======================================
| [ 1162.795643][ T6582] ==================================================================
| [ 1162.795927][ T6582] BUG: KASAN: wild-memory-access in _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
| [ 1162.796188][ T6582] Read of size 982 at addr 0005088000000000 by task ncdevmem/6582
| [ 1162.796442][ T6582]
[ 1162.796535][ T6582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1162.796538][ T6582] Call Trace:
[ 1162.796540][ T6582]  <TASK>
[ 1162.796542][ T6582] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1162.796552][ T6582] ? _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1162.796555][ T6582] kasan_report (mm/kasan/report.c:597) 
[ 1162.796563][ T6582] ? _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1162.796567][ T6582] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) 
[ 1162.796572][ T6582] _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1162.796575][ T6582] ? find_held_lock (kernel/locking/lockdep.c:5350) 
[ 1162.796583][ T6582] ? _copy_from_iter_flushcache (lib/iov_iter.c:180) 
[ 1162.796587][ T6582] ? mark_held_locks (kernel/locking/lockdep.c:4325) 
[ 1162.796591][ T6582] ? finish_task_switch.isra.0 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/sched/sched.h:1531 kernel/sched/core.c:5105 kernel/sched/core.c:5223) 
[ 1162.796598][ T6582] ? finish_task_switch.isra.0 (./arch/x86/include/asm/atomic.h:67 ./include/linux/atomic/atomic-arch-fallback.h:2278 ./include/linux/atomic/atomic-instrumented.h:1384 ./include/linux/sched/mm.h:54 ./include/linux/sched/mm.h:83 ./include/linux/sched/mm.h:110 kernel/sched/core.c:5250) 
[ 1162.796603][ T6582] __skb_datagram_iter (net/core/datagram.c:440) 
[ 1162.796610][ T6582] ? skb_free_datagram (net/core/datagram.c:520) 
[ 1162.796614][ T6582] ? validate_chain (kernel/locking/lockdep.c:3801 kernel/locking/lockdep.c:3821 kernel/locking/lockdep.c:3876) 
[ 1162.796619][ T6582] skb_copy_datagram_iter (net/core/datagram.c:535) 
[ 1162.796623][ T6582] tcp_recvmsg_locked (net/ipv4/tcp.c:2820) 
[ 1162.796631][ T6582] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1162.796634][ T6582] ? tcp_update_recv_tstamps (net/ipv4/tcp.c:2631) 
[ 1162.796638][ T6582] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412) 
[ 1162.796644][ T6582] tcp_recvmsg (net/ipv4/tcp.c:2924) 
[ 1162.796647][ T6582] ? filemap_map_pages (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/filemap.c:3794) 
[ 1162.796652][ T6582] ? tcp_recv_timestamp (net/ipv4/tcp.c:2910) 
[ 1162.796656][ T6582] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 kernel/rcu/update.c:380) 
[ 1162.796663][ T6582] ? validate_chain (kernel/locking/lockdep.c:3801 kernel/locking/lockdep.c:3821 kernel/locking/lockdep.c:3876) 
[ 1162.796669][ T6582] inet6_recvmsg (net/ipv6/af_inet6.c:680 (discriminator 2)) 
[ 1162.796673][ T6582] ? inet6_sk_rebuild_header (net/ipv6/af_inet6.c:667) 
[ 1162.796678][ T6582] ____sys_recvmsg (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/sock.h:304 net/socket.c:1069 net/socket.c:1087 net/socket.c:2834) 
[ 1162.796684][ T6582] ? kernel_sendmsg (net/socket.c:2812) 
[ 1162.796686][ T6582] ? _copy_from_user (./arch/x86/include/asm/smap.h:29 ./arch/x86/include/asm/uaccess_64.h:134 ./arch/x86/include/asm/uaccess_64.h:141 ./include/linux/uaccess.h:178 lib/usercopy.c:18) 
[ 1162.796691][ T6582] ? copy_msghdr_from_user (net/socket.c:2554) 
[ 1162.796694][ T6582] ? __copy_msghdr (net/socket.c:2540) 
[ 1162.796700][ T6582] ___sys_recvmsg (net/socket.c:2877) 
[ 1162.796703][ T6582] ? ___sys_sendmsg (net/socket.c:2866) 
[ 1162.796706][ T6582] ? __handle_mm_fault (mm/memory.c:6195) 
[ 1162.796711][ T6582] ? __pmd_alloc (mm/memory.c:6104) 
[ 1162.796717][ T6582] ? lock_vma_under_rcu (./include/linux/rcupdate.h:874 mm/mmap_lock.c:170) 
[ 1162.796722][ T6582] __sys_recvmsg (net/socket.c:2909) 
[ 1162.796725][ T6582] ? __sys_recvmsg_sock (net/socket.c:2894) 
[ 1162.796728][ T6582] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532) 
[ 1162.796737][ T6582] ? do_user_addr_fault (./arch/x86/include/asm/atomic.h:93 ./include/linux/atomic/atomic-arch-fallback.h:949 ./include/linux/atomic/atomic-instrumented.h:401 ./include/linux/refcount.h:389 ./include/linux/refcount.h:432 ./include/linux/mmap_lock.h:143 ./include/linux/mmap_lock.h:267 arch/x86/mm/fault.c:1338) 
[ 1162.796745][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1162.796750][ T6582] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[ 1162.796755][ T6582] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1162.796759][ T6582] RIP: 0033:0x7f903797207d
[ 1162.796763][ T6582] Code: eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54 48 83 ec 10 64 8b 04 25 18 00 00 00 85 c0 75 22 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5b 4c 63 e0 48 83 c4 10 4c 89 e0 41 5c c3 66
All code
========
   0:	eb b7                	jmp    0xffffffffffffffb9
   2:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   9:	00 00 00 
   c:	90                   	nop
   d:	f3 0f 1e fa          	endbr64
  11:	41 54                	push   %r12
  13:	48 83 ec 10          	sub    $0x10,%rsp
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 22                	jne    0x45
  23:	b8 2f 00 00 00       	mov    $0x2f,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 5b                	ja     0x8d
  32:	4c 63 e0             	movslq %eax,%r12
  35:	48 83 c4 10          	add    $0x10,%rsp
  39:	4c 89 e0             	mov    %r12,%rax
  3c:	41 5c                	pop    %r12
  3e:	c3                   	ret
  3f:	66                   	data16

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 5b                	ja     0x63
   8:	4c 63 e0             	movslq %eax,%r12
   b:	48 83 c4 10          	add    $0x10,%rsp
   f:	4c 89 e0             	mov    %r12,%rax
  12:	41 5c                	pop    %r12
  14:	c3                   	ret
  15:	66                   	data16
[ 1162.796765][ T6582] RSP: 002b:00007fff826123a0 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1162.796769][ T6582] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f903797207d
[ 1162.796771][ T6582] RDX: 0000000002000000 RSI: 00007fff826123d0 RDI: 0000000000000008
[ 1162.796773][ T6582] RBP: 00007fff826ede80 R08: 0000000000000000 R09: 00007fff82610133
[ 1162.796775][ T6582] R10: 00007f90378721c8 R11: 0000000000000246 R12: 00007fff826edfe8
[ 1162.796776][ T6582] R13: 000000000040571b R14: 000000000042bdf0 R15: 00007f9037aaf000
| [ 1162.807476][ T6582] Disabling lock debugging due to kernel taint
| fbnic-err: bad TWQ descriptor ordering, previous: 0 current 0
| [ 1190.619947][ T6582] ncdevmem invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
| [ 1190.620465][ T6582] Tainted: [B]=BAD_PAGE
[ 1190.620467][ T6582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1190.620469][ T6582] Call Trace:
[ 1190.620472][ T6582]  <TASK>
[ 1190.620474][ T6582] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1190.620486][ T6582] dump_header (mm/oom_kill.c:74 mm/oom_kill.c:468) 
[ 1190.620495][ T6582] oom_kill_process (mm/oom_kill.c:1041) 
[ 1190.620499][ T6582] out_of_memory (mm/oom_kill.c:1180 (discriminator 4)) 
[ 1190.620502][ T6582] ? oom_killer_disable (mm/oom_kill.c:1113) 
[ 1190.620508][ T6582] __alloc_pages_may_oom (mm/page_alloc.c:4026) 
[ 1190.620516][ T6582] ? __alloc_pages_direct_compact (mm/page_alloc.c:3958) 
[ 1190.620522][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620528][ T6582] __alloc_pages_slowpath.constprop.0 (mm/page_alloc.c:4836) 
[ 1190.620535][ T6582] ? warn_alloc (mm/page_alloc.c:4596) 
[ 1190.620541][ T6582] __alloc_frozen_pages_noprof (mm/page_alloc.c:5161) 
[ 1190.620545][ T6582] ? __alloc_pages_slowpath.constprop.0 (mm/page_alloc.c:5114) 
[ 1190.620548][ T6582] ? page_cache_ra_unbounded (./include/linux/sched/mm.h:339 ./include/linux/sched/mm.h:399 mm/readahead.c:299) 
[ 1190.620551][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620555][ T6582] ? filemap_get_entry (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/filemap.c:1889) 
[ 1190.620558][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620561][ T6582] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 21)) 
[ 1190.620568][ T6582] alloc_pages_mpol (mm/mempolicy.c:2418) 
[ 1190.620574][ T6582] ? policy_nodemask (mm/mempolicy.c:2373) 
[ 1190.620577][ T6582] ? down_read (./arch/x86/include/asm/preempt.h:104 kernel/locking/rwsem.c:1268 kernel/locking/rwsem.c:1274 kernel/locking/rwsem.c:1539) 
[ 1190.620586][ T6582] folio_alloc_noprof (mm/mempolicy.c:2507 mm/mempolicy.c:2517) 
[ 1190.620589][ T6582] __filemap_get_folio (mm/filemap.c:1981) 
[ 1190.620594][ T6582] filemap_fault (mm/filemap.c:3455) 
[ 1190.620598][ T6582] ? folio_seek_hole_data (mm/filemap.c:3734) 
[ 1190.620600][ T6582] ? read_cache_page_gfp (mm/filemap.c:3404) 
[ 1190.620604][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620607][ T6582] ? do_fault_around (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/memory.c:5534) 
[ 1190.620610][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620613][ T6582] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 21)) 
[ 1190.620616][ T6582] ? lock_release (kernel/locking/lockdep.c:118 kernel/locking/lockdep.c:5881) 
[ 1190.620621][ T6582] __do_fault (mm/memory.c:5152) 
[ 1190.620628][ T6582] do_pte_missing (mm/memory.c:5573 mm/memory.c:5707 mm/memory.c:4234) 
[ 1190.620632][ T6582] handle_pte_fault (mm/memory.c:6052) 
[ 1190.620635][ T6582] ? io_schedule_timeout (kernel/sched/core.c:6817) 
[ 1190.620639][ T6582] ? do_pte_missing (mm/memory.c:6009) 
[ 1190.620642][ T6582] ? mtree_range_walk (lib/maple_tree.c:800 lib/maple_tree.c:2797) 
[ 1190.620646][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620650][ T6582] __handle_mm_fault (mm/memory.c:6195) 
[ 1190.620653][ T6582] ? __pmd_alloc (mm/memory.c:6104) 
[ 1190.620658][ T6582] ? lock_release (kernel/locking/lockdep.c:118 kernel/locking/lockdep.c:5881) 
[ 1190.620662][ T6582] ? lock_vma_under_rcu (./include/linux/rcupdate.h:874 mm/mmap_lock.c:170) 
[ 1190.620667][ T6582] handle_mm_fault (mm/memory.c:6376) 
[ 1190.620670][ T6582] ? __handle_mm_fault (mm/memory.c:6331) 
[ 1190.620673][ T6582] ? __rseq_handle_notify_resume (kernel/rseq.c:442) 
[ 1190.620679][ T6582] do_user_addr_fault (arch/x86/mm/fault.c:1337) 
[ 1190.620688][ T6582] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1190.620692][ T6582] exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532) 
[ 1190.620695][ T6582] asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) 
[ 1190.620699][ T6582] RIP: 0033:0x7f90378e6600
[ 1190.620704][ T6582] Code: c3 66 0f 1f 84 00 00 00 00 00 48 89 44 24 08 e8 b6 c5 ff ff 48 8b 44 24 08 e9 7f ff ff ff 0f 1f 40 00 31 c0 66 0f 1f 44 00 00 <41> 0f b6 14 07 88 14 07 48 83 c0 01 48 39 d8 75 ef 48 01 df 49 01
All code
========
   0:	c3                   	ret
   1:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
   8:	00 00 
   a:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
   f:	e8 b6 c5 ff ff       	call   0xffffffffffffc5ca
  14:	48 8b 44 24 08       	mov    0x8(%rsp),%rax
  19:	e9 7f ff ff ff       	jmp    0xffffffffffffff9d
  1e:	0f 1f 40 00          	nopl   0x0(%rax)
  22:	31 c0                	xor    %eax,%eax
  24:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  2a:*	41 0f b6 14 07       	movzbl (%r15,%rax,1),%edx		<-- trapping instruction
  2f:	88 14 07             	mov    %dl,(%rdi,%rax,1)
  32:	48 83 c0 01          	add    $0x1,%rax
  36:	48 39 d8             	cmp    %rbx,%rax
  39:	75 ef                	jne    0x2a
  3b:	48 01 df             	add    %rbx,%rdi
  3e:	49                   	rex.WB
  3f:	01                   	.byte 0x1

Code starting with the faulting instruction
===========================================
   0:	41 0f b6 14 07       	movzbl (%r15,%rax,1),%edx
   5:	88 14 07             	mov    %dl,(%rdi,%rax,1)
   8:	48 83 c0 01          	add    $0x1,%rax
   c:	48 39 d8             	cmp    %rbx,%rax
   f:	75 ef                	jne    0x0
  11:	48 01 df             	add    %rbx,%rdi
  14:	49                   	rex.WB
  15:	01                   	.byte 0x1
[ 1190.620707][ T6582] RSP: 002b:00007fff8260f710 EFLAGS: 00010246
[ 1190.620710][ T6582] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001
[ 1190.620712][ T6582] RDX: 0000000000000001 RSI: 00007f9037a1e04a RDI: 00007fff8260fde4
[ 1190.620714][ T6582] RBP: 0000000000000d68 R08: 0000000000000000 R09: 00007f9037a12d40
[ 1190.620716][ T6582] R10: 00007f9037a12c40 R11: 00000000ffffffff R12: 00007f9037a579c0


Finger prints:
dump_header:oom_kill_process:out_of_memory:__alloc_pages_may_oom:__alloc_frozen_pages_noprof
kasan_report:kasan_check_range:_copy_to_iter:__skb_datagram_iter:skb_copy_datagram_iter