[  819.994200][T11808]  genl_family_rcv_msg+0x3a4/0x640
[  819.994296][T11808]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  819.994412][T11808]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  819.994526][T11808]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  819.994644][T11808]  ? __lock_acquire+0x508/0xc10
[  819.994736][T11808]  genl_rcv_msg+0xbb/0x160
[  819.994832][T11808]  netlink_rcv_skb+0x14e/0x3a0
[  819.994925][T11808]  ? genl_family_rcv_msg+0x640/0x640
[  819.995016][T11808]  ? netlink_ack+0xcd0/0xcd0
[  819.995110][T11808]  ? netlink_deliver_tap+0xc5/0x330
[  819.995204][T11808]  ? netlink_deliver_tap+0x13c/0x330
[  819.995302][T11808]  genl_rcv+0x28/0x40
[  819.995373][T11808]  netlink_unicast+0x47c/0x740
[  819.995468][T11808]  ? netlink_attachskb+0x800/0x800
[  819.995562][T11808]  ? lockdep_hardirqs_on+0x8c/0x130
[  819.995655][T11808]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  819.995767][T11808]  ? __wake_up+0x44/0x60
[  819.995842][T11808]  netlink_sendmsg+0x735/0xc60
[  819.995938][T11808]  ? netlink_unicast+0x740/0x740
[  819.996031][T11808]  ? lock_acquire.part.0+0xbc/0x260
[  819.996125][T11808]  ? __might_fault+0x97/0x140
[  819.996219][T11808]  __sys_sendto+0x2c9/0x400
[  819.996311][T11808]  ? __ia32_sys_getpeername+0xd0/0xd0
[  819.996403][T11808]  ? __might_fault+0x97/0x140
[  819.996497][T11808]  ? __ia32_sys_connect+0xd0/0xd0
[  819.996588][T11808]  ? __sys_bind+0x191/0x260
[  819.996678][T11808]  __x64_sys_sendto+0xe4/0x1f0
[  819.996772][T11808]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  819.996888][T11808]  ? lockdep_hardirqs_on+0x8c/0x130
[  819.996979][T11808]  ? do_syscall_64+0x82/0xfc0
[  819.997072][T11808]  do_syscall_64+0x117/0xfc0
[  819.997167][T11808]  ? trace_hardirqs_off+0xd/0x30
[  819.997259][T11808]  ? exc_page_fault+0xee/0x100
[  819.997353][T11808]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  819.997470][T11808] RIP: 0033:0x7f187fe550ee
[  819.997566][T11808] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  819.997899][T11808] RSP: 002b:00007ffdb24a5a50 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  819.998042][T11808] RAX: ffffffffffffffda RBX: 00007ffdb24a5ac0 RCX: 00007f187fe550ee
[  819.998184][T11808] RDX: 0000000000000038 RSI: 0000000003d26988 RDI: 0000000000000006
[  819.998326][T11808] RBP: 00007ffdb24a5a60 R08: 0000000000000000 R09: 0000000000000000
[  819.998469][T11808] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000003d26988
[  819.998609][T11808] R13: 0000000003d26720 R14: 00007f1880026000 R15: 000000000042ee00
[  819.998750][T11808]  </TASK>
[  819.998823][T11808] Modules linked in: 8021q macsec netconsole
[  819.999020][T11808] ---[ end trace 0000000000000000 ]---
[  819.999218][T11808] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  819.999342][T11808] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad 96 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  819.999668][T11808] RSP: 0018:ffa000000b2df368 EFLAGS: 00010286
[  819.999795][T11808] RAX: 0000000000000096 RBX: ff1100001c44fa40 RCX: 0000000000000000
[  819.999936][T11808] RDX: 0000000000000096 RSI: 1ffffffff3457b44 RDI: fff3fc000165be58
[  820.000076][T11808] RBP: ff1100000588a000 R08: ffffffff93dbf47a R09: 1ffffffff2efea44
[  820.000232][T11808] R10: 0000000000000003 R11: fffffbfff2efea45 R12: ff1100001c44fa41
[  820.000374][T11808] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  820.000519][T11808] FS:  00007f187fde2740(0000) GS:ff110000cc2c6000(0000) knlGS:0000000000000000
[  820.000683][T11808] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  820.000805][T11808] CR2: 0000557d77b11608 CR3: 0000000019316004 CR4: 0000000000771ef0
[  820.000949][T11808] PKRU: 55555554
[  820.001026][T11808] Kernel panic - not syncing: Fatal exception
[  820.001299][T11808] Kernel Offset: 0x12600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  820.001513][T11808] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr