272073 – Kernel Panic in IPFW when using Radix Tables for Captive portal

Bug 272073 - Kernel Panic in IPFW when using Radix Tables for Captive portal

Summary: Kernel Panic in IPFW when using Radix Tables for Captive portal

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	13.2-RELEASE
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	freebsd-net (Nobody)

URL:
Keywords:	IntelNetworking, crash

Depends on:
Blocks:

Reported:	2023-06-19 03:34 UTC by Alfa
Modified:	2023-06-20 09:30 UTC (History)
CC List:	5 users (show)

See Also:	271393 271409

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alfa 2023-06-19 03:34:26 UTC

Comment 1 Alfa 2023-06-19 03:59:25 UTC

Hi i implemented a sample captive portal on FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC amd64 and i used IPFW radix tables and dummynet

When i log in to captive portal FreeBSD experiences Fatal trap shown below

Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address	= 0x2fc
fault code		= supervisor read data, page not present

instruction pointer	= 0x20:0xffffffff810ada90
stack pointer	        = 0x28:0xfffffe00c23302e0

Fatal trap 12: page fault while in kernel mode
frame pointer	        = 0x28:0xfffffe00c23302e0
cpuid = 6; apic id = 06
fault virtual address	= 0x2fe
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff810ada90
stack pointer	        = 0x28:0xfffffe00c23d52e0
frame pointer	        = 0x28:0xfffffe00c23d52e0
code segment		= base rx0, limit 0xfffff, type 0x1b
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1654 (nginx)

trap number		= 12
panic: page fault
cpuid = 3
time = 1687084663
KDB: stack backtrace:
#0 0xffffffff80c53dc5 at kdb_backtrace+0x65
#1 0xffffffff80c06741 at vpanic+0x151
#2 0xffffffff80c065e3 at panic+0x43
#3 0xffffffff810b1fa7 at trap_fatal+0x387
#4 0xffffffff810b1fff at trap_pfault+0x4f
#5 0xffffffff81088e78 at calltrap+0x8
#6 0xffffffff80c9a99f at m_pullup+0x1af
#7 0xffffffff821b3372 at ipfw_chk+0x1082
#8 0xffffffff821b7f2c at ipfw_check_frame+0x13c
#9 0xffffffff80d429c7 at pfil_run_hooks+0x97
#10 0xffffffff80d239e4 at ether_output_frame+0x94
#11 0xffffffff80d23864 at ether_output+0x684
#12 0xffffffff80dbd736 at ip_output+0x1316
#13 0xffffffff80dd43af at tcp_output+0x1dbf
#14 0xffffffff80de638d at tcp_usr_send+0x17d
#15 0xffffffff80c03f54 at vn_sendfile+0x12a4
#16 0xffffffff80c04e97 at sendfile+0x117
#17 0xffffffff810b289c at amd64_syscall+0x10c
Uptime: 20h5m39s

# ipfw table all list

--- table(test_lan), set(0) ---
--- table(lan_ips_2), set(0) ---
192.168.30.1/32 0
--- table(lan_ips_5), set(0) ---
10.0.100.1/32 0
--- table(test_captiveportal), set(0) ---
em3 2000
em2 5000
--- table(test_auth_up_2), set(0) ---
--- table(test_auth_up_5), set(0) ---
--- table(test_auth_down_2), set(0) ---
--- table(test_auth_down_5), set(0) ---
--- table(test_blocked_mac_2), set(0) ---
--- table(test_blocked_mac_5), set(0) ---
--- table(test_allowedmacup_2), set(0) ---
78:60:4e:e8:ca:f0/48 1004
5c:d1:d7:ec:a4:24/48 1004
38:1e:5b:b4:8b:e0/48 1004
88:90:47:20:ff:52/48 1004
--- table(test_allowedmacup_5), set(0) ---
--- table(test_blocked_mac_all), set(0) ---
--- table(test_allowedmacdown_2), set(0) ---
78:60:4e:e8:ca:f0/48 4
5c:d1:d7:ec:a4:24/48 4
38:1e:5b:b4:8b:e0/48 4
88:90:47:20:ff:52/48 4
--- table(test_allowedmacdown_5), set(0) ---

# kldstat
Id Refs Address                Size Name
 1   69 0xffffffff80200000  1f3e2d0 kernel
 2    4 0xffffffff82140000    47978 ipfw.ko
 3    2 0xffffffff82188000    71770 pf.ko
 4    1 0xffffffff821fa000     f8a0 carp.ko
 5    1 0xffffffff82600000   3c4778 zfs.ko
 6    1 0xffffffff82520000     3250 ichsmb.ko
 7    1 0xffffffff82524000     2180 smbus.ko
 8    1 0xffffffff82527000    12520 dummynet.ko
 9    1 0xffffffff8253a000     42a0 ipfw_nat.ko
10    1 0xffffffff8253f000     c852 libalias.ko
11    1 0xffffffff8254c000     2240 pflog.ko
12    1 0xffffffff8254f000     2224 speaker.ko
14    1 0xffffffff8255a000     2548 if_enc.ko
16    1 0xffffffff8258c000     52c0 ng_pppoe.ko
17    8 0xffffffff82592000     aac8 netgraph.ko
18    1 0xffffffff8259d000     39c0 ng_socket.ko
19    1 0xffffffff825a1000     43c4 ng_mppc.ko
20    1 0xffffffff825a6000     20b0 rc4.ko
21    1 0xffffffff825a9000     2398 ng_iface.ko
22    1 0xffffffff825ac000     61e8 ng_ppp.ko
23    1 0xffffffff825b3000     2138 ng_tee.ko
24    1 0xffffffff825b6000     31c8 ng_ether.ko
25    1 0xffffffff825ba000     3468 ipdivert.ko
26    1 0xffffffff825be000     2138 ng_tcpmss.ko

em0@pci0:2:0:0:	class=0x020000 rev=0x00 hdr=0x00 vendor=0x8086 device=0x10d3 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = '82574L Gigabit Network Connection'
    class      = network
    subclass   = ethernet

Comment 2 Andrey V. Elsukov freebsd_committer

2023-06-19 09:13:12 UTC

Hi, 

Can you try to set:
 sysctl kern.ipc.mb_use_ext_pgs=0

Comment 3 Alfa 2023-06-20 07:01:25 UTC

(In reply to Andrey V. Elsukov from comment #2)
Yes, Thank you. I applied your sysctl tunable and captive portal worked as expected since 18 hours.
may i know is that a final solution? and can it cause an another problem?

Comment 4 Andrey V. Elsukov freebsd_committer

2023-06-20 09:29:30 UTC

(In reply to Alfa from comment #3)

This is temporary workaround, it is not yet fixed.