BUG: kernel NULL pointer dereference: tfw_tls_encrypt

[EvgeniiMekhanik]

[ 2199.845532] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 2199.847804] #PF: supervisor write access in kernel mode
[ 2199.848863] #PF: error_code(0x0002) - not-present page
[ 2199.850005] PGD 0 P4D 0 
[ 2199.850627] Oops: 0002 [#1] SMP PTI
[ 2199.851381] CPU: 14 PID: 0 Comm: swapper/14 Tainted: G        W  OE     5.10.35+ #5
[ 2199.852763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
[ 2199.854221] RIP: 0010:pg_skb_alloc+0x17f/0x490
[ 2199.855179] Code: 05 48 01 d0 8b 70 10 8b 50 18 8b 78 14 85 f6 0f 84 55 01 00 00 39 fa 73 06 83 c2 01 89 50 18 4c 8b 28 49 8b 75 00 49 8b 55 08 <48> 89 56 08 48 89 32 48 be 00 01 00 00 00 00 ad de 49 89 75 00 48
[ 2199.858672] RSP: 0018:ffffb35280424a60 EFLAGS: 00010202
[ 2199.859800] RAX: ffff8e9a2f9ab120 RBX: 0000000000000000 RCX: 0000000000000002
[ 2199.861285] RDX: ffff8e9a2f9ab120 RSI: 0000000000000000 RDI: 0000000000000400
[ 2199.862794] RBP: ffffb35280424aa8 R08: 0000000000000001 R09: 0000000000000010
[ 2199.864230] R10: 0000000000000001 R11: ffff8e96ece78300 R12: 000000000002b0e0
[ 2199.865704] R13: ffff8e96ea476980 R14: ffff8e9a2f9ab0e0 R15: 0000000000000a20
[ 2199.867172] FS:  0000000000000000(0000) GS:ffff8e9a2f980000(0000) knlGS:0000000000000000
[ 2199.868785] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2199.870202] CR2: 0000000000000008 CR3: 00000001b255c001 CR4: 0000000000770ee0
[ 2199.871710] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2199.873237] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2199.874742] PKRU: 55555554
[ 2199.875620] Call Trace:
[ 2199.876438]  <IRQ>
[ 2199.877307]  __new_pgfrag+0x42/0x190 [tempesta_fw]
[ 2199.878546]  ss_skb_expand_head_tail+0x48/0xf0 [tempesta_fw]
[ 2199.879892]  tfw_tls_encrypt+0x249/0x8a0 [tempesta_fw]
[ 2199.881173]  ? pg_skb_alloc+0x433/0x490
[ 2199.882308]  ? __extend_pgfrags+0x219/0x2e0 [tempesta_fw]
[ 2199.883653]  ? __new_pgfrag+0xad/0x190 [tempesta_fw]
[ 2199.884946]  ? memcpy_fast+0xe/0x10 [tempesta_lib]
[ 2199.886227]  ? tfw_strcpy+0x1b3/0x2e0 [tempesta_fw]
[ 2199.887534]  ? tfw_h2_stream_fsm+0x9b/0x790 [tempesta_fw]
[ 2199.888950]  ? tfw_h2_stream_send_process+0x58/0x90 [tempesta_fw]
[ 2199.890685]  ? eb64_insert+0x1a9/0x1b0 [tempesta_lib]
[ 2199.892401]  ? skb_entail+0x122/0x140
[ 2199.904960]  ? tfw_h2_stream_sched_insert_blocked+0x5c/0x90 [tempesta_fw]
[ 2199.913034]  tcp_tfw_sk_write_xmit+0x8e/0x100
[ 2199.913035]  ? tcp_current_mss+0x67/0xb0
[ 2199.913038]  tcp_write_xmit+0x3a0/0x12a0
[ 2199.929358]  __tcp_push_pending_frames+0x37/0x100
[ 2199.948995]  ss_tx_action+0x780/0x7f0 [tempesta_fw]
[ 2199.966898]  net_tx_action+0x9c/0x250
[ 2199.966902]  __do_softirq+0xe3/0x340
[ 2199.985070]  asm_call_irq_on_stack+0x12/0x20
[ 2199.989869]  </IRQ>
[ 2200.018131]  do_softirq_own_stack+0x3d/0x50
[ 2200.029872]  irq_exit_rcu+0xa2/0xe0
[ 2200.049015]  sysvec_call_function_single+0x3d/0x90
[ 2200.066897]  asm_sysvec_call_function_single+0x12/0x20
[ 2200.087907] RIP: 0010:native_safe_halt+0xe/0x10
[ 2200.087909] Code: 39 ff ff ff 4c 89 ee 48 c7 c7 a0 ba a5 83 e8 89 64 91 ff e9 01 ff ff ff cc cc cc cc e9 07 00 00 00 0f 00 2d 96 55 47 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 86 55 47 00 f4 c3 cc cc 0f 1f 44 00
[ 2200.106744] RSP: 0018:ffffb352800f3e88 EFLAGS: 00000202
[ 2200.106746] RAX: ffffffff82b96750 RBX: 000000000000000e RCX: ffff8e9a2f9acdc0
[ 2200.106747] RDX: 00000000000ac67a RSI: 0000000000000083 RDI: 0000000000000083
[ 2200.106748] RBP: ffffb352800f3e90 R08: ffff8e9a2f99f180 R09: 0000000000000201
[ 2200.106751] R10: 000002002a4dd8af R11: 0000000000000000 R12: ffff8e96e03a0000
[ 2200.118435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2200.130638]  ? __sched_text_end+0x4/0x4
[ 2200.130641]  ? default_idle+0xe/0x20
[ 2200.155943]  arch_cpu_idle+0x15/0x20
[ 2200.172251]  default_idle_call+0x3d/0xc0
[ 2200.172254]  do_idle+0x215/0x2a0
[ 2200.172256]  cpu_startup_entry+0x20/0x30
[ 2200.191369]  start_secondary+0x145/0x1b0
[ 2200.191372]  secondary_startup_64_no_verify+0xc2/0xcb
[ 2200.191373] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) nft_counter
[ 2200.210630]  xt_mark xt_tcpudp nft_compat nf_tables nfnetlink
[ 2200.219275]  sha256_ssse3
[ 2200.253103]  sha512_ssse3 intel_rapl_msr
[ 2200.264521]  intel_rapl_common
[ 2200.285291]  isst_if_common nfit kvm_intel
[ 2200.303626]  kvm snd_hda_codec_generic
[ 2200.308334]  ledtrig_audio
[ 2200.336423]  binfmt_misc snd_hda_intel
[ 2200.341160]  snd_intel_dspcfg
[ 2200.354276]  snd_hda_codec
[ 2200.372578]  rapl
[ 2200.384029]  snd_hda_core
[ 2200.403975]  joydev snd_hwdep
[ 2200.423053]  snd_pcm
[ 2200.434704]  input_leds snd_timer snd serio_raw
[ 2200.442360] net_ratelimit: 5 callbacks suppressed
[ 2200.446542]  soundcore qemu_fw_cfg
[ 2200.458553]  mac_hid dm_multipath
[ 2200.468059] [tempesta tls] Warning: Cannot send TLS alert 0:1, -9
[ 2200.477405]  sch_fq_codel scsi_dh_rdac
[ 2200.489120]  scsi_dh_emc
[ 2200.510746]  scsi_dh_alua msr efi_pstore ip_tables x_tables
[ 2200.534952]  autofs4
[ 2200.552487]  btrfs
[ 2200.583223]  blake2b_generic
[ 2200.603099]  raid10
[ 2200.621969]  raid456 async_raid6_recov async_memcpy async_pq
[ 2200.639756]  async_xor async_tx
[ 2200.651347]  xor raid6_pq
[ 2200.672285]  libcrc32c raid1
[ 2200.690360]  raid0 multipath
[ 2200.704734]  linear hid_generic usbhid
[ 2200.723679]  hid qxl
[ 2200.742725]  drm_ttm_helper
[ 2200.754990]  ttm
[ 2200.788556]  drm_kms_helper syscopyarea
[ 2200.827680]  sysfillrect sysimgblt
[ 2200.840248]  fb_sys_fops cec crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rc_core aesni_intel drm crypto_simd ahci psmouse virtio_net cryptd i2c_i801 glue_helper libahci net_failover lpc_ich xhci_pci i2c_smbus virtio_blk failover virtio_rng xhci_pci_renesas
[ 2200.860494]  [last unloaded: tempesta_lib]
[ 2200.860503] CR2: 0000000000000008
[ 2200.860517] ---[ end trace 976a0fe8eab4cd3a ]---
[ 2200.872208] RIP: 0010:pg_skb_alloc+0x17f/0x490
[ 2200.872210] Code: 05 48 01 d0 8b 70 10 8b 50 18 8b 78 14 85 f6 0f 84 55 01 00 00 39 fa 73 06 83 c2 01 89 50 18 4c 8b 28 49 8b 75 00 49 8b 55 08 <48> 89 56 08 48 89 32 48 be 00 01 00 00 00 00 ad de 49 89 75 00 48
[ 2200.872211] RSP: 0018:ffffb35280424a60 EFLAGS: 00010202
[ 2200.872212] RAX: ffff8e9a2f9ab120 RBX: 0000000000000000 RCX: 0000000000000002
[ 2200.872213] RDX: ffff8e9a2f9ab120 RSI: 0000000000000000 RDI: 0000000000000400
[ 2200.872214] RBP: ffffb35280424aa8 R08: 0000000000000001 R09: 0000000000000010
[ 2200.872215] R10: 0000000000000001 R11: ffff8e96ece78300 R12: 000000000002b0e0
[ 2200.872216] R13: ffff8e96ea476980 R14: ffff8e9a2f9ab0e0 R15: 0000000000000a20
[ 2200.872217] FS:  0000000000000000(0000) GS:ffff8e9a2f980000(0000) knlGS:0000000000000000
[ 2200.872218] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2200.872218] CR2: 0000000000000008 CR3: 00000001b255c001 CR4: 0000000000770ee0
[ 2200.872222] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2200.872223] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2200.872223] PKRU: 55555554
[ 2200.872225] Kernel panic - not syncing: Fatal exception in interrupt
[ 2200.886407] Kernel Offset: 0xe00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2201.424279] Rebooting in 1 seconds..

[EvgeniiMekhanik]

This BUG occurs because of memory corruption in hpack which was already fixed