====================================== | [ 865.581844][T11713] l2tp_ip: L2TP IP encapsulation support (L2TPv3) | [ 865.678310][T11716] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3) | [ 865.695152][T11715] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] SMP KASAN | [ 865.695470][T11715] KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] [ 865.695896][T11715] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 865.696062][T11715] RIP: 0010:l2tp_eth_create (net/l2tp/l2tp_core.h:340 net/l2tp/l2tp_core.h:346 net/l2tp/l2tp_eth.c:202 net/l2tp/l2tp_eth.c:250) l2tp_eth [ 865.696234][T11715] Code: 48 c1 e9 03 80 3c 01 00 0f 85 b7 06 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 7b 20 49 8d bf 94 00 00 00 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 03 38 c8 7c 08 84 c9 0f 85 51 All code ======== 0: 48 c1 e9 03 shr $0x3,%rcx 4: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) 8: 0f 85 b7 06 00 00 jne 0x6c5 e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 15: fc ff df 18: 4c 8b 7b 20 mov 0x20(%rbx),%r15 1c: 49 8d bf 94 00 00 00 lea 0x94(%r15),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 0f b6 0c 01 movzbl (%rcx,%rax,1),%ecx <-- trapping instruction 2e: 48 89 f8 mov %rdi,%rax 31: 83 e0 07 and $0x7,%eax 34: 83 c0 03 add $0x3,%eax 37: 38 c8 cmp %cl,%al 39: 7c 08 jl 0x43 3b: 84 c9 test %cl,%cl 3d: 0f .byte 0xf 3e: 85 .byte 0x85 3f: 51 push %rcx Code starting with the faulting instruction =========================================== 0: 0f b6 0c 01 movzbl (%rcx,%rax,1),%ecx 4: 48 89 f8 mov %rdi,%rax 7: 83 e0 07 and $0x7,%eax a: 83 c0 03 add $0x3,%eax d: 38 c8 cmp %cl,%al f: 7c 08 jl 0x19 11: 84 c9 test %cl,%cl 13: 0f .byte 0xf 14: 85 .byte 0x85 15: 51 push %rcx [ 865.696687][T11715] RSP: 0018:ffa00000006473b8 EFLAGS: 00010217 [ 865.696857][T11715] RAX: dffffc0000000000 RBX: ff11000014e5b400 RCX: 0000000000000012 [ 865.697058][T11715] RDX: ff11000005af121c RSI: 0000000000000014 RDI: 0000000000000094 [ 865.697253][T11715] RBP: 1ff40000000c8e7c R08: 0000000000000010 R09: 000000347074326c [ 865.697445][T11715] R10: ff11000005af1120 R11: ffa0000000647400 R12: ff1100000f1d9a00 [ 865.697643][T11715] R13: 0000000000000003 R14: ff11000005af1000 R15: 0000000000000000 [ 865.697842][T11715] FS: 00007ff358351400(0000) GS:ff110000ad5d9000(0000) knlGS:0000000000000000 [ 865.698081][T11715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 865.698249][T11715] CR2: 00007f1c43026e88 CR3: 000000000b174006 CR4: 0000000000771ef0 [ 865.698449][T11715] PKRU: 55555554 [ 865.698549][T11715] Call Trace: [ 865.698649][T11715] [ 865.698723][T11715] ? sk_dst_get (net/l2tp/l2tp_eth.c:216) l2tp_eth [ 865.698864][T11715] l2tp_nl_cmd_session_create (net/l2tp/l2tp_netlink.c:644) l2tp_netlink [ 865.699033][T11715] ? l2tp_session_notify.constprop.0 (net/l2tp/l2tp_netlink.c:529) l2tp_netlink [ 865.699231][T11715] ? __nla_validate_parse (lib/nlattr.c:638) [ 865.699364][T11715] ? __nla_parse (lib/nlattr.c:732 (discriminator 2)) [ 865.699491][T11715] ? genl_family_rcv_msg_attrs_parse.isra.0 (net/netlink/genetlink.c:946) [ 865.699656][T11715] genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116) [ 865.699785][T11715] ? genl_family_rcv_msg_attrs_parse.isra.0 (net/netlink/genetlink.c:1087) [ 865.699956][T11715] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:752 (discriminator 1)) [ 865.700086][T11715] ? cap_capable (./include/trace/events/capability.h:26 (discriminator 33) security/commoncap.c:130 (discriminator 33)) [ 865.700217][T11715] ? kernel_text_address (kernel/extable.c:125 (discriminator 1) kernel/extable.c:94 (discriminator 1)) [ 865.700348][T11715] genl_family_rcv_msg (net/netlink/genetlink.c:1194) [ 865.700479][T11715] ? genl_family_rcv_msg_dumpit (net/netlink/genetlink.c:1159) [ 865.700641][T11715] ? l2tp_session_notify.constprop.0 (net/l2tp/l2tp_netlink.c:529) l2tp_netlink [ 865.700843][T11715] ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1)) [ 865.700978][T11715] genl_rcv_msg (net/netlink/genetlink.c:65 net/netlink/genetlink.c:1210) [ 865.701108][T11715] netlink_rcv_skb (net/netlink/af_netlink.c:2550) [ 865.701240][T11715] ? genl_family_rcv_msg (net/netlink/genetlink.c:1200) [ 865.701369][T11715] ? netlink_ack (net/netlink/af_netlink.c:2527) [ 865.701501][T11715] ? netlink_deliver_tap (./include/linux/rcupdate.h:322 (discriminator 1) ./include/linux/rcupdate.h:881 (discriminator 1) ./include/net/netns/generic.h:48 (discriminator 1) net/netlink/af_netlink.c:333 (discriminator 1)) [ 865.701633][T11715] ? netlink_deliver_tap (./include/linux/rcupdate.h:322 (discriminator 1) ./include/linux/rcupdate.h:881 (discriminator 1) net/netlink/af_netlink.c:340 (discriminator 1)) [ 865.701765][T11715] genl_rcv (net/netlink/genetlink.c:1219) [ 865.701866][T11715] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) [ 865.702001][T11715] ? netlink_attachskb (net/netlink/af_netlink.c:1329) [ 865.702126][T11715] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:695 (discriminator 1)) [ 865.702260][T11715] ? napi_skb_cache_get (net/core/skbuff.c:674) [ 865.702388][T11715] ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1)) [ 865.702514][T11715] netlink_sendmsg (net/netlink/af_netlink.c:1894) [ 865.702641][T11715] ? netlink_unicast (net/netlink/af_netlink.c:1813) [ 865.702769][T11715] ? __might_fault (mm/memory.c:7217 (discriminator 4)) [ 865.702904][T11715] ____sys_sendmsg (net/socket.c:727 (discriminator 4) net/socket.c:742 (discriminator 4) net/socket.c:2592 (discriminator 4)) [ 865.703039][T11715] ? copy_msghdr_from_user (net/socket.c:2532) [ 865.703171][T11715] ? get_timestamp.constprop.0 (net/socket.c:2538) [ 865.703342][T11715] ? move_addr_to_kernel (net/socket.c:2518) [ 865.703472][T11715] ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1)) [ 865.703605][T11715] ___sys_sendmsg (net/socket.c:2648) [ 865.703739][T11715] ? copy_msghdr_from_user (net/socket.c:2635) [ 865.703868][T11715] ? do_fault_around (./include/linux/rcupdate.h:322 (discriminator 1) ./include/linux/rcupdate.h:881 (discriminator 1) mm/memory.c:5759 (discriminator 1)) [ 865.704002][T11715] ? do_pte_missing (mm/memory.c:5789 mm/memory.c:5932 mm/memory.c:4477) [ 865.704136][T11715] ? lock_vma_under_rcu (./include/linux/rcupdate.h:322 (discriminator 1) ./include/linux/rcupdate.h:881 (discriminator 1) mm/mmap_lock.c:329 (discriminator 1)) [ 865.704266][T11715] __sys_sendmsg (net/socket.c:2678 (discriminator 1)) [ 865.704398][T11715] ? __sys_sendmsg_sock (net/socket.c:2663) [ 865.704531][T11715] ? do_user_addr_fault (./arch/x86/include/asm/atomic.h:93 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:949 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:401 (discriminator 4) ./include/linux/refcount.h:389 (discriminator 4) ./include/linux/refcount.h:432 (discriminator 4) ./include/linux/mmap_lock.h:196 (discriminator 4) ./include/linux/mmap_lock.h:217 (discriminator 4) ./include/linux/mmap_lock.h:264 (discriminator 4) arch/x86/mm/fault.c:1336 (discriminator 4)) [ 865.704659][T11715] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:752 (discriminator 1)) [ 865.704791][T11715] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:752 (discriminator 1)) [ 865.704922][T11715] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 865.705050][T11715] ? exc_page_fault (arch/x86/mm/fault.c:1480 (discriminator 3) arch/x86/mm/fault.c:1527 (discriminator 3)) [ 865.705179][T11715] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 865.705337][T11715] RIP: 0033:0x7ff3584abc5e [ 865.705470][T11715] Code: 4d 89 d8 e8 34 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 34 bd 00 00 call 0xbd3c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 865.705930][T11715] RSP: 002b:00007ffcb5a5d8f0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 865.706126][T11715] RAX: ffffffffffffffda RBX: 00007ffcb5a5dcb0 RCX: 00007ff3584abc5e [ 865.706315][T11715] RDX: 0000000000000000 RSI: 00007ffcb5a5d9b0 RDI: 0000000000000006 [ 865.706501][T11715] RBP: 00007ffcb5a5d900 R08: 0000000000000000 R09: 0000000000000000 [ 865.706693][T11715] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 Finger prints: l2tp_eth_create:l2tp_nl_cmd_session_create:genl_family_rcv_msg_doit:genl_family_rcv_msg:genl_rcv_msg