Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KikoLlanos
Contributor
Jump to solution

1430 random crash with SecureXL enabled

Hello, good evening.

I have been detecting random appliance crashes for some time. If I disable securexl acceleration (fwaccel off command) the appliance is completely stable, but with securexl, it randomly crashes.

<1>[ 3771.640614] Unable to handle kernel NULL pointer dereference at virtual address 00000004

<1>[ 3771.648687] pgd = 80003000

<4>[ 94.038442] ######## wdt sysfs stop cmd

<1>[ 3771.651387] [00000004] *pgd=80000000004003, *pmd=00000000

<0>[ 3771.655305] Internal error: Oops: 207 [#1] SMP ARM

I have version R77.20.87 (990173083)

I hope you can help me.... I would be sad to have to change this appliance on my homelab 😞 Attached the last panic. Thank you and best regards

42 Replies
KikoLlanos
Contributor

Hi Andy,

It's random. From a few minutes to hours or days.

I will let you know when this crash.

Thank you all for your time and support with this strange case.

 

Best regards.

KikoLlanos
Contributor

First crash with a fresh install 🙂

As i said, this is a problem from kernel (simmod module, from SecureXL)

<1>[ 2573.276683] Unable to handle kernel paging request at virtual address ee28d9e3
<1>[ 2573.283887] pgd = b01abd00
<1>[ 2573.286586] [ee28d9e3] *pgd=80000000007003, *pmd=00000000
<0>[ 2573.291996] Internal error: Oops: 206 [#1] SMP ARM
<4>[ 2573.296773] Modules linked in: cdc_acm aircable belkin_sa zte_ev omninet sierra qcserial option pl2303 rndis_host cdc_eem qmi_wwan sierra_net huawei_cdc_ncm cdc_mbim cdc_ether cdc_ncm usb_wwan usbnet usb_debug fResetmod etm_0(P) vpntmod(P) vpn_0(P) fw_0(P) simmod(P) umimod(P) marvellmod(P)
<4>[ 2573.322680] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P 3.10.20-al-5.0-pr2 #1
<4>[ 2573.330576] task: 80ceb340 ti: 80cdc000 task.ti: 80cdc000
<4>[ 2573.335995] PC is at do_outbound.isra.25+0x698/0xb84 [simmod]
<4>[ 2573.341754] LR is at handle_outbound_packet+0x3d0/0x13f4 [simmod]
<4>[ 2573.347832] pc : [<700e9034>] lr : [<700f0a90>] psr: a0000113

 

G_W_Albrecht
Legend Legend
Legend

So disable it: https://community.checkpoint.com/t5/SMB-Gateways-Spark/SecureXL-amp-CoreXL-on-SMB-devices/m-p/39531?...

...repeating myself...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
KikoLlanos
Contributor

I can disable SecureXL yes, but performance drop from 600 Mbps to 250.

I dont want this hehe

HristoGrigorov

Yes, it is definitely a problem in SecureXL module but it is caused by something very specific in your configuration. Otherwise it will be a common issue and already fixed by CheckPoint. Code base is mature enough and considered stable. What I would do from here is to install latest JHF from USB and begin re-configuring device from scratch until the point it starts crashing again. 

KikoLlanos
Contributor

I think the problem comes from the Bittorrent port connections, because this is the message:

<4>[ 2427.924643] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2427.929333] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2440.847393] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2445.025986] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,79.156.252.229,6881,17> already freed
<4>[ 2573.276441] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed
<4>[ 2573.276649] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed
<4>[ 2573.276671] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,90.77.223.230,28545,17> already freed

6881 is bittorrent protocol port.

But i dont have rules with this port. This is one of multiple open ports on the dmz equipment (my hp ml310e g8).

PhoneBoy
Admin
Admin

Do those come up right before it crashes?
If so, you might try: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
This can be used to SecureXL for the specific port in question (versus disabling entirely).

KikoLlanos
Contributor

Hi PhoneBoy,

Yes. I will try your solution. Thanks you!

PhoneBoy
Admin
Admin

You might also try running the following in expert mode:

ifconfig -a | grep Ethernet | awk '{print $1}' | xargs -i ethtool -X {} equal 1

This may be a workaround for what appears to be a known bug.
Note that it doesn't survive a reboot.

G_W_Albrecht
Legend Legend
Legend

On my 14x0 this gives:

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

Cannot get RX flow hash indirection table size: Operation not supported

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
KikoLlanos
Contributor

Same!

ifconfig -a | grep Ethernet | awk '{print $1}' | xargs -i ethtool -X {} equal 1
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported
Cannot get RX flow hash indirection table size: Operation not supported

KikoLlanos
Contributor

Hi PhoneBoy,

For now, with your SK, the appliance doesnt crash, but the message still appears

[188776.926942] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188776.927288] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188776.927318] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[188786.927082] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,5.39.226.225,55644,17> already freed
[189401.940555] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed
[189401.940851] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed
[189401.940878] [SIM4];SIM: sim_db_get_conn: Error !!! connection <192.168.202.4,6881,84.108.249.227,16969,17> already freed

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events