[   21.944077][  T346] ==================================================================
[   21.944353][  T346] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[   21.944543][  T346] Read of size 128 at addr ff1100002564cc40 by task ncdevmem/346
[   21.944720][  T346] 
[   21.944784][  T346] CPU: 5 UID: 0 PID: 346 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[   21.944788][  T346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   21.944790][  T346] Call Trace:
[   21.944791][  T346]  <TASK>
[   21.944793][  T346]  dump_stack_lvl+0x6f/0xa0
[   21.944798][  T346]  print_address_description.constprop.0+0x56/0x2d0
[   21.944803][  T346]  print_report+0xfc/0x1fa
[   21.944805][  T346]  ? __virt_addr_valid+0x102/0x440
[   21.944808][  T346]  ? __virt_addr_valid+0x1da/0x440
[   21.944810][  T346]  kasan_report+0x108/0x130
[   21.944813][  T346]  ? snapshot_page+0x2a7/0x510
[   21.944815][  T346]  ? snapshot_page+0x2a7/0x510
[   21.944818][  T346]  kasan_check_range+0x130/0x200
[   21.944820][  T346]  __asan_memcpy+0x23/0x60
[   21.944822][  T346]  snapshot_page+0x2a7/0x510
[   21.944824][  T346]  ? fourcc_string+0xb97/0xc40
[   21.944827][  T346]  __dump_page+0x8a/0x100
[   21.944830][  T346]  ? __dump_folio+0x4d0/0x4d0
[   21.944834][  T346]  ? net_devmem_alloc_dmabuf+0x199/0x270
[   21.944838][  T346]  dump_page+0x3a/0x60
[   21.944839][  T346]  page_pool_set_pp_info+0x185/0x1e0
[   21.944843][  T346]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   21.944845][  T346]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   21.944847][  T346]  fbnic_fill_bdq+0x238/0x400
[   21.944851][  T346]  __fbnic_nv_restart+0x145/0x440
[   21.944854][  T346]  fbnic_queue_start+0x183/0x260
[   21.944856][  T346]  netdev_rx_queue_reconfig+0x322/0x580
[   21.944858][  T346]  __netif_mp_open_rxq+0x3be/0x600
[   21.944860][  T346]  ? netdev_rx_queue_restart+0xb0/0xb0
[   21.944862][  T346]  ? do_raw_spin_unlock+0x59/0x250
[   21.944866][  T346]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   21.944868][  T346]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   21.944870][  T346]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   21.944874][  T346]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.944876][  T346]  ? __nla_parse+0x22/0x30
[   21.944880][  T346]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   21.944883][  T346]  genl_family_rcv_msg_doit+0x206/0x300
[   21.944885][  T346]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   21.944888][  T346]  ? rcu_is_watching+0x15/0xd0
[   21.944891][  T346]  ? cap_capable+0x1d6/0x3e0
[   21.944894][  T346]  genl_family_rcv_msg+0x3a4/0x640
[   21.944896][  T346]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   21.944898][  T346]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   21.944899][  T346]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.944901][  T346]  ? __lock_acquire+0x508/0xc10
[   21.944904][  T346]  genl_rcv_msg+0xbb/0x160
[   21.944906][  T346]  netlink_rcv_skb+0x14e/0x3a0
[   21.944909][  T346]  ? genl_family_rcv_msg+0x640/0x640
[   21.944910][  T346]  ? netlink_ack+0xcd0/0xcd0
[   21.944913][  T346]  ? netlink_deliver_tap+0xc5/0x330
[   21.944915][  T346]  ? netlink_deliver_tap+0x13c/0x330
[   21.944918][  T346]  genl_rcv+0x28/0x40
[   21.944919][  T346]  netlink_unicast+0x47c/0x740
[   21.944921][  T346]  ? netlink_attachskb+0x800/0x800
[   21.944923][  T346]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.944925][  T346]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   21.944928][  T346]  ? __wake_up+0x44/0x60
[   21.944931][  T346]  netlink_sendmsg+0x735/0xc60
[   21.944934][  T346]  ? netlink_unicast+0x740/0x740
[   21.944936][  T346]  ? lock_acquire.part.0+0xbc/0x260
[   21.944938][  T346]  ? __might_fault+0x97/0x140
[   21.944940][  T346]  __sys_sendto+0x2c9/0x400
[   21.944944][  T346]  ? __ia32_sys_getpeername+0xd0/0xd0
[   21.944945][  T346]  ? __might_fault+0x97/0x140
[   21.944948][  T346]  ? __ia32_sys_connect+0xd0/0xd0
[   21.944949][  T346]  ? __sys_bind+0x191/0x260
[   21.944953][  T346]  __x64_sys_sendto+0xe4/0x1f0
[   21.944955][  T346]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   21.944957][  T346]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.944959][  T346]  ? do_syscall_64+0x82/0xfc0
[   21.944961][  T346]  do_syscall_64+0x117/0xfc0
[   21.944962][  T346]  ? irq_exit_rcu+0x1a/0x30
[   21.944965][  T346]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.944968][  T346] RIP: 0033:0x7fab81ba60ee
[   21.944972][  T346] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   21.944974][  T346] RSP: 002b:00007ffc219b5e90 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   21.944978][  T346] RAX: ffffffffffffffda RBX: 00007ffc219b5f00 RCX: 00007fab81ba60ee
[   21.944979][  T346] RDX: 0000000000000038 RSI: 000000003f0f3988 RDI: 0000000000000006
[   21.944980][  T346] RBP: 00007ffc219b5ea0 R08: 0000000000000000 R09: 0000000000000000
[   21.944981][  T346] R10: 0000000000000000 R11: 0000000000000202 R12: 000000003f0f3988
[   21.944982][  T346] R13: 000000003f0f3720 R14: 00007fab81d77000 R15: 000000000042ee00
[   21.944985][  T346]  </TASK>
[   21.944985][  T346] 
[   21.953616][  T346] Allocated by task 346:
[   21.953696][  T346]  kasan_save_stack+0x2f/0x50
[   21.953802][  T346]  kasan_save_track+0x14/0x30
[   21.953898][  T346]  __kasan_kmalloc+0x7b/0x90
[   21.953993][  T346]  __kvmalloc_node_noprof+0x2e8/0x8a0
[   21.954089][  T346]  net_devmem_bind_dmabuf+0x60e/0x1260
[   21.954186][  T346]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[   21.954282][  T346]  genl_family_rcv_msg_doit+0x206/0x300
[   21.954382][  T346]  genl_family_rcv_msg+0x3a4/0x640
[   21.954477][  T346]  genl_rcv_msg+0xbb/0x160
[   21.954572][  T346]  netlink_rcv_skb+0x14e/0x3a0
[   21.954672][  T346]  genl_rcv+0x28/0x40
[   21.954745][  T346]  netlink_unicast+0x47c/0x740
[   21.954839][  T346]  netlink_sendmsg+0x735/0xc60
[   21.954935][  T346]  __sys_sendto+0x2c9/0x400
[   21.955037][  T346]  __x64_sys_sendto+0xe4/0x1f0
[   21.955132][  T346]  do_syscall_64+0x117/0xfc0
[   21.955227][  T346]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.955345][  T346] 
[   21.955399][  T346] The buggy address belongs to the object at ff1100002564cc40
[   21.955399][  T346]  which belongs to the cache kmalloc-64 of size 64
[   21.955645][  T346] The buggy address is located 0 bytes inside of
[   21.955645][  T346]  allocated 64-byte region [ff1100002564cc40, ff1100002564cc80)
[   21.955879][  T346] 
[   21.955931][  T346] The buggy address belongs to the physical page:
[   21.956051][  T346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100002564ce40 pfn:0x2564c
[   21.956256][  T346] flags: 0x80000000000200(workingset|node=0|zone=1)
[   21.956385][  T346] page_type: f5(slab)
[   21.956461][  T346] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[   21.956643][  T346] raw: ff1100002564ce40 000000000010000e 00000000f5000000 0000000000000000
[   21.956812][  T346] page dumped because: kasan: bad access detected
[   21.956936][  T346] 
[   21.956986][  T346] Memory state around the buggy address:
[   21.957080][  T346]  ff1100002564cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.957226][  T346]  ff1100002564cc00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   21.957365][  T346] >ff1100002564cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.957504][  T346]                    ^
[   21.957585][  T346]  ff1100002564cd00: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[   21.957728][  T346]  ff1100002564cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.957872][  T346] ==================================================================
[   21.958029][  T346] Disabling lock debugging due to kernel taint
[   21.958155][  T346] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf40000959331
[   21.958342][  T346] flags: 0x0(node=0|zone=0)
[   21.958431][  T346] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff11000021636800 6b6b6b6b6b6b6b6b
[   21.958585][  T346] raw: 0000000019c38000 0000000000000000 000000006b6b6b6b ff1100002564cb40
[   21.958739][  T346] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[   21.959006][  T346] ------------[ cut here ]------------
[   21.959099][  T346] kernel BUG at ./include/linux/page-flags.h:1062!
[   21.959221][  T346] Oops: invalid opcode: 0000 [#1] SMP KASAN
[   21.959341][  T346] CPU: 5 UID: 0 PID: 346 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[   21.959535][  T346] Tainted: [B]=BAD_PAGE
[   21.959605][  T346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   21.959812][  T346] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   21.959932][  T346] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ed 98 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   21.960263][  T346] RSP: 0018:ffa00000017df368 EFLAGS: 00010286
[   21.960380][  T346] RAX: 0000000000000096 RBX: ff1100002564cc40 RCX: 0000000000000000
[   21.960519][  T346] RDX: 0000000000000096 RSI: 1ffffffff38d7b44 RDI: fff3fc00002fbe58
[   21.960666][  T346] RBP: ff11000021636800 R08: ffffffff961bf47a R09: 1ffffffff337ea44
[   21.960802][  T346] R10: 0000000000000003 R11: fffffbfff337ea45 R12: ff1100002564cc41
[   21.960938][  T346] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   21.961078][  T346] FS:  00007fab81b33740(0000) GS:ff110000d1146000(0000) knlGS:0000000000000000
[   21.961248][  T346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.961363][  T346] CR2: 00007fdc20bfb100 CR3: 00000000051fc006 CR4: 0000000000771ef0
[   21.961503][  T346] PKRU: 55555554
[   21.961573][  T346] Call Trace:
[   21.961646][  T346]  <TASK>
[   21.961693][  T346]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   21.961809][  T346]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   21.961905][  T346]  fbnic_fill_bdq+0x238/0x400
[   21.961998][  T346]  __fbnic_nv_restart+0x145/0x440
[   21.962089][  T346]  fbnic_queue_start+0x183/0x260
[   21.962183][  T346]  netdev_rx_queue_reconfig+0x322/0x580
[   21.962275][  T346]  __netif_mp_open_rxq+0x3be/0x600
[   21.962365][  T346]  ? netdev_rx_queue_restart+0xb0/0xb0
[   21.962461][  T346]  ? do_raw_spin_unlock+0x59/0x250
[   21.962553][  T346]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   21.962670][  T346]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   21.962764][  T346]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   21.962856][  T346]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.962968][  T346]  ? __nla_parse+0x22/0x30
[   21.963065][  T346]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   21.963178][  T346]  genl_family_rcv_msg_doit+0x206/0x300
[   21.963269][  T346]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   21.963385][  T346]  ? rcu_is_watching+0x15/0xd0
[   21.963479][  T346]  ? cap_capable+0x1d6/0x3e0
[   21.963571][  T346]  genl_family_rcv_msg+0x3a4/0x640
[   21.963672][  T346]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   21.963783][  T346]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   21.963895][  T346]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.964010][  T346]  ? __lock_acquire+0x508/0xc10
[   21.964103][  T346]  genl_rcv_msg+0xbb/0x160
[   21.964198][  T346]  netlink_rcv_skb+0x14e/0x3a0
[   21.964294][  T346]  ? genl_family_rcv_msg+0x640/0x640
[   21.964387][  T346]  ? netlink_ack+0xcd0/0xcd0
[   21.964478][  T346]  ? netlink_deliver_tap+0xc5/0x330
[   21.964569][  T346]  ? netlink_deliver_tap+0x13c/0x330
[   21.964665][  T346]  genl_rcv+0x28/0x40
[   21.964736][  T346]  netlink_unicast+0x47c/0x740
[   21.964828][  T346]  ? netlink_attachskb+0x800/0x800
[   21.964923][  T346]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.965015][  T346]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   21.965128][  T346]  ? __wake_up+0x44/0x60
[   21.965200][  T346]  netlink_sendmsg+0x735/0xc60
[   21.965292][  T346]  ? netlink_unicast+0x740/0x740
[   21.965383][  T346]  ? lock_acquire.part.0+0xbc/0x260
[   21.965478][  T346]  ? __might_fault+0x97/0x140
[   21.965569][  T346]  __sys_sendto+0x2c9/0x400
[   21.965666][  T346]  ? __ia32_sys_getpeername+0xd0/0xd0
[   21.965756][  T346]  ? __might_fault+0x97/0x140
[   21.965848][  T346]  ? __ia32_sys_connect+0xd0/0xd0
[   21.965938][  T346]  ? __sys_bind+0x191/0x260
[   21.966030][  T346]  __x64_sys_sendto+0xe4/0x1f0
[   21.966128][  T346]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   21.966242][  T346]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.966333][  T346]  ? do_syscall_64+0x82/0xfc0
[   21.966424][  T346]  do_syscall_64+0x117/0xfc0
[   21.966517][  T346]  ? irq_exit_rcu+0x1a/0x30
[   21.966609][  T346]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.966730][  T346] RIP: 0033:0x7fab81ba60ee
[   21.966826][  T346] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   21.967148][  T346] RSP: 002b:00007ffc219b5e90 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   21.967293][  T346] RAX: ffffffffffffffda RBX: 00007ffc219b5f00 RCX: 00007fab81ba60ee
[   21.967433][  T346] RDX: 0000000000000038 RSI: 000000003f0f3988 RDI: 0000000000000006
[   21.967573][  T346] RBP: 00007ffc219b5ea0 R08: 0000000000000000 R09: 0000000000000000
[   21.967716][  T346] R10: 0000000000000000 R11: 0000000000000202 R12: 000000003f0f3988
[   21.967852][  T346] R13: 000000003f0f3720 R14: 00007fab81d77000 R15: 000000000042ee00
[   21.967999][  T346]  </TASK>
[   21.968069][  T346] Modules linked in:
[   21.968148][  T346] ---[ end trace 0000000000000000 ]---
[   21.968241][  T346] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   21.968360][  T346] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ed 98 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   21.968687][  T346] RSP: 0018:ffa00000017df368 EFLAGS: 00010286
[   21.968801][  T346] RAX: 0000000000000096 RBX: ff1100002564cc40 RCX: 0000000000000000
[   21.968935][  T346] RDX: 0000000000000096 RSI: 1ffffffff38d7b44 RDI: fff3fc00002fbe58
[   21.969070][  T346] RBP: ff11000021636800 R08: ffffffff961bf47a R09: 1ffffffff337ea44
[   21.969220][  T346] R10: 0000000000000003 R11: fffffbfff337ea45 R12: ff1100002564cc41
[   21.969356][  T346] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   21.969491][  T346] FS:  00007fab81b33740(0000) GS:ff110000d1146000(0000) knlGS:0000000000000000
[   21.969649][  T346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.969768][  T346] CR2: 00007fdc20bfb100 CR3: 00000000051fc006 CR4: 0000000000771ef0
[   21.969907][  T346] PKRU: 55555554
[   21.969978][  T346] Kernel panic - not syncing: Fatal exception
[   21.970219][  T346] Kernel Offset: 0x14a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   21.970437][  T346] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr