[  814.434026][T11776] ==================================================================
[  814.434308][T11776] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[  814.434491][T11776] Read of size 128 at addr ff11000050eaa940 by task ncdevmem/11776
[  814.434660][T11776] 
[  814.434724][T11776] CPU: 5 UID: 0 PID: 11776 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[  814.434727][T11776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  814.434729][T11776] Call Trace:
[  814.434731][T11776]  <TASK>
[  814.434732][T11776]  dump_stack_lvl+0x6f/0xa0
[  814.434737][T11776]  print_address_description.constprop.0+0x56/0x2d0
[  814.434742][T11776]  print_report+0xfc/0x1fa
[  814.434744][T11776]  ? __virt_addr_valid+0x102/0x440
[  814.434747][T11776]  ? __virt_addr_valid+0x1da/0x440
[  814.434749][T11776]  kasan_report+0x108/0x130
[  814.434753][T11776]  ? snapshot_page+0x2a7/0x510
[  814.434754][T11776]  ? snapshot_page+0x2a7/0x510
[  814.434757][T11776]  kasan_check_range+0x130/0x200
[  814.434759][T11776]  __asan_memcpy+0x23/0x60
[  814.434761][T11776]  snapshot_page+0x2a7/0x510
[  814.434763][T11776]  ? fourcc_string+0xb97/0xc40
[  814.434767][T11776]  __dump_page+0x8a/0x100
[  814.434769][T11776]  ? __dump_folio+0x4d0/0x4d0
[  814.434774][T11776]  ? net_devmem_alloc_dmabuf+0x199/0x270
[  814.434777][T11776]  dump_page+0x3a/0x60
[  814.434779][T11776]  page_pool_set_pp_info+0x185/0x1e0
[  814.434783][T11776]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  814.434784][T11776]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  814.434787][T11776]  fbnic_fill_bdq+0x238/0x400
[  814.434791][T11776]  __fbnic_nv_restart+0x145/0x440
[  814.434794][T11776]  fbnic_queue_start+0x183/0x260
[  814.434796][T11776]  netdev_rx_queue_reconfig+0x322/0x580
[  814.434798][T11776]  __netif_mp_open_rxq+0x3be/0x600
[  814.434800][T11776]  ? netdev_rx_queue_restart+0xb0/0xb0
[  814.434802][T11776]  ? do_raw_spin_unlock+0x59/0x250
[  814.434806][T11776]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  814.434808][T11776]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  814.434811][T11776]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  814.434814][T11776]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  814.434816][T11776]  ? __nla_parse+0x22/0x30
[  814.434820][T11776]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  814.434823][T11776]  genl_family_rcv_msg_doit+0x206/0x300
[  814.434825][T11776]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  814.434828][T11776]  ? rcu_is_watching+0x15/0xd0
[  814.434830][T11776]  ? cap_capable+0x1d6/0x3e0
[  814.434834][T11776]  genl_family_rcv_msg+0x3a4/0x640
[  814.434836][T11776]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  814.434840][T11776]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  814.434842][T11776]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  814.434844][T11776]  ? __lock_acquire+0x508/0xc10
[  814.434847][T11776]  genl_rcv_msg+0xbb/0x160
[  814.434849][T11776]  netlink_rcv_skb+0x14e/0x3a0
[  814.434852][T11776]  ? genl_family_rcv_msg+0x640/0x640
[  814.434853][T11776]  ? netlink_ack+0xcd0/0xcd0
[  814.434857][T11776]  ? netlink_deliver_tap+0xc5/0x330
[  814.434858][T11776]  ? netlink_deliver_tap+0x13c/0x330
[  814.434861][T11776]  genl_rcv+0x28/0x40
[  814.434862][T11776]  netlink_unicast+0x47c/0x740
[  814.434865][T11776]  ? netlink_attachskb+0x800/0x800
[  814.434866][T11776]  ? lockdep_hardirqs_on+0x8c/0x130
[  814.434869][T11776]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  814.434871][T11776]  ? __wake_up+0x44/0x60
[  814.434874][T11776]  netlink_sendmsg+0x735/0xc60
[  814.434877][T11776]  ? netlink_unicast+0x740/0x740
[  814.434879][T11776]  ? lock_acquire.part.0+0xbc/0x260
[  814.434881][T11776]  ? __might_fault+0x97/0x140
[  814.434884][T11776]  __sys_sendto+0x2c9/0x400
[  814.434887][T11776]  ? __ia32_sys_getpeername+0xd0/0xd0
[  814.434888][T11776]  ? __might_fault+0x97/0x140
[  814.434891][T11776]  ? __ia32_sys_connect+0xd0/0xd0
[  814.434893][T11776]  ? __sys_bind+0x191/0x260
[  814.434896][T11776]  __x64_sys_sendto+0xe4/0x1f0
[  814.434898][T11776]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  814.434901][T11776]  ? lockdep_hardirqs_on+0x8c/0x130
[  814.434902][T11776]  ? do_syscall_64+0x82/0xfc0
[  814.434904][T11776]  do_syscall_64+0x117/0xfc0
[  814.434906][T11776]  ? trace_hardirqs_off+0xd/0x30
[  814.434907][T11776]  ? exc_page_fault+0xee/0x100
[  814.434909][T11776]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  814.434911][T11776] RIP: 0033:0x7f03a239b0ee
[  814.434915][T11776] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  814.434917][T11776] RSP: 002b:00007ffc821ff5f0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  814.434921][T11776] RAX: ffffffffffffffda RBX: 00007ffc821ff660 RCX: 00007f03a239b0ee
[  814.434922][T11776] RDX: 0000000000000038 RSI: 000000001fd95988 RDI: 0000000000000006
[  814.434923][T11776] RBP: 00007ffc821ff600 R08: 0000000000000000 R09: 0000000000000000
[  814.434924][T11776] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001fd95988
[  814.434925][T11776] R13: 000000001fd95720 R14: 00007f03a256c000 R15: 000000000042ee00
[  814.434928][T11776]  </TASK>
[  814.434928][T11776] 
[  814.443772][T11776] Allocated by task 11776:
[  814.443869][T11776]  kasan_save_stack+0x2f/0x50
[  814.443972][T11776]  kasan_save_track+0x14/0x30
[  814.444065][T11776]  __kasan_kmalloc+0x7b/0x90
[  814.444162][T11776]  __kvmalloc_node_noprof+0x2e8/0x8a0
[  814.444256][T11776]  net_devmem_bind_dmabuf+0x60e/0x1260
[  814.444351][T11776]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[  814.444445][T11776]  genl_family_rcv_msg_doit+0x206/0x300
[  814.444538][T11776]  genl_family_rcv_msg+0x3a4/0x640
[  814.444641][T11776]  genl_rcv_msg+0xbb/0x160
[  814.444734][T11776]  netlink_rcv_skb+0x14e/0x3a0
[  814.444830][T11776]  genl_rcv+0x28/0x40
[  814.444902][T11776]  netlink_unicast+0x47c/0x740
[  814.444995][T11776]  netlink_sendmsg+0x735/0xc60
[  814.445090][T11776]  __sys_sendto+0x2c9/0x400
[  814.445187][T11776]  __x64_sys_sendto+0xe4/0x1f0
[  814.445288][T11776]  do_syscall_64+0x117/0xfc0
[  814.445384][T11776]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  814.445499][T11776] 
[  814.445548][T11776] The buggy address belongs to the object at ff11000050eaa940
[  814.445548][T11776]  which belongs to the cache kmalloc-64 of size 64
[  814.445783][T11776] The buggy address is located 0 bytes inside of
[  814.445783][T11776]  allocated 64-byte region [ff11000050eaa940, ff11000050eaa980)
[  814.446021][T11776] 
[  814.446070][T11776] The buggy address belongs to the physical page:
[  814.446189][T11776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000050eaab40 pfn:0x50eaa
[  814.446386][T11776] flags: 0x80000000000200(workingset|node=0|zone=1)
[  814.446517][T11776] page_type: f5(slab)
[  814.446596][T11776] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[  814.446770][T11776] raw: ff11000050eaab40 000000000010000b 00000000f5000000 0000000000000000
[  814.446940][T11776] page dumped because: kasan: bad access detected
[  814.447057][T11776] 
[  814.447114][T11776] Memory state around the buggy address:
[  814.447209][T11776]  ff11000050eaa880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  814.447351][T11776]  ff11000050eaa900: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  814.447491][T11776] >ff11000050eaa980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  814.447632][T11776]                    ^
[  814.447705][T11776]  ff11000050eaaa00: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[  814.447850][T11776]  ff11000050eaaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  814.447990][T11776] ==================================================================
[  814.448152][T11776] Disabling lock debugging due to kernel taint
[  814.448273][T11776] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf4000143aaa5
[  814.448457][T11776] flags: 0x0(node=0|zone=0)
[  814.448552][T11776] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff110000084cd000 6b6b6b6b6b6b6b6b
[  814.448708][T11776] raw: 000000001879c000 0000000000000000 000000006b6b6b6b ff11000050eaa840
[  814.448866][T11776] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[  814.449123][T11776] ------------[ cut here ]------------
[  814.449217][T11776] kernel BUG at ./include/linux/page-flags.h:1062!
[  814.449338][T11776] Oops: invalid opcode: 0000 [#1] SMP KASAN
[  814.449457][T11776] CPU: 5 UID: 0 PID: 11776 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[  814.449664][T11776] Tainted: [B]=BAD_PAGE
[  814.449735][T11776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  814.449938][T11776] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  814.450059][T11776] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 0d 92 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  814.450382][T11776] RSP: 0018:ffa000000b45f368 EFLAGS: 00010286
[  814.450497][T11776] RAX: 0000000000000096 RBX: ff11000050eaa940 RCX: 0000000000000000
[  814.450637][T11776] RDX: 0000000000000096 RSI: 1ffffffff2b17b44 RDI: fff3fc000168be58
[  814.450776][T11776] RBP: ff110000084cd000 R08: ffffffff8f3bf47a R09: 1ffffffff25bea44
[  814.450916][T11776] R10: 0000000000000003 R11: fffffbfff25bea45 R12: ff11000050eaa941
[  814.451051][T11776] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  814.451190][T11776] FS:  00007f03a2328740(0000) GS:ff110000d7f46000(0000) knlGS:0000000000000000
[  814.451352][T11776] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  814.451468][T11776] CR2: 0000556aaa168d5c CR3: 0000000018622002 CR4: 0000000000771ef0
[  814.451609][T11776] PKRU: 55555554
[  814.451678][T11776] Call Trace:
[  814.451749][T11776]  <TASK>
[  814.451797][T11776]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  814.451910][T11776]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  814.452001][T11776]  fbnic_fill_bdq+0x238/0x400
[  814.452091][T11776]  __fbnic_nv_restart+0x145/0x440
[  814.452185][T11776]  fbnic_queue_start+0x183/0x260
[  814.452275][T11776]  netdev_rx_queue_reconfig+0x322/0x580
[  814.452365][T11776]  __netif_mp_open_rxq+0x3be/0x600
[  814.452459][T11776]  ? netdev_rx_queue_restart+0xb0/0xb0
[  814.452551][T11776]  ? do_raw_spin_unlock+0x59/0x250
[  814.452644][T11776]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  814.452755][T11776]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  814.452846][T11776]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  814.452939][T11776]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  814.453050][T11776]  ? __nla_parse+0x22/0x30
[  814.453143][T11776]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  814.453255][T11776]  genl_family_rcv_msg_doit+0x206/0x300
[  814.453345][T11776]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  814.453461][T11776]  ? rcu_is_watching+0x15/0xd0
[  814.453553][T11776]  ? cap_capable+0x1d6/0x3e0
[  814.453644][T11776]  genl_family_rcv_msg+0x3a4/0x640
[  814.453736][T11776]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  814.453852][T11776]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  814.453965][T11776]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  814.454077][T11776]  ? __lock_acquire+0x508/0xc10
[  814.454171][T11776]  genl_rcv_msg+0xbb/0x160
[  814.454263][T11776]  netlink_rcv_skb+0x14e/0x3a0
[  814.454357][T11776]  ? genl_family_rcv_msg+0x640/0x640
[  814.454447][T11776]  ? netlink_ack+0xcd0/0xcd0
[  814.454538][T11776]  ? netlink_deliver_tap+0xc5/0x330
[  814.454628][T11776]  ? netlink_deliver_tap+0x13c/0x330
[  814.454719][T11776]  genl_rcv+0x28/0x40
[  814.454789][T11776]  netlink_unicast+0x47c/0x740
[  814.454881][T11776]  ? netlink_attachskb+0x800/0x800
[  814.454973][T11776]  ? lockdep_hardirqs_on+0x8c/0x130
[  814.455065][T11776]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  814.455180][T11776]  ? __wake_up+0x44/0x60
[  814.455250][T11776]  netlink_sendmsg+0x735/0xc60
[  814.455344][T11776]  ? netlink_unicast+0x740/0x740
[  814.455434][T11776]  ? lock_acquire.part.0+0xbc/0x260
[  814.455527][T11776]  ? __might_fault+0x97/0x140
[  814.455617][T11776]  __sys_sendto+0x2c9/0x400
[  814.455708][T11776]  ? __ia32_sys_getpeername+0xd0/0xd0
[  814.455800][T11776]  ? __might_fault+0x97/0x140
[  814.455893][T11776]  ? __ia32_sys_connect+0xd0/0xd0
[  814.455981][T11776]  ? __sys_bind+0x191/0x260
[  814.456074][T11776]  __x64_sys_sendto+0xe4/0x1f0
[  814.456167][T11776]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  814.456279][T11776]  ? lockdep_hardirqs_on+0x8c/0x130
[  814.456370][T11776]  ? do_syscall_64+0x82/0xfc0
[  814.456461][T11776]  do_syscall_64+0x117/0xfc0
[  814.456551][T11776]  ? trace_hardirqs_off+0xd/0x30
[  814.456641][T11776]  ? exc_page_fault+0xee/0x100
[  814.456730][T11776]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  814.456843][T11776] RIP: 0033:0x7f03a239b0ee
[  814.456938][T11776] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  814.457254][T11776] RSP: 002b:00007ffc821ff5f0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  814.457392][T11776] RAX: ffffffffffffffda RBX: 00007ffc821ff660 RCX: 00007f03a239b0ee
[  814.457531][T11776] RDX: 0000000000000038 RSI: 000000001fd95988 RDI: 0000000000000006
[  814.457667][T11776] RBP: 00007ffc821ff600 R08: 0000000000000000 R09: 0000000000000000
[  814.457803][T11776] R10: 0000000000000000 R11: 0000000000000202 R12: 000000001fd95988
[  814.457942][T11776] R13: 000000001fd95720 R14: 00007f03a256c000 R15: 000000000042ee00
[  814.458080][T11776]  </TASK>
[  814.458153][T11776] Modules linked in: 8021q macsec netconsole
[  814.458281][T11776] ---[ end trace 0000000000000000 ]---
[  814.458376][T11776] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  814.458495][T11776] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 0d 92 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  814.458816][T11776] RSP: 0018:ffa000000b45f368 EFLAGS: 00010286
[  814.458934][T11776] RAX: 0000000000000096 RBX: ff11000050eaa940 RCX: 0000000000000000
[  814.459070][T11776] RDX: 0000000000000096 RSI: 1ffffffff2b17b44 RDI: fff3fc000168be58
[  814.459215][T11776] RBP: ff110000084cd000 R08: ffffffff8f3bf47a R09: 1ffffffff25bea44
[  814.459352][T11776] R10: 0000000000000003 R11: fffffbfff25bea45 R12: ff11000050eaa941
[  814.459490][T11776] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  814.459626][T11776] FS:  00007f03a2328740(0000) GS:ff110000d7f46000(0000) knlGS:0000000000000000
[  814.459785][T11776] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  814.459913][T11776] CR2: 0000556aaa168d5c CR3: 0000000018622002 CR4: 0000000000771ef0
[  814.460049][T11776] PKRU: 55555554
[  814.460120][T11776] Kernel panic - not syncing: Fatal exception
[  814.460368][T11776] Kernel Offset: 0xdc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  814.460588][T11776] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr