- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: 1430 random crash with SecureXL enabled
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1430 random crash with SecureXL enabled
Hello, good evening.
I have been detecting random appliance crashes for some time. If I disable securexl acceleration (fwaccel off command) the appliance is completely stable, but with securexl, it randomly crashes.
<1>[ 3771.640614] Unable to handle kernel NULL pointer dereference at virtual address 00000004
<1>[ 3771.648687] pgd = 80003000
<4>[ 94.038442] ######## wdt sysfs stop cmd
<1>[ 3771.651387] [00000004] *pgd=80000000004003, *pmd=00000000
<0>[ 3771.655305] Internal error: Oops: 207 [#1] SMP ARM
I have version R77.20.87 (990173083)
I hope you can help me.... I would be sad to have to change this appliance on my homelab 😞 Attached the last panic. Thank you and best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andy,
It's random. From a few minutes to hours or days.
I will let you know when this crash.
Thank you all for your time and support with this strange case.
Best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First crash with a fresh install 🙂
As i said, this is a problem from kernel (simmod module, from SecureXL)
<1>[ 2573.276683] Unable to handle kernel paging request at virtual address ee28d9e3
<1>[ 2573.283887] pgd = b01abd00
<1>[ 2573.286586] [ee28d9e3] *pgd=80000000007003, *pmd=00000000
<0>[ 2573.291996] Internal error: Oops: 206 [#1] SMP ARM
<4>[ 2573.296773] Modules linked in: cdc_acm aircable belkin_sa zte_ev omninet sierra qcserial option pl2303 rndis_host cdc_eem qmi_wwan sierra_net huawei_cdc_ncm cdc_mbim cdc_ether cdc_ncm usb_wwan usbnet usb_debug fResetmod etm_0(P) vpntmod(P) vpn_0(P) fw_0(P) simmod(P) umimod(P) marvellmod(P)
<4>[ 2573.322680] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P 3.10.20-al-5.0-pr2 #1
<4>[ 2573.330576] task: 80ceb340 ti: 80cdc000 task.ti: 80cdc000
<4>[ 2573.335995] PC is at do_outbound.isra.25+0x698/0xb84 [simmod]
<4>[ 2573.341754] LR is at handle_outbound_packet+0x3d0/0x13f4 [simmod]
<4>[ 2573.347832] pc : [<700e9034>] lr : [<700f0a90>] psr: a0000113
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So disable it: https://community.checkpoint.com/t5/SMB-Gateways-Spark/SecureXL-amp-CoreXL-on-SMB-devices/m-p/39531?...
...repeating myself...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can disable SecureXL yes, but performance drop from 600 Mbps to 250.
I dont want this hehe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it is definitely a problem in SecureXL module but it is caused by something very specific in your configuration. Otherwise it will be a common issue and already fixed by CheckPoint. Code base is mature enough and considered stable. What I would do from here is to install latest JHF from USB and begin re-configuring device from scratch until the point it starts crashing again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the problem comes from the Bittorrent port connections, because this is the message:
<4>[ 2427.924643] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2427.929333] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2440.847393] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2445.025986] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2573.276441] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed
<4>[ 2573.276649] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed
<4>[ 2573.276671] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed
6881 is bittorrent protocol port.
But i dont have rules with this port. This is one of multiple open ports on the dmz equipment (my hp ml310e g8).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do those come up right before it crashes?
If so, you might try: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
This can be used to SecureXL for the specific port in question (versus disabling entirely).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy,
Yes. I will try your solution. Thanks you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might also try running the following in expert mode:
ifconfig -a | grep Ethernet | awk '{print $1}' | xargs -i ethtool -X {} equal 1
This may be a workaround for what appears to be a known bug.
Note that it doesn't survive a reboot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On my 14x0 this gives:
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same!
ifconfig -a | grep Ethernet | awk '{print $1}' | xargs -i ethtool -X {} equal 1
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy,
For now, with your SK, the appliance doesnt crash, but the message still appears
[188776.926942] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188776.927288] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188776.927318] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188786.927082] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[189401.940555] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed
[189401.940851] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed
[189401.940878] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- « Previous
-
- 1
- 2
- Next »