======================================
| [ 1105.567172][ T6287] ==================================================================
| [ 1105.567540][ T6287] BUG: KASAN: wild-memory-access in _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
| [ 1105.567814][ T6287] Read of size 982 at addr 0005088000000000 by task ncdevmem/6287
| [ 1105.568067][ T6287]
[ 1105.568173][ T6287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1105.568176][ T6287] Call Trace:
[ 1105.568178][ T6287]  <TASK>
[ 1105.568180][ T6287] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1105.568189][ T6287] ? _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1105.568192][ T6287] kasan_report (mm/kasan/report.c:597) 
[ 1105.568200][ T6287] ? _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1105.568205][ T6287] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) 
[ 1105.568209][ T6287] _copy_to_iter (./arch/x86/include/asm/smap.h:35 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:147 lib/iov_iter.c:25 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:185) 
[ 1105.568213][ T6287] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[ 1105.568221][ T6287] ? _copy_from_iter_flushcache (lib/iov_iter.c:180) 
[ 1105.568225][ T6287] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[ 1105.568231][ T6287] __skb_datagram_iter (net/core/datagram.c:440) 
[ 1105.568238][ T6287] ? skb_free_datagram (net/core/datagram.c:520) 
[ 1105.568243][ T6287] ? validate_chain (kernel/locking/lockdep.c:3801 kernel/locking/lockdep.c:3821 kernel/locking/lockdep.c:3876) 
[ 1105.568248][ T6287] skb_copy_datagram_iter (net/core/datagram.c:535) 
[ 1105.568252][ T6287] tcp_recvmsg_locked (net/ipv4/tcp.c:2802) 
[ 1105.568260][ T6287] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1105.568263][ T6287] ? tcp_update_recv_tstamps (net/ipv4/tcp.c:2613) 
[ 1105.568268][ T6287] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412) 
[ 1105.568274][ T6287] tcp_recvmsg (net/ipv4/tcp.c:2906) 
[ 1105.568276][ T6287] ? filemap_map_pages (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/filemap.c:3794) 
[ 1105.568281][ T6287] ? tcp_recv_timestamp (net/ipv4/tcp.c:2892) 
[ 1105.568285][ T6287] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 kernel/rcu/update.c:380) 
[ 1105.568291][ T6287] ? validate_chain (kernel/locking/lockdep.c:3801 kernel/locking/lockdep.c:3821 kernel/locking/lockdep.c:3876) 
[ 1105.568296][ T6287] inet6_recvmsg (net/ipv6/af_inet6.c:680 (discriminator 2)) 
[ 1105.568301][ T6287] ? __inet6_bind (net/ipv6/af_inet6.c:667) 
[ 1105.568306][ T6287] ____sys_recvmsg (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/sock.h:304 net/socket.c:1069 net/socket.c:1087 net/socket.c:2834) 
[ 1105.568311][ T6287] ? kernel_sendmsg (net/socket.c:2812) 
[ 1105.568314][ T6287] ? _copy_from_user (./arch/x86/include/asm/smap.h:29 ./arch/x86/include/asm/uaccess_64.h:134 ./arch/x86/include/asm/uaccess_64.h:141 ./include/linux/uaccess.h:178 lib/usercopy.c:18) 
[ 1105.568320][ T6287] ? copy_msghdr_from_user (net/socket.c:2554) 
[ 1105.568323][ T6287] ? __copy_msghdr (net/socket.c:2540) 
[ 1105.568330][ T6287] ___sys_recvmsg (net/socket.c:2877) 
[ 1105.568334][ T6287] ? ___sys_sendmsg (net/socket.c:2866) 
[ 1105.568337][ T6287] ? __handle_mm_fault (mm/memory.c:6195) 
[ 1105.568342][ T6287] ? __pmd_alloc (mm/memory.c:6104) 
[ 1105.568348][ T6287] ? lock_vma_under_rcu (./include/linux/rcupdate.h:874 mm/mmap_lock.c:170) 
[ 1105.568355][ T6287] __sys_recvmsg (net/socket.c:2909) 
[ 1105.568359][ T6287] ? __sys_recvmsg_sock (net/socket.c:2894) 
[ 1105.568362][ T6287] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532) 
[ 1105.568370][ T6287] ? do_user_addr_fault (./arch/x86/include/asm/atomic.h:93 ./include/linux/atomic/atomic-arch-fallback.h:949 ./include/linux/atomic/atomic-instrumented.h:401 ./include/linux/refcount.h:389 ./include/linux/refcount.h:432 ./include/linux/mmap_lock.h:143 ./include/linux/mmap_lock.h:267 arch/x86/mm/fault.c:1338) 
[ 1105.568378][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1105.568383][ T6287] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[ 1105.568389][ T6287] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1105.568393][ T6287] RIP: 0033:0x7f9d9f18f07d
[ 1105.568397][ T6287] Code: eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54 48 83 ec 10 64 8b 04 25 18 00 00 00 85 c0 75 22 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5b 4c 63 e0 48 83 c4 10 4c 89 e0 41 5c c3 66
All code
========
   0:	eb b7                	jmp    0xffffffffffffffb9
   2:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
   9:	00 00 00 
   c:	90                   	nop
   d:	f3 0f 1e fa          	endbr64
  11:	41 54                	push   %r12
  13:	48 83 ec 10          	sub    $0x10,%rsp
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 22                	jne    0x45
  23:	b8 2f 00 00 00       	mov    $0x2f,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 5b                	ja     0x8d
  32:	4c 63 e0             	movslq %eax,%r12
  35:	48 83 c4 10          	add    $0x10,%rsp
  39:	4c 89 e0             	mov    %r12,%rax
  3c:	41 5c                	pop    %r12
  3e:	c3                   	ret
  3f:	66                   	data16

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 5b                	ja     0x63
   8:	4c 63 e0             	movslq %eax,%r12
   b:	48 83 c4 10          	add    $0x10,%rsp
   f:	4c 89 e0             	mov    %r12,%rax
  12:	41 5c                	pop    %r12
  14:	c3                   	ret
  15:	66                   	data16
[ 1105.568401][ T6287] RSP: 002b:00007ffe36adff60 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1105.568405][ T6287] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9d9f18f07d
[ 1105.568408][ T6287] RDX: 0000000002000000 RSI: 00007ffe36adff90 RDI: 0000000000000008
[ 1105.568410][ T6287] RBP: 00007ffe36bbba40 R08: 0000000000000000 R09: 00007ffe36addcf3
[ 1105.568412][ T6287] R10: 00007f9d9f08f1c8 R11: 0000000000000246 R12: 00007ffe36bbbba8
[ 1105.568414][ T6287] R13: 000000000040571b R14: 000000000042bdf0 R15: 00007f9d9f2cc000
| fbnic-err: bad TWQ descriptor ordering, previous: 0 current 0
| fbnic-err: bad TWQ descriptor ordering, previous: 0 current 0
| [ 1187.164362][ T6287] ncdevmem invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
| [ 1187.164885][ T6287] Tainted: [B]=BAD_PAGE
[ 1187.164887][ T6287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1187.164889][ T6287] Call Trace:
[ 1187.164892][ T6287]  <TASK>
[ 1187.164894][ T6287] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1187.164907][ T6287] dump_header (mm/oom_kill.c:74 mm/oom_kill.c:468) 
[ 1187.164915][ T6287] oom_kill_process (mm/oom_kill.c:1041) 
[ 1187.164919][ T6287] out_of_memory (mm/oom_kill.c:1180 (discriminator 4)) 
[ 1187.164922][ T6287] ? oom_killer_disable (mm/oom_kill.c:1113) 
[ 1187.164928][ T6287] __alloc_pages_may_oom (mm/page_alloc.c:4026) 
[ 1187.164936][ T6287] ? __alloc_pages_direct_compact (mm/page_alloc.c:3958) 
[ 1187.164942][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.164949][ T6287] __alloc_pages_slowpath.constprop.0 (mm/page_alloc.c:4836) 
[ 1187.164956][ T6287] ? warn_alloc (mm/page_alloc.c:4596) 
[ 1187.164962][ T6287] __alloc_frozen_pages_noprof (mm/page_alloc.c:5161) 
[ 1187.164966][ T6287] ? __alloc_pages_slowpath.constprop.0 (mm/page_alloc.c:5114) 
[ 1187.164969][ T6287] ? page_cache_ra_unbounded (./include/linux/sched/mm.h:339 ./include/linux/sched/mm.h:399 mm/readahead.c:299) 
[ 1187.164972][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.164977][ T6287] ? filemap_get_entry (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/filemap.c:1889) 
[ 1187.164979][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.164982][ T6287] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 21)) 
[ 1187.164990][ T6287] alloc_pages_mpol (mm/mempolicy.c:2418) 
[ 1187.164995][ T6287] ? policy_nodemask (mm/mempolicy.c:2373) 
[ 1187.164999][ T6287] ? down_read (./arch/x86/include/asm/preempt.h:104 kernel/locking/rwsem.c:1268 kernel/locking/rwsem.c:1274 kernel/locking/rwsem.c:1539) 
[ 1187.165008][ T6287] folio_alloc_noprof (mm/mempolicy.c:2507 mm/mempolicy.c:2517) 
[ 1187.165012][ T6287] __filemap_get_folio (mm/filemap.c:1981) 
[ 1187.165016][ T6287] filemap_fault (mm/filemap.c:3455) 
[ 1187.165020][ T6287] ? folio_seek_hole_data (mm/filemap.c:3734) 
[ 1187.165022][ T6287] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 1187.165026][ T6287] ? read_cache_page_gfp (mm/filemap.c:3404) 
[ 1187.165029][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.165032][ T6287] ? do_fault_around (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 mm/memory.c:5534) 
[ 1187.165035][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.165038][ T6287] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 21)) 
[ 1187.165041][ T6287] ? lock_release (kernel/locking/lockdep.c:118 kernel/locking/lockdep.c:5881) 
[ 1187.165046][ T6287] __do_fault (mm/memory.c:5152) 
[ 1187.165051][ T6287] do_pte_missing (mm/memory.c:5573 mm/memory.c:5707 mm/memory.c:4234) 
[ 1187.165055][ T6287] handle_pte_fault (mm/memory.c:6052) 
[ 1187.165057][ T6287] ? kfree (mm/slub.c:4868) 
[ 1187.165062][ T6287] ? do_pte_missing (mm/memory.c:6009) 
[ 1187.165064][ T6287] ? mtree_range_walk (lib/maple_tree.c:800 lib/maple_tree.c:2797) 
[ 1187.165067][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.165071][ T6287] __handle_mm_fault (mm/memory.c:6195) 
[ 1187.165074][ T6287] ? __pmd_alloc (mm/memory.c:6104) 
[ 1187.165079][ T6287] ? lock_release (kernel/locking/lockdep.c:118 kernel/locking/lockdep.c:5881) 
[ 1187.165083][ T6287] ? lock_vma_under_rcu (./include/linux/rcupdate.h:874 mm/mmap_lock.c:170) 
[ 1187.165088][ T6287] handle_mm_fault (mm/memory.c:6376) 
[ 1187.165091][ T6287] ? __handle_mm_fault (mm/memory.c:6331) 
[ 1187.165094][ T6287] ? __rseq_handle_notify_resume (kernel/rseq.c:442) 
[ 1187.165100][ T6287] do_user_addr_fault (arch/x86/mm/fault.c:1337) 
[ 1187.165108][ T6287] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[ 1187.165112][ T6287] exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532) 
[ 1187.165116][ T6287] asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) 
[ 1187.165120][ T6287] RIP: 0033:0x7f9d9f0a74e0
[ 1187.165126][ T6287] Code: Unable to access opcode bytes at 0x7f9d9f0a74b6.

Code starting with the faulting instruction
===========================================
[ 1187.165127][ T6287] RSP: 002b:00007ffe36add318 EFLAGS: 00010202
[ 1187.165131][ T6287] RAX: 00007f9d9f23b047 RBX: 00007f9d9f2749c0 RCX: 0000000000000001
[ 1187.165133][ T6287] RDX: 0000000000000000 RSI: 0000000000000025 RDI: 00007f9d9f23b048
[ 1187.165134][ T6287] RBP: 00007ffe36add890 R08: 0000000000000000 R09: 00007f9d9f22fd40
[ 1187.165136][ T6287] R10: 00007f9d9f22fc40 R11: 00000000ffffffff R12: 0000000000000009


Finger prints:
dump_header:oom_kill_process:out_of_memory:__alloc_pages_may_oom:__alloc_frozen_pages_noprof
kasan_report:kasan_check_range:_copy_to_iter:__skb_datagram_iter:skb_copy_datagram_iter