[Bug 272073] Kernel Panic in IPFW when using Radix Tables for Captive portal

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 272073] Kernal Panic in IPFW when using Captive portal"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 19 Jun 2023 03:59:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073

Alfa <burak.sn@outlook.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Hardware|Any                         |amd64
            Summary|Kernal Panic in IPFW when   |Kernel Panic in IPFW when
                   |using Captive portal        |using Radix Tables for
                   |                            |Captive portal
           Keywords|                            |IntelNetworking, crash
                 CC|                            |ae@FreeBSD.org,
                   |                            |burak.sn@outlook.com,
                   |                            |kp@freebsd.org

--- Comment #1 from Alfa <burak.sn@outlook.com> ---
Hi i implemented a sample captive portal on FreeBSD 13.2-RELEASE
releng/13.2-n254617-525ecfdad597 GENERIC amd64 and i used IPFW radix tables and
dummynet

When i log in to captive portal FreeBSD experiences Fatal trap shown below

Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x2fc
fault code              = supervisor read data, page not present

instruction pointer     = 0x20:0xffffffff810ada90
stack pointer           = 0x28:0xfffffe00c23302e0

Fatal trap 12: page fault while in kernel mode
frame pointer           = 0x28:0xfffffe00c23302e0
cpuid = 6; apic id = 06
fault virtual address   = 0x2fe
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff810ada90
stack pointer           = 0x28:0xfffffe00c23d52e0
frame pointer           = 0x28:0xfffffe00c23d52e0
code segment            = base 0x0, limit 0xfffff, type 0x1b
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1654 (nginx)

trap number             = 12
panic: page fault
cpuid = 3
time = 1687084663
KDB: stack backtrace:
#0 0xffffffff80c53dc5 at kdb_backtrace+0x65
#1 0xffffffff80c06741 at vpanic+0x151
#2 0xffffffff80c065e3 at panic+0x43
#3 0xffffffff810b1fa7 at trap_fatal+0x387
#4 0xffffffff810b1fff at trap_pfault+0x4f
#5 0xffffffff81088e78 at calltrap+0x8
#6 0xffffffff80c9a99f at m_pullup+0x1af
#7 0xffffffff821b3372 at ipfw_chk+0x1082
#8 0xffffffff821b7f2c at ipfw_check_frame+0x13c
#9 0xffffffff80d429c7 at pfil_run_hooks+0x97
#10 0xffffffff80d239e4 at ether_output_frame+0x94
#11 0xffffffff80d23864 at ether_output+0x684
#12 0xffffffff80dbd736 at ip_output+0x1316
#13 0xffffffff80dd43af at tcp_output+0x1dbf
#14 0xffffffff80de638d at tcp_usr_send+0x17d
#15 0xffffffff80c03f54 at vn_sendfile+0x12a4
#16 0xffffffff80c04e97 at sendfile+0x117
#17 0xffffffff810b289c at amd64_syscall+0x10c
Uptime: 20h5m39s

# ipfw table all list

--- table(test_lan), set(0) ---
--- table(lan_ips_2), set(0) ---
192.168.30.1/32 0
--- table(lan_ips_5), set(0) ---
10.0.100.1/32 0
--- table(test_captiveportal), set(0) ---
em3 2000
em2 5000
--- table(test_auth_up_2), set(0) ---
--- table(test_auth_up_5), set(0) ---
--- table(test_auth_down_2), set(0) ---
--- table(test_auth_down_5), set(0) ---
--- table(test_blocked_mac_2), set(0) ---
--- table(test_blocked_mac_5), set(0) ---
--- table(test_allowedmacup_2), set(0) ---
78:60:4e:e8:ca:f0/48 1004
5c:d1:d7:ec:a4:24/48 1004
38:1e:5b:b4:8b:e0/48 1004
88:90:47:20:ff:52/48 1004
--- table(test_allowedmacup_5), set(0) ---
--- table(test_blocked_mac_all), set(0) ---
--- table(test_allowedmacdown_2), set(0) ---
78:60:4e:e8:ca:f0/48 4
5c:d1:d7:ec:a4:24/48 4
38:1e:5b:b4:8b:e0/48 4
88:90:47:20:ff:52/48 4
--- table(test_allowedmacdown_5), set(0) ---

# kldstat
Id Refs Address                Size Name
 1   69 0xffffffff80200000  1f3e2d0 kernel
 2    4 0xffffffff82140000    47978 ipfw.ko
 3    2 0xffffffff82188000    71770 pf.ko
 4    1 0xffffffff821fa000     f8a0 carp.ko
 5    1 0xffffffff82600000   3c4778 zfs.ko
 6    1 0xffffffff82520000     3250 ichsmb.ko
 7    1 0xffffffff82524000     2180 smbus.ko
 8    1 0xffffffff82527000    12520 dummynet.ko
 9    1 0xffffffff8253a000     42a0 ipfw_nat.ko
10    1 0xffffffff8253f000     c852 libalias.ko
11    1 0xffffffff8254c000     2240 pflog.ko
12    1 0xffffffff8254f000     2224 speaker.ko
14    1 0xffffffff8255a000     2548 if_enc.ko
16    1 0xffffffff8258c000     52c0 ng_pppoe.ko
17    8 0xffffffff82592000     aac8 netgraph.ko
18    1 0xffffffff8259d000     39c0 ng_socket.ko
19    1 0xffffffff825a1000     43c4 ng_mppc.ko
20    1 0xffffffff825a6000     20b0 rc4.ko
21    1 0xffffffff825a9000     2398 ng_iface.ko
22    1 0xffffffff825ac000     61e8 ng_ppp.ko
23    1 0xffffffff825b3000     2138 ng_tee.ko
24    1 0xffffffff825b6000     31c8 ng_ether.ko
25    1 0xffffffff825ba000     3468 ipdivert.ko
26    1 0xffffffff825be000     2138 ng_tcpmss.ko

em0@pci0:2:0:0: class=0x020000 rev=0x00 hdr=0x00 vendor=0x8086 device=0x10d3
subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = '82574L Gigabit Network Connection'
    class      = network
    subclass   = ethernet

-- 
You are receiving this mail because:
You are the assignee for the bug.