Project

General

Profile

Actions

Bug #13938

closed

Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs

Added by Jim Pingle over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
FreeBSD
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

Under certain conditions which have not yet been identified, it is possible to encounter a kernel kernel panic on FreeBSD main/14.0-CURRENT builds (e.g. Plus 23.01) when attempting to access the GUI over an IPsec tunnel. Thus far we have only received a small number of reports (2) and we have not been able to reproduce the panic in lab conditions.

A community member tracked it down to the use of sendfile in nginx when used in combination with unmapped mbufs (kern.ipc.mb_use_ext_pgs=1) both of which are enabled by default.

Users encountering this crash can take either one of two actions:

1. Disable unmapped mbufs by adding a tunable to set kern.ipc.mb_use_ext_pgs=0
OR
2. Disable sendfile in nginx as described in https://forum.netgate.com/post/1084590

Full details on the forum thread, including backtraces and textdump archives:

https://forum.netgate.com/topic/176974/web-gui-crashes-after-upgrade-from-22-05-to-23-01

Actions

Also available in: Atom PDF