[   21.561627][  T343] ==================================================================
[   21.561879][  T343] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[   21.562084][  T343] Read of size 128 at addr ff11000022e7f340 by task ncdevmem/343
[   21.562253][  T343] 
[   21.562312][  T343] CPU: 2 UID: 0 PID: 343 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[   21.562316][  T343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   21.562318][  T343] Call Trace:
[   21.562319][  T343]  <TASK>
[   21.562320][  T343]  dump_stack_lvl+0x6f/0xa0
[   21.562326][  T343]  print_address_description.constprop.0+0x56/0x2d0
[   21.562331][  T343]  print_report+0xfc/0x1fa
[   21.562333][  T343]  ? __virt_addr_valid+0x102/0x440
[   21.562336][  T343]  ? __virt_addr_valid+0x1da/0x440
[   21.562338][  T343]  kasan_report+0x108/0x130
[   21.562341][  T343]  ? snapshot_page+0x2a7/0x510
[   21.562343][  T343]  ? snapshot_page+0x2a7/0x510
[   21.562345][  T343]  kasan_check_range+0x130/0x200
[   21.562348][  T343]  __asan_memcpy+0x23/0x60
[   21.562350][  T343]  snapshot_page+0x2a7/0x510
[   21.562352][  T343]  ? fourcc_string+0xb97/0xc40
[   21.562355][  T343]  __dump_page+0x8a/0x100
[   21.562358][  T343]  ? __dump_folio+0x4d0/0x4d0
[   21.562363][  T343]  ? net_devmem_alloc_dmabuf+0x199/0x270
[   21.562366][  T343]  dump_page+0x3a/0x60
[   21.562368][  T343]  page_pool_set_pp_info+0x185/0x1e0
[   21.562372][  T343]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   21.562374][  T343]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   21.562376][  T343]  fbnic_fill_bdq+0x238/0x400
[   21.562380][  T343]  __fbnic_nv_restart+0x145/0x440
[   21.562383][  T343]  fbnic_queue_start+0x183/0x260
[   21.562385][  T343]  netdev_rx_queue_reconfig+0x322/0x580
[   21.562387][  T343]  __netif_mp_open_rxq+0x3be/0x600
[   21.562389][  T343]  ? netdev_rx_queue_restart+0xb0/0xb0
[   21.562391][  T343]  ? do_raw_spin_unlock+0x59/0x250
[   21.562395][  T343]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   21.562396][  T343]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   21.562399][  T343]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   21.562403][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.562405][  T343]  ? __nla_parse+0x22/0x30
[   21.562408][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   21.562411][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   21.562413][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   21.562415][  T343]  ? rcu_is_watching+0x15/0xd0
[   21.562418][  T343]  ? cap_capable+0x1d6/0x3e0
[   21.562422][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   21.562424][  T343]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   21.562425][  T343]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   21.562427][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.562429][  T343]  ? __lock_acquire+0x508/0xc10
[   21.562432][  T343]  genl_rcv_msg+0xbb/0x160
[   21.562434][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   21.562436][  T343]  ? genl_family_rcv_msg+0x640/0x640
[   21.562438][  T343]  ? netlink_ack+0xcd0/0xcd0
[   21.562441][  T343]  ? netlink_deliver_tap+0xc5/0x330
[   21.562443][  T343]  ? netlink_deliver_tap+0x13c/0x330
[   21.562445][  T343]  genl_rcv+0x28/0x40
[   21.562446][  T343]  netlink_unicast+0x47c/0x740
[   21.562449][  T343]  ? netlink_attachskb+0x800/0x800
[   21.562451][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.562453][  T343]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   21.562455][  T343]  ? __wake_up+0x44/0x60
[   21.562458][  T343]  netlink_sendmsg+0x735/0xc60
[   21.562461][  T343]  ? netlink_unicast+0x740/0x740
[   21.562463][  T343]  ? lock_acquire.part.0+0xbc/0x260
[   21.562465][  T343]  ? __might_fault+0x97/0x140
[   21.562467][  T343]  __sys_sendto+0x2c9/0x400
[   21.562471][  T343]  ? __ia32_sys_getpeername+0xd0/0xd0
[   21.562472][  T343]  ? __might_fault+0x97/0x140
[   21.562475][  T343]  ? __ia32_sys_connect+0xd0/0xd0
[   21.562476][  T343]  ? __sys_bind+0x191/0x260
[   21.562480][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   21.562481][  T343]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   21.562484][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.562485][  T343]  ? do_syscall_64+0x82/0xfc0
[   21.562488][  T343]  do_syscall_64+0x117/0xfc0
[   21.562489][  T343]  ? trace_hardirqs_off+0xd/0x30
[   21.562491][  T343]  ? exc_page_fault+0xee/0x100
[   21.562492][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.562495][  T343] RIP: 0033:0x7f0bb19980ee
[   21.562498][  T343] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   21.562500][  T343] RSP: 002b:00007ffd3bb90a60 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   21.562504][  T343] RAX: ffffffffffffffda RBX: 00007ffd3bb90ad0 RCX: 00007f0bb19980ee
[   21.562505][  T343] RDX: 0000000000000038 RSI: 00000000262a9988 RDI: 0000000000000006
[   21.562506][  T343] RBP: 00007ffd3bb90a70 R08: 0000000000000000 R09: 0000000000000000
[   21.562507][  T343] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000262a9988
[   21.562508][  T343] R13: 00000000262a9720 R14: 00007f0bb1b69000 R15: 000000000042ee00
[   21.562510][  T343]  </TASK>
[   21.562511][  T343] 
[   21.571309][  T343] Allocated by task 343:
[   21.571384][  T343]  kasan_save_stack+0x2f/0x50
[   21.571485][  T343]  kasan_save_track+0x14/0x30
[   21.571580][  T343]  __kasan_kmalloc+0x7b/0x90
[   21.571680][  T343]  __kvmalloc_node_noprof+0x2e8/0x8a0
[   21.571775][  T343]  net_devmem_bind_dmabuf+0x60e/0x1260
[   21.571872][  T343]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[   21.571966][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   21.572065][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   21.572159][  T343]  genl_rcv_msg+0xbb/0x160
[   21.572260][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   21.572353][  T343]  genl_rcv+0x28/0x40
[   21.572425][  T343]  netlink_unicast+0x47c/0x740
[   21.572519][  T343]  netlink_sendmsg+0x735/0xc60
[   21.572616][  T343]  __sys_sendto+0x2c9/0x400
[   21.572711][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   21.572805][  T343]  do_syscall_64+0x117/0xfc0
[   21.572904][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.573023][  T343] 
[   21.573073][  T343] The buggy address belongs to the object at ff11000022e7f340
[   21.573073][  T343]  which belongs to the cache kmalloc-64 of size 64
[   21.573309][  T343] The buggy address is located 0 bytes inside of
[   21.573309][  T343]  allocated 64-byte region [ff11000022e7f340, ff11000022e7f380)
[   21.573548][  T343] 
[   21.573599][  T343] The buggy address belongs to the physical page:
[   21.573718][  T343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff11000022e7f540 pfn:0x22e7f
[   21.573915][  T343] flags: 0x80000000000200(workingset|node=0|zone=1)
[   21.574043][  T343] page_type: f5(slab)
[   21.574119][  T343] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[   21.574301][  T343] raw: ff11000022e7f540 0000000000100005 00000000f5000000 0000000000000000
[   21.574474][  T343] page dumped because: kasan: bad access detected
[   21.574595][  T343] 
[   21.574645][  T343] Memory state around the buggy address:
[   21.574738][  T343]  ff11000022e7f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.574886][  T343]  ff11000022e7f300: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   21.575030][  T343] >ff11000022e7f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.575171][  T343]                    ^
[   21.575244][  T343]  ff11000022e7f400: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[   21.575386][  T343]  ff11000022e7f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.575530][  T343] ==================================================================
[   21.575707][  T343] Disabling lock debugging due to kernel taint
[   21.575830][  T343] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf400008b9fcd
[   21.576092][  T343] flags: 0x0(node=0|zone=0)
[   21.576192][  T343] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff1100000e126800 6b6b6b6b6b6b6b6b
[   21.576348][  T343] raw: 0000000018939000 0000000000000000 000000006b6b6b6b ff11000022e7f240
[   21.576499][  T343] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[   21.576753][  T343] ------------[ cut here ]------------
[   21.576848][  T343] kernel BUG at ./include/linux/page-flags.h:1062!
[   21.576972][  T343] Oops: invalid opcode: 0000 [#1] SMP KASAN
[   21.577099][  T343] CPU: 2 UID: 0 PID: 343 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[   21.577286][  T343] Tainted: [B]=BAD_PAGE
[   21.577364][  T343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   21.577565][  T343] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   21.577685][  T343] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad 9c 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   21.578011][  T343] RSP: 0018:ffa00000017bf368 EFLAGS: 00010286
[   21.578131][  T343] RAX: 0000000000000096 RBX: ff11000022e7f340 RCX: 0000000000000000
[   21.578268][  T343] RDX: 0000000000000096 RSI: 1ffffffff4057b44 RDI: fff3fc00002f7e58
[   21.578406][  T343] RBP: ff1100000e126800 R08: ffffffff99dbf47a R09: 1ffffffff3afea44
[   21.578542][  T343] R10: 0000000000000003 R11: fffffbfff3afea45 R12: ff11000022e7f341
[   21.578687][  T343] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   21.578824][  T343] FS:  00007f0bb1925740(0000) GS:ff110000cd3c6000(0000) knlGS:0000000000000000
[   21.578983][  T343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.579103][  T343] CR2: 00007fc2fa450574 CR3: 000000000d153001 CR4: 0000000000771ef0
[   21.579250][  T343] PKRU: 55555554
[   21.579322][  T343] Call Trace:
[   21.579390][  T343]  <TASK>
[   21.579438][  T343]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   21.579551][  T343]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   21.579642][  T343]  fbnic_fill_bdq+0x238/0x400
[   21.579732][  T343]  __fbnic_nv_restart+0x145/0x440
[   21.579831][  T343]  fbnic_queue_start+0x183/0x260
[   21.579921][  T343]  netdev_rx_queue_reconfig+0x322/0x580
[   21.580016][  T343]  __netif_mp_open_rxq+0x3be/0x600
[   21.580108][  T343]  ? netdev_rx_queue_restart+0xb0/0xb0
[   21.580202][  T343]  ? do_raw_spin_unlock+0x59/0x250
[   21.580293][  T343]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   21.580415][  T343]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   21.580506][  T343]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   21.580599][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.580713][  T343]  ? __nla_parse+0x22/0x30
[   21.580805][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   21.580915][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   21.581019][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   21.581134][  T343]  ? rcu_is_watching+0x15/0xd0
[   21.581225][  T343]  ? cap_capable+0x1d6/0x3e0
[   21.581316][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   21.581407][  T343]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   21.581521][  T343]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   21.581638][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   21.581753][  T343]  ? __lock_acquire+0x508/0xc10
[   21.581844][  T343]  genl_rcv_msg+0xbb/0x160
[   21.581934][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   21.582025][  T343]  ? genl_family_rcv_msg+0x640/0x640
[   21.582116][  T343]  ? netlink_ack+0xcd0/0xcd0
[   21.582219][  T343]  ? netlink_deliver_tap+0xc5/0x330
[   21.582312][  T343]  ? netlink_deliver_tap+0x13c/0x330
[   21.582404][  T343]  genl_rcv+0x28/0x40
[   21.582473][  T343]  netlink_unicast+0x47c/0x740
[   21.582565][  T343]  ? netlink_attachskb+0x800/0x800
[   21.582657][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.582749][  T343]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   21.582866][  T343]  ? __wake_up+0x44/0x60
[   21.582935][  T343]  netlink_sendmsg+0x735/0xc60
[   21.583027][  T343]  ? netlink_unicast+0x740/0x740
[   21.583118][  T343]  ? lock_acquire.part.0+0xbc/0x260
[   21.583213][  T343]  ? __might_fault+0x97/0x140
[   21.583305][  T343]  __sys_sendto+0x2c9/0x400
[   21.583400][  T343]  ? __ia32_sys_getpeername+0xd0/0xd0
[   21.583490][  T343]  ? __might_fault+0x97/0x140
[   21.583581][  T343]  ? __ia32_sys_connect+0xd0/0xd0
[   21.583673][  T343]  ? __sys_bind+0x191/0x260
[   21.583767][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   21.583857][  T343]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   21.583972][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   21.584078][  T343]  ? do_syscall_64+0x82/0xfc0
[   21.584167][  T343]  do_syscall_64+0x117/0xfc0
[   21.584256][  T343]  ? trace_hardirqs_off+0xd/0x30
[   21.584347][  T343]  ? exc_page_fault+0xee/0x100
[   21.584436][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   21.584546][  T343] RIP: 0033:0x7f0bb19980ee
[   21.584647][  T343] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   21.584966][  T343] RSP: 002b:00007ffd3bb90a60 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   21.585107][  T343] RAX: ffffffffffffffda RBX: 00007ffd3bb90ad0 RCX: 00007f0bb19980ee
[   21.585251][  T343] RDX: 0000000000000038 RSI: 00000000262a9988 RDI: 0000000000000006
[   21.585388][  T343] RBP: 00007ffd3bb90a70 R08: 0000000000000000 R09: 0000000000000000
[   21.585523][  T343] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000262a9988
[   21.585663][  T343] R13: 00000000262a9720 R14: 00007f0bb1b69000 R15: 000000000042ee00
[   21.585810][  T343]  </TASK>
[   21.585881][  T343] Modules linked in:
[   21.585965][  T343] ---[ end trace 0000000000000000 ]---
[   21.586072][  T343] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   21.586193][  T343] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ad 9c 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   21.586520][  T343] RSP: 0018:ffa00000017bf368 EFLAGS: 00010286
[   21.586635][  T343] RAX: 0000000000000096 RBX: ff11000022e7f340 RCX: 0000000000000000
[   21.586771][  T343] RDX: 0000000000000096 RSI: 1ffffffff4057b44 RDI: fff3fc00002f7e58
[   21.586905][  T343] RBP: ff1100000e126800 R08: ffffffff99dbf47a R09: 1ffffffff3afea44
[   21.587064][  T343] R10: 0000000000000003 R11: fffffbfff3afea45 R12: ff11000022e7f341
[   21.587200][  T343] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   21.587335][  T343] FS:  00007f0bb1925740(0000) GS:ff110000cd3c6000(0000) knlGS:0000000000000000
[   21.587492][  T343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.587606][  T343] CR2: 00007fc2fa450574 CR3: 000000000d153001 CR4: 0000000000771ef0
[   21.587748][  T343] PKRU: 55555554
[   21.587818][  T343] Kernel panic - not syncing: Fatal exception
[   21.588081][  T343] Kernel Offset: 0x18600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   21.588293][  T343] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr