Kernel under memory pressure and KASAN enabled #2328

EvgeniiMekhanik · 2025-01-20T14:23:02Z

To Reproduce
Run test t_stress.test_stress.H2LoadStress.test_no_cache in the loop

Configuration file
Your configuration file.

Version or commit hash
Tempesta d620aa8
Tempesta test ac2ce38c258f0fb91d2dab626a2b6e82e831cd8a

Stacktrace or debug log

[ 2091.661838] Start test: t_stress.test_stress.H2LoadStress.test_no_cache
[ 2092.709605] [tdb] Start Tempesta DB
[ 2092.779766] [tempesta fw] Initializing Tempesta FW kernel module...
[ 2093.039638] [tempesta fw] Warning: Vhost default doesn't have certificate with matching SAN/CN.
[ 2093.039638]     Maybe that's fine, but it's worth checking the
[ 2093.039638]     config - if there is no relations between the
[ 2093.039638]     names, then host name confusion attack is possible.
[ 2093.183515] [tempesta fw] Configuration processing is completed.
[ 2093.218276] [tdb] Opened table /opt/tempesta/db/filter0.tdb: size=16777216 rec_size=20 base=000000006cd3ea8b
[ 2093.231234] [tdb] Opened table /opt/tempesta/db/sessions0.tdb: size=16777216 rec_size=312 base=00000000fe4abb3c
[ 2093.243656] [tdb] Opened table /opt/tempesta/db/client0.tdb: size=16777216 rec_size=624 base=000000008ac4e44b
[ 2093.319179] [tempesta fw] Open listen socket on: 0.0.0.0:443
[ 2093.359066] [tempesta fw] Tempesta FW is ready
[ 2095.028861] ksoftirqd/0: page allocation failure: order:0, mode:0xa20(GFP_ATOMIC), nodemask=(null)
[ 2095.028863] [tempesta fw] ERROR: Can't alloc new TfwHttpResp
[ 2095.028873] [tempesta fw] Warning: Insufficient memory to create response message
[ 2095.029041] [tempesta fw] ERROR: Can't alloc new TfwHttpResp
[ 2095.029043] [tempesta fw] Warning: Insufficient memory to create response message
[ 2095.029881] ,cpuset=
[ 2095.030004] [tempesta fw] Warning: Failed to send frame -12
[ 2095.030515] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 2095.031345] /
[ 2095.031947]   cache: tfw_stream_cache, object size: 960, buffer size: 1312, default order: 3, min order: 0
[ 2095.032760] ,mems_allowed=0
[ 2095.033001] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.033008]   node 0: slabs: 4750, objs: 108918, free: 0
[ 2095.033011]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.033015]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.033016]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.033566] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.033571]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.033577]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.033610]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.033620] 
[ 2095.036148] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.036830] CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G           OE     5.10.35+ #442
[ 2095.037442]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.038455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2095.039291]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.039812] Call Trace:
[ 2095.040614]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.041656]  dump_stack+0x96/0xc4
[ 2095.045442] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.045891]  warn_alloc.cold+0x87/0x12a
[ 2095.045945] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.045950]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.045954]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.045958]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.047014]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.047987]  ? zone_watermark_ok_safe+0x140/0x140
[ 2095.048288]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.048867] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.048937]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.048957]  ? __kasan_check_read+0x11/0x20
[ 2095.048959]  ? __zone_watermark_ok+0x270/0x270
[ 2095.048964]  ? wake_all_kswapds+0xf4/0x140
[ 2095.048970]  ? __alloc_pages_slowpath.constprop.0+0x11f4/0x1390
[ 2095.048975]  __alloc_pages_slowpath.constprop.0+0x1359/0x1390
[ 2095.048984]  ? warn_alloc+0x120/0x120
[ 2095.048990]  ? __zone_watermark_ok+0x270/0x270
[ 2095.048995]  ? __zone_watermark_ok+0x270/0x270
[ 2095.049000]  ? __alloc_pages_nodemask+0x509/0x540
[ 2095.049005]  __alloc_pages_nodemask+0x509/0x540
[ 2095.049011]  ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 2095.049024]  ? alloc_pages_current+0x96/0x140
[ 2095.049029]  alloc_pages_current+0x96/0x140
[ 2095.049034]  __get_free_pages+0x12/0x60
[ 2095.049093]  tfw_pool_alloc_pages+0xa3/0xd0 [tempesta_fw]
[ 2095.049150]  __tfw_pool_new+0x29/0xb0 [tempesta_fw]
[ 2095.049192]  tfw_http_conn_msg_alloc+0x2ee/0x3b0 [tempesta_fw]
[ 2095.049249]  tfw_http_msg_process_generic+0xa11/0xc50 [tempesta_fw]
[ 2095.049331]  ? __split_pgfrag_del_w_frag+0x270/0xae0 [tempesta_fw]
[ 2095.049372]  ? tfw_http_req_process+0x1010/0x1010 [tempesta_fw]
[ 2095.049373]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.049446]  ? ss_skb_chop_head_tail+0x1b5/0x390 [tempesta_fw]
[ 2095.050430]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.050743]  ? ss_skb_get_room+0x150/0x150 [tempesta_fw]
[ 2095.051758]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.052416]  ? memcpy_fast+0xe/0x10 [tempesta_lib]
[ 2095.052928] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.052929]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.052930]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.052931]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.053878] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.054715]  ? ss_skb_split+0x1dc/0x210 [tempesta_fw]
[ 2095.055164]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.055970]  tfw_h2_frame_process+0x8ff/0xd00 [tempesta_fw]
[ 2095.056683]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.057735]  ? tfw_h2_frame_recv+0x38e0/0x38e0 [tempesta_fw]
[ 2095.058130]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.058633]  tfw_http_msg_process+0x9e/0xc0 [tempesta_fw]
[ 2095.061830] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 2095.062225]  tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 2095.062677]   cache: kmalloc-8k, object size: 8192, buffer size: 24576, default order: 3, min order: 3
[ 2095.063303]  ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 2095.063734]   kmalloc-8k debugging increased min order, use slub_debug=O to disable.
[ 2095.063737]   node 0: slabs: 117, objs: 117, free: 0
[ 2095.064218]  ? ss_skb_list_chop_head_tail+0x162/0x1d0 [tempesta_fw]
[ 2095.083571]  tfw_tls_connection_recv+0x4fe/0x770 [tempesta_fw]
[ 2095.084035]  ? tfw_tls_connection_lost+0x40/0x40 [tempesta_fw]
[ 2095.084518]  ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 2095.084986]  ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 2095.085399]  ? tcp_grow_window+0xce/0x330
[ 2095.085767]  ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 2095.086219]  tcp_data_ready+0x73/0x210
[ 2095.086543]  tcp_data_queue+0x1085/0x1d80
[ 2095.086903]  ? tcp_data_ready+0x210/0x210
[ 2095.087249]  ? tcp_try_keep_open+0x130/0x130
[ 2095.087634]  ? kvm_clock_get_cycles+0x11/0x20
[ 2095.088143]  ? ktime_get+0x4f/0xb0
[ 2095.088467]  tcp_rcv_established+0x427/0xf40
[ 2095.088894]  ? tcp_data_queue+0x1d80/0x1d80
[ 2095.089261]  ? __kasan_check_read+0x11/0x20
[ 2095.089595]  tcp_v4_do_rcv+0x25f/0x360
[ 2095.089886]  tcp_v4_rcv+0x1600/0x1770
[ 2095.090188]  ? tcp_new+0x420/0x420 [nf_conntrack]
[ 2095.090563]  ? tcp_v4_early_demux+0x2f0/0x2f0
[ 2095.090917]  ip_protocol_deliver_rcu+0x46/0x2e0
[ 2095.091368]  ip_local_deliver_finish+0xc6/0xe0
[ 2095.091728]  ip_local_deliver+0x1f5/0x210
[ 2095.092082]  ? ip_local_deliver_finish+0xe0/0xe0
[ 2095.092450]  ? tcp_v4_early_demux+0x297/0x2f0
[ 2095.092819]  ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 2095.093229]  ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 2095.093683]  ip_rcv_finish+0xcf/0xf0
[ 2095.093993]  ip_rcv+0x16d/0x180
[ 2095.094260]  ? ip_local_deliver+0x210/0x210
[ 2095.094749]  ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 2095.095338]  ? ip_local_deliver+0x210/0x210
[ 2095.095759]  __netif_receive_skb_one_core+0x132/0x140
[ 2095.096279]  ? napi_gro_receive+0x260/0x260
[ 2095.096670]  ? inet_gro_complete+0x16c/0x1b0
[ 2095.097086]  __netif_receive_skb+0x26/0xb0
[ 2095.097505]  process_backlog+0xfe/0x290
[ 2095.097922]  net_rx_action+0x287/0x6b0
[ 2095.098331]  ? napi_complete_done+0x2c0/0x2c0
[ 2095.098780]  ? switch_fpu_return+0x120/0x120
[ 2095.099221]  __do_softirq+0xfe/0x383
[ 2095.099610]  ? tasklet_hi_action+0x30/0x30
[ 2095.100005]  run_ksoftirqd+0x2b/0x40
[ 2095.100353]  smpboot_thread_fn+0x1ba/0x2f0
[ 2095.100748]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.101278]  ? __kasan_check_read+0x11/0x20
[ 2095.101676]  ? __kthread_parkme+0x83/0xa0
[ 2095.102014]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.102615]  kthread+0x1d9/0x200
[ 2095.102991]  ? __kthread_bind_mask+0x70/0x70
[ 2095.103424]  ret_from_fork+0x1f/0x30
[ 2095.103923] Mem-Info:
[ 2095.104166] active_anon:569 inactive_anon:284348 isolated_anon:0
[ 2095.104166]  active_file:280448 inactive_file:239952 isolated_file:0
[ 2095.104166]  unevictable:4 dirty:0 writeback:0
[ 2095.104166]  slab_reclaimable:45224 slab_unreclaimable:251271
[ 2095.104166]  mapped:123691 shmem:10879 pagetables:4848 bounce:0
[ 2095.104166]  free:15886 free_pcp:1717 free_cma:0
[ 2095.107109] Node 0 active_anon:2276kB inactive_anon:1137392kB active_file:1121792kB inactive_file:959808kB unevictable:16kB isolated(anon):0kB isolated(file):0kB mapped:494764kB dirty:0kB writeback:0kB shmem:43516kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:19712kB all_unreclaimable? no
[ 2095.110049] Node 0 DMA free:14884kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2095.112999] lowmem_reserve[]: 0 1513 6098 6098 6098
[ 2095.113582] Node 0 DMA32 free:44312kB min:54368kB low:58548kB high:62728kB reserved_highatomic:18432KB active_anon:72kB inactive_anon:47136kB active_file:151448kB inactive_file:20048kB unevictable:0kB writepending:0kB present:2080624kB managed:1550316kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:1812kB local_pcp:28kB free_cma:0kB
[ 2095.116725] lowmem_reserve[]: 0 0 4584 4584 4584
[ 2095.117256] Node 0 Normal free:2396kB min:164692kB low:177360kB high:190028kB reserved_highatomic:49152KB active_anon:2204kB inactive_anon:1090256kB active_file:970188kB inactive_file:938532kB unevictable:16kB writepending:0kB present:7028736kB managed:4694924kB mlocked:16kB pagetables:19392kB bounce:0kB free_pcp:5036kB local_pcp:1112kB free_cma:0kB
[ 2095.120368] lowmem_reserve[]: 0 0 0 0 0
[ 2095.120820] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (M) = 14884kB
[ 2095.122132] Node 0 DMA32: 842*4kB (UMH) 2248*8kB (UMEH) 415*16kB (UMEH) 125*32kB (UME) 114*64kB (UME) 36*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43896kB
[ 2095.123447] Node 0 Normal: 166*4kB (UMH) 99*8kB (UMH) 71*16kB (UMH) 3*32kB (MH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2688kB
[ 2095.124686] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2095.125346] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2095.126191] 529277 total pagecache pages
[ 2095.126516] 0 pages in swap cache
[ 2095.126808] Swap cache stats: add 0, delete 0, find 0/0
[ 2095.127248] Free swap  = 2097148kB
[ 2095.127534] Total swap = 2097148kB
[ 2095.127832] 2281338 pages RAM
[ 2095.128070] 0 pages HighMem/MovableOnly
[ 2095.128370] 716051 pages reserved
[ 2095.128617] 0 pages cma reserved
[ 2095.128886] 0 pages hwpoisoned
[ 2095.369762] ------------[ cut here ]------------
[ 2095.370178] WARNING: CPU: 3 PID: 32 at /home/evgeny/workdir/tempesta/fw/http2.c:477 tfw_h2_req_unlink_stream_with_rst+0x1de/0x1f0 [tempesta_fw]
[ 2095.371188] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) tls sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm kvm_intel binfmt_misc qxl kvm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 crct10dif_pclmul snd_seq ghash_clmulni_intel drm_ttm_helper aesni_intel ttm joydev crypto_simd cryptd glue_helper snd_seq_device input_leds snd_timer drm_kms_helper serio_raw snd 9pnet_virtio soundcore 9pnet cec fb_sys_fops qemu_fw_cfg syscopyarea mac_hid sysfillrect sysimgblt sch_fq_codel msr parport_pc ppdev drm lp parport ramoops
[ 2095.371269]  reed_solomon efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c hid_generic usbhid hid i2c_i801 crc32_pclmul psmouse i2c_smbus lpc_ich ahci libahci virtio_net virtio_blk net_failover failover [last unloaded: tempesta_lib]
[ 2095.380125] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G           OE     5.10.35+ #442
[ 2095.380778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2095.381569] RIP: 0010:tfw_h2_req_unlink_stream_with_rst+0x1de/0x1f0 [tempesta_fw]
[ 2095.382198] Code: 5c 67 d3 48 8b 85 70 ff ff ff 49 8d bf d0 08 00 00 48 89 83 90 03 00 00 e8 cf 5b 67 d3 49 83 87 d0 08 00 00 01 e9 25 ff ff ff <0f> 0b e9 03 ff ff ff e8 56 bb 50 d4 66 0f 1f 44 00 00 0f 1f 44 00
[ 2095.383760] RSP: 0018:ffff8881010966e0 EFLAGS: 00010293
[ 2095.384202] RAX: 0000000000000001 RBX: ffff88803a981008 RCX: ffffffffc20ae503
[ 2095.384792] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff88803a9810a8
[ 2095.385377] RBP: ffff888101096778 R08: ffff88812f7d59a8 R09: 0000000000000003
[ 2095.385955] R10: ffffed1020212cc5 R11: 0000000000000001 R12: ffff88803a97f020
[ 2095.386547] R13: 1ffff11020212cde R14: ffff88812f7d5850 R15: ffff88812f7d5018
[ 2095.387132] FS:  0000000000000000(0000) GS:ffff88824d180000(0000) knlGS:0000000000000000
[ 2095.387802] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2095.388267] CR2: 00007fcf7ca2319c CR3: 000000010def6000 CR4: 0000000000750ee0
[ 2095.388847] PKRU: 55555554
[ 2095.389076] Call Trace:
[ 2095.389308]  ? tfw_h2_req_unlink_stream+0x80/0x80 [tempesta_fw]
[ 2095.389815]  tfw_h2_prep_resp+0x433/0x570 [tempesta_fw]
[ 2095.390247]  ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 2095.390743]  ? tfw_h2_resp_status_write+0x2b0/0x2b0 [tempesta_fw]
[ 2095.391266]  ? get_order+0x20/0x20 [tempesta_fw]
[ 2095.391649]  ? alloc_pages_current+0x96/0x140
[ 2095.392010]  ? memset+0x3c/0x50
[ 2095.392297]  ? __tfw_http_msg_alloc+0x214/0x3b0 [tempesta_fw]
[ 2095.392787]  tfw_h2_send_resp+0x4f/0xa0 [tempesta_fw]
[ 2095.393222]  tfw_h2_send_err_resp+0xf0/0x130 [tempesta_fw]
[ 2095.393695]  ? tfw_h2_send_resp+0xa0/0xa0 [tempesta_fw]
[ 2095.394130]  ? _raw_spin_lock+0x7b/0xd0
[ 2095.394452]  ? kernel_init_free_pages+0xa3/0xb0
[ 2095.394853]  ? tfw_http_sess_obtain+0x12b/0x970 [tempesta_fw]
[ 2095.395346]  tfw_http_req_cache_cb+0x863/0xab0 [tempesta_fw]
[ 2095.395813]  ? __kasan_check_write+0x14/0x20
[ 2095.396183]  ? frang_http_req_handler+0x40d/0x930 [tempesta_fw]
[ 2095.396681]  ? tfw_http_conn_drop+0x5d0/0x5d0 [tempesta_fw]
[ 2095.397157]  ? tfw_http_req_client_link.constprop.0.isra.0+0xc7/0x1d0 [tempesta_fw]
[ 2095.397806]  tfw_cache_process+0x1ea/0x760 [tempesta_fw]
[ 2095.398261]  ? tfw_http_conn_drop+0x5d0/0x5d0 [tempesta_fw]
[ 2095.398742]  ? tfw_cache_put_entry+0x40/0x40 [tempesta_fw]
[ 2095.399199]  ? __kasan_check_read+0x11/0x20
[ 2095.399569]  tfw_http_req_process+0xb3e/0x1010 [tempesta_fw]
[ 2095.400039]  ? tfw_http_extract_request_authority+0x110/0x110 [tempesta_fw]
[ 2095.400616]  ? tfw_pool_alloc_pages+0xa3/0xd0 [tempesta_fw]
[ 2095.401066]  ? __kasan_check_write+0x14/0x20
[ 2095.401449]  ? tfw_http_conn_msg_alloc+0x361/0x3b0 [tempesta_fw]
[ 2095.401957]  tfw_http_msg_process_generic+0x360/0xc50 [tempesta_fw]
[ 2095.402462]  ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 2095.402966]  ? __split_pgfrag_del_w_frag+0x270/0xae0 [tempesta_fw]
[ 2095.403500]  ? tfw_http_req_process+0x1010/0x1010 [tempesta_fw]
[ 2095.404007]  ? ss_skb_chop_head_tail+0x1b5/0x390 [tempesta_fw]
[ 2095.404512]  ? ss_skb_get_room+0x150/0x150 [tempesta_fw]
[ 2095.404957]  ? memcpy_fast+0xe/0x10 [tempesta_lib]
[ 2095.405374]  ? ss_skb_split+0x1dc/0x210 [tempesta_fw]
[ 2095.405814]  tfw_h2_frame_process+0x8ff/0xd00 [tempesta_fw]
[ 2095.406288]  ? tfw_h2_frame_recv+0x38e0/0x38e0 [tempesta_fw]
[ 2095.406778]  tfw_http_msg_process+0x9e/0xc0 [tempesta_fw]
[ 2095.407245]  tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 2095.407712]  ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 2095.408181]  ? ss_skb_list_chop_head_tail+0x162/0x1d0 [tempesta_fw]
[ 2095.408714]  tfw_tls_connection_recv+0x4fe/0x770 [tempesta_fw]
[ 2095.409215]  ? tfw_tls_connection_lost+0x40/0x40 [tempesta_fw]
[ 2095.409723]  ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 2095.410191]  ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 2095.410610]  ? tcp_grow_window+0xce/0x330
[ 2095.410966]  ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 2095.411408]  tcp_data_ready+0x73/0x210
[ 2095.411715]  tcp_data_queue+0x1085/0x1d80
[ 2095.412049]  ? tcp_data_ready+0x210/0x210
[ 2095.412379]  ? tcp_try_keep_open+0x130/0x130
[ 2095.412733]  ? kvm_clock_get_cycles+0x11/0x20
[ 2095.413088]  ? ktime_get+0x4f/0xb0
[ 2095.413371]  tcp_rcv_established+0x427/0xf40
[ 2095.413723]  ? tcp_parse_md5sig_option+0x20/0xb0
[ 2095.414102]  ? tcp_data_queue+0x1d80/0x1d80
[ 2095.414445]  ? __kasan_check_read+0x11/0x20
[ 2095.414799]  tcp_v4_do_rcv+0x25f/0x360
[ 2095.415115]  tcp_v4_rcv+0x1600/0x1770
[ 2095.415423]  ? tcp_new+0x420/0x420 [nf_conntrack]
[ 2095.415815]  ? tcp_v4_early_demux+0x2f0/0x2f0
[ 2095.416178]  ip_protocol_deliver_rcu+0x46/0x2e0
[ 2095.416566]  ip_local_deliver_finish+0xc6/0xe0
[ 2095.416935]  ip_local_deliver+0x1f5/0x210
[ 2095.417267]  ? ip_local_deliver_finish+0xe0/0xe0
[ 2095.417649]  ? tcp_v4_early_demux+0x297/0x2f0
[ 2095.418009]  ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 2095.418413]  ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 2095.418864]  ip_rcv_finish+0xcf/0xf0
[ 2095.419169]  ip_rcv+0x16d/0x180
[ 2095.419435]  ? ip_local_deliver+0x210/0x210
[ 2095.419783]  ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 2095.420230]  ? ip_local_deliver+0x210/0x210
[ 2095.420579]  __netif_receive_skb_one_core+0x132/0x140
[ 2095.420999]  ? napi_gro_receive+0x260/0x260
[ 2095.421350]  ? __kasan_check_write+0x14/0x20
[ 2095.421707]  ? _raw_spin_lock+0x7b/0xd0
[ 2095.422022]  __netif_receive_skb+0x26/0xb0
[ 2095.422369]  process_backlog+0xfe/0x290
[ 2095.422689]  net_rx_action+0x287/0x6b0
[ 2095.423007]  ? napi_complete_done+0x2c0/0x2c0
[ 2095.423366]  __do_softirq+0xfe/0x383
[ 2095.423670]  ? tasklet_hi_action+0x30/0x30
[ 2095.424015]  run_ksoftirqd+0x2b/0x40
[ 2095.424312]  smpboot_thread_fn+0x1ba/0x2f0
[ 2095.424651]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.425105]  ? __kasan_check_read+0x11/0x20
[ 2095.425456]  ? __kthread_parkme+0x83/0xa0
[ 2095.425797]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.426253]  kthread+0x1d9/0x200
[ 2095.426524]  ? __kthread_bind_mask+0x70/0x70
[ 2095.426885]  ret_from_fork+0x1f/0x30
[ 2095.427187] ---[ end trace 11a2456ce12e8d47 ]---
[ 2095.431058] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 2095.431676] #PF: supervisor instruction fetch in kernel mode
[ 2095.432144] #PF: error_code(0x0010) - not-present page
[ 2095.432572] PGD 0 P4D 0 
[ 2095.432792] Oops: 0010 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 2095.433265] CPU: 2 PID: 26 Comm: ksoftirqd/2 Tainted: G        W  OE     5.10.35+ #442
[ 2095.433896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2095.434617] RIP: 0010:0x0
[ 2095.434827] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 2095.435363] RSP: 0018:ffff88810103f6c8 EFLAGS: 00010246
[ 2095.435762] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff962feb43
[ 2095.436299] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff88813f98ad40
[ 2095.436837] RBP: ffff88810103f6f0 R08: ffffffff962feb2c R09: ffff88813f98adc3
[ 2095.437375] R10: ffffed1027f315b8 R11: 0000000000000001 R12: ffff88813f98ad40
[ 2095.437913] R13: ffff88813f98b2e0 R14: 00000000000005a8 R15: ffff88813f98aea8
[ 2095.438452] FS:  0000000000000000(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 2095.439072] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2095.439514] CR2: ffffffffffffffd6 CR3: 000000014ce7c000 CR4: 0000000000750ee0
[ 2095.440058] PKRU: 55555554
[ 2095.440290] Call Trace:
[ 2095.440502]  tcp_data_ready+0x73/0x210
[ 2095.440811]  tcp_rcv_established+0xae9/0xf40
[ 2095.441165]  ? tcp_data_queue+0x1d80/0x1d80
[ 2095.441523]  ? __kasan_check_read+0x11/0x20
[ 2095.441861]  tcp_v4_do_rcv+0x25f/0x360
[ 2095.442167]  tcp_v4_rcv+0x1600/0x1770
[ 2095.442491]  ? tcp_new+0x420/0x420 [nf_conntrack]
[ 2095.442879]  ? tcp_v4_early_demux+0x2f0/0x2f0
[ 2095.443246]  ip_protocol_deliver_rcu+0x46/0x2e0
[ 2095.443615]  ip_local_deliver_finish+0xc6/0xe0
[ 2095.443975]  ip_local_deliver+0x1f5/0x210
[ 2095.444305]  ? ip_local_deliver_finish+0xe0/0xe0
[ 2095.444675]  ? tcp_v4_early_demux+0x297/0x2f0
[ 2095.445027]  ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 2095.445416]  ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 2095.445850]  ip_rcv_finish+0xcf/0xf0
[ 2095.446144]  ip_rcv+0x16d/0x180
[ 2095.446398]  ? ip_local_deliver+0x210/0x210
[ 2095.446735]  ? sk_reset_timer+0x1a/0x70
[ 2095.447053]  ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 2095.447486]  ? __kasan_check_write+0x14/0x20
[ 2095.447833]  ? ip_local_deliver+0x210/0x210
[ 2095.448173]  __netif_receive_skb_one_core+0x132/0x140
[ 2095.448583]  ? napi_gro_receive+0x260/0x260
[ 2095.448922]  __netif_receive_skb+0x26/0xb0
[ 2095.449262]  process_backlog+0xfe/0x290
[ 2095.449603]  ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 2095.450012]  net_rx_action+0x287/0x6b0
[ 2095.450304]  ? napi_complete_done+0x2c0/0x2c0
[ 2095.450645]  ? __kasan_check_write+0x14/0x20
[ 2095.450987]  __do_softirq+0xfe/0x383
[ 2095.451265]  ? tasklet_hi_action+0x30/0x30
[ 2095.451582]  run_ksoftirqd+0x2b/0x40
[ 2095.451861]  smpboot_thread_fn+0x1ba/0x2f0
[ 2095.452175]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.452597]  ? __kasan_check_read+0x11/0x20
[ 2095.452925]  ? __kthread_parkme+0x83/0xa0
[ 2095.453241]  ? smpboot_register_percpu_thread+0x190/0x190
[ 2095.453663]  kthread+0x1d9/0x200
[ 2095.453920]  ? __kthread_bind_mask+0x70/0x70
[ 2095.454251]  ret_from_fork+0x1f/0x30
[ 2095.454531] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) tls sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm kvm_intel binfmt_misc qxl kvm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 crct10dif_pclmul snd_seq ghash_clmulni_intel drm_ttm_helper aesni_intel ttm joydev crypto_simd cryptd glue_helper snd_seq_device input_leds snd_timer drm_kms_helper serio_raw snd 9pnet_virtio soundcore 9pnet cec fb_sys_fops qemu_fw_cfg syscopyarea mac_hid sysfillrect sysimgblt sch_fq_codel msr parport_pc ppdev drm lp parport ramoops
[ 2095.454622]  reed_solomon efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c hid_generic usbhid hid i2c_i801 crc32_pclmul psmouse i2c_smbus lpc_ich ahci libahci virtio_net virtio_blk net_failover failover [last unloaded: tempesta_lib]
[ 2095.463385] CR2: 0000000000000000
[ 2095.463660] ---[ end trace 11a2456ce12e8d48 ]---
[ 2095.464029] RIP: 0010:0x0
[ 2095.464245] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 2095.464801] RSP: 0018:ffff88810103f6c8 EFLAGS: 00010246
[ 2095.465220] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff962feb43
[ 2095.465790] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff88813f98ad40
[ 2095.466356] RBP: ffff88810103f6f0 R08: ffffffff962feb2c R09: ffff88813f98adc3
[ 2095.466934] R10: ffffed1027f315b8 R11: 0000000000000001 R12: ffff88813f98ad40
[ 2095.467504] R13: ffff88813f98b2e0 R14: 00000000000005a8 R15: ffff88813f98aea8
[ 2095.468084] FS:  0000000000000000(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 2095.468727] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2095.469183] CR2: ffffffffffffffd6 CR3: 000000014ce7c000 CR4: 0000000000750ee0
[ 2095.469749] PKRU: 55555554
[ 2095.469971] Kernel panic - not syncing: Fatal exception in interrupt
[ 2095.470572] Kernel Offset: 0x14200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 2095.471441] Rebooting in 1 seconds..
[ 2096.464177] ACPI MEMORY or I/O RESET_REG.

The text was updated successfully, but these errors were encountered:

EvgeniiMekhanik · 2025-01-23T17:28:23Z

[ 2191.532574] BUG: KASAN: use-after-free in tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 2191.533560] Read of size 8 at addr ffff88816d43a0c0 by task kworker/0:4/511
[ 2191.534263]
[ 2191.534429] CPU: 0 PID: 511 Comm: kworker/0:4 Tainted: G W OE 5.10.35+ #455
[ 2191.535238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2191.536211] Workqueue: events refill_work [virtio_net]
[ 2191.536763] Call Trace:
[ 2191.537032]
[ 2191.537261] dump_stack+0x96/0xc4
[ 2191.537623] print_address_description.constprop.0+0x21/0x220
[ 2191.538242] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 2191.538729] ? _raw_write_unlock_bh+0x30/0x30
[ 2191.539221] ? tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 2191.539905] kasan_report.cold+0x20/0x37
[ 2191.540403] ? tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 2191.541090] check_memory_region+0x14d/0x1a0
[ 2191.541548] __kasan_check_read+0x11/0x20
[ 2191.542011] tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 2191.542677] ? __ip_flush_pending_frames.constprop.0+0x130/0x130
[ 2191.543343] ? tfw_http_req_process+0x1050/0x1050 [tempesta_fw]
[ 2191.543974] ? _raw_spin_lock_irqsave+0x6/0xf0
[ 2191.544462] ? __kasan_check_write+0x14/0x20
[ 2191.544922] ? enqueue_timer+0xbd/0x1c0
[ 2191.545336] ? __mod_timer+0x47c/0x6e0
[ 2191.545741] ? add_timer_on+0x270/0x270
[ 2191.546181] tfw_http_msg_process+0x81/0xc0 [tempesta_fw]
[ 2191.546758] ? tcp_ack_update_rtt+0x2a3/0x880
[ 2191.547269] tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 2191.547903] ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 2191.548543] ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 2191.549177] ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 2191.549728] ? tcp_grow_window+0x10a/0x330
[ 2191.550220] ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 2191.550801] tcp_data_ready+0x73/0x210
[ 2191.551223] tcp_data_queue+0x1085/0x1d80
[ 2191.551672] ? tcp_data_ready+0x210/0x210
[ 2191.552124] ? tcp_try_keep_open+0x130/0x130
[ 2191.552611] ? kvm_clock_get_cycles+0x11/0x20
[ 2191.553087] ? ktime_get+0x4f/0xb0
[ 2191.553459] tcp_rcv_established+0x427/0xf80
[ 2191.553923] ? tcp_parse_md5sig_option+0x20/0xb0
[ 2191.554420] ? tcp_data_queue+0x1d80/0x1d80
[ 2191.554874] ? __kasan_check_read+0x11/0x20
[ 2191.555323] tcp_v4_do_rcv+0x25f/0x360
[ 2191.555727] tcp_v4_rcv+0x1600/0x1770
[ 2191.556135] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 2191.556643] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 2191.557111] ip_protocol_deliver_rcu+0x46/0x2e0
[ 2191.557596] ip_local_deliver_finish+0xc6/0xe0
[ 2191.558073] ip_local_deliver+0x1f5/0x210
[ 2191.558501] ? ip_local_deliver_finish+0xe0/0xe0
[ 2191.558978] ? tcp_v4_early_demux+0x297/0x2f0
[ 2191.559430] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 2191.559925] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 2191.560486] ip_rcv_finish+0xcf/0xf0
[ 2191.560859] ip_rcv+0x16d/0x180
[ 2191.561189] ? ip_local_deliver+0x210/0x210
[ 2191.561624] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.562107] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 2191.562645] ? ip_local_deliver+0x210/0x210
[ 2191.563067] __netif_receive_skb_one_core+0x132/0x140
[ 2191.563571] ? napi_gro_receive+0x260/0x260
[ 2191.563992] ? __netif_receive_skb_list_core+0x470/0x470
[ 2191.564524] __netif_receive_skb+0x26/0xb0
[ 2191.564934] process_backlog+0xfe/0x290
[ 2191.565309] net_rx_action+0x287/0x6b0
[ 2191.565676] ? napi_complete_done+0x2c0/0x2c0
[ 2191.566101] ? switch_fpu_return+0x120/0x120
[ 2191.566517] ? kvm_guest_apic_eoi_write+0x54/0x60
[ 2191.566975] ? apic_ack_edge+0x99/0xe0
[ 2191.567342] __do_softirq+0xfe/0x383
[ 2191.567692] asm_call_irq_on_stack+0xf/0x20
[ 2191.568099]
[ 2191.568323] do_softirq_own_stack+0x3d/0x50
[ 2191.568732] irq_exit_rcu+0xc7/0x120
[ 2191.569083] common_interrupt+0x7d/0x120
[ 2191.569465] asm_common_interrupt+0x1e/0x40
[ 2191.569874] RIP: 0010:___cache_free+0x14e/0x290
[ 2191.570317] Code: 8b 14 c5 20 6b 20 9b 49 8b 47 10 0f 1f 44 00 00 48 63 8a c0 a0 02 00 48 85 c0 48 0f 44 05 42 d4 57 09 48 8b bc c8 00 0b 00 00 <48> 3b 97 80 00 00 00 0f 85 bb 00 00 00 9c 58 0f 1f 44 00 00 49 89
[ 2191.572039] RSP: 0018:ffff88817537eb48 EFLAGS: 00000286
[ 2191.572539] RAX: ffff888194944000 RBX: ffff88811b3dd548 RCX: 0000000000000000
[ 2191.573202] RDX: ffff8882abe6f000 RSI: 0000000000000005 RDI: ffff88817d003400
[ 2191.573866] RBP: ffff88817537eb80 R08: ffffffff91cbd9b9 R09: 00000000fffffdd8
[ 2191.574528] R10: ffffed1028b3254b R11: 0000000000000001 R12: ffffea00046cf700
[ 2191.575191] R13: ffff888100c0f4c0 R14: ffff888100c0f4c0 R15: ffff888145992a40
[ 2191.575855] ? drain_obj_stock+0xa9/0x150
[ 2191.576238] ? ___cache_free+0x103/0x290
[ 2191.576609] ? qlist_free_all+0x32/0xd0
[ 2191.576972] qlist_free_all+0x57/0xd0
[ 2191.577320] quarantine_reduce+0x156/0x180
[ 2191.577708] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 2191.578158] kasan_slab_alloc+0xe/0x10
[ 2191.578513] kmem_cache_alloc+0xf7/0x290
[ 2191.578886] mempool_alloc_slab+0x17/0x20
[ 2191.579265] mempool_alloc+0xf0/0x290
[ 2191.579612] ? mempool_kmalloc+0x20/0x20
[ 2191.579983] ? mempool_exit+0xb0/0xb0
[ 2191.580334] ? wait_woken+0x120/0x120
[ 2191.580682] ? _raw_spin_lock+0x7b/0xd0
[ 2191.581046] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.581481] ? __mod_memcg_state.part.0+0x4e/0x140
[ 2191.581933] bio_alloc_bioset+0x26b/0x370
[ 2191.582308] ? bvec_alloc+0x150/0x150
[ 2191.582647] ? page_vma_mapped_walk+0x3d6/0xdb0
[ 2191.583062] get_swap_bio+0x80/0x1c0
[ 2191.583391] ? try_to_unmap_one+0xb9f/0x1320
[ 2191.583782] ? get_swap_bio+0x1c0/0x1c0
[ 2191.584134] ? do_madvise+0x50/0x50
[ 2191.584459] ? slabinfo_write+0x1/0x20
[ 2191.584804] ? bdev_write_page+0x5b/0x170
[ 2191.585172] __swap_writepage+0xf8/0x750
[ 2191.585533] ? get_swap_bio+0x1c0/0x1c0
[ 2191.585886] ? generic_swapfile_activate+0x3e0/0x3e0
[ 2191.586338] ? zswap_writeback_entry+0x620/0x620
[ 2191.586760] ? __kasan_check_write+0x14/0x20
[ 2191.587154] ? _raw_spin_lock+0x7b/0xd0
[ 2191.587506] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.587928] ? __kasan_check_read+0x11/0x20
[ 2191.588312] ? __frontswap_store+0x97/0x1f0
[ 2191.588696] swap_writepage+0x35/0x90
[ 2191.589034] pageout+0x267/0x650
[ 2191.589334] ? check_move_unevictable_pages+0x570/0x570
[ 2191.589810] ? try_to_unmap+0x1b0/0x230
[ 2191.590164] ? __kasan_check_read+0x11/0x20
[ 2191.590548] shrink_page_list+0x10a1/0x1870
[ 2191.590932] ? pageout+0x650/0x650
[ 2191.591246] ? mem_cgroup_uncharge+0x100/0x100
[ 2191.591654] ? lru_add_drain_cpu+0x147/0x2b0
[ 2191.592045] ? __count_memcg_events.part.0+0x31/0x100
[ 2191.592510] shrink_inactive_list+0x2c2/0x6b0
[ 2191.592909] ? isolate_lru_pages+0x6a0/0x6a0
[ 2191.593302] ? blk_flush_plug_list+0x1fc/0x250
[ 2191.593697] ? _raw_write_unlock_bh+0x30/0x30
[ 2191.594085] ? blk_insert_cloned_request+0x160/0x160
[ 2191.594524] ? lruvec_lru_size+0xaa/0x130
[ 2191.594882] shrink_lruvec+0x567/0x930
[ 2191.595217] ? cpumask_next+0x2c/0x40
[ 2191.595546] ? shrink_active_list+0x850/0x850
[ 2191.595933] ? rwsem_mark_wake+0x500/0x500
[ 2191.596301] ? __kasan_check_write+0x14/0x20
[ 2191.596681] ? _raw_spin_lock+0x7b/0xd0
[ 2191.597024] ? __kasan_check_write+0x14/0x20
[ 2191.597404] ? mem_cgroup_iter+0x1f7/0x4a0
[ 2191.597769] shrink_node+0x53e/0xcf0
[ 2191.598091] do_try_to_free_pages+0x26e/0x9d0
[ 2191.598480] ? __node_reclaim+0x3b0/0x3b0
[ 2191.598838] ? kvm_sched_clock_read+0x11/0x20
[ 2191.599226] ? sched_clock+0x9/0x10
[ 2191.599539] try_to_free_pages+0x1b9/0x2d0
[ 2191.599905] ? reclaim_pages+0x610/0x610
[ 2191.600257] ? __kasan_check_read+0x11/0x20
[ 2191.600632] __alloc_pages_slowpath.constprop.0+0x648/0x1390
[ 2191.601131] ? record_times+0xab/0x110
[ 2191.601466] ? warn_alloc+0x120/0x120
[ 2191.601795] ? __kasan_check_write+0x14/0x20
[ 2191.602175] ? __zone_watermark_ok+0x270/0x270
[ 2191.602569] ? __kasan_check_read+0x11/0x20
[ 2191.602942] __alloc_pages_nodemask+0x509/0x540
[ 2191.603344] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 2191.603865] ? try_to_del_timer_sync+0xe0/0xe0
[ 2191.604267] alloc_pages_current+0x96/0x140
[ 2191.604641] skb_page_frag_refill+0x156/0x220
[ 2191.605030] try_fill_recv+0x3c4/0xb00 [virtio_net]
[ 2191.605456] ? hrtimer_active+0x82/0xb0
[ 2191.605792] refill_work+0x93/0xf0 [virtio_net]
[ 2191.606184] process_one_work+0x43c/0x720
[ 2191.606532] worker_thread+0x47a/0x790
[ 2191.606858] ? process_one_work+0x720/0x720
[ 2191.607220] kthread+0x1d9/0x200
[ 2191.607503] ? __kthread_bind_mask+0x70/0x70
[ 2191.607873] ret_from_fork+0x1f/0x30
[ 2191.608186]
[ 2191.608323] The buggy address belongs to the page:
[ 2191.608740] page:0000000043c2e3ad refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16d43a
[ 2191.609536] flags: 0x17ffffc0000000()
[ 2191.609857] raw: 0017ffffc0000000 ffffea0006db30c8 ffff88824d03a1d0 0000000000000000
[ 2191.610515] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 2191.611173] page dumped because: kasan: bad access detected
[ 2191.611648]
[ 2191.611785] Memory state around the buggy address:
[ 2191.612199] ffff88816d439f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2191.612813] ffff88816d43a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2191.613427] >ffff88816d43a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2191.614041] ^
[ 2191.614496] ffff88816d43a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2191.615110] ffff88816d43a180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 2191.615723] ==================================================================
[ 2191.616339] Disabling lock debugging due to kernel taint
[ 2191.616825] BUG: unable to handle page fault for address: ffff88816d43a0c0
[ 2191.617411] #PF: supervisor read access in kernel mode
[ 2191.617854] #PF: error_code(0x0000) - not-present page
[ 2191.618294] PGD 7a801067 P4D 7a801067 PUD 2ac89e067 PMD 2ac733067 PTE 800ffffe92bc5060
[ 2191.618971] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 2191.619448] CPU: 0 PID: 511 Comm: kworker/0:4 Tainted: G B W OE 5.10.35+ #455
[ 2191.620127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2191.620930] Workqueue: events refill_work [virtio_net]
[ 2191.621409] RIP: 0010:tfw_http_msg_process_generic+0x7c4/0xc50 [tempesta_fw]
[ 2191.622026] Code: c0 0f 84 c5 fb ff ff 48 8b 9d 60 fe ff ff be 08 00 00 00 4c 8d a3 a0 00 00 00 4c 89 e7 e8 64 ec df cf 4c 89 e7 e8 5c 0a e0 cf <48> 8b 83 a0 00 00 00 a8 20 0f 84 93 fb ff ff 48 8b 9d 90 fe ff ff
[ 2191.623601] RSP: 0018:ffff88824d009328 EFLAGS: 00010282
[ 2191.624049] RAX: 0000000000000000 RBX: ffff88816d43a020 RCX: ffffffffc1e948c4
[ 2191.624660] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88816d43a0c0
[ 2191.625266] RBP: ffff88824d009510 R08: 0000000000000001 R09: ffffffff9b5adfe7
[ 2191.625872] R10: fffffbfff36b5bfc R11: 0000000000000000 R12: ffff88816d43a0c0
[ 2191.626478] R13: ffff8881defb7020 R14: ffff88816d43a0c0 R15: 0000000000010000
[ 2191.627086] FS: 0000000000000000(0000) GS:ffff88824d000000(0000) knlGS:0000000000000000
[ 2191.627775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2191.628273] CR2: ffff88816d43a0c0 CR3: 0000000170b0a000 CR4: 0000000000750ef0
[ 2191.628890] PKRU: 55555554
[ 2191.629133] Call Trace:
[ 2191.629349]
[ 2191.629530] ? __ip_flush_pending_frames.constprop.0+0x130/0x130
[ 2191.630067] ? tfw_http_req_process+0x1050/0x1050 [tempesta_fw]
[ 2191.630575] ? _raw_spin_lock_irqsave+0x6/0xf0
[ 2191.630960] ? __kasan_check_write+0x14/0x20
[ 2191.631337] ? enqueue_timer+0xbd/0x1c0
[ 2191.631685] ? __mod_timer+0x47c/0x6e0
[ 2191.632026] ? add_timer_on+0x270/0x270
[ 2191.632398] tfw_http_msg_process+0x81/0xc0 [tempesta_fw]
[ 2191.632881] ? tcp_ack_update_rtt+0x2a3/0x880
[ 2191.633294] tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 2191.633808] ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 2191.634331] ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 2191.634853] ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 2191.635307] ? tcp_grow_window+0x10a/0x330
[ 2191.635711] ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 2191.636198] tcp_data_ready+0x73/0x210
[ 2191.636552] tcp_data_queue+0x1085/0x1d80
[ 2191.636923] ? tcp_data_ready+0x210/0x210
[ 2191.637292] ? tcp_try_keep_open+0x130/0x130
[ 2191.637686] ? kvm_clock_get_cycles+0x11/0x20
[ 2191.638085] ? ktime_get+0x4f/0xb0
[ 2191.638401] tcp_rcv_established+0x427/0xf80
[ 2191.638792] ? tcp_parse_md5sig_option+0x20/0xb0
[ 2191.639215] ? tcp_data_queue+0x1d80/0x1d80
[ 2191.639600] ? __kasan_check_read+0x11/0x20
[ 2191.639984] tcp_v4_do_rcv+0x25f/0x360
[ 2191.640333] tcp_v4_rcv+0x1600/0x1770
[ 2191.640683] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 2191.641115] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 2191.641515] ip_protocol_deliver_rcu+0x46/0x2e0
[ 2191.641931] ip_local_deliver_finish+0xc6/0xe0
[ 2191.642339] ip_local_deliver+0x1f5/0x210
[ 2191.642708] ? ip_local_deliver_finish+0xe0/0xe0
[ 2191.643130] ? tcp_v4_early_demux+0x297/0x2f0
[ 2191.643529] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 2191.643967] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 2191.644461] ip_rcv_finish+0xcf/0xf0
[ 2191.644791] ip_rcv+0x16d/0x180
[ 2191.645083] ? ip_local_deliver+0x210/0x210
[ 2191.645469] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.645892] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 2191.646383] ? ip_local_deliver+0x210/0x210
[ 2191.646768] __netif_receive_skb_one_core+0x132/0x140
[ 2191.647227] ? napi_gro_receive+0x260/0x260
[ 2191.647611] ? __netif_receive_skb_list_core+0x470/0x470
[ 2191.648095] __netif_receive_skb+0x26/0xb0
[ 2191.648474] process_backlog+0xfe/0x290
[ 2191.648826] net_rx_action+0x287/0x6b0
[ 2191.649171] ? napi_complete_done+0x2c0/0x2c0
[ 2191.649570] ? switch_fpu_return+0x120/0x120
[ 2191.649962] ? kvm_guest_apic_eoi_write+0x54/0x60
[ 2191.650393] ? apic_ack_edge+0x99/0xe0
[ 2191.650738] __do_softirq+0xfe/0x383
[ 2191.651069] asm_call_irq_on_stack+0xf/0x20
[ 2191.651451]
[ 2191.651650] do_softirq_own_stack+0x3d/0x50
[ 2191.652031] irq_exit_rcu+0xc7/0x120
[ 2191.652355] common_interrupt+0x7d/0x120
[ 2191.652705] asm_common_interrupt+0x1e/0x40
[ 2191.653077] RIP: 0010:___cache_free+0x14e/0x290
[ 2191.653480] Code: 8b 14 c5 20 6b 20 9b 49 8b 47 10 0f 1f 44 00 00 48 63 8a c0 a0 02 00 48 85 c0 48 0f 44 05 42 d4 57 09 48 8b bc c8 00 0b 00 00 <48> 3b 97 80 00 00 00 0f 85 bb 00 00 00 9c 58 0f 1f 44 00 00 49 89
[ 2191.655103] RSP: 0018:ffff88817537eb48 EFLAGS: 00000286
[ 2191.655565] RAX: ffff888194944000 RBX: ffff88811b3dd548 RCX: 0000000000000000
[ 2191.656195] RDX: ffff8882abe6f000 RSI: 0000000000000005 RDI: ffff88817d003400
[ 2191.656819] RBP: ffff88817537eb80 R08: ffffffff91cbd9b9 R09: 00000000fffffdd8
[ 2191.657443] R10: ffffed1028b3254b R11: 0000000000000001 R12: ffffea00046cf700
[ 2191.658068] R13: ffff888100c0f4c0 R14: ffff888100c0f4c0 R15: ffff888145992a40
[ 2191.658692] ? drain_obj_stock+0xa9/0x150
[ 2191.659050] ? ___cache_free+0x103/0x290
[ 2191.659399] ? qlist_free_all+0x32/0xd0
[ 2191.659741] qlist_free_all+0x57/0xd0
[ 2191.660068] quarantine_reduce+0x156/0x180
[ 2191.660435] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 2191.660859] kasan_slab_alloc+0xe/0x10
[ 2191.661194] kmem_cache_alloc+0xf7/0x290
[ 2191.661545] mempool_alloc_slab+0x17/0x20
[ 2191.661902] mempool_alloc+0xf0/0x290
[ 2191.662230] ? mempool_kmalloc+0x20/0x20
[ 2191.662579] ? mempool_exit+0xb0/0xb0
[ 2191.662907] ? wait_woken+0x120/0x120
[ 2191.663241] ? _raw_spin_lock+0x7b/0xd0
[ 2191.663594] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.664015] ? __mod_memcg_state.part.0+0x4e/0x140
[ 2191.664457] bio_alloc_bioset+0x26b/0x370
[ 2191.664825] ? bvec_alloc+0x150/0x150
[ 2191.665162] ? page_vma_mapped_walk+0x3d6/0xdb0
[ 2191.665576] get_swap_bio+0x80/0x1c0
[ 2191.665906] ? try_to_unmap_one+0xb9f/0x1320
[ 2191.666297] ? get_swap_bio+0x1c0/0x1c0
[ 2191.666649] ? do_madvise+0x50/0x50
[ 2191.666970] ? slabinfo_write+0x1/0x20
[ 2191.667318] ? bdev_write_page+0x5b/0x170
[ 2191.667697] __swap_writepage+0xf8/0x750
[ 2191.668067] ? get_swap_bio+0x1c0/0x1c0
[ 2191.668439] ? generic_swapfile_activate+0x3e0/0x3e0
[ 2191.668904] ? zswap_writeback_entry+0x620/0x620
[ 2191.669338] ? __kasan_check_write+0x14/0x20
[ 2191.669730] ? _raw_spin_lock+0x7b/0xd0
[ 2191.670082] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 2191.670503] ? __kasan_check_read+0x11/0x20
[ 2191.670885] ? __frontswap_store+0x97/0x1f0
[ 2191.671268] swap_writepage+0x35/0x90
[ 2191.671605] pageout+0x267/0x650
[ 2191.671906] ? check_move_unevictable_pages+0x570/0x570
[ 2191.672383] ? try_to_unmap+0x1b0/0x230
[ 2191.672736] ? __kasan_check_read+0x11/0x20
[ 2191.673407] shrink_page_list+0x10a1/0x1870
[ 2191.673769] ? pageout+0x650/0x650
[ 2191.674057] ? mem_cgroup_uncharge+0x100/0x100
[ 2191.674430] ? lru_add_drain_cpu+0x147/0x2b0
[ 2191.674789] ? __count_memcg_events.part.0+0x31/0x100
[ 2191.675211] shrink_inactive_list+0x2c2/0x6b0
[ 2191.675577] ? isolate_lru_pages+0x6a0/0x6a0
[ 2191.675936] ? blk_flush_plug_list+0x1fc/0x250
[ 2191.676319] ? _raw_write_unlock_bh+0x30/0x30
[ 2191.676886] ? blk_insert_cloned_request+0x160/0x160
[ 2191.677302] ? lruvec_lru_size+0xaa/0x130
[ 2191.677641] shrink_lruvec+0x567/0x930
[ 2191.677958] ? cpumask_next+0x2c/0x40
[ 2191.678268] ? shrink_active_list+0x850/0x850
[ 2191.678743] ? rwsem_mark_wake+0x500/0x500
[ 2191.679150] ? __kasan_check_write+0x14/0x20
[ 2191.679509] ? _raw_spin_lock+0x7b/0xd0
[ 2191.679834] ? __kasan_check_write+0x14/0x20
[ 2191.680200] ? mem_cgroup_iter+0x1f7/0x4a0
[ 2191.680548] shrink_node+0x53e/0xcf0
[ 2191.680851] do_try_to_free_pages+0x26e/0x9d0
[ 2191.681217] ? __node_reclaim+0x3b0/0x3b0
[ 2191.681555] ? kvm_sched_clock_read+0x11/0x20
[ 2191.681920] ? sched_clock+0x9/0x10
[ 2191.682255] try_to_free_pages+0x1b9/0x2d0
[ 2191.682605] ? reclaim_pages+0x610/0x610
[ 2191.682941] ? __kasan_check_read+0x11/0x20
[ 2191.683298] __alloc_pages_slowpath.constprop.0+0x648/0x1390
[ 2191.683777] ? record_times+0xab/0x110
[ 2191.684095] ? warn_alloc+0x120/0x120
[ 2191.684424] ? __kasan_check_write+0x14/0x20
[ 2191.684800] ? __zone_watermark_ok+0x270/0x270
[ 2191.685190] ? __kasan_check_read+0x11/0x20
[ 2191.685561] __alloc_pages_nodemask+0x509/0x540
[ 2191.686003] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 2191.686517] ? try_to_del_timer_sync+0xe0/0xe0
[ 2191.686906] alloc_pages_current+0x96/0x140
[ 2191.687268] skb_page_frag_refill+0x156/0x220
[ 2191.687648] try_fill_recv+0x3c4/0xb00 [virtio_net]
[ 2191.688148] ? hrtimer_active+0x82/0xb0
[ 2191.688495] refill_work+0x93/0xf0 [virtio_net]
[ 2191.688936] process_one_work+0x43c/0x720
[ 2191.689294] worker_thread+0x47a/0x790
[ 2191.689638] ? process_one_work+0x720/0x720
[ 2191.690010] kthread+0x1d9/0x200
[ 2191.690301] ? __kthread_bind_mask+0x70/0x70
[ 2191.690683] ret_from_fork+0x1f/0x30
[ 2191.691004] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec kvm_intel snd_hda_core snd_hwdep kvm snd_pcm binfmt_misc crct10dif_pclmul ghash_clmulni_intel snd_seq_midi snd_seq_midi_event nls_iso8859_1 snd_rawmidi aesni_intel crypto_simd cryptd snd_seq glue_helper joydev snd_seq_device snd_timer input_leds snd 9pnet_virtio serio_raw 9pnet soundcore qxl drm_ttm_helper ttm drm_kms_helper cec mac_hid qemu_fw_cfg fb_sys_fops syscopyarea sysfillrect sysimgblt sch_fq_codel drm msr parport_pc ppdev lp parport ramoops reed_solomon
[ 2191.691106] efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c crc32_pclmul ahci psmouse i2c_i801 virtio_net libahci i2c_smbus virtio_blk lpc_ich net_failover failover hid_generic usbhid hid [last unloaded: tempesta_lib]
[ 2191.700689] CR2: ffff88816d43a0c0
[ 2191.700986] ---[ end trace 8011173335d48f58 ]---
[ 2191.701400] RIP: 0010:tfw_http_msg_process_generic+0x7c4/0xc50 [tempesta_fw]

EvgeniiMekhanik · 2025-01-23T17:30:02Z

[ 162.256290] BUG: KASAN: null-ptr-deref in ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.256993] Read of size 4 at addr 0000000000000008 by task gmain/4283
[ 162.257555]
[ 162.257698] CPU: 2 PID: 4283 Comm: gmain Tainted: G W OE 5.10.35+ #455
[ 162.258348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 162.259147] Call Trace:
[ 162.259367]
[ 162.259553] dump_stack+0x96/0xc4
[ 162.259870] ? ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.260386] kasan_report.cold+0x5/0x37
[ 162.260747] ? ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.261257] __asan_load4+0x6b/0x80
[ 162.261588] ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.262103] __sk_close_locked+0x3e/0x100 [tempesta_fw]
[ 162.262581] ss_tx_action+0x5ac/0xb80 [tempesta_fw]
[ 162.263017] ? ss_skb_tcp_entail_list+0x1a0/0x1a0 [tempesta_fw]
[ 162.263517] ? __kfree_skb_flush+0x4b/0x60
[ 162.263868] ? net_rx_action+0x438/0x6b0
[ 162.264203] ? napi_complete_done+0x2c0/0x2c0
[ 162.264573] net_tx_action+0xfa/0x3c0
[ 162.264889] __do_softirq+0xfe/0x383
[ 162.265196] asm_call_irq_on_stack+0xf/0x20
[ 162.265552]
[ 162.265741] do_softirq_own_stack+0x3d/0x50
[ 162.266098] irq_exit_rcu+0xc7/0x120
[ 162.266410] common_interrupt+0x7d/0x120
[ 162.266750] asm_common_interrupt+0x1e/0x40
[ 162.267120] RIP: 0010:qlist_free_all+0x3c/0xd0
[ 162.267515] Code: 49 c7 c7 00 00 00 80 41 56 41 55 49 89 fd 41 54 49 bc 00 00 00 00 00 fc ff df 53 48 89 f3 eb 2d 48 63 97 d4 00 00 00 4c 8b 30 <48> 29 d0 48 c7 c2 92 5c 29 99 48 89 c6 48 c1 e8 03 42 c6 04 20 fb
[ 162.269135] RSP: 0018:ffff888136a0fcc8 EFLAGS: 00000202
[ 162.269598] RAX: ffff88811d4359a8 RBX: 0000000000000000 RCX: 0000000000000001
[ 162.270222] RDX: 0000000000000000 RSI: ffffea0004750d00 RDI: ffff888100051440
[ 162.270850] RBP: ffff888136a0fcf0 R08: 0000000000000001 R09: 0000000000000000
[ 162.271473] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 162.272098] R13: ffff888136a0fd00 R14: ffff88814e446158 R15: ffffffff80000000
[ 162.272724] ? qlist_free_all+0x57/0xd0
[ 162.273067] quarantine_reduce+0x156/0x180
[ 162.273432] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 162.273856] kasan_slab_alloc+0xe/0x10
[ 162.274190] kmem_cache_alloc+0xf7/0x290
[ 162.274543] getname_flags.part.0+0x3c/0x260
[ 162.274926] user_path_at_empty+0x6c/0xb0
[ 162.275284] inotify_find_inode+0x2b/0x90
[ 162.275643] __x64_sys_inotify_add_watch+0x11e/0x1f0
[ 162.276082] ? __ia32_sys_inotify_add_watch+0x1f0/0x1f0
[ 162.276544] ? switch_fpu_return+0x8a/0x120
[ 162.276919] ? exit_to_user_mode_prepare+0x71/0x150
[ 162.277351] do_syscall_64+0x38/0x90
[ 162.277672] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 162.278118] RIP: 0033:0x7f87a67afc0b
[ 162.278440] Code: f0 ff ff 73 01 c3 48 8b 0d 22 32 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 fe 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f5 31 0f 00 f7 d8 64 89 01 48
[ 162.280063] RSP: 002b:00007f87a4f6b938 EFLAGS: 00000202 ORIG_RAX: 00000000000000fe
[ 162.280725] RAX: ffffffffffffffda RBX: 00007f87a4f6b964 RCX: 00007f87a67afc0b
[ 162.281348] RDX: 0000000001002fce RSI: 000055e1e2659000 RDI: 000000000000000e
[ 162.281973] RBP: 000055e1e25575a0 R08: 000055e1e2659000 R09: 00007f87a69fa3e0
[ 162.282602] R10: 000055e1e26327c0 R11: 0000000000000202 R12: 0000000000000000
[ 162.283227] R13: 00007f87a6c45378 R14: 00007f87a69182b0 R15: 000055e1e2545660
[ 162.283852] ==================================================================
[ 162.284487] Disabling lock debugging due to kernel taint
[ 162.284972] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 162.285705] #PF: supervisor write access in kernel mode
[ 162.286145] #PF: error_code(0x0002) - not-present page
[ 162.286586] PGD 0 P4D 0
[ 162.286810] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 162.287281] CPU: 2 PID: 4283 Comm: gmain Tainted: G B W OE 5.10.35+ #455
[ 162.287913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 162.288731] RIP: 0010:ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.289284] Code: 4d 8d ac 24 80 02 00 00 4c 89 ef e8 cf 2a 3f d7 49 8b 9c 24 80 02 00 00 48 85 db 0f 84 d8 7f 02 00 48 8d 7b 08 e8 a5 29 3f d7 <81> 63 08 ff ff fc ff 49 8b 9c 24 80 02 00 00 48 85 db 74 25 48 89
[ 162.290866] RSP: 0018:ffff888240109da0 EFLAGS: 00010282
[ 162.291317] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff98efa98a
[ 162.291927] RDX: fffffbfff4575bfd RSI: 0000000000000246 RDI: 0000000000000246
[ 162.292534] RBP: ffff888240109dc8 R08: 0000000000000001 R09: ffffffffa2badfe7
[ 162.293142] R10: fffffbfff4575bfc R11: 0000000000000001 R12: ffff888139c7b880
[ 162.293801] R13: ffff888139c7bb00 R14: 000000000000000a R15: ffffffffc1f66bf0
[ 162.294413] FS: 00007f87a4f6c640(0000) GS:ffff888240100000(0000) knlGS:0000000000000000
[ 162.295078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 162.295551] CR2: 0000000000000008 CR3: 000000017c07a000 CR4: 0000000000750ee0
[ 162.296137] PKRU: 55555554
[ 162.296367] Call Trace:
[ 162.296576]
[ 162.296777] __sk_close_locked+0x3e/0x100 [tempesta_fw]
[ 162.297234] ss_tx_action+0x5ac/0xb80 [tempesta_fw]
[ 162.297664] ? ss_skb_tcp_entail_list+0x1a0/0x1a0 [tempesta_fw]
[ 162.298156] ? __kfree_skb_flush+0x4b/0x60
[ 162.298499] ? net_rx_action+0x438/0x6b0
[ 162.298830] ? napi_complete_done+0x2c0/0x2c0
[ 162.299195] net_tx_action+0xfa/0x3c0
[ 162.299505] __do_softirq+0xfe/0x383
[ 162.299806] asm_call_irq_on_stack+0xf/0x20
[ 162.300155]
[ 162.300338] do_softirq_own_stack+0x3d/0x50
[ 162.300690] irq_exit_rcu+0xc7/0x120
[ 162.300992] common_interrupt+0x7d/0x120
[ 162.301320] asm_common_interrupt+0x1e/0x40
[ 162.301672] RIP: 0010:qlist_free_all+0x3c/0xd0
[ 162.302043] Code: 49 c7 c7 00 00 00 80 41 56 41 55 49 89 fd 41 54 49 bc 00 00 00 00 00 fc ff df 53 48 89 f3 eb 2d 48 63 97 d4 00 00 00 4c 8b 30 <48> 29 d0 48 c7 c2 92 5c 29 99 48 89 c6 48 c1 e8 03 42 c6 04 20 fb
[ 162.303566] RSP: 0018:ffff888136a0fcc8 EFLAGS: 00000202
[ 162.304000] RAX: ffff88811d4359a8 RBX: 0000000000000000 RCX: 0000000000000001
[ 162.304585] RDX: 0000000000000000 RSI: ffffea0004750d00 RDI: ffff888100051440
[ 162.305171] RBP: ffff888136a0fcf0 R08: 0000000000000001 R09: 0000000000000000
[ 162.305756] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 162.306341] R13: ffff888136a0fd00 R14: ffff88814e446158 R15: ffffffff80000000
[ 162.306932] ? qlist_free_all+0x57/0xd0
[ 162.307254] quarantine_reduce+0x156/0x180
[ 162.307597] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 162.307996] kasan_slab_alloc+0xe/0x10
[ 162.308310] kmem_cache_alloc+0xf7/0x290
[ 162.308641] getname_flags.part.0+0x3c/0x260
[ 162.308998] user_path_at_empty+0x6c/0xb0
[ 162.309335] inotify_find_inode+0x2b/0x90
[ 162.309670] __x64_sys_inotify_add_watch+0x11e/0x1f0
[ 162.310081] ? __ia32_sys_inotify_add_watch+0x1f0/0x1f0
[ 162.310515] ? switch_fpu_return+0x8a/0x120
[ 162.310871] ? exit_to_user_mode_prepare+0x71/0x150
[ 162.311276] do_syscall_64+0x38/0x90
[ 162.311578] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 162.311997] RIP: 0033:0x7f87a67afc0b
[ 162.312299] Code: f0 ff ff 73 01 c3 48 8b 0d 22 32 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 fe 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f5 31 0f 00 f7 d8 64 89 01 48
[ 162.313818] RSP: 002b:00007f87a4f6b938 EFLAGS: 00000202 ORIG_RAX: 00000000000000fe
[ 162.314533] RAX: ffffffffffffffda RBX: 00007f87a4f6b964 RCX: 00007f87a67afc0b
[ 162.315141] RDX: 0000000001002fce RSI: 000055e1e2659000 RDI: 000000000000000e
[ 162.315748] RBP: 000055e1e25575a0 R08: 000055e1e2659000 R09: 00007f87a69fa3e0
[ 162.316355] R10: 000055e1e26327c0 R11: 0000000000000202 R12: 0000000000000000
[ 162.316962] R13: 00007f87a6c45378 R14: 00007f87a69182b0 R15: 000055e1e2545660
[ 162.317571] Modules linked in: tempesta_fw(OE) tempesta_db(OE) sha256_ssse3 sha512_ssse3 tempesta_tls(OE) tempesta_lib(OE) nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep kvm_intel snd_pcm kvm snd_seq_midi snd_seq_midi_event binfmt_misc snd_rawmidi crct10dif_pclmul nls_iso8859_1 snd_seq snd_seq_device snd_timer joydev ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper input_leds snd serio_raw 9pnet_virtio qxl 9pnet soundcore drm_ttm_helper ttm drm_kms_helper cec fb_sys_fops syscopyarea sysfillrect mac_hid qemu_fw_cfg sysimgblt sch_fq_codel msr parport_pc ramoops reed_solomon drm ppdev lp parport
[ 162.317672] efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c psmouse crc32_pclmul i2c_i801 i2c_smbus lpc_ich ahci virtio_net libahci net_failover virtio_blk failover hid_generic usbhid hid
[ 162.326753] CR2: 0000000000000008
[ 162.327038] ---[ end trace 030be7faf88370da ]---
[ 162.327444] RIP: 0010:ss_conn_drop_guard_exit+0x6b/0xe0 [tempesta_fw]
[ 162.327973] Code: 4d 8d ac 24 80 02 00 00 4c 89 ef e8 cf 2a 3f d7 49 8b 9c 24 80 02 00 00 48 85 db 0f 84 d8 7f 02 00 48 8d 7b 08 e8 a5 29 3f d7 <81> 63 08 ff ff fc ff 49 8b 9c 24 80 02 00 00 48 85 db 74 25 48 89
[ 162.329484] RSP: 0018:ffff888240109da0 EFLAGS: 00010282
[ 162.329915] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff98efa98a
[ 162.330497] RDX: fffffbfff4575bfd RSI: 0000000000000246 RDI: 0000000000000246
[ 162.331085] RBP: ffff888240109dc8 R08: 0000000000000001 R09: ffffffffa2badfe7
[ 162.331667] R10: fffffbfff4575bfc R11: 0000000000000001 R12: ffff888139c7b880
[ 162.332249] R13: ffff888139c7bb00 R14: 000000000000000a R15: ffffffffc1f66bf0
[ 162.332832] FS: 00007f87a4f6c640(0000) GS:ffff888240100000(0000) knlGS:0000000000000000
[ 162.333491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 162.333962] CR2: 0000000000000008 CR3: 000000017c07a000 CR4: 0000000000750ee0
[ 162.334546] PKRU: 55555554

EvgeniiMekhanik · 2025-01-24T03:32:31Z

[ 620.627301] BUG: KASAN: use-after-free in tfw_h2_stream_xmit_prepare_resp+0x354/0x3b0 [tempesta_fw]
[ 620.628212] Write of size 1 at addr ffff888142679490 by task kworker/2:4/1566
[ 620.628912]
[ 620.629072] CPU: 2 PID: 1566 Comm: kworker/2:4 Tainted: G W OE 5.10.35+ #456
[ 620.629866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 620.630781] Workqueue: events refill_work [virtio_net]
[ 620.631290] Call Trace:
[ 620.631537]
[ 620.631748] dump_stack+0x96/0xc4
[ 620.632086] print_address_description.constprop.0+0x21/0x220
[ 620.632652] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 620.633105] ? _raw_write_unlock_bh+0x30/0x30
[ 620.633536] ? __kasan_check_write+0x14/0x20
[ 620.633964] ? _raw_spin_trylock+0x92/0xe0
[ 620.634373] ? _raw_spin_unlock_bh+0x20/0x20
[ 620.634826] ? tfw_h2_stream_xmit_prepare_resp+0x354/0x3b0 [tempesta_fw]
[ 620.635497] kasan_report.cold+0x20/0x37
[ 620.635896] ? ___ratelimit+0x11/0x1b0
[ 620.636302] ? tfw_h2_stream_xmit_prepare_resp+0x354/0x3b0 [tempesta_fw]
[ 620.636971] __asan_store1+0x50/0x60
[ 620.637357] tfw_h2_stream_xmit_prepare_resp+0x354/0x3b0 [tempesta_fw]
[ 620.638034] tfw_h2_make_frames+0x4d2/0x8d0 [tempesta_fw]
[ 620.638572] ? tcp_established_options+0x1ab/0x330
[ 620.639081] ? tfw_h2_frame_process+0xd00/0xd00 [tempesta_fw]
[ 620.639655] ? tcp_init_cwnd+0x4a/0x60
[ 620.640035] ? tcp_cwnd_restart+0x178/0x1a0
[ 620.640485] tfw_sk_fill_write_queue+0x2da/0x380 [tempesta_fw]
[ 620.641094] ? tfw_sock_clnt_start+0x670/0x670 [tempesta_fw]
[ 620.641684] ? tfw_h2_sched_activate_stream+0xc8/0x190 [tempesta_fw]
[ 620.642342] ? ss_skb_tcp_entail_list+0x25/0x1a0 [tempesta_fw]
[ 620.642944] ss_tx_action+0x4f0/0xc10 [tempesta_fw]
[ 620.643455] ? ss_skb_tcp_entail_list+0x1a0/0x1a0 [tempesta_fw]
[ 620.644052] ? __kfree_skb_flush+0x27/0x60
[ 620.644465] ? net_rx_action+0x438/0x6b0
[ 620.644866] ? napi_complete_done+0x2c0/0x2c0
[ 620.645309] net_tx_action+0xfa/0x3c0
[ 620.645685] __do_softirq+0xfe/0x383
[ 620.646052] asm_call_irq_on_stack+0xf/0x20
[ 620.646475]
[ 620.646698] do_softirq_own_stack+0x3d/0x50
[ 620.647127] irq_exit_rcu+0xc7/0x120
[ 620.647495] sysvec_apic_timer_interrupt+0x3a/0x90
[ 620.647982] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 620.648515] RIP: 0010:call_rcu+0x168/0x3e0
[ 620.648937] Code: 00 00 e8 ab b7 2b 00 41 8b 86 00 01 00 00 a8 02 0f 84 a5 01 00 00 48 f7 45 c8 00 02 00 00 0f 85 8a 00 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d c3 4c 89
[ 620.650798] RSP: 0018:ffff88810b217318 EFLAGS: 00000246
[ 620.651329] RAX: 0000000000002710 RBX: ffff8881835dc718 RCX: ffffffff9e9d9b62
[ 620.652046] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000246
[ 620.652768] RBP: ffff88810b217378 R08: 0000000000000000 R09: ffffffffa8209367
[ 620.653484] R10: fffffbfff504126c R11: 0000000000000001 R12: ffff88824d134f40
[ 620.654200] R13: ffff88824d134ff8 R14: ffff88824d135008 R15: ffff88824d134fb0
[ 620.654916] ? call_rcu+0x242/0x3e0
[ 620.655277] dentry_free+0x69/0xc0
[ 620.655628] __dentry_kill+0x201/0x260
[ 620.656012] shrink_dentry_list+0x71/0x110
[ 620.656435] prune_dcache_sb+0xbd/0xf0
[ 620.656819] ? d_invalidate+0x180/0x180
[ 620.657212] ? __kasan_check_read+0x11/0x20
[ 620.657640] ? inactive_is_low+0x6b/0x100
[ 620.658051] super_cache_scan+0x1dc/0x2c0
[ 620.658461] do_shrink_slab+0x1ea/0x380
[ 620.658855] shrink_slab+0x286/0x400
[ 620.659224] ? do_shrink_slab+0x380/0x380
[ 620.659633] ? __kasan_check_read+0x11/0x20
[ 620.660065] ? mem_cgroup_calculate_protection+0x204/0x2a0
[ 620.660623] shrink_node+0x57d/0xcf0
[ 620.660995] do_try_to_free_pages+0x26e/0x9d0
[ 620.661440] ? __node_reclaim+0x3b0/0x3b0
[ 620.661851] ? kvm_sched_clock_read+0x11/0x20
[ 620.662294] ? sched_clock+0x9/0x10
[ 620.662654] try_to_free_pages+0x1b9/0x2d0
[ 620.663072] ? reclaim_pages+0x610/0x610
[ 620.663473] ? __kasan_check_read+0x11/0x20
[ 620.663903] __alloc_pages_slowpath.constprop.0+0x648/0x1390
[ 620.664483] ? record_times+0xab/0x110
[ 620.664867] ? warn_alloc+0x120/0x120
[ 620.665242] ? __kasan_check_write+0x14/0x20
[ 620.665677] ? __zone_watermark_ok+0x270/0x270
[ 620.666129] ? __kasan_check_read+0x11/0x20
[ 620.666555] __alloc_pages_nodemask+0x509/0x540
[ 620.667017] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 620.667613] ? try_to_del_timer_sync+0xe0/0xe0
[ 620.668077] alloc_pages_current+0x96/0x140
[ 620.668513] skb_page_frag_refill+0x156/0x220
[ 620.668959] try_fill_recv+0x3c4/0xb00 [virtio_net]
[ 620.669455] ? hrtimer_active+0x82/0xb0
[ 620.669849] refill_work+0x93/0xf0 [virtio_net]
[ 620.670311] process_one_work+0x43c/0x720
[ 620.670722] worker_thread+0x2d2/0x790
[ 620.671108] ? process_one_work+0x720/0x720
[ 620.671536] kthread+0x1d9/0x200
[ 620.671870] ? __kthread_bind_mask+0x70/0x70
[ 620.672316] ret_from_fork+0x1f/0x30
[ 620.672683]
[ 620.672844] The buggy address belongs to the page:
[ 620.673332] page:00000000a68734b3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x142679
[ 620.674269] flags: 0x17ffffc0000000()
[ 620.674646] raw: 0017ffffc0000000 ffff88824d13a1d0 ffffea0007bb5488 0000000000000000
[ 620.675421] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 620.676200] page dumped because: kasan: bad access detected
[ 620.676761]
[ 620.676922] Memory state around the buggy address:
[ 620.677407] ffff888142679380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 620.678131] ffff888142679400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 620.678855] >ffff888142679480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 620.679578] ^
[ 620.679962] ffff888142679500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 620.680689] ffff888142679580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 620.681412] ==================================================================
[ 620.682135] Disabling lock debugging due to kernel taint
[ 620.682689] BUG: unable to handle page fault for address: ffff888142679490
[ 620.683379] #PF: supervisor write access in kernel mode
[ 620.683908] #PF: error_code(0x0002) - not-present page
[ 620.684435] PGD 68401067 P4D 68401067 PUD 2ac89e067 PMD 2ac88a067 PTE 800ffffebd986060
[ 620.685232] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 620.685797] CPU: 2 PID: 1566 Comm: kworker/2:4 Tainted: G B W OE 5.10.35+ #456
[ 620.686608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 620.687538] Workqueue: events refill_work [virtio_net]
[ 620.688096] RIP: 0010:tfw_h2_stream_xmit_prepare_resp+0x35c/0x3b0 [tempesta_fw]
[ 620.688830] Code: 7d b8 e8 d7 73 d4 dc 48 c7 83 e0 00 00 00 00 00 00 00 e9 d4 fe ff ff 0f 0b 48 8d 7b 10 e8 bc 70 d4 dc 0f b6 45 d0 8d 44 00 01 <88> 43 10 e9 f3 fe ff ff be 08 00 00 00 4c 89 f7 e8 0f 55 d4 dc 4c
[ 620.690689] RSP: 0018:ffff88824d109be0 EFLAGS: 00010282
[ 620.691219] RAX: 000000000000002f RBX: ffff888142679480 RCX: ffffffff9e8fa98a
[ 620.691934] RDX: fffffbfff50b5bfd RSI: 0000000000000246 RDI: 0000000000000246
[ 620.692651] RBP: ffff88824d109c28 R08: 0000000000000001 R09: ffffffffa85adfe7
[ 620.693363] R10: fffffbfff50b5bfc R11: 0000000000000001 R12: ffff88819e01ae28
[ 620.694077] R13: ffff88815a840030 R14: 0000000000000000 R15: ffff88819e01b1c8
[ 620.694793] FS: 0000000000000000(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 620.695601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 620.696183] CR2: ffff888142679490 CR3: 0000000113316000 CR4: 0000000000750ee0
[ 620.696900] PKRU: 55555554
[ 620.697181] Call Trace:
[ 620.697436]
[ 620.697676] tfw_h2_make_frames+0x4d2/0x8d0 [tempesta_fw]
[ 620.698223] ? tcp_established_options+0x1ab/0x330
[ 620.698735] ? tfw_h2_frame_process+0xd00/0xd00 [tempesta_fw]
[ 620.699315] ? tcp_init_cwnd+0x4a/0x60
[ 620.699698] ? tcp_cwnd_restart+0x178/0x1a0
[ 620.700163] tfw_sk_fill_write_queue+0x2da/0x380 [tempesta_fw]
[ 620.700779] ? tfw_sock_clnt_start+0x670/0x670 [tempesta_fw]
[ 620.701378] ? tfw_h2_sched_activate_stream+0xc8/0x190 [tempesta_fw]
[ 620.702043] ? ss_skb_tcp_entail_list+0x25/0x1a0 [tempesta_fw]
[ 620.702638] ss_tx_action+0x4f0/0xc10 [tempesta_fw]
[ 620.703144] ? ss_skb_tcp_entail_list+0x1a0/0x1a0 [tempesta_fw]
[ 620.703722] ? __kfree_skb_flush+0x27/0x60
[ 620.704132] ? net_rx_action+0x438/0x6b0
[ 620.704519] ? napi_complete_done+0x2c0/0x2c0
[ 620.704948] net_tx_action+0xfa/0x3c0
[ 620.705312] __do_softirq+0xfe/0x383
[ 620.705667] asm_call_irq_on_stack+0xf/0x20
[ 620.706079]
[ 620.706293] do_softirq_own_stack+0x3d/0x50
[ 620.706706] irq_exit_rcu+0xc7/0x120
[ 620.707062] sysvec_apic_timer_interrupt+0x3a/0x90
[ 620.707528] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 620.708026] RIP: 0010:call_rcu+0x168/0x3e0
[ 620.708425] Code: 00 00 e8 ab b7 2b 00 41 8b 86 00 01 00 00 a8 02 0f 84 a5 01 00 00 48 f7 45 c8 00 02 00 00 0f 85 8a 00 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d c3 4c 89
[ 620.710157] RSP: 0018:ffff88810b217318 EFLAGS: 00000246
[ 620.710654] RAX: 0000000000002710 RBX: ffff8881835dc718 RCX: ffffffff9e9d9b62
[ 620.711357] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000246
[ 620.712061] RBP: ffff88810b217378 R08: 0000000000000000 R09: ffffffffa8209367
[ 620.712757] R10: fffffbfff504126c R11: 0000000000000001 R12: ffff88824d134f40
[ 620.713431] R13: ffff88824d134ff8 R14: ffff88824d135008 R15: ffff88824d134fb0
[ 620.714093] ? call_rcu+0x242/0x3e0
[ 620.714426] dentry_free+0x69/0xc0
[ 620.714750] __dentry_kill+0x201/0x260
[ 620.715105] shrink_dentry_list+0x71/0x110
[ 620.715491] prune_dcache_sb+0xbd/0xf0
[ 620.715845] ? d_invalidate+0x180/0x180
[ 620.716213] ? __kasan_check_read+0x11/0x20
[ 620.716608] ? inactive_is_low+0x6b/0x100
[ 620.716987] super_cache_scan+0x1dc/0x2c0
[ 620.717376] do_shrink_slab+0x1ea/0x380
[ 620.717755] shrink_slab+0x286/0x400
[ 620.718113] ? do_shrink_slab+0x380/0x380
[ 620.718515] ? __kasan_check_read+0x11/0x20
[ 620.718936] ? mem_cgroup_calculate_protection+0x204/0x2a0
[ 620.719476] shrink_node+0x57d/0xcf0
[ 620.719836] do_try_to_free_pages+0x26e/0x9d0
[ 620.720279] ? __node_reclaim+0x3b0/0x3b0
[ 620.720682] ? kvm_sched_clock_read+0x11/0x20
[ 620.721113] ? sched_clock+0x9/0x10
[ 620.721465] try_to_free_pages+0x1b9/0x2d0
[ 620.721876] ? reclaim_pages+0x610/0x610
[ 620.722268] ? __kasan_check_read+0x11/0x20
[ 620.722682] __alloc_pages_slowpath.constprop.0+0x648/0x1390
[ 620.723240] ? record_times+0xab/0x110
[ 620.723614] ? warn_alloc+0x120/0x120
[ 620.723980] ? __kasan_check_write+0x14/0x20
[ 620.724407] ? __zone_watermark_ok+0x270/0x270
[ 620.724847] ? __kasan_check_read+0x11/0x20
[ 620.725263] __alloc_pages_nodemask+0x509/0x540
[ 620.725715] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 620.726302] ? try_to_del_timer_sync+0xe0/0xe0
[ 620.726743] alloc_pages_current+0x96/0x140
[ 620.727158] skb_page_frag_refill+0x156/0x220
[ 620.727595] try_fill_recv+0x3c4/0xb00 [virtio_net]
[ 620.728078] ? hrtimer_active+0x82/0xb0
[ 620.728461] refill_work+0x93/0xf0 [virtio_net]
[ 620.728906] process_one_work+0x43c/0x720
[ 620.729304] worker_thread+0x2d2/0x790
[ 620.729680] ? process_one_work+0x720/0x720
[ 620.730093] kthread+0x1d9/0x200
[ 620.730417] ? __kthread_bind_mask+0x70/0x70
[ 620.730844] ret_from_fork+0x1f/0x30
[ 620.731204] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi binfmt_misc snd_seq kvm_intel kvm nls_iso8859_1 qxl drm_ttm_helper crct10dif_pclmul ghash_clmulni_intel joydev snd_seq_device ttm snd_timer aesni_intel crypto_simd cryptd glue_helper drm_kms_helper snd 9pnet_virtio input_leds serio_raw 9pnet cec soundcore fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid qemu_fw_cfg sch_fq_codel msr parport_pc ppdev drm lp parport ramoops reed_solomon
[ 620.731316] efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c psmouse i2c_i801 crc32_pclmul i2c_smbus ahci libahci virtio_net lpc_ich virtio_blk net_failover failover hid_generic usbhid hid [last unloaded: tempesta_lib]
[ 620.742180] CR2: ffff888142679490
[ 620.742513] ---[ end trace ed2e3ec24a20c496 ]---
[ 620.742995] RIP: 0010:tfw_h2_stream_xmit_prepare_resp+0x35c/0x3b0 [tempesta_fw]
[ 620.743720] Code: 7d b8 e8 d7 73 d4 dc 48 c7 83 e0 00 00 00 00 00 00 00 e9 d4 fe ff ff 0f 0b 48 8d 7b 10 e8 bc 70 d4 dc 0f b6 45 d0 8d 44 00 01 <88> 43 10 e9 f3 fe ff ff be 08 00 00 00 4c 89 f7 e8 0f 55 d4 dc 4c
[ 620.745548] RSP: 0018:ffff88824d109be0 EFLAGS: 00010282
[ 620.746067] RAX: 000000000000002f RBX: ffff888142679480 RCX: ffffffff9e8fa98a
[ 620.746773] RDX: fffffbfff50b5bfd RSI: 0000000000000246 RDI: 0000000000000246
[ 620.747474] RBP: ffff88824d109c28 R08: 0000000000000001 R09: ffffffffa85adfe7
[ 620.748180] R10: fffffbfff50b5bfc R11: 0000000000000001 R12: ffff88819e01ae28
[ 620.748878] R13: ffff88815a840030 R14: 0000000000000000 R15: ffff88819e01b1c8
[ 620.749579] FS: 0000000000000000(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 620.750371] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 620.750941] CR2: ffff888142679490 CR3: 0000000113316000 CR4: 0000000000750ee0
[ 620.751652] PKRU: 55555554
[ 620.751931] Kernel panic - not syncing: Fatal exception in interrupt
[ 620.752816] Kernel Offset: 0x1d800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 620.753884] Rebooting in 1 seconds..
[ 621.746338] ACPI MEMORY or I/O RESET_REG.
/dev/vda3: recovering journal

EvgeniiMekhanik · 2025-01-24T13:37:33Z

[ 3131.046482] BUG: KASAN: use-after-free in tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 3131.047208] Read of size 8 at addr ffff8881cb50e0c0 by task loop6/359
[ 3131.047746]
[ 3131.047882] CPU: 1 PID: 359 Comm: loop6 Tainted: G W OE 5.10.35+ #458
[ 3131.048513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 3131.049291] Call Trace:
[ 3131.049501]
[ 3131.049683] dump_stack+0x96/0xc4
[ 3131.049972] print_address_description.constprop.0+0x21/0x220
[ 3131.050456] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 3131.050839] ? _raw_write_unlock_bh+0x30/0x30
[ 3131.051229] ? tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 3131.051772] kasan_report.cold+0x20/0x37
[ 3131.052155] ? tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 3131.052728] check_memory_region+0x14d/0x1a0
[ 3131.053105] __kasan_check_read+0x11/0x20
[ 3131.053484] tfw_http_msg_process_generic+0x7bc/0xc50 [tempesta_fw]
[ 3131.054050] ? __alloc_pages_slowpath.constprop.0+0x1359/0x1390
[ 3131.054604] ? tfw_http_req_process+0x1050/0x1050 [tempesta_fw]
[ 3131.055131] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 3131.055535] ? _raw_write_unlock_bh+0x30/0x30
[ 3131.055940] ? __kasan_check_write+0x14/0x20
[ 3131.056341] ? enqueue_timer+0xbd/0x1c0
[ 3131.056721] tfw_http_msg_process+0x81/0xc0 [tempesta_fw]
[ 3131.057239] tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 3131.057781] ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 3131.058314] ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 3131.058841] ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 3131.059301] ? tcp_grow_window+0x10a/0x330
[ 3131.059712] ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 3131.060216] tcp_data_ready+0x73/0x210
[ 3131.060571] tcp_data_queue+0x1085/0x1d80
[ 3131.060951] ? tcp_data_ready+0x210/0x210
[ 3131.061330] ? tcp_try_keep_open+0x130/0x130
[ 3131.061734] ? kvm_clock_get_cycles+0x11/0x20
[ 3131.062143] ? ktime_get+0x4f/0xb0
[ 3131.062467] tcp_rcv_established+0x427/0xf80
[ 3131.062871] ? tcp_data_queue+0x1d80/0x1d80
[ 3131.063263] ? __kasan_check_read+0x11/0x20
[ 3131.063659] tcp_v4_do_rcv+0x25f/0x360
[ 3131.064015] tcp_v4_rcv+0x1600/0x1770
[ 3131.064377] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 3131.064817] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 3131.065229] ip_protocol_deliver_rcu+0x46/0x2e0
[ 3131.065655] ip_local_deliver_finish+0xc6/0xe0
[ 3131.066074] ip_local_deliver+0x1f5/0x210
[ 3131.066454] ? ip_local_deliver_finish+0xe0/0xe0
[ 3131.066882] ? tcp_v4_early_demux+0x297/0x2f0
[ 3131.067280] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 3131.067717] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 3131.068225] ip_rcv_finish+0xcf/0xf0
[ 3131.068555] ip_rcv+0x16d/0x180
[ 3131.068847] ? ip_local_deliver+0x210/0x210
[ 3131.069239] ? migrate_swap_stop+0x3a0/0x3a0
[ 3131.069635] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 3131.070133] ? __kasan_check_write+0x14/0x20
[ 3131.070523] ? __kasan_check_write+0x14/0x20
[ 3131.070913] ? ip_local_deliver+0x210/0x210
[ 3131.071296] __netif_receive_skb_one_core+0x132/0x140
[ 3131.071754] ? napi_gro_receive+0x260/0x260
[ 3131.072141] __netif_receive_skb+0x26/0xb0
[ 3131.072519] process_backlog+0xfe/0x290
[ 3131.072873] ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 3131.073347] net_rx_action+0x287/0x6b0
[ 3131.073691] ? napi_complete_done+0x2c0/0x2c0
[ 3131.074103] ? switch_fpu_return+0x120/0x120
[ 3131.074505] __do_softirq+0xfe/0x383
[ 3131.074845] asm_call_irq_on_stack+0xf/0x20
[ 3131.075249]
[ 3131.075459] do_softirq_own_stack+0x3d/0x50
[ 3131.075859] irq_exit_rcu+0xc7/0x120
[ 3131.076209] common_interrupt+0x7d/0x120
[ 3131.076710] asm_common_interrupt+0x1e/0x40
[ 3131.077093] RIP: 0010:_raw_spin_unlock_irqrestore+0x15/0x20
[ 3131.077591] Code: 15 ff 41 80 0c 24 04 e9 42 ff ff ff cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 55 48 89 e5 e8 f6 03 e6 fe 66 90 48 89 f7 57 9d <0f> 1f 44 00 00 5d c3 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 53 48
[ 3131.079332] RSP: 0000:ffff888112eded48 EFLAGS: 00000246
[ 3131.079806] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000000
[ 3131.080444] RDX: 0000000000000008 RSI: 0000000000000246 RDI: 0000000000000246
[ 3131.081073] RBP: ffff888112eded48 R08: ffffffff9e9eaeab R09: ffff88812d562288
[ 3131.081695] R10: ffffed10225dbd8b R11: 0000000000000001 R12: ffffea0004b55800
[ 3131.082316] R13: ffff88812d561ec8 R14: ffff88812d561ec8 R15: ffff8881217b3240
[ 3131.082941] ? stack_trace_consume_entry+0x3b/0x90
[ 3131.083367] free_debug_processing+0x1b5/0x200
[ 3131.083763] __slab_free+0x1cd/0x340
[ 3131.084083] ? deactivate_slab+0x4d0/0x500
[ 3131.084452] ___cache_free+0x26c/0x290
[ 3131.084786] ? qlist_free_all+0x32/0xd0
[ 3131.085129] qlist_free_all+0x57/0xd0
[ 3131.085450] quarantine_reduce+0x156/0x180
[ 3131.085812] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 3131.086233] kasan_slab_alloc+0xe/0x10
[ 3131.086567] __kmalloc+0x11e/0x2d0
[ 3131.086867] ? __kmalloc+0x178/0x2d0
[ 3131.087187] ext4_find_extent+0x4d4/0x5c0
[ 3131.087543] ? virtqueue_add_split+0x411/0x770
[ 3131.087936] ext4_ext_map_blocks+0x151/0x2780
[ 3131.088331] ? flush_tlb_one_user+0x20/0x20
[ 3131.088703] ? virtqueue_add_sgs+0xc5/0xe0
[ 3131.089067] ? vp_notify+0x31/0x40
[ 3131.089373] ? __flush_tlb_all+0x37/0x50
[ 3131.089722] ? __kernel_map_pages+0x108/0x180
[ 3131.090108] ? set_direct_map_default_noflush+0x130/0x130
[ 3131.090584] ? ext4_ext_release+0x10/0x10
[ 3131.090941] ? __kasan_check_write+0x14/0x20
[ 3131.091320] ? _raw_spin_lock+0x7b/0xd0
[ 3131.091663] ? kernel_init_free_pages+0xa3/0xb0
[ 3131.092065] ? prep_new_page+0xf1/0x130
[ 3131.092410] ? get_page_from_freelist+0x2f3f/0x3140
[ 3131.092841] ? __kasan_check_write+0x14/0x20
[ 3131.093221] ? down_read+0xe5/0x1b0
[ 3131.093534] ? rwsem_down_read_slowpath+0x7e0/0x7e0
[ 3131.093966] ? __kasan_check_write+0x14/0x20
[ 3131.094345] ? ext4_es_lookup_extent+0x1ef/0x3e0
[ 3131.094755] ext4_map_blocks+0x4e7/0xa30
[ 3131.095105] ? ext4_issue_zeroout+0xc0/0xc0
[ 3131.095478] ? __xa_clear_mark+0xf0/0xf0
[ 3131.095828] ? __zone_watermark_ok+0x270/0x270
[ 3131.096226] ext4_mpage_readpages+0x68b/0xf60
[ 3131.096616] ? decrypt_work+0x150/0x150
[ 3131.096967] ? __mod_memcg_state.part.0+0x4e/0x140
[ 3131.097390] ? __mod_memcg_lruvec_state+0x85/0x1d0
[ 3131.097814] ext4_readahead+0x82/0x90
[ 3131.098142] read_pages+0x150/0x5a0
[ 3131.098454] ? lru_cache_add+0xfa/0x110
[ 3131.098796] ? read_cache_pages+0x2e0/0x2e0
[ 3131.099169] ? add_to_page_cache_locked+0x20/0x20
[ 3131.099586] ? alloc_pages_current+0x96/0x140
[ 3131.099973] page_cache_ra_unbounded+0x34a/0x440
[ 3131.100387] ? read_pages+0x5a0/0x5a0
[ 3131.100714] ? __lock_page_or_retry+0x270/0x270
[ 3131.101114] ondemand_readahead+0x33f/0x570
[ 3131.101487] page_cache_async_ra+0x13b/0x180
[ 3131.101866] generic_file_buffered_read+0x2d2/0x12b0
[ 3131.102306] ? pagecache_get_page+0x5d0/0x5d0
[ 3131.102694] ? check_preempt_wakeup+0x23a/0x3e0
[ 3131.103097] generic_file_read_iter+0x19f/0x210
[ 3131.103495] ? __kasan_check_read+0x11/0x20
[ 3131.103856] ext4_file_read_iter+0xcd/0x270
[ 3131.104221] ? pvclock_clocksource_read+0xe1/0x1a0
[ 3131.104631] do_iter_readv_writev+0x35e/0x3b0
[ 3131.105001] ? new_sync_write+0x3c0/0x3c0
[ 3131.105347] ? rw_verify_area+0x7c/0x150
[ 3131.105684] do_iter_read+0x147/0x300
[ 3131.105998] vfs_iter_read+0x4d/0x70
[ 3131.106305] loop_queue_work+0x76c/0x1200
[ 3131.106649] ? unregister_transfer_cb+0xb0/0xb0
[ 3131.107035] ? _raw_read_lock_bh+0x50/0x50
[ 3131.107386] ? __kasan_check_read+0x11/0x20
[ 3131.107746] kthread_worker_fn+0xfd/0x340
[ 3131.108092] ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 3131.108558] ? loop_info64_to_compat+0x330/0x330
[ 3131.108967] loop_kthread_worker_fn+0x30/0x40
[ 3131.109353] kthread+0x1d9/0x200
[ 3131.109643] ? __kthread_bind_mask+0x70/0x70
[ 3131.110021] ret_from_fork+0x1f/0x30
[ 3131.110339]
[ 3131.110478] The buggy address belongs to the page:
[ 3131.110901] page:0000000081393ce4 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cb50e
[ 3131.111715] flags: 0x17ffffc0000000()
[ 3131.112042] raw: 0017ffffc0000000 ffffea0004d353c8 ffff88824d0ba1d0 0000000000000000
[ 3131.112729] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3131.113429] page dumped because: kasan: bad access detected
[ 3131.113932]
[ 3131.114077] Memory state around the buggy address:
[ 3131.114512] ffff8881cb50df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3131.115156] ffff8881cb50e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3131.115805] >ffff8881cb50e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3131.116456] ^
[ 3131.116938] ffff8881cb50e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3131.117583] ffff8881cb50e180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 3131.118232] ==================================================================
[ 3131.118880] Disabling lock debugging due to kernel taint
[ 3131.119394] BUG: unable to handle page fault for address: ffff8881cb50e0c0
[ 3131.120012] #PF: supervisor read access in kernel mode
[ 3131.120482] #PF: error_code(0x0000) - not-present page
[ 3131.120947] PGD 187201067 P4D 187201067 PUD 2ac49c067 PMD 2ac441067 PTE 800ffffe34af1060
[ 3131.121679] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 3131.122178] CPU: 1 PID: 359 Comm: loop6 Tainted: G B W OE 5.10.35+ #458
[ 3131.122848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 3131.123707] RIP: 0010:tfw_http_msg_process_generic+0x7c4/0xc50 [tempesta_fw]
[ 3131.124347] Code: c0 0f 84 c5 fb ff ff 48 8b 9d 60 fe ff ff be 08 00 00 00 4c 8d a3 a0 00 00 00 4c 89 e7 e8 64 ec d2 dc 4c 89 e7 e8 5c 0a d3 dc <48> 8b 83 a0 00 00 00 a8 20 0f 84 93 fb ff ff 48 8b 9d 90 fe ff ff
[ 3131.126013] RSP: 0000:ffff88824d089328 EFLAGS: 00010282
[ 3131.126488] RAX: 0000000000000000 RBX: ffff8881cb50e020 RCX: ffffffffc1f648c4
[ 3131.127129] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881cb50e0c0
[ 3131.127770] RBP: ffff88824d089510 R08: 0000000000000001 R09: ffffffffa85adfe7
[ 3131.128415] R10: fffffbfff50b5bfc R11: 0000000000000000 R12: ffff8881cb50e0c0
[ 3131.129055] R13: ffff88804a3c7020 R14: ffff8881cb50e0c0 R15: 0000000000010000
[ 3131.129699] FS: 0000000000000000(0000) GS:ffff88824d080000(0000) knlGS:0000000000000000
[ 3131.130438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3131.130957] CR2: ffff8881cb50e0c0 CR3: 00000002212b4000 CR4: 0000000000750ee0
[ 3131.131583] PKRU: 55555554
[ 3131.131827] Call Trace:
[ 3131.132054]
[ 3131.132249] ? __alloc_pages_slowpath.constprop.0+0x1359/0x1390
[ 3131.132798] ? tfw_http_req_process+0x1050/0x1050 [tempesta_fw]
[ 3131.133322] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 3131.133737] ? _raw_write_unlock_bh+0x30/0x30
[ 3131.134143] ? __kasan_check_write+0x14/0x20
[ 3131.134541] ? enqueue_timer+0xbd/0x1c0
[ 3131.134926] tfw_http_msg_process+0x81/0xc0 [tempesta_fw]
[ 3131.135452] tfw_connection_recv+0x127/0x230 [tempesta_fw]
[ 3131.135976] ? tfw_connection_send+0x60/0x60 [tempesta_fw]
[ 3131.136504] ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 3131.137028] ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 3131.137487] ? tcp_grow_window+0x10a/0x330
[ 3131.137895] ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 3131.138380] tcp_data_ready+0x73/0x210
[ 3131.138725] tcp_data_queue+0x1085/0x1d80
[ 3131.139094] ? tcp_data_ready+0x210/0x210
[ 3131.139461] ? tcp_try_keep_open+0x130/0x130
[ 3131.139852] ? kvm_clock_get_cycles+0x11/0x20
[ 3131.140261] ? ktime_get+0x4f/0xb0
[ 3131.140578] tcp_rcv_established+0x427/0xf80
[ 3131.140970] ? tcp_data_queue+0x1d80/0x1d80
[ 3131.141353] ? __kasan_check_read+0x11/0x20
[ 3131.141736] tcp_v4_do_rcv+0x25f/0x360
[ 3131.142080] tcp_v4_rcv+0x1600/0x1770
[ 3131.142417] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 3131.142834] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 3131.143222] ip_protocol_deliver_rcu+0x46/0x2e0
[ 3131.143623] ip_local_deliver_finish+0xc6/0xe0
[ 3131.144016] ip_local_deliver+0x1f5/0x210
[ 3131.144384] ? ip_local_deliver_finish+0xe0/0xe0
[ 3131.144791] ? tcp_v4_early_demux+0x297/0x2f0
[ 3131.145178] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 3131.145600] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 3131.146075] ip_rcv_finish+0xcf/0xf0
[ 3131.146394] ip_rcv+0x16d/0x180
[ 3131.146676] ? ip_local_deliver+0x210/0x210
[ 3131.147046] ? migrate_swap_stop+0x3a0/0x3a0
[ 3131.147425] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 3131.147901] ? __kasan_check_write+0x14/0x20
[ 3131.148283] ? __kasan_check_write+0x14/0x20
[ 3131.148662] ? ip_local_deliver+0x210/0x210
[ 3131.149033] __netif_receive_skb_one_core+0x132/0x140
[ 3131.149478] ? napi_gro_receive+0x260/0x260
[ 3131.149850] __netif_receive_skb+0x26/0xb0
[ 3131.150214] process_backlog+0xfe/0x290
[ 3131.150557] ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 3131.151017] net_rx_action+0x287/0x6b0
[ 3131.151342] ? napi_complete_done+0x2c0/0x2c0
[ 3131.151717] ? switch_fpu_return+0x120/0x120
[ 3131.152085] __do_softirq+0xfe/0x383
[ 3131.152398] asm_call_irq_on_stack+0xf/0x20
[ 3131.152757]
[ 3131.152945] do_softirq_own_stack+0x3d/0x50
[ 3131.153305] irq_exit_rcu+0xc7/0x120
[ 3131.153616] common_interrupt+0x7d/0x120
[ 3131.153954] asm_common_interrupt+0x1e/0x40
[ 3131.154315] RIP: 0010:_raw_spin_unlock_irqrestore+0x15/0x20
[ 3131.154792] Code: 15 ff 41 80 0c 24 04 e9 42 ff ff ff cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 55 48 89 e5 e8 f6 03 e6 fe 66 90 48 89 f7 57 9d <0f> 1f 44 00 00 5d c3 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 53 48
[ 3131.156409] RSP: 0000:ffff888112eded48 EFLAGS: 00000246
[ 3131.156881] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000000
[ 3131.157510] RDX: 0000000000000008 RSI: 0000000000000246 RDI: 0000000000000246
[ 3131.158131] RBP: ffff888112eded48 R08: ffffffff9e9eaeab R09: ffff88812d562288
[ 3131.158738] R10: ffffed10225dbd8b R11: 0000000000000001 R12: ffffea0004b55800
[ 3131.159363] R13: ffff88812d561ec8 R14: ffff88812d561ec8 R15: ffff8881217b3240
[ 3131.159988] ? stack_trace_consume_entry+0x3b/0x90
[ 3131.160415] free_debug_processing+0x1b5/0x200
[ 3131.160797] __slab_free+0x1cd/0x340
[ 3131.161107] ? deactivate_slab+0x4d0/0x500
[ 3131.161460] ___cache_free+0x26c/0x290
[ 3131.161784] ? qlist_free_all+0x32/0xd0
[ 3131.162115] qlist_free_all+0x57/0xd0
[ 3131.162432] quarantine_reduce+0x156/0x180
[ 3131.162785] __kasan_kmalloc.constprop.0+0xa3/0xe0
[ 3131.163196] kasan_slab_alloc+0xe/0x10
[ 3131.163520] __kmalloc+0x11e/0x2d0
[ 3131.163815] ? __kmalloc+0x178/0x2d0
[ 3131.164126] ext4_find_extent+0x4d4/0x5c0
[ 3131.164474] ? virtqueue_add_split+0x411/0x770
[ 3131.164857] ext4_ext_map_blocks+0x151/0x2780
[ 3131.165232] ? flush_tlb_one_user+0x20/0x20
[ 3131.165592] ? virtqueue_add_sgs+0xc5/0xe0
[ 3131.165945] ? vp_notify+0x31/0x40
[ 3131.166241] ? __flush_tlb_all+0x37/0x50
[ 3131.166581] ? __kernel_map_pages+0x108/0x180
[ 3131.166955] ? set_direct_map_default_noflush+0x130/0x130
[ 3131.167417] ? ext4_ext_release+0x10/0x10
[ 3131.167763] ? __kasan_check_write+0x14/0x20
[ 3131.168130] ? _raw_spin_lock+0x7b/0xd0
[ 3131.168465] ? kernel_init_free_pages+0xa3/0xb0
[ 3131.168854] ? prep_new_page+0xf1/0x130
[ 3131.169185] ? get_page_from_freelist+0x2f3f/0x3140
[ 3131.169604] ? __kasan_check_write+0x14/0x20
[ 3131.169970] ? down_read+0xe5/0x1b0
[ 3131.170273] ? rwsem_down_read_slowpath+0x7e0/0x7e0
[ 3131.170691] ? __kasan_check_write+0x14/0x20
[ 3131.171058] ? ext4_es_lookup_extent+0x1ef/0x3e0
[ 3131.171454] ext4_map_blocks+0x4e7/0xa30
[ 3131.171792] ? ext4_issue_zeroout+0xc0/0xc0
[ 3131.172153] ? __xa_clear_mark+0xf0/0xf0
[ 3131.172494] ? __zone_watermark_ok+0x270/0x270
[ 3131.172871] ext4_mpage_readpages+0x68b/0xf60
[ 3131.173237] ? decrypt_work+0x150/0x150
[ 3131.173560] ? __mod_memcg_state.part.0+0x4e/0x140
[ 3131.173960] ? __mod_memcg_lruvec_state+0x85/0x1d0
[ 3131.174365] ext4_readahead+0x82/0x90
[ 3131.174674] read_pages+0x150/0x5a0
[ 3131.174968] ? lru_cache_add+0xfa/0x110
[ 3131.175290] ? read_cache_pages+0x2e0/0x2e0
[ 3131.175641] ? add_to_page_cache_locked+0x20/0x20
[ 3131.176039] ? alloc_pages_current+0x96/0x140
[ 3131.176417] page_cache_ra_unbounded+0x34a/0x440
[ 3131.176814] ? read_pages+0x5a0/0x5a0
[ 3131.177133] ? __lock_page_or_retry+0x270/0x270
[ 3131.177523] ondemand_readahead+0x33f/0x570
[ 3131.177884] page_cache_async_ra+0x13b/0x180
[ 3131.178253] generic_file_buffered_read+0x2d2/0x12b0
[ 3131.178679] ? pagecache_get_page+0x5d0/0x5d0
[ 3131.179055] ? check_preempt_wakeup+0x23a/0x3e0
[ 3131.179445] generic_file_read_iter+0x19f/0x210
[ 3131.179834] ? __kasan_check_read+0x11/0x20
[ 3131.180197] ext4_file_read_iter+0xcd/0x270
[ 3131.180558] ? pvclock_clocksource_read+0xe1/0x1a0
[ 3131.180970] do_iter_readv_writev+0x35e/0x3b0
[ 3131.181345] ? new_sync_write+0x3c0/0x3c0
[ 3131.181691] ? rw_verify_area+0x7c/0x150
[ 3131.182030] do_iter_read+0x147/0x300
[ 3131.182348] vfs_iter_read+0x4d/0x70
[ 3131.182661] loop_queue_work+0x76c/0x1200
[ 3131.183008] ? unregister_transfer_cb+0xb0/0xb0
[ 3131.183399] ? _raw_read_lock_bh+0x50/0x50
[ 3131.183752] ? __kasan_check_read+0x11/0x20
[ 3131.184113] kthread_worker_fn+0xfd/0x340
[ 3131.184463] ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 3131.184925] ? loop_info64_to_compat+0x330/0x330
[ 3131.185321] loop_kthread_worker_fn+0x30/0x40
[ 3131.185696] kthread+0x1d9/0x200
[ 3131.185976] ? __kthread_bind_mask+0x70/0x70
[ 3131.186344] ret_from_fork+0x1f/0x30

EvgeniiMekhanik · 2025-01-24T14:29:18Z

[ 3003.400343] [tempesta fw] ERROR: cannot establish a new h2 connection
[ 3003.400345] cache: kmalloc-32, object size: 32, buffer size: 416, default order: 1, min order: 0
[ 3003.400724] [tempesta fw] Warning: Unable to copy an egress SKB.
[ 3003.400728] [tempesta fw] Warning: request dropped: forwarding error, status 500: 192.168.122.13
[ 3003.400733] [tempesta fw] ERROR: Can't alloc new TfwHttpResp
[ 3003.400734] [tempesta fw] Warning: Insufficient memory to create response message
[ 3003.400745] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.400747] cache: tfw_stream_cache, object size: 960, buffer size: 1312, default order: 3, min order: 0
[ 3003.400748] node 0: slabs: 996, objs: 18003, free: 0
[ 3003.401035] ? kthread+0x1d9/0x200
[ 3003.401263] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.401265] cache: kmalloc-1k, object size: 1024, buffer size: 3072, default order: 3, min order: 0
[ 3003.401267] node 0: slabs: 523, objs: 5185, free: 0
[ 3003.401405] node 0: slabs: 2925, objs: 55565, free: 3
[ 3003.401546] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.401548] cache: kmalloc-256, object size: 256, buffer size: 1024, default order: 2, min order: 0
[ 3003.401550] node 0: slabs: 1062, objs: 16956, free: 0
[ 3003.401784] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.401786] cache: kmalloc-256, object size: 256, buffer size: 1024, default order: 2, min order: 0
[ 3003.401787] node 0: slabs: 1062, objs: 16956, free: 0
[ 3003.401917] ? ret_from_fork+0x1f/0x30
[ 3003.402016] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.402018] cache: kmalloc-256, object size: 256, buffer size: 1024, default order: 2, min order: 0
[ 3003.402019] node 0: slabs: 1062, objs: 16956, free: 0
[ 3003.402162] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.402164] cache: kmalloc-256, object size: 256, buffer size: 1024, default order: 2, min order: 0
[ 3003.402165] node 0: slabs: 1062, objs: 16956, free: 0
[ 3003.404621] SLUB: Unable to allocate memory on node -1, gfp=0xb20(GFP_ATOMIC|__GFP_ZERO)
[ 3003.404834] __alloc_pages_nodemask+0x509/0x540
[ 3003.405740] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC)
[ 3003.405742] cache: skbuff_head_cache, object size: 288, buffer size: 704, default order: 2, min order: 0
[ 3003.405743] node 0: slabs: 122, objs: 2752, free: 0
[ 3003.405800] cache: kmalloc-32, object size: 32, buffer size: 416, default order: 1, min order: 0
[ 3003.406383] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 3003.407618] node 0: slabs: 2929, objs: 55601, free: 7
[ 3003.407988] ? kmem_cache_free+0x105/0x410
[ 3003.421757] alloc_pages_current+0x96/0x140
[ 3003.422074] __get_free_pages+0x12/0x60
[ 3003.422386] tfw_pool_alloc_pages+0xa3/0xd0 [tempesta_fw]
[ 3003.422820] __tfw_pool_new+0x29/0xb0 [tempesta_fw]
[ 3003.423206] tfw_hpack_init+0xb2/0x1c0 [tempesta_fw]
[ 3003.423600] tfw_h2_context_init+0x247/0x250 [tempesta_fw]
[ 3003.424040] tfw_tls_over+0x74/0x90 [tempesta_fw]
[ 3003.424401] ttls_handshake_server_step+0x49d/0x3680 [tempesta_tls]
[ 3003.424874] ? kernel_init_free_pages+0xa3/0xb0
[ 3003.425463] ? ttls_parse_client_hello+0x2d30/0x2d30 [tempesta_tls]
[ 3003.425929] ? __zone_watermark_ok+0x270/0x270
[ 3003.426338] ? __ip_finish_output+0x340/0x340
[ 3003.426673] ? ipv4_dst_check+0x6d/0xa0
[ 3003.426950] ? __alloc_pages_nodemask+0x509/0x540
[ 3003.427286] ? __alloc_pages_slowpath.constprop.0+0x1390/0x1390
[ 3003.427750] ? bzero_fast+0xe/0x10 [tempesta_lib]
[ 3003.428094] ttls_recv+0x588/0xc50 [tempesta_tls]
[ 3003.428456] ss_skb_process+0x12a/0x2f0 [tempesta_fw]
[ 3003.428839] ? ttls_handle_alert+0x60/0x60 [tempesta_tls]
[ 3003.429243] ? tfw_sock_srv_exit+0x30/0x30 [tempesta_fw]
[ 3003.429621] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 3003.429950] ? __kfree_skb+0xaa/0xf0
[ 3003.430228] tfw_tls_connection_recv+0x151/0x770 [tempesta_fw]
[ 3003.430661] ? tfw_tls_connection_lost+0x40/0x40 [tempesta_fw]
[ 3003.431096] ss_tcp_process_data+0x49d/0x890 [tempesta_fw]
[ 3003.431508] ? ss_do_close+0x720/0x720 [tempesta_fw]
[ 3003.431882] ss_tcp_data_ready+0x82/0x150 [tempesta_fw]
[ 3003.432255] tcp_data_ready+0x73/0x210
[ 3003.432525] tcp_data_queue+0x1085/0x1d80
[ 3003.432822] ? tcp_data_ready+0x210/0x210
[ 3003.433109] ? tcp_try_keep_open+0x130/0x130
[ 3003.433416] ? kvm_clock_get_cycles+0x11/0x20
[ 3003.433728] ? ktime_get+0x4f/0xb0
[ 3003.433973] tcp_rcv_established+0x427/0xf80
[ 3003.434279] ? tcp_data_queue+0x1d80/0x1d80
[ 3003.434579] ? __kasan_check_read+0x11/0x20
[ 3003.434879] tcp_v4_do_rcv+0x25f/0x360
[ 3003.435147] tcp_v4_rcv+0x1600/0x1770
[ 3003.435440] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 3003.435776] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 3003.436088] ip_protocol_deliver_rcu+0x46/0x2e0
[ 3003.436411] ip_local_deliver_finish+0xc6/0xe0
[ 3003.436728] ip_local_deliver+0x1f5/0x210
[ 3003.437022] ? ip_local_deliver_finish+0xe0/0xe0
[ 3003.437351] ? tcp_v4_early_demux+0x297/0x2f0
[ 3003.437662] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 3003.438002] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 3003.438386] ip_rcv_finish+0xcf/0xf0
[ 3003.438689] ip_rcv+0x16d/0x180
[ 3003.438916] ? ip_local_deliver+0x210/0x210
[ 3003.439215] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 3003.439596] ? __kasan_check_write+0x14/0x20
[ 3003.439901] ? __kasan_check_write+0x14/0x20
[ 3003.440205] ? ip_local_deliver+0x210/0x210
[ 3003.440505] __netif_receive_skb_one_core+0x132/0x140
[ 3003.440870] ? napi_gro_receive+0x260/0x260
[ 3003.441160] ? __kasan_check_write+0x14/0x20
[ 3003.441454] ? _raw_spin_lock+0x7b/0xd0
[ 3003.441720] __netif_receive_skb+0x26/0xb0
[ 3003.442003] process_backlog+0xfe/0x290
[ 3003.442271] net_rx_action+0x287/0x6b0
[ 3003.442532] ? napi_complete_done+0x2c0/0x2c0
[ 3003.442833] ? switch_fpu_return+0x120/0x120
[ 3003.443138] __do_softirq+0xfe/0x383
[ 3003.443387] ? tasklet_hi_action+0x30/0x30
[ 3003.443670] run_ksoftirqd+0x2b/0x40
[ 3003.443928] smpboot_thread_fn+0x1ba/0x2f0
[ 3003.444211] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.444580] ? __kasan_check_read+0x11/0x20
[ 3003.444872] ? __kthread_parkme+0x83/0xa0
[ 3003.445149] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.445521] kthread+0x1d9/0x200
[ 3003.445747] ? __kthread_bind_mask+0x70/0x70
[ 3003.446046] ret_from_fork+0x1f/0x30
[ 3003.446307] Mem-Info:
[ 3003.446475] active_anon:609 inactive_anon:318619 isolated_anon:0
[ 3003.446475] active_file:285353 inactive_file:410795 isolated_file:0
[ 3003.446475] unevictable:4 dirty:44665 writeback:0
[ 3003.446475] slab_reclaimable:132272 slab_unreclaimable:293714
[ 3003.446475] mapped:157078 shmem:12083 pagetables:5567 bounce:0
[ 3003.446475] free:10000 free_pcp:1876 free_cma:0
[ 3003.448720] Node 0 active_anon:2436kB inactive_anon:1274476kB active_file:1141412kB inactive_file:1643180kB unevictable:16kB isolated(anon):0kB isolated(file):0kB mapped:628312kB dirty:178660kB writeback:0kB shmem:48332kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:21344kB all_unreclaimable? no
[ 3003.450687] Node 0 DMA free:14884kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3003.452481] lowmem_reserve[]: 0 1514 6098 6098 6098
[ 3003.452826] Node 0 DMA32 free:24392kB min:54368kB low:58548kB high:62728kB reserved_highatomic:18432KB active_anon:56kB inactive_anon:108272kB active_file:341396kB inactive_file:540556kB unevictable:0kB writepending:167440kB present:2080624kB managed:1550336kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:5412kB local_pcp:1548kB free_cma:0kB
[ 3003.454895] lowmem_reserve[]: 0 0 4584 4584 4584
[ 3003.455224] Node 0 Normal free:1236kB min:151028kB low:163696kB high:176364kB reserved_highatomic:45056KB active_anon:2380kB inactive_anon:1166176kB active_file:799980kB inactive_file:1102696kB unevictable:16kB writepending:11220kB present:7028736kB managed:4694924kB mlocked:16kB pagetables:22268kB bounce:0kB free_pcp:1792kB local_pcp:68kB free_cma:0kB
[ 3003.457411] lowmem_reserve[]: 0 0 0 0 0
[ 3003.457688] Node 0 DMA: 14kB (U) 08kB 016kB 132kB (U) 264kB (U) 1128kB (U) 1256kB (U) 0512kB 01024kB 12048kB (M) 34096kB (M) = 14884kB
[ 3003.458609] Node 0 DMA32: 6764kB (UMEH) 14508kB (UME) 41716kB (UMEH) 10132kB (MEH) 464kB (MH) 0128kB 0256kB 0512kB 01024kB 02048kB 04096kB = 24464kB
[ 3003.459608] Node 0 Normal: 114kB (H) 48kB (H) 216kB (H) 332kB (H) 164kB (H) 0128kB 0256kB 1512kB (H) 01024kB 02048kB 0*4096kB = 780kB
[ 3003.460526] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 3003.461149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 3003.461750] 708290 total pagecache pages
[ 3003.462029] 7 pages in swap cache
[ 3003.462270] Swap cache stats: add 7, delete 0, find 0/0
[ 3003.462639] Free swap = 2096880kB
[ 3003.462881] Total swap = 2097148kB
[ 3003.463126] 2281338 pages RAM
[ 3003.463340] 0 pages HighMem/MovableOnly
[ 3003.463613] 716046 pages reserved
[ 3003.463849] 0 pages cma reserved
[ 3003.464074] 0 pages hwpoisoned
[ 3003.505673] ==================================================================
[ 3003.506256] BUG: KASAN: null-ptr-deref in crypto_destroy_tfm+0x36/0x100
[ 3003.506743] Read of size 8 at addr 000000000000000c by task ksoftirqd/0/12
[ 3003.507237]
[ 3003.507355] CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G OE 5.10.35+ #458
[ 3003.507919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 3003.508582] Call Trace:
[ 3003.508777] dump_stack+0x96/0xc4
[ 3003.509022] ? crypto_destroy_tfm+0x36/0x100
[ 3003.509334] kasan_report.cold+0x5/0x37
[ 3003.509614] ? crypto_destroy_tfm+0x36/0x100
[ 3003.509927] __asan_load8+0x69/0x90
[ 3003.510183] crypto_destroy_tfm+0x36/0x100
[ 3003.510481] ? crypto_aead_setauthsize+0x80/0x80
[ 3003.510821] ttls_cipher_free+0x2f/0x50 [tempesta_tls]
[ 3003.511199] ttls_ctx_clear+0x3b/0x60 [tempesta_tls]
[ 3003.511579] tfw_tls_conn_dtor+0x24d/0x310 [tempesta_fw]
[ 3003.511982] tfw_sock_clnt_drop+0x211/0x220 [tempesta_fw]
[ 3003.512391] ss_conn_drop_guard_exit+0x6a/0xa0 [tempesta_fw]
[ 3003.512805] tcp_done+0x14d/0x1e0
[ 3003.513058] tcp_time_wait+0x314/0x4f0
[ 3003.513343] tcp_rcv_state_process+0x1138/0x1f50
[ 3003.513692] ? tempesta_sock_tcp_rcv+0x6a/0x80
[ 3003.514028] ? tcp_finish_connect+0x1f0/0x1f0
[ 3003.514359] ? sk_filter_trim_cap+0x1fd/0x430
[ 3003.514689] ? tcp_parse_md5sig_option+0x20/0xb0
[ 3003.515038] ? bpf_get_listener_sock+0x80/0x80
[ 3003.515373] ? tcp_v4_inbound_md5_hash+0xdf/0x2a0
[ 3003.515728] ? __kasan_check_write+0x14/0x20
[ 3003.516052] ? _raw_spin_lock+0x7b/0xd0
[ 3003.516343] tcp_v4_do_rcv+0x164/0x360
[ 3003.516628] tcp_v4_rcv+0x1600/0x1770
[ 3003.516921] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 3003.517278] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 3003.517609] ip_protocol_deliver_rcu+0x46/0x2e0
[ 3003.517952] ip_local_deliver_finish+0xc6/0xe0
[ 3003.518289] ip_local_deliver+0x1f5/0x210
[ 3003.518594] ? ip_local_deliver_finish+0xe0/0xe0
[ 3003.518940] ? tcp_v4_early_demux+0x297/0x2f0
[ 3003.519262] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 3003.519620] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 3003.520018] ip_rcv_finish+0xcf/0xf0
[ 3003.520288] ip_rcv+0x16d/0x180
[ 3003.520528] ? ip_local_deliver+0x210/0x210
[ 3003.520851] ? sk_reset_timer+0x1a/0x70
[ 3003.521138] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 3003.521542] ? __kasan_check_write+0x14/0x20
[ 3003.521866] ? skb_release_data+0x8c/0x320
[ 3003.522179] ? ip_local_deliver+0x210/0x210
[ 3003.522498] __netif_receive_skb_one_core+0x132/0x140
[ 3003.522879] ? napi_gro_receive+0x260/0x260
[ 3003.523196] __netif_receive_skb+0x26/0xb0
[ 3003.523508] process_backlog+0xfe/0x290
[ 3003.523802] ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 3003.524198] net_rx_action+0x287/0x6b0
[ 3003.524486] ? finish_task_switch+0xa0/0x370
[ 3003.524814] ? napi_complete_done+0x2c0/0x2c0
[ 3003.525145] ? switch_fpu_return+0x120/0x120
[ 3003.525470] __do_softirq+0xfe/0x383
[ 3003.525744] ? tasklet_hi_action+0x30/0x30
[ 3003.526055] run_ksoftirqd+0x2b/0x40
[ 3003.526328] smpboot_thread_fn+0x1ba/0x2f0
[ 3003.526639] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.527045] ? __kasan_check_read+0x11/0x20
[ 3003.527363] ? __kthread_parkme+0x83/0xa0
[ 3003.527667] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.528073] kthread+0x1d9/0x200
[ 3003.528320] ? __kthread_bind_mask+0x70/0x70
[ 3003.528644] ret_from_fork+0x1f/0x30
[ 3003.528921] ==================================================================
[ 3003.529457] Disabling lock debugging due to kernel taint
[ 3003.529869] BUG: kernel NULL pointer dereference, address: 000000000000000c
[ 3003.530383] #PF: supervisor read access in kernel mode
[ 3003.530773] #PF: error_code(0x0000) - not-present page
[ 3003.531157] PGD 0 P4D 0
[ 3003.531350] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 3003.531754] CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G B OE 5.10.35+ #458
[ 3003.532319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 3003.533038] RIP: 0010:crypto_destroy_tfm+0x39/0x100
[ 3003.533394] Code: 48 89 e5 41 57 4c 8d 7e 10 41 56 41 55 49 89 fd 4c 89 ff 41 54 49 89 f4 53 49 8d 5c 24 08 48 83 ec 08 e8 7a f3 c2 ff 48 89 df <4d> 8b 74 24 10 e8 6d f3 c2 ff 49 8b 44 24 08 48 85 c0 74 45 49 8d
[ 3003.534715] RSP: 0018:ffff888100e9f4e8 EFLAGS: 00010286
[ 3003.535093] RAX: 0000000000000001 RBX: 0000000000000004 RCX: ffffffffa06fa98a
[ 3003.535584] RDX: fffffbfff5475bfd RSI: 0000000000000246 RDI: 0000000000000004
[ 3003.536063] RBP: ffff888100e9f518 R08: 0000000000000001 R09: ffffffffaa3adfe7
[ 3003.536575] R10: fffffbfff5475bfc R11: 0000000000000001 R12: fffffffffffffffc
[ 3003.537099] R13: fffffffffffffff4 R14: ffff888195b5ab88 R15: 000000000000000c
[ 3003.537611] FS: 0000000000000000(0000) GS:ffff88824d000000(0000) knlGS:0000000000000000
[ 3003.538188] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3003.538602] CR2: 000000000000000c CR3: 000000016c4c2000 CR4: 0000000000750ef0
[ 3003.539114] PKRU: 55555554
[ 3003.539316] Call Trace:
[ 3003.539501] ? crypto_aead_setauthsize+0x80/0x80
[ 3003.539845] ttls_cipher_free+0x2f/0x50 [tempesta_tls]
[ 3003.540226] ttls_ctx_clear+0x3b/0x60 [tempesta_tls]
[ 3003.540612] tfw_tls_conn_dtor+0x24d/0x310 [tempesta_fw]
[ 3003.541029] tfw_sock_clnt_drop+0x211/0x220 [tempesta_fw]
[ 3003.541455] ss_conn_drop_guard_exit+0x6a/0xa0 [tempesta_fw]
[ 3003.541881] tcp_done+0x14d/0x1e0
[ 3003.542135] tcp_time_wait+0x314/0x4f0
[ 3003.542421] tcp_rcv_state_process+0x1138/0x1f50
[ 3003.542769] ? tempesta_sock_tcp_rcv+0x6a/0x80
[ 3003.543104] ? tcp_finish_connect+0x1f0/0x1f0
[ 3003.543434] ? sk_filter_trim_cap+0x1fd/0x430
[ 3003.543763] ? tcp_parse_md5sig_option+0x20/0xb0
[ 3003.544112] ? bpf_get_listener_sock+0x80/0x80
[ 3003.544449] ? tcp_v4_inbound_md5_hash+0xdf/0x2a0
[ 3003.544809] ? __kasan_check_write+0x14/0x20
[ 3003.545134] ? _raw_spin_lock+0x7b/0xd0
[ 3003.545425] tcp_v4_do_rcv+0x164/0x360
[ 3003.545710] tcp_v4_rcv+0x1600/0x1770
[ 3003.545996] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 3003.546351] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 3003.546681] ip_protocol_deliver_rcu+0x46/0x2e0
[ 3003.547023] ip_local_deliver_finish+0xc6/0xe0
[ 3003.547359] ip_local_deliver+0x1f5/0x210
[ 3003.547662] ? ip_local_deliver_finish+0xe0/0xe0
[ 3003.548009] ? tcp_v4_early_demux+0x297/0x2f0
[ 3003.548338] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 3003.548698] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 3003.549112] ip_rcv_finish+0xcf/0xf0
[ 3003.549385] ip_rcv+0x16d/0x180
[ 3003.549626] ? ip_local_deliver+0x210/0x210
[ 3003.549944] ? sk_reset_timer+0x1a/0x70
[ 3003.550236] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 3003.550641] ? __kasan_check_write+0x14/0x20
[ 3003.550964] ? skb_release_data+0x8c/0x320
[ 3003.551274] ? ip_local_deliver+0x210/0x210
[ 3003.551591] __netif_receive_skb_one_core+0x132/0x140
[ 3003.551971] ? napi_gro_receive+0x260/0x260
[ 3003.552287] __netif_receive_skb+0x26/0xb0
[ 3003.552596] process_backlog+0xfe/0x290
[ 3003.552893] ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 3003.553286] net_rx_action+0x287/0x6b0
[ 3003.553574] ? finish_task_switch+0xa0/0x370
[ 3003.553896] ? napi_complete_done+0x2c0/0x2c0
[ 3003.554226] ? switch_fpu_return+0x120/0x120
[ 3003.554548] __do_softirq+0xfe/0x383
[ 3003.554821] ? tasklet_hi_action+0x30/0x30
[ 3003.555132] run_ksoftirqd+0x2b/0x40
[ 3003.555405] smpboot_thread_fn+0x1ba/0x2f0
[ 3003.555715] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.556119] ? __kasan_check_read+0x11/0x20
[ 3003.556436] ? __kthread_parkme+0x83/0xa0
[ 3003.556739] ? smpboot_register_percpu_thread+0x190/0x190
[ 3003.557153] kthread+0x1d9/0x200
[ 3003.557399] ? __kthread_bind_mask+0x70/0x70
[ 3003.557722] ret_from_fork+0x1f/0x30
[ 3003.557994] Modules linked in: tempesta_fw(OE) tempesta_db(OE) sha256_ssse3 sha512_ssse3 tempesta_tls(OE) tempesta_lib(OE) tls nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec kvm_intel snd_hda_core snd_hwdep kvm snd_pcm joydev binfmt_misc snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel snd_rawmidi aesni_intel nls_iso8859_1 crypto_simd snd_seq cryptd glue_helper 9pnet_virtio input_leds snd_seq_device snd_timer qxl snd 9pnet serio_raw soundcore drm_ttm_helper ttm mac_hid drm_kms_helper qemu_fw_cfg cec fb_sys_fops syscopyarea sysfillrect sysimgblt sch_fq_codel msr parport_pc drm ppdev lp ramoops parport
[ 3003.558083] reed_solomon efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c crc32_pclmul psmouse ahci i2c_i801 lpc_ich libahci i2c_smbus virtio_net virtio_blk net_failover failover hid_generic usbhid hid
[ 3003.566162] CR2: 000000000000000c
[ 3003.566418] ---[ end trace f8041f7c023d1a88 ]---
[ 3003.566766] RIP: 0010:crypto_destroy_tfm+0x39/0x100
[ 3003.567134] Code: 48 89 e5 41 57 4c 8d 7e 10 41 56 41 55 49 89 fd 4c 89 ff 41 54 49 89 f4 53 49 8d 5c 24 08 48 83 ec 08 e8 7a f3 c2 ff 48 89 df <4d> 8b 74 24 10 e8 6d f3 c2 ff 49 8b 44 24 08 48 85 c0 74 45 49 8d
[ 3003.568513] RSP: 0018:ffff888100e9f4e8 EFLAGS: 00010286
[ 3003.568910] RAX: 0000000000000001 RBX: 0000000000000004 RCX: ffffffffa06fa98a
[ 3003.569443] RDX: fffffbfff5475bfd RSI: 0000000000000246 RDI: 0000000000000004
[ 3003.569976] RBP: ffff888100e9f518 R08: 0000000000000001 R09: ffffffffaa3adfe7
[ 3003.570509] R10: fffffbfff5475bfc R11: 0000000000000001 R12: fffffffffffffffc
[ 3003.571041] R13: fffffffffffffff4 R14: ffff888195b5ab88 R15: 000000000000000c
[ 3003.571574] FS: 0000000000000000(0000) GS:ffff88824d000000(0000) knlGS:0000000000000000
[ 3003.572176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3003.572607] CR2: 000000000000000c CR3: 000000016c4c2000 CR4: 0000000000750ef0
[ 3003.573147] PKRU: 55555554
[ 3003.573356] Kernel panic - not syncing: Fatal exception in interrupt
[ 3003.574087] Kernel Offset: 0x1f600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 3003.574838] Rebooting in 1 seconds..
[ 3004.567191] ACPI MEMORY or I/O RESET_REG.
/dev/vda3: recovering journal
/dev/vda3: Clearing orphaned inode 549854 (uid=1000, gid=1000, mode=0100664, size=8963)
/dev/vda3: Clearing orphaned inode 549851 (uid=1000, gid=1000, mode=0100664, size=9100)
/dev/vda3: clean, 985111/13107200 files, 22983918/52428800 blocks

EvgeniiMekhanik · 2025-01-25T02:02:51Z

[ 6828.926415] BUG: unable to handle page fault for address: ffff8881a4f8f410
[ 6828.927295] #PF: supervisor write access in kernel mode
[ 6828.927894] #PF: error_code(0x0002) - not-present page
[ 6828.928468] PGD 222e01067 P4D 222e01067 PUD 2ac69d067 PMD 2ac575067 PTE 800ffffe5b070060
[ 6828.929398] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 6828.929980] CPU: 3 PID: 32 Comm: ksoftirqd/3 Tainted: G B W OE 5.10.35+ #458
[ 6828.930806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 6828.931799] RIP: 0010:tfw_h2_stream_xmit_prepare_resp+0x35c/0x3b0 [tempesta_fw]
[ 6828.932589] Code: 7d b8 e8 c7 f1 ab e6 48 c7 83 e0 00 00 00 00 00 00 00 e9 d4 fe ff ff 0f 0b 48 8d 7b 10 e8 ac ee ab e6 0f b6 45 d0 8d 44 00 01 <88> 43 10 e9 f3 fe ff ff be 08 00 00 00 4c 89 f7 e8 ff d2 ab e6 4c
[ 6828.934605] RSP: 0018:ffff8881010974e0 EFLAGS: 00010282
[ 6828.935206] RAX: 000000000000002f RBX: ffff8881a4f8f400 RCX: ffffffffc1fd6204
[ 6828.935955] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881a4f8f410
[ 6828.936663] RBP: ffff888101097528 R08: ffffffffa8f90be8 R09: 0000000000000003
[ 6828.937387] R10: ffffed1020212e86 R11: 0000000000000001 R12: ffff888155feeba8
[ 6828.938205] R13: ffff8881eb852030 R14: 0000000000000000 R15: ffff888155feef48
[ 6828.939018] FS: 0000000000000000(0000) GS:ffff88824d180000(0000) knlGS:0000000000000000
[ 6828.939930] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6828.940581] CR2: ffff8881a4f8f410 CR3: 000000010db0e000 CR4: 0000000000752ee0
[ 6828.941393] PKRU: 55555554
[ 6828.941715] Call Trace:
[ 6828.942028] tfw_h2_make_frames+0x4d2/0x8d0 [tempesta_fw]
[ 6828.942681] ? tfw_h2_frame_process+0xd00/0xd00 [tempesta_fw]
[ 6828.943367] ? __kfree_skb+0xaa/0xf0
[ 6828.943788] ? tcp_data_queue+0xc37/0x1d80
[ 6828.944295] tfw_sk_fill_write_queue+0x2da/0x380 [tempesta_fw]
[ 6828.944948] ? tfw_sock_clnt_start+0x670/0x670 [tempesta_fw]
[ 6828.945499] ? kvm_clock_get_cycles+0x11/0x20
[ 6828.945929] ? ktime_get+0x4f/0xb0
[ 6828.946263] tcp_rcv_established+0x491/0xf80
[ 6828.946688] ? tcp_parse_md5sig_option+0x20/0xb0
[ 6828.947238] ? tcp_data_queue+0x1d80/0x1d80
[ 6828.947765] ? __kasan_check_read+0x11/0x20
[ 6828.948258] tcp_v4_do_rcv+0x25f/0x360
[ 6828.948698] tcp_v4_rcv+0x1600/0x1770
[ 6828.949158] ? tcp_new+0x420/0x420 [nf_conntrack]
[ 6828.949754] ? tcp_v4_early_demux+0x2f0/0x2f0
[ 6828.950285] ip_protocol_deliver_rcu+0x46/0x2e0
[ 6828.950763] ip_local_deliver_finish+0xc6/0xe0
[ 6828.951195] ip_local_deliver+0x1f5/0x210
[ 6828.951592] ? ip_local_deliver_finish+0xe0/0xe0
[ 6828.952031] ? tcp_v4_early_demux+0x297/0x2f0
[ 6828.952460] ? ip_protocol_deliver_rcu+0x2e0/0x2e0
[ 6828.953047] ? ip_rcv_finish_core.constprop.0+0x17c/0x890
[ 6828.953600] ip_rcv_finish+0xcf/0xf0
[ 6828.953943] ip_rcv+0x16d/0x180
[ 6828.954246] ? ip_local_deliver+0x210/0x210
[ 6828.954646] ? ip_rcv_finish_core.constprop.0+0x890/0x890
[ 6828.955193] ? virtqueue_poll+0xbb/0xd0
[ 6828.955636] ? ip_local_deliver+0x210/0x210
[ 6828.956144] __netif_receive_skb_one_core+0x132/0x140
[ 6828.956755] ? napi_gro_receive+0x260/0x260
[ 6828.957232] ? send_call_function_single_ipi+0x64/0xd0
[ 6828.957849] ? generic_exec_single+0xb1/0x170
[ 6828.958325] __netif_receive_skb+0x26/0xb0
[ 6828.958841] ? net_rps_send_ipi+0x91/0xa0
[ 6828.959316] process_backlog+0xfe/0x290
[ 6828.959793] ? virtnet_poll_tx+0x184/0x190 [virtio_net]
[ 6828.960397] net_rx_action+0x287/0x6b0
[ 6828.960850] ? napi_complete_done+0x2c0/0x2c0
[ 6828.961284] ? switch_fpu_return+0x120/0x120
[ 6828.961797] __do_softirq+0xfe/0x383
[ 6828.962190] ? tasklet_hi_action+0x30/0x30
[ 6828.962656] run_ksoftirqd+0x2b/0x40
[ 6828.963026] smpboot_thread_fn+0x1ba/0x2f0
[ 6828.963452] ? smpboot_register_percpu_thread+0x190/0x190
[ 6828.964041] ? __kasan_check_read+0x11/0x20
[ 6828.964522] ? __kthread_parkme+0x83/0xa0
[ 6828.964960] ? smpboot_register_percpu_thread+0x190/0x190
[ 6828.965505] kthread+0x1d9/0x200
[ 6828.965821] ? __kthread_bind_mask+0x70/0x70
[ 6828.966234] ret_from_fork+0x1f/0x30
[ 6828.966576] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec overlay snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi kvm_intel binfmt_misc kvm snd_seq crct10dif_pclmul snd_seq_device ghash_clmulni_intel nls_iso8859_1 aesni_intel crypto_simd joydev snd_timer cryptd glue_helper snd input_leds serio_raw 9pnet_virtio qxl soundcore 9pnet drm_ttm_helper ttm drm_kms_helper mac_hid qemu_fw_cfg cec fb_sys_fops syscopyarea sysfillrect sysimgblt sch_fq_codel msr parport_pc ppdev ramoops lp reed_solomon drm parport
[ 6828.966690] efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c crc32_pclmul psmouse i2c_i801 ahci i2c_smbus libahci lpc_ich virtio_net net_failover virtio_blk failover hid_generic usbhid hid [last unloaded: tempesta_lib]
[ 6828.978534] CR2: ffff8881a4f8f410
[ 6828.979207] ---[ end trace 8b4739176895ee62 ]---
[ 6828.979690] RIP: 0010:tfw_h2_stream_xmit_prepare_resp+0x35c/0x3b0 [tempesta_fw]
[ 6828.980485] Code: 7d b8 e8 c7 f1 ab e6 48 c7 83 e0 00 00 00 00 00 00 00 e9 d4 fe ff ff 0f 0b 48 8d 7b 10 e8 ac ee ab e6 0f b6 45 d0 8d 44 00 01 <88> 43 10 e9 f3 fe ff ff be 08 00 00 00 4c 89 f7 e8 ff d2 ab e6 4c
[ 6828.982827] RSP: 0018:ffff8881010974e0 EFLAGS: 00010282
[ 6828.983484] RAX: 000000000000002f RBX: ffff8881a4f8f400 RCX: ffffffffc1fd6204
[ 6828.984412] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881a4f8f410
[ 6828.985354] RBP: ffff888101097528 R08: ffffffffa8f90be8 R09: 0000000000000003
[ 6828.986611] R10: ffffed1020212e86 R11: 0000000000000001 R12: ffff888155feeba8
[ 6828.987972] R13: ffff8881eb852030 R14: 0000000000000000 R15: ffff888155feef48
[ 6828.989287] FS: 0000000000000000(0000) GS:ffff88824d180000(0000) knlGS:0000000000000000
[ 6828.990721] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6828.991864] CR2: ffff8881a4f8f410 CR3: 000000010db0e000 CR4: 0000000000752ee0

EvgeniiMekhanik · 2025-01-25T02:29:30Z

[ 1625.603756] net_ratelimit: 268 callbacks suppressed
[ 1625.603759] [tempesta fw] Warning: pending active connections for 5s (connections count 0x3, queues count 0)
[ 1625.604877] [tempesta fw] Warning: cpu 0(0), backlog size 0, active connections mask 0x1a00000000, cntwork queue size 0, close backlog is empty
[ 1625.605813] [tempesta fw] Warning: cpu 1(0), backlog size 0, active connections mask 0xfffffff000000000, cntwork queue size 0, close backlog is empty
[ 1625.606793] [tempesta fw] Warning: cpu 2(0), backlog size 0, active connections mask 0xfffffffb00000000, cntwork queue size 0, close backlog is empty
[ 1625.607784] [tempesta fw] Warning: cpu 3(0), backlog size 0, active connections mask 0xfffffffe00000000, cntwork queue size 0, close backlog is empty
[ 1625.630755] BUG: unable to handle page fault for address: ffff8881753e9948
[ 1625.631243] #PF: supervisor read access in kernel mode
[ 1625.631601] #PF: error_code(0x0000) - not-present page
[ 1625.631960] PGD 1d5601067 P4D 1d5601067 PUD 2ac89e067 PMD 2ac6f4067 PTE 800ffffe8ac16060
[ 1625.632524] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 1625.632913] CPU: 0 PID: 10788 Comm: sysctl Tainted: G B W OE 5.10.35+ #458
[ 1625.633451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1625.634115] RIP: 0010:tfw_connection_unlink_to_sk+0x34/0xc0 [tempesta_fw]
[ 1625.634585] Code: 55 4c 8d af 40 04 00 00 41 54 53 48 89 fb 4c 89 ef e8 b0 75 48 cb 4c 8b a3 40 04 00 00 49 8d bc 24 88 02 00 00 e8 9c 75 48 cb <49> 83 bc 24 88 02 00 00 00 74 08 4c 89 e7 e8 69 8d 02 00 4c 89 ef
[ 1625.635864] RSP: 0018:ffff88824d009b38 EFLAGS: 00010286
[ 1625.636227] RAX: 0000000000000000 RBX: ffff888113cce6f8 RCX: ffffffffc1e0dd84
[ 1625.636719] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881753e9948
[ 1625.637211] RBP: ffff88824d009b50 R08: 0000000000044f9a R09: ffff88824d009678
[ 1625.637705] R10: ffffed1049a012da R11: 0000000000000001 R12: ffff8881753e96c0
[ 1625.638197] R13: ffff888113cceb38 R14: ffff88813d893020 R15: ffff888113ccec38
[ 1625.638689] FS: 00007f643e10f740(0000) GS:ffff88824d000000(0000) knlGS:0000000000000000
[ 1625.639246] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1625.639645] CR2: ffff8881753e9948 CR3: 00000001f323e000 CR4: 0000000000750ef0
[ 1625.640138] PKRU: 55555554
[ 1625.640332] Call Trace:
[ 1625.640507]
[ 1625.640673] tfw_cli_conn_release+0x2d/0x70 [tempesta_fw]
[ 1625.641068] tfw_tls_conn_dtor+0x255/0x310 [tempesta_fw]
[ 1625.641458] tfw_http_conn_msg_free+0xdd/0xf0 [tempesta_fw]
[ 1625.641865] tfw_http_conn_release+0x45d/0x520 [tempesta_fw]
[ 1625.642278] ? tfw_http_conn_shrink_fwdq_resched+0x270/0x270 [tempesta_fw]
[ 1625.642756] ? mod_timer+0x10/0x20
[ 1625.643016] tfw_connection_release+0x59/0xa0 [tempesta_fw]
[ 1625.643423] tfw_srv_conn_release+0x15/0xe0 [tempesta_fw]
[ 1625.643820] tfw_sock_srv_connect_drop+0x2e0/0x2f0 [tempesta_fw]
[ 1625.644256] ? tfw_sock_srv_abort_srv+0xa0/0xa0 [tempesta_fw]
[ 1625.644657] ? _find_next_bit.constprop.0+0x4a/0x100
[ 1625.645005] ? __kasan_check_write+0x14/0x20
[ 1625.645308] ? _raw_spin_lock+0x7b/0xd0
[ 1625.645581] ? _raw_write_lock_irqsave+0xe0/0xe0
[ 1625.645923] ss_conn_drop_guard_exit+0x6a/0xa0 [tempesta_fw]
[ 1625.646335] ss_tx_action+0xa4b/0xc10 [tempesta_fw]
[ 1625.646676] ? __run_timers.part.0+0x279/0x510
[ 1625.647008] ? ss_skb_tcp_entail_list+0x1a0/0x1a0 [tempesta_fw]
[ 1625.647437] ? tfw_apm_prnctl_calc.constprop.0+0x9f0/0x9f0 [tempesta_fw]
[ 1625.647900] ? trace_event_raw_event_hrtimer_start+0x1e0/0x1e0
[ 1625.648306] ? ktime_get+0x4f/0xb0
[ 1625.648547] ? __kasan_check_read+0x11/0x20
[ 1625.648842] ? __kernel_fpu_begin_mask+0x109/0x150
[ 1625.649178] net_tx_action+0xfa/0x3c0
[ 1625.649438] __do_softirq+0xfe/0x383
[ 1625.649691] asm_call_irq_on_stack+0xf/0x20
[ 1625.649984]
[ 1625.650138] do_softirq_own_stack+0x3d/0x50
[ 1625.650431] do_softirq+0x72/0x90
[ 1625.650666] __local_bh_enable_ip+0x50/0x60
[ 1625.650959] _raw_spin_unlock_bh+0x1e/0x20
[ 1625.651266] tfw_sock_srv_abort_srv+0x8e/0xa0 [tempesta_fw]
[ 1625.651673] ? tfw_cfgop_out_retry_nip+0x80/0x80 [tempesta_fw]
[ 1625.652098] tfw_sg_for_each_srv+0xcb/0x130 [tempesta_fw]
[ 1625.652493] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 1625.652968] tfw_sock_srv_stop+0x205/0x220 [tempesta_fw]
[ 1625.653358] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 1625.653834] tfw_mods_stop+0x51/0xe0 [tempesta_fw]
[ 1625.654187] tfw_ctlfn_state_io+0x295/0x540 [tempesta_fw]
[ 1625.654581] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 1625.654934] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 1625.655271] ? __cgroup_bpf_run_filter_sysctl+0x274/0x430
[ 1625.655647] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1625.655993] ? __kasan_check_read+0x11/0x20
[ 1625.656291] proc_sys_call_handler+0x227/0x390
[ 1625.656602] ? sysctl_head_grab+0x60/0x60
[ 1625.656885] ? __mod_memcg_state.part.0+0x4e/0x140
[ 1625.657220] proc_sys_write+0x13/0x20
[ 1625.657482] new_sync_write+0x29d/0x3c0
[ 1625.657752] ? new_sync_read+0x3c0/0x3c0
[ 1625.658030] ? lru_cache_add_inactive_or_unevictable+0x38/0x100
[ 1625.658442] ? handle_mm_fault+0xa62/0x2640
[ 1625.658736] ? rw_verify_area+0x7c/0x150
[ 1625.659012] vfs_write+0x311/0x3d0
[ 1625.659253] ksys_write+0xcd/0x170
[ 1625.659493] ? __ia32_sys_read+0x50/0x50
[ 1625.659769] ? __kasan_check_read+0x11/0x20
[ 1625.660063] ? fpregs_assert_state_consistent+0x5a/0x70
[ 1625.660427] __x64_sys_write+0x42/0x50
[ 1625.660693] do_syscall_64+0x38/0x90
[ 1625.660946] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1625.661299] RIP: 0033:0x7f643e226887
[ 1625.661554] Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 1625.662834] RSP: 002b:00007ffdf9d9e6f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1625.663357] RAX: ffffffffffffffda RBX: 000055bd62728560 RCX: 00007f643e226887
[ 1625.663849] RDX: 0000000000000005 RSI: 000055bd627285a0 RDI: 0000000000000004
[ 1625.664342] RBP: 000055bd6272a6d0 R08: 0000000000000010 R09: 000055bd6272a6d0
[ 1625.664834] R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000005
[ 1625.665329] R13: 0000000000000005 R14: 00007f643e328b80 R15: 00007f643e328a00
[ 1625.665823] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink overlay snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi kvm_intel binfmt_misc kvm snd_seq nls_iso8859_1 crct10dif_pclmul ghash_clmulni_intel snd_seq_device aesni_intel snd_timer crypto_simd joydev cryptd glue_helper snd input_leds 9pnet_virtio serio_raw 9pnet qxl soundcore drm_ttm_helper ttm drm_kms_helper cec mac_hid fb_sys_fops syscopyarea sysfillrect qemu_fw_cfg sysimgblt sch_fq_codel drm msr parport_pc ppdev ramoops lp efi_pstore parport
[ 1625.665924] reed_solomon virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c crc32_pclmul psmouse ahci i2c_i801 lpc_ich libahci i2c_smbus virtio_net net_failover virtio_blk failover hid_generic usbhid hid [last unloaded: tempesta_lib]
[ 1625.673570] CR2: ffff8881753e9948
[ 1625.673814] ---[ end trace 0e67a352bebe8f18 ]---
[ 1625.674157] RIP: 0010:tfw_connection_unlink_to_sk+0x34/0xc0 [tempesta_fw]
[ 1625.674629] Code: 55 4c 8d af 40 04 00 00 41 54 53 48 89 fb 4c 89 ef e8 b0 75 48 cb 4c 8b a3 40 04 00 00 49 8d bc 24 88 02 00 00 e8 9c 75 48 cb <49> 83 bc 24 88 02 00 00 00 74 08 4c 89 e7 e8 69 8d 02 00 4c 89 ef
[ 1625.675909] RSP: 0018:ffff88824d009b38 EFLAGS: 00010286
[ 1625.676273] RAX: 0000000000000000 RBX: ffff888113cce6f8 RCX: ffffffffc1e0dd84
[ 1625.676773] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881753e9948
[ 1625.677280] RBP: ffff88824d009b50 R08: 0000000000044f9a R09: ffff88824d009678
[ 1625.677788] R10: ffffed1049a012da R11: 0000000000000001 R12: ffff8881753e96c0
[ 1625.678292] R13: ffff888113cceb38 R14: ffff88813d893020 R15: ffff888113ccec38
[ 1625.678798] FS: 00007f643e10f740(0000) GS:ffff88824d000000(0000) knlGS:0000000000000000
[ 1625.679368] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1625.679777] CR2: ffff8881753e9948 CR3: 00000001f323e000 CR4: 0000000000750ef0
[ 1625.680283] PKRU: 55555554

EvgeniiMekhanik · 2025-01-30T19:43:56Z

[ 215.051812] net_ratelimit: 2463 callbacks suppressed
[ 215.051814] [tempesta fw] Warning: pending active connections for 5s (connections count 0x1, queues count 0)
[ 215.054939] [tempesta fw] Warning: cpu 0(2), backlog size 0, active connections mask 0x1500000000, cntwork queue size 0, close backlog is empty
[ 215.056163] [tempesta fw] Warning: cpu 1(2), backlog size 0, active connections mask 0xfffffff600000000, cntwork queue size 0, close backlog is empty
[ 215.057512] [tempesta fw] Warning: cpu 2(2), backlog size 0, active connections mask 0xffffffef00000000, cntwork queue size 0, close backlog is empty
[ 215.058976] [tempesta fw] Warning: cpu 3(2), backlog size 0, active connections mask 0x700000000, cntwork queue size 0, close backlog is empty
[ 215.123845] ==================================================================
[ 215.124585] BUG: KASAN: use-after-free in tfw_sched_ratio_del_grp+0x89/0x100 [tempesta_fw]
[ 215.125658] Read of size 8 at addr ffff888139a4fe58 by task sysctl/5632
[ 215.126529]
[ 215.126745] CPU: 2 PID: 5632 Comm: sysctl Tainted: G W OE 5.10.35+ #466
[ 215.127744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 215.128904] Call Trace:
[ 215.129141] dump_stack+0x96/0xc4
[ 215.129452] print_address_description.constprop.0+0x21/0x220
[ 215.129979] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 215.130395] ? _raw_write_unlock_bh+0x30/0x30
[ 215.130799] ? usleep_range+0xe0/0xe0
[ 215.131158] ? tfw_sched_ratio_del_grp+0x89/0x100 [tempesta_fw]
[ 215.131691] kasan_report.cold+0x31/0x48
[ 215.132046] ? down_write+0x60/0x110
[ 215.132396] ? tfw_sched_ratio_del_grp+0x89/0x100 [tempesta_fw]
[ 215.132932] __asan_load8+0x69/0x90
[ 215.133277] tfw_sched_ratio_del_grp+0x89/0x100 [tempesta_fw]
[ 215.133823] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 215.134446] tfw_sg_release_all+0x8b/0x1e0 [tempesta_fw]
[ 215.134955] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 215.135578] tfw_sock_srv_stop+0x1d9/0x220 [tempesta_fw]
[ 215.136089] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 215.136722] tfw_mods_stop+0x51/0xe0 [tempesta_fw]
[ 215.137180] tfw_ctlfn_state_io+0x295/0x540 [tempesta_fw]
[ 215.137687] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 215.138141] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 215.138572] ? __cgroup_bpf_run_filter_sysctl+0x274/0x430
[ 215.139062] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 215.139511] ? __kasan_check_read+0x11/0x20
[ 215.139892] proc_sys_call_handler+0x227/0x390
[ 215.140294] ? sysctl_head_grab+0x60/0x60
[ 215.140667] ? __mod_memcg_state.part.0+0x4e/0x140
[ 215.141096] proc_sys_write+0x13/0x20
[ 215.141425] new_sync_write+0x29d/0x3c0
[ 215.141769] ? new_sync_read+0x3c0/0x3c0
[ 215.142120] ? lru_cache_add_inactive_or_unevictable+0x38/0x100
[ 215.142648] ? handle_mm_fault+0xa62/0x2640
[ 215.143026] ? rw_verify_area+0x7c/0x150
[ 215.143379] vfs_write+0x311/0x3d0
[ 215.143688] ksys_write+0xcd/0x170
[ 215.143995] ? __ia32_sys_read+0x50/0x50
[ 215.144347] ? __kasan_check_read+0x11/0x20
[ 215.144736] ? fpregs_assert_state_consistent+0x5a/0x70
[ 215.145213] __x64_sys_write+0x42/0x50
[ 215.145560] do_syscall_64+0x38/0x90
[ 215.145892] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 215.146354] RIP: 0033:0x7f7cd5d59887
[ 215.146688] Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 215.148366] RSP: 002b:00007ffe90ca0548 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 215.149056] RAX: ffffffffffffffda RBX: 0000564f0ef07560 RCX: 00007f7cd5d59887
[ 215.149699] RDX: 0000000000000005 RSI: 0000564f0ef075a0 RDI: 0000000000000004
[ 215.150342] RBP: 0000564f0ef096d0 R08: 0000000000000010 R09: 0000564f0ef096d0
[ 215.150984] R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000005
[ 215.151627] R13: 0000000000000005 R14: 00007f7cd5e5bb80 R15: 00007f7cd5e5ba00
[ 215.152270]
[ 215.152416] Allocated by task 5548:
[ 215.152744] kasan_save_stack+0x23/0x50
[ 215.153098] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 215.153535] kasan_slab_alloc+0xe/0x10
[ 215.153877] kmem_cache_alloc+0xf7/0x290
[ 215.154259] tfw_server_create+0x22/0xd0 [tempesta_fw]
[ 215.154749] tfw_cfgop_server+0x259/0x5b0 [tempesta_fw]
[ 215.155248] tfw_cfgop_out_server+0x5a/0xe0 [tempesta_fw]
[ 215.155762] spec_handle_entry+0xaa/0xe0 [tempesta_fw]
[ 215.156252] tfw_cfg_parse_mods+0x283/0x310 [tempesta_fw]
[ 215.156771] tfw_cfg_parse+0x89/0xd0 [tempesta_fw]
[ 215.157230] tfw_ctlfn_state_io+0x3b1/0x540 [tempesta_fw]
[ 215.157720] proc_sys_call_handler+0x227/0x390
[ 215.158126] proc_sys_write+0x13/0x20
[ 215.158463] new_sync_write+0x29d/0x3c0
[ 215.158815] vfs_write+0x311/0x3d0
[ 215.159128] ksys_write+0xcd/0x170
[ 215.159441] __x64_sys_write+0x42/0x50
[ 215.159785] do_syscall_64+0x38/0x90
[ 215.160115] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 215.160578]
[ 215.160723] Freed by task 5675:
[ 215.161012] kasan_save_stack+0x23/0x50
[ 215.161363] kasan_set_track+0x20/0x30
[ 215.161707] kasan_set_free_info+0x1f/0x40
[ 215.162083] __kasan_slab_free+0x116/0x160
[ 215.162458] kasan_slab_free+0xe/0x10
[ 215.162796] slab_free_freelist_hook+0x47/0x140
[ 215.163209] kmem_cache_free+0x105/0x410
[ 215.163592] tfw_server_destroy+0xa4/0xc0 [tempesta_fw]
[ 215.164090] tfw_srv_conn_release+0xd0/0xe0 [tempesta_fw]
[ 215.164614] tfw_sock_srv_connect_drop+0x2e0/0x2f0 [tempesta_fw]
[ 215.165181] ss_conn_drop_guard_exit+0x6a/0xa0 [tempesta_fw]
[ 215.165696] tcp_done+0x14d/0x1e0
[ 215.166004] tcp_reset+0x6c/0x110
[ 215.166306] tcp_validate_incoming+0x707/0xa30
[ 215.166708] tcp_rcv_state_process+0x51b/0x1f50
[ 215.167121] tcp_v4_do_rcv+0x164/0x360
[ 215.167464] tcp_v4_rcv+0x1600/0x1770
[ 215.167805] ip_protocol_deliver_rcu+0x46/0x2e0
[ 215.168218] ip_local_deliver_finish+0xc6/0xe0
[ 215.168628] ip_local_deliver+0x1f5/0x210
[ 215.168996] ip_rcv_finish+0xcf/0xf0
[ 215.169325] ip_rcv+0x16d/0x180
[ 215.169617] __netif_receive_skb_core.constprop.0+0x964/0x18d0
[ 215.170145] __netif_receive_skb_one_core+0xa8/0x140
[ 215.170597] __netif_receive_skb+0x26/0xb0
[ 215.170971] process_backlog+0xfe/0x290
[ 215.171323] net_rx_action+0x287/0x6b0
[ 215.171667] __do_softirq+0xfe/0x383
[ 215.171996]
[ 215.172142] The buggy address belongs to the object at ffff888139a4fde8
[ 215.172142] which belongs to the cache tfw_srv_cache of size 176
[ 215.173287] The buggy address is located 112 bytes inside of
[ 215.173287] 176-byte region [ffff888139a4fde8, ffff888139a4fe98)
[ 215.174354] The buggy address belongs to the page:
[ 215.174802] page:00000000b3b7984c refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888139a4fbd8 pfn:0x139a4c
[ 215.175789] head:00000000b3b7984c order:2 compound_mapcount:0 compound_pincount:0
[ 215.176483] flags: 0x17ffffc0010200(slab|head)
[ 215.176906] raw: 0017ffffc0010200 ffff88815b977c50 ffff88815b977c50 ffff88810d3bcf40
[ 215.177626] raw: ffff888139a4fbd8 00000000001f0001 00000001ffffffff 0000000000000000
[ 215.178343] page dumped because: kasan: bad access detected
[ 215.178864]
[ 215.179013] Memory state around the buggy address:
[ 215.179464] ffff888139a4fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 215.180136] ffff888139a4fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fa fb fb
[ 215.180811] >ffff888139a4fe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 215.181481] ^
[ 215.182048] ffff888139a4fe80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 215.182719] ffff888139a4ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 215.183389] ==================================================================
[ 215.184060] Disabling lock debugging due to kernel taint
[ 215.184643] ------------[ cut here ]------------
[ 215.185079] kernel BUG at /home/evgeny/workdir/tempesta/fw/server.h:223!
[ 215.185708] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 215.186424] CPU: 2 PID: 5632 Comm: sysctl Tainted: G B W OE 5.10.35+ #466
[ 215.187104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 215.187955] RIP: 0010:__tfw_sg_del_srv+0x131/0x140 [tempesta_fw]
[ 215.188491] Code: 8d 7b 40 4d 89 74 24 30 4d 89 74 24 38 e8 47 4b 97 cc 48 83 6b 40 01 48 c7 c7 40 e7 d9 c1 e8 e6 04 68 cc e9 5b ff ff ff 0f 0b <0f> 0b 4c 89 e7 e8 d5 ee ff ff e9 7a ff ff ff 0f 1f 44 00 00 55 48
[ 215.190152] RSP: 0000:ffff8881453c78f0 EFLAGS: 00010297
[ 215.190619] RAX: ffffffffffffffff RBX: ffff888183db0800 RCX: ffffffffc1d20761
[ 215.191247] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888139a4fe78
[ 215.191876] RBP: ffff8881453c7918 R08: 0000000000000001 R09: 0000000000000007
[ 215.192515] R10: ffffed1027349fcf R11: 0000000000000001 R12: ffff888139a4fde8
[ 215.193144] R13: ffff888183db0820 R14: ffff888139a4fe18 R15: ffff888183db0820
[ 215.193752] FS: 00007f7cd5c42740(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 215.194435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 215.194924] CR2: 00007efc53f16030 CR3: 000000017845c000 CR4: 0000000000750ee0
[ 215.195528] PKRU: 55555554
[ 215.195767] Call Trace:
[ 215.196012] tfw_sg_release_all+0xd3/0x1e0 [tempesta_fw]
[ 215.196493] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 215.197222] tfw_sock_srv_stop+0x1d9/0x220 [tempesta_fw]
[ 215.198039] ? tfw_sock_srv_grace_shutdown_cb+0x140/0x140 [tempesta_fw]
[ 215.198794] tfw_mods_stop+0x51/0xe0 [tempesta_fw]
[ 215.199250] tfw_ctlfn_state_io+0x295/0x540 [tempesta_fw]
[ 215.199780] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 215.200232] ? tfw_cleanup+0x30/0x30 [tempesta_fw]
[ 215.200693] ? __cgroup_bpf_run_filter_sysctl+0x274/0x430
[ 215.201155] ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 215.201766] ? __kasan_check_read+0x11/0x20
[ 215.202126] proc_sys_call_handler+0x227/0x390
[ 215.202573] ? sysctl_head_grab+0x60/0x60
[ 215.203037] ? __mod_memcg_state.part.0+0x4e/0x140
[ 215.203447] proc_sys_write+0x13/0x20
[ 215.203927] new_sync_write+0x29d/0x3c0
[ 215.204316] ? new_sync_read+0x3c0/0x3c0
[ 215.204662] ? lru_cache_add_inactive_or_unevictable+0x38/0x100
[ 215.205260] ? handle_mm_fault+0xa62/0x2640
[ 215.205687] ? rw_verify_area+0x7c/0x150
[ 215.206189] vfs_write+0x311/0x3d0
[ 215.206491] ksys_write+0xcd/0x170
[ 215.206883] ? __ia32_sys_read+0x50/0x50
[ 215.207304] ? __kasan_check_read+0x11/0x20
[ 215.207755] ? fpregs_assert_state_consistent+0x5a/0x70
[ 215.208390] __x64_sys_write+0x42/0x50
[ 215.208815] do_syscall_64+0x38/0x90
[ 215.209127] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 215.209560] RIP: 0033:0x7f7cd5d59887
[ 215.209925] Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 215.211578] RSP: 002b:00007ffe90ca0548 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 215.212264] RAX: ffffffffffffffda RBX: 0000564f0ef07560 RCX: 00007f7cd5d59887
[ 215.212920] RDX: 0000000000000005 RSI: 0000564f0ef075a0 RDI: 0000000000000004
[ 215.213591] RBP: 0000564f0ef096d0 R08: 0000000000000010 R09: 0000564f0ef096d0
[ 215.214240] R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000005
[ 215.214866] R13: 0000000000000005 R14: 00007f7cd5e5bb80 R15: 00007f7cd5e5ba00
[ 215.215494] Modules linked in: tempesta_fw(OE) tempesta_db(OE) sha256_ssse3 sha512_ssse3 tempesta_tls(OE) tempesta_lib(OE) nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink snd_hda_codec_generic ledtrig_audio overlay snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core kvm_intel snd_hwdep kvm snd_pcm crct10dif_pclmul snd_seq_midi snd_seq_midi_event ghash_clmulni_intel snd_rawmidi binfmt_misc qxl aesni_intel joydev drm_ttm_helper crypto_simd 9pnet_virtio cryptd nls_iso8859_1 glue_helper ttm input_leds snd_seq snd_seq_device serio_raw snd_timer drm_kms_helper 9pnet snd soundcore cec fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid qemu_fw_cfg sch_fq_codel msr ramoops reed_solomon drm parport_pc ppdev lp parport
[ 215.215599] efi_pstore virtio_rng ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c psmouse ahci crc32_pclmul i2c_i801 i2c_smbus libahci lpc_ich virtio_net virtio_blk net_failover failover hid_generic usbhid hid
[ 215.225107] ---[ end trace ac645c107f7b64bd ]---
[ 215.225525] RIP: 0010:__tfw_sg_del_srv+0x131/0x140 [tempesta_fw]
[ 215.226038] Code: 8d 7b 40 4d 89 74 24 30 4d 89 74 24 38 e8 47 4b 97 cc 48 83 6b 40 01 48 c7 c7 40 e7 d9 c1 e8 e6 04 68 cc e9 5b ff ff ff 0f 0b <0f> 0b 4c 89 e7 e8 d5 ee ff ff e9 7a ff ff ff 0f 1f 44 00 00 55 48
[ 215.227601] RSP: 0000:ffff8881453c78f0 EFLAGS: 00010297
[ 215.228057] RAX: ffffffffffffffff RBX: ffff888183db0800 RCX: ffffffffc1d20761
[ 215.228670] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888139a4fe78
[ 215.229272] RBP: ffff8881453c7918 R08: 0000000000000001 R09: 0000000000000007
[ 215.229876] R10: ffffed1027349fcf R11: 0000000000000001 R12: ffff888139a4fde8
[ 215.230482] R13: ffff888183db0820 R14: ffff888139a4fe18 R15: ffff888183db0820
[ 215.231085] FS: 00007f7cd5c42740(0000) GS:ffff88824d100000(0000) knlGS:0000000000000000
[ 215.231782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 215.232272] CR2: 00007efc53f16030 CR3: 000000017845c000 CR4: 0000000000750ee0
[ 215.232882] PKRU: 55555554
[ 215.233120] Kernel panic - not syncing: Fatal exception
[ 215.233864] Kernel Offset: 0xd200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 215.234762] Rebooting in 1 seconds..
[ 216.227238] ACPI MEMORY or I/O RESET_REG.

EvgeniiMekhanik self-assigned this Jan 20, 2025

EvgeniiMekhanik added this to the 0.8 - Beta milestone Jan 20, 2025

EvgeniiMekhanik added bug crucial labels Jan 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kernel under memory pressure and KASAN enabled #2328

Kernel under memory pressure and KASAN enabled #2328

EvgeniiMekhanik commented Jan 20, 2025

EvgeniiMekhanik commented Jan 23, 2025

EvgeniiMekhanik commented Jan 23, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 25, 2025

EvgeniiMekhanik commented Jan 25, 2025

EvgeniiMekhanik commented Jan 30, 2025

Kernel under memory pressure and KASAN enabled #2328

Kernel under memory pressure and KASAN enabled #2328

Comments

EvgeniiMekhanik commented Jan 20, 2025

EvgeniiMekhanik commented Jan 23, 2025

EvgeniiMekhanik commented Jan 23, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 24, 2025

EvgeniiMekhanik commented Jan 25, 2025

EvgeniiMekhanik commented Jan 25, 2025

EvgeniiMekhanik commented Jan 30, 2025