[   22.798065][  T343] ==================================================================
[   22.798355][  T343] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[   22.798553][  T343] Read of size 128 at addr ff1100002b3fc540 by task ncdevmem/343
[   22.798765][  T343] 
[   22.798833][  T343] CPU: 0 UID: 0 PID: 343 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[   22.798836][  T343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   22.798839][  T343] Call Trace:
[   22.798840][  T343]  <TASK>
[   22.798842][  T343]  dump_stack_lvl+0x6f/0xa0
[   22.798848][  T343]  print_address_description.constprop.0+0x56/0x2d0
[   22.798854][  T343]  print_report+0xfc/0x1fa
[   22.798857][  T343]  ? __virt_addr_valid+0x102/0x440
[   22.798861][  T343]  ? __virt_addr_valid+0x1da/0x440
[   22.798863][  T343]  kasan_report+0x108/0x130
[   22.798866][  T343]  ? snapshot_page+0x2a7/0x510
[   22.798868][  T343]  ? snapshot_page+0x2a7/0x510
[   22.798871][  T343]  kasan_check_range+0x130/0x200
[   22.798873][  T343]  __asan_memcpy+0x23/0x60
[   22.798876][  T343]  snapshot_page+0x2a7/0x510
[   22.798878][  T343]  ? fourcc_string+0xb97/0xc40
[   22.798882][  T343]  __dump_page+0x8a/0x100
[   22.798884][  T343]  ? __dump_folio+0x4d0/0x4d0
[   22.798889][  T343]  ? net_devmem_alloc_dmabuf+0x199/0x270
[   22.798893][  T343]  dump_page+0x3a/0x60
[   22.798895][  T343]  page_pool_set_pp_info+0x185/0x1e0
[   22.798900][  T343]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   22.798902][  T343]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   22.798905][  T343]  fbnic_fill_bdq+0x238/0x400
[   22.798909][  T343]  __fbnic_nv_restart+0x145/0x440
[   22.798912][  T343]  fbnic_queue_start+0x183/0x260
[   22.798914][  T343]  netdev_rx_queue_reconfig+0x322/0x580
[   22.798917][  T343]  __netif_mp_open_rxq+0x3be/0x600
[   22.798919][  T343]  ? netdev_rx_queue_restart+0xb0/0xb0
[   22.798921][  T343]  ? do_raw_spin_unlock+0x59/0x250
[   22.798925][  T343]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   22.798927][  T343]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   22.798930][  T343]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   22.798934][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   22.798936][  T343]  ? __nla_parse+0x22/0x30
[   22.798940][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   22.798943][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   22.798945][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   22.798949][  T343]  ? rcu_is_watching+0x15/0xd0
[   22.798953][  T343]  ? cap_capable+0x1d6/0x3e0
[   22.798958][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   22.798960][  T343]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   22.798961][  T343]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   22.798963][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   22.798965][  T343]  ? __lock_acquire+0x508/0xc10
[   22.798968][  T343]  genl_rcv_msg+0xbb/0x160
[   22.798970][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   22.798973][  T343]  ? genl_family_rcv_msg+0x640/0x640
[   22.798974][  T343]  ? netlink_ack+0xcd0/0xcd0
[   22.798978][  T343]  ? netlink_deliver_tap+0xc5/0x330
[   22.798980][  T343]  ? netlink_deliver_tap+0x13c/0x330
[   22.798982][  T343]  genl_rcv+0x28/0x40
[   22.798983][  T343]  netlink_unicast+0x47c/0x740
[   22.798986][  T343]  ? netlink_attachskb+0x800/0x800
[   22.798988][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   22.798990][  T343]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   22.798994][  T343]  ? __wake_up+0x44/0x60
[   22.798999][  T343]  netlink_sendmsg+0x735/0xc60
[   22.799002][  T343]  ? netlink_unicast+0x740/0x740
[   22.799004][  T343]  ? lock_acquire.part.0+0xbc/0x260
[   22.799006][  T343]  ? __might_fault+0x97/0x140
[   22.799009][  T343]  __sys_sendto+0x2c9/0x400
[   22.799013][  T343]  ? __ia32_sys_getpeername+0xd0/0xd0
[   22.799014][  T343]  ? __might_fault+0x97/0x140
[   22.799017][  T343]  ? __ia32_sys_connect+0xd0/0xd0
[   22.799019][  T343]  ? __sys_bind+0x191/0x260
[   22.799022][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   22.799024][  T343]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   22.799027][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   22.799029][  T343]  ? do_syscall_64+0x82/0xfc0
[   22.799030][  T343]  do_syscall_64+0x117/0xfc0
[   22.799032][  T343]  ? trace_hardirqs_off+0xd/0x30
[   22.799034][  T343]  ? exc_page_fault+0xee/0x100
[   22.799036][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   22.799039][  T343] RIP: 0033:0x7fc268f6a0ee
[   22.799045][  T343] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   22.799047][  T343] RSP: 002b:00007ffc1a0b1690 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   22.799051][  T343] RAX: ffffffffffffffda RBX: 00007ffc1a0b1700 RCX: 00007fc268f6a0ee
[   22.799052][  T343] RDX: 0000000000000038 RSI: 000000000f672988 RDI: 0000000000000006
[   22.799053][  T343] RBP: 00007ffc1a0b16a0 R08: 0000000000000000 R09: 0000000000000000
[   22.799054][  T343] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000f672988
[   22.799055][  T343] R13: 000000000f672720 R14: 00007fc26913b000 R15: 000000000042ee00
[   22.799058][  T343]  </TASK>
[   22.799059][  T343] 
[   22.809458][  T343] Allocated by task 343:
[   22.809545][  T343]  kasan_save_stack+0x2f/0x50
[   22.809664][  T343]  kasan_save_track+0x14/0x30
[   22.809781][  T343]  __kasan_kmalloc+0x7b/0x90
[   22.809890][  T343]  __kvmalloc_node_noprof+0x2e8/0x8a0
[   22.810012][  T343]  net_devmem_bind_dmabuf+0x60e/0x1260
[   22.810126][  T343]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[   22.810239][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   22.810352][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   22.810466][  T343]  genl_rcv_msg+0xbb/0x160
[   22.810572][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   22.810683][  T343]  genl_rcv+0x28/0x40
[   22.810781][  T343]  netlink_unicast+0x47c/0x740
[   22.810892][  T343]  netlink_sendmsg+0x735/0xc60
[   22.811003][  T343]  __sys_sendto+0x2c9/0x400
[   22.811116][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   22.811226][  T343]  do_syscall_64+0x117/0xfc0
[   22.811343][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   22.811488][  T343] 
[   22.811547][  T343] The buggy address belongs to the object at ff1100002b3fc540
[   22.811547][  T343]  which belongs to the cache kmalloc-64 of size 64
[   22.811830][  T343] The buggy address is located 0 bytes inside of
[   22.811830][  T343]  allocated 64-byte region [ff1100002b3fc540, ff1100002b3fc580)
[   22.812109][  T343] 
[   22.812170][  T343] The buggy address belongs to the physical page:
[   22.812316][  T343] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100002b3fc740 pfn:0x2b3fc
[   22.812549][  T343] flags: 0x80000000000200(workingset|node=0|zone=1)
[   22.812696][  T343] page_type: f5(slab)
[   22.812791][  T343] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[   22.813006][  T343] raw: ff1100002b3fc740 0000000000100007 00000000f5000000 0000000000000000
[   22.813202][  T343] page dumped because: kasan: bad access detected
[   22.813346][  T343] 
[   22.813404][  T343] Memory state around the buggy address:
[   22.813511][  T343]  ff1100002b3fc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.813676][  T343]  ff1100002b3fc500: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   22.813854][  T343] >ff1100002b3fc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.814014][  T343]                    ^
[   22.814099][  T343]  ff1100002b3fc600: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[   22.814266][  T343]  ff1100002b3fc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.814436][  T343] ==================================================================
[   22.814624][  T343] Disabling lock debugging due to kernel taint
[   22.814782][  T343] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf40000acff15
[   22.814996][  T343] flags: 0x0(node=0|zone=0)
[   22.815106][  T343] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff1100002880d000 6b6b6b6b6b6b6b6b
[   22.815295][  T343] raw: 0000000020d83000 0000000000000000 000000006b6b6b6b ff1100002b3fc440
[   22.815477][  T343] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[   22.815786][  T343] ------------[ cut here ]------------
[   22.815904][  T343] kernel BUG at ./include/linux/page-flags.h:1062!
[   22.816052][  T343] Oops: invalid opcode: 0000 [#1] SMP KASAN
[   22.816195][  T343] CPU: 0 UID: 0 PID: 343 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[   22.816418][  T343] Tainted: [B]=BAD_PAGE
[   22.816498][  T343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   22.816758][  T343] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   22.816902][  T343] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ed ae 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   22.817281][  T343] RSP: 0018:ffa00000017df368 EFLAGS: 00010286
[   22.817426][  T343] RAX: 0000000000000096 RBX: ff1100002b3fc540 RCX: 0000000000000000
[   22.817591][  T343] RDX: 0000000000000096 RSI: 1ffffffff64d7b44 RDI: fff3fc00002fbe58
[   22.817763][  T343] RBP: ff1100002880d000 R08: ffffffffac1bf47a R09: 1ffffffff5f7ea44
[   22.817920][  T343] R10: 0000000000000003 R11: fffffbfff5f7ea45 R12: ff1100002b3fc541
[   22.818084][  T343] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   22.818249][  T343] FS:  00007fc268ef7740(0000) GS:ff110000baec6000(0000) knlGS:0000000000000000
[   22.818438][  T343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.818567][  T343] CR2: 000000000f692988 CR3: 000000000b492001 CR4: 0000000000771ef0
[   22.818742][  T343] PKRU: 55555554
[   22.818829][  T343] Call Trace:
[   22.818908][  T343]  <TASK>
[   22.818963][  T343]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[   22.819099][  T343]  ? page_pool_alloc_netmems+0x10a/0x1d0
[   22.819208][  T343]  fbnic_fill_bdq+0x238/0x400
[   22.819316][  T343]  __fbnic_nv_restart+0x145/0x440
[   22.819429][  T343]  fbnic_queue_start+0x183/0x260
[   22.819542][  T343]  netdev_rx_queue_reconfig+0x322/0x580
[   22.819647][  T343]  __netif_mp_open_rxq+0x3be/0x600
[   22.819766][  T343]  ? netdev_rx_queue_restart+0xb0/0xb0
[   22.819875][  T343]  ? do_raw_spin_unlock+0x59/0x250
[   22.819983][  T343]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[   22.820119][  T343]  ? net_devmem_unbind_dmabuf+0x470/0x470
[   22.820236][  T343]  netdev_nl_bind_rx_doit+0x82e/0xff0
[   22.820344][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   22.820478][  T343]  ? __nla_parse+0x22/0x30
[   22.820589][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[   22.820731][  T343]  genl_family_rcv_msg_doit+0x206/0x300
[   22.820837][  T343]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[   22.820970][  T343]  ? rcu_is_watching+0x15/0xd0
[   22.821074][  T343]  ? cap_capable+0x1d6/0x3e0
[   22.821187][  T343]  genl_family_rcv_msg+0x3a4/0x640
[   22.821291][  T343]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[   22.821415][  T343]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[   22.821546][  T343]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[   22.821680][  T343]  ? __lock_acquire+0x508/0xc10
[   22.821791][  T343]  genl_rcv_msg+0xbb/0x160
[   22.821897][  T343]  netlink_rcv_skb+0x14e/0x3a0
[   22.822001][  T343]  ? genl_family_rcv_msg+0x640/0x640
[   22.822106][  T343]  ? netlink_ack+0xcd0/0xcd0
[   22.822216][  T343]  ? netlink_deliver_tap+0xc5/0x330
[   22.822331][  T343]  ? netlink_deliver_tap+0x13c/0x330
[   22.822440][  T343]  genl_rcv+0x28/0x40
[   22.822520][  T343]  netlink_unicast+0x47c/0x740
[   22.822626][  T343]  ? netlink_attachskb+0x800/0x800
[   22.822743][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   22.822848][  T343]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[   22.822981][  T343]  ? __wake_up+0x44/0x60
[   22.823068][  T343]  netlink_sendmsg+0x735/0xc60
[   22.823175][  T343]  ? netlink_unicast+0x740/0x740
[   22.823288][  T343]  ? lock_acquire.part.0+0xbc/0x260
[   22.823395][  T343]  ? __might_fault+0x97/0x140
[   22.823503][  T343]  __sys_sendto+0x2c9/0x400
[   22.823612][  T343]  ? __ia32_sys_getpeername+0xd0/0xd0
[   22.823723][  T343]  ? __might_fault+0x97/0x140
[   22.823839][  T343]  ? __ia32_sys_connect+0xd0/0xd0
[   22.823950][  T343]  ? __sys_bind+0x191/0x260
[   22.824057][  T343]  __x64_sys_sendto+0xe4/0x1f0
[   22.824162][  T343]  ? trace_irq_enable.constprop.0+0x9b/0x180
[   22.824294][  T343]  ? lockdep_hardirqs_on+0x8c/0x130
[   22.824398][  T343]  ? do_syscall_64+0x82/0xfc0
[   22.824510][  T343]  do_syscall_64+0x117/0xfc0
[   22.824624][  T343]  ? trace_hardirqs_off+0xd/0x30
[   22.824733][  T343]  ? exc_page_fault+0xee/0x100
[   22.824838][  T343]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[   22.824970][  T343] RIP: 0033:0x7fc268f6a0ee
[   22.825080][  T343] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[   22.825474][  T343] RSP: 002b:00007ffc1a0b1690 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[   22.825635][  T343] RAX: ffffffffffffffda RBX: 00007ffc1a0b1700 RCX: 00007fc268f6a0ee
[   22.825809][  T343] RDX: 0000000000000038 RSI: 000000000f672988 RDI: 0000000000000006
[   22.825979][  T343] RBP: 00007ffc1a0b16a0 R08: 0000000000000000 R09: 0000000000000000
[   22.826145][  T343] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000f672988
[   22.826305][  T343] R13: 000000000f672720 R14: 00007fc26913b000 R15: 000000000042ee00
[   22.826477][  T343]  </TASK>
[   22.826558][  T343] Modules linked in:
[   22.826659][  T343] ---[ end trace 0000000000000000 ]---
[   22.826778][  T343] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[   22.826916][  T343] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 ed ae 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[   22.827292][  T343] RSP: 0018:ffa00000017df368 EFLAGS: 00010286
[   22.827434][  T343] RAX: 0000000000000096 RBX: ff1100002b3fc540 RCX: 0000000000000000
[   22.827599][  T343] RDX: 0000000000000096 RSI: 1ffffffff64d7b44 RDI: fff3fc00002fbe58
[   22.827772][  T343] RBP: ff1100002880d000 R08: ffffffffac1bf47a R09: 1ffffffff5f7ea44
[   22.827932][  T343] R10: 0000000000000003 R11: fffffbfff5f7ea45 R12: ff1100002b3fc541
[   22.828097][  T343] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[   22.828263][  T343] FS:  00007fc268ef7740(0000) GS:ff110000baec6000(0000) knlGS:0000000000000000
[   22.828450][  T343] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.828588][  T343] CR2: 000000000f692988 CR3: 000000000b492001 CR4: 0000000000771ef0
[   22.828767][  T343] PKRU: 55555554
[   22.828862][  T343] Kernel panic - not syncing: Fatal exception
[   22.829129][  T343] Kernel Offset: 0x2aa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   22.829363][  T343] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr