Bug 271393

Summary: 13.2 IPSEC panics accessing web server on vpn server when packets are fragmented
Product: Base System Reporter: Russell.Yount
Component: kernAssignee: Gleb Smirnoff <glebius>
Status: Closed FIXED    
Severity: Affects Some People CC: ae, crest, franco, glebius, kib, markj, net
Priority: --- Keywords: crash
Version: 13.1-STABLE   
Hardware: amd64   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271409
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271991
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272616
Attachments:
Description Flags
Output from dmesg related to panics none

Description Russell.Yount 2023-05-13 19:36:09 UTC 
Created attachment 242146 [details]
Output from dmesg related to panics

The FreeBSD 13.2 kernel crashes when VPN client accesses web service on the
VPN server and the web server respond requires packet to fragemented. This
occurs with either IPv4 or IPv6 with or without UDP encapsulation.
Sending large pings from vpn client works correctly.

The uname output of the vpn server is

FreeBSD XXX 13.2-RELEASE (continued on next line)
FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC amd64

The panic messages are attached.

I am willing to work with a developer to get this fixed.

-Russ

Russell J. Yount <Russell.Yount@gmail.com>
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2023-05-15 10:21:51 UTC 
Do you use GENERIC kernel?
Can you try to disable sendfile feature for web server you use?
Comment 2 Russell.Yount 2023-05-15 11:46:20 UTC 
I am using the GENERIC kernel as updated by freebsd-update.
This bug does not occur with sendfile disabled in apache24.
I am testing this using fetch(1) with a 5,279 byte file on server 
between two FreeBSD 13.2 systems.
Comment 3 Gleb Smirnoff freebsd_committer freebsd_triage 2023-05-15 15:42:54 UTC 
Russell,

can you please set:

sysctl kern.ipc.mb_use_ext_pgs=0

Turn sendfile on and then try again?
Comment 4 Russell.Yount 2023-05-15 16:23:09 UTC 
with 
  apache24 enableSendfile on
and
  sysctl kern.ipc.mb_use_ext_pgs=0
ran fetch without crashing system
then I set 
  sysctl kern.ipc.mb_use_ext_pgs=1
ran fetch and it crashed system

yes
  sysctl kern.ipc.mb_use_ext_pgs=0
prevents the bug from occurring
Comment 5 Mark Johnston freebsd_committer freebsd_triage 2023-07-28 13:42:33 UTC 
This is likely the same bug as the one fixed in PR 272616.
Comment 6 Franco Fichtner 2023-11-22 11:50:04 UTC 
Yes, confirmed fixed.