USG310 reboots when "Enable HTTPS Domain Filter for HTTPS traffic" is enabled

spallared

Hello, i've a Zyxell USG310 that as soon as i enable the "HTTPS Domain Filter for HTTPS traffic" checkbox reboots in few seconds and every few minutes.
I've enabled antivirus, content filter and app patrol but NO SSL Inspection...

Any idea on how to resolve this issue? Without the ability to filter HTTPS traffic my ZYXELL is almost useless...

Thank you in advance
Luca

This is the log i have on the console:
**********************************************The last disk log: Last disk log index: 10Reason: <Continue> Fatal Error Cause System RebootLog length: 16484/32728Log time: 2018-04-10 10:39:41**********************************************Log Content:n
>Cannot find 'zld_in_dev' for the event: 16<7>zld_pneigh_lookup [99]: doll: proxy entry = 80000000c8087b00, refcnt = 1[..]<3>Cannot find 'zld_in_dev' for the event: 16<7>zld_pneigh_lookup [99]: doll: proxy entry = 80000000c801be00, refcnt = 1<7>zld_pneigh_delete [127]: doll: proxy entry = 80000000c801be00, refcnt = 0<3>Cannot find 'zld_in_dev' for the event: 16<7>zld_pneigh_lookup [99]: doll: proxy entry = 80000000cd2bb1c0, refcnt = 1<1>CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, epc == 0000000000000000, ra == ffffffffc01fcb10<4>Oops[#1]:<4>CPU: 2 PID: 6290 Comm: contfltd Tainted: P        WC O 3.10.20-rt14-Cavium-Octeon #2<4>task: 800000010ecee040 ti: 80000000db52c000 task.ti: 80000000db52c000<4>$ 0   : 0000000000000000 0000000010109ce1 80000000d8ed0eb0 80000000d8ed0eb0<4>$ 4   : 80000000cc192080 ffffffff8070a040 0000000000000002 0000000000000003<4>$ 8   : 0000000000000000 80000000d8ed0000 ffffffff804c98a0 0000000000000000<4>$12   : 0000000000000000 ffffffff80322f9c 0000000000000000 80000000d0c8a060<4>$16   : 0000000000000004 0000000000000002 80000000c6966068 80000000db52fce0<4>$20   : 80000000d363a154 0000000000000000 80000000cc192080 0000000000000000<4>$24   : 80000000d0c8a074 0000000000000000                                  <4>$28   : 80000000db52c000 80000000db52fad0 80000000cd0ce500 ffffffffc01fcb10<4>Hi    : 00000000000053e6<4>Lo    : 000000000000008f<4>epc   : 0000000000000000            (nil)<4>    Tainted: P        WC O<4>ra    : ffffffffc01fcb10 __zy_send_tcp_no_data+0xef8/0x16e0 [zy_reset]<4>Status: 10109ce3KX SX UX KERNEL EXL IE <4>Cause : 00800008<4>BadVA : 0000000000000000<4>PrId  : 000d9202 (Cavium Octeon II)<4>Modules linked in: fastpath_prearray(PO) adt7463(O) option cdc_acm huawei_cdc_ncm cdc_mbim qmi_wwan cdc_wdm cdc_ncm rndis_host cdc_ether sierra usb_wwan usbserial cls_user(O) kbwm(PO) bonding kuser_info(PO) zy_mss(O) xt_zy_TCPMSS(O) zld_wdt(O) zld_conn_sync(O) nf_nat_sip(O) nf_conntrack_sip(O) conntrack_flush(O) as_kmodule(O) qsearch_bm(O) qsearch_skeleton(O) qsearch(O) zld_vti(PO) zld_ioctl(PO) zld_ftps_alg_helper(O) nf_nat_ftp(O) nf_conntrack_ftp(O) conn_check(O) quicksec(PO) ilb_llf(PO) ilb_wrr(PO) ilb_dns(O) broadweb_turnkey(PO) ADP(PO) IDP(PO) zld_av_module_wbl(PO) broadweb_turnkey_debug(PO) antivirus_statistics(PO) app_statistics(PO) idp_statistics(PO) xt_dns(O) xt_ZYRELOGIN(O) arpt_proxy(O) xt_zydns_passthrough(O) iptable_zynac(PO) iptable_nat_over_ipsec(O) vpn_concentrator6(O) vpn_concentrator(O) ip6table_vpnid(O) iptable_vpnid(O) xt_TUNNELID(O) xt_tunnelid(O) xt_zysession_limit(O) xt_zysession_login(O) ta_block(O) xt_zyzone(PO) ip6table_zyfilter6(O) iptable_zyfilter(O) xt_ZYDROP(O) xt_ZYACCEPT(O) xt_ZYFIRE(O) xt_SECURE_POLICY(O) configfs_utm(PO) configfs(PO) xt_zyislocal(O) xt_asymmetrical_route(O) xt_zyfromlocal(O) policy_reset(O) routing_alive(PO) doll_netdev(PO) klink_updown(O) cfilter_kmodule(O) zld_sslinsp(PO) cryptosoft(O) zld_utm_manager(PO) zld_memory_limiter(PO) zypktorder(PO) zyinetpkt(O) zld_arp_seal(PO) zld_arp(PO) ipmacbinding(PO) xt_zysso_nonhttptarget(PO) xt_zysso_httptarget(PO) xt_ZYSSO(PO) zy_reset(O) hook_zyfrag_ipv6(O) hook_zydefrag_ipv6(O) ip6table_zymark(O) iptable_zymark(O) xt_MARKBWM(O) usb_reset(O) hook_zyping(O) iptable_zyssu(O) xt_zyvpnid_check(PO) xt_zysession_status_update(PO) xt_zydev(PO) xt_BUILTIN_SERVICE(O) zld_forward_hook(O) zld_route_multipath(PO) ipt_ZYDNAT(O) ipt_ZYNETMAP(O) ipt_ZYNOLSNAT(O) xt_nat_loopback(O) xt_set(O) ip_set_zyport(O) ip_set_zyip(O) ip_set_list_set(O) ip_set_hash_netportnet(O) ip_set_hash_netport(O) ip_set_hash_netnet(O) ip_set_hash_netiface(O) ip_set_hash_net(O) ip_set_hash_ipportnet(O) ip_set_hash_ipportip(O) ip_set_hash_ipport(O) ip_set_hash_ipmark(O) ip_set_hash_ip(O) ip_set_bitmap_port(O) ip_set_bitmap_ipmac(O) ip_set_bitmap_ip(O) ip_set(O) xt_geoip(O) sslvpn(O) zld_devinet(O) nf_traffic_detect(O) nf_report(O) xt_traffic_flow(O) fastpath_kmodule(PO) zld_pkt_manager(PO) zyiface_lib_module(O) zy_bridge_iface(PO) cryptocteon(PO) zld_disklog(O) zld_conntrack_data(O) zyklog_kmodule(PO) zld_mrd(PO) sw_cn60xx(PO) switchdev_char(PO) switchdev(PO) platform_support(PO)<4>Process contfltd (pid: 6290, threadinfo=80000000db52c000, task=800000010ecee040, tls=0000000075706920)<4>Stack : 0000000000000001 800000010f6f2b20 800000010ecee090 800000010ecee040<4>  800000010f6f2b20 ffffffff801ac424 80000000088a7500 800000010f6f2ad0<4>  0000000000000002 0000000000000000 80000000088a7500 0000000000000000<4>  ffffffff807083d8 ffffffff801a5b94 0000000000000001 0000000000000225<4>  80000000d8ed0eb0 80000000d2d20980 80000000d0c8a060 80000000d0c8a074<4>  0000000000000002 ffffffffd435a3ea 000000000a887d49 80000000d363a146<4>  80000000d8fdad00 0000000000000000 80000000cd0ce500 0000000000000002<4>  0000000000000000 0000000000000002 80000000d2433f20 ffffffff8021cde0<4>  000000001002ddb0 80000000cb578e00 ffffffff8010e240 ffffffffc01fd3f4<4>  800000010e2bbe80 ffffffff802d31c0 00000001100005e0 800000010eb9a380<4>  ...<4>Call Trace:<4>[<ffffffff801ac424>] check_preempt_wakeup+0x1bc/0x2b0<4>[<ffffffff801a5b94>] check_preempt_curr+0x94/0xa8<4>[<ffffffff8021cde0>] kfree+0x0/0x138<4>[<ffffffff8010e240>] memcpy+0x0/0x4<4>[<ffffffffc01fd3f4>] zy_send_tcp_reset+0x94/0x1e0 [zy_reset]<4>[<ffffffff802d31c0>] SyS_semtimedop+0x270/0xad8<4>[<ffffffff8023ccd0>] file_update_time+0xa8/0x108<4>[<ffffffff8022b0e0>] pipe_write+0x418/0x538<4>[<ffffffff80221a20>] do_sync_write+0x78/0xd8<4>[<ffffffff8032b034>] __list_add+0x24/0x58<4>[<ffffffffc01fd360>] zy_send_tcp_reset+0x0/0x1e0 [zy_reset]<4>[<ffffffff8021cde0>] kfree+0x0/0x138<4>[<ffffffff8010e240>] memcpy+0x0/0x4<4>[<ffffffffc0297ef8>] cf_hdf_pktQ_write+0x4d8/0x5b0 [cfilter_kmodule]<4>[<ffffffffc0296138>] cf_entry_release_refs+0x0/0x128 [cfilter_kmodule]<4>[<ffffffff80222768>] vfs_write+0xb8/0x1d8<4>[<ffffffff80222c4c>] SyS_write+0x54/0xb8<4>[<ffffffff80163364>] handle_sysn32+0x44/0x70<4><4>[sched_delayed] sched: RT throttling activated<4><4>Code: (Bad address in epc)<4><4>---[ end trace 083507af6d731520 ]---<0>Fatal exception: panic in 5 seconds<0>Kernel panic - not syncing: Fatal exception<4>panic_notify_sys Log Date: 1523349581<4>[sched_delayed] process 2109 (pro) no longer affine to cpu1<4>[sched_delayed] process 2104 (pro) no longer affine to cpu1<4>[sched_delayed] process 2106 (pro) no longer affine to cpu3<4>[sched_delayed] process 2107 (pro) no longer affine to cpu4<4>[sched_delayed] process 2113 (pro) no longer affine to cpu5<3>Firmware Version:   4.25(AAPJ.1)|2017-07-13 11:08:08<3>Kernel Info Collector: detect system crashed, store information in disk.<4>Mem-Info:<4>DMA32 per-cpu:<4>CPU    2: hi:  186, btch:  31 usd:  41<4>Normal per-cpu:<4>CPU    2: hi:  186, btch:  31 usd: 167<4>active_anon:26095 inactive_anon:4299 isolated_anon:0<4> active_file:13778 inactive_file:24022 isolated_file:0<4> unevictable:0 dirty:5 writeback:0 unstable:0<4> free:752355 slab_reclaimable:3755 slab_unreclaimable:85437<4> mapped:9065 shmem:6044 pagetables:877 bounce:0<4> free_cma:0<4>DMA32 free:3008144kB min:7004kB low:8752kB high:10504kB active_anon:88248kB inactive_anon:10160kB active_file:26024kB inactive_file:59276kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3660412kB managed:3519644kB mlocked:0kB dirty:4kB writeback:0kB mapped:24128kB shmem:11624kB slab_reclaimable:8220kB slab_unreclaimable:206440kB kernel_stack:3008kB pagetables:2748kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no<4>lowmem_reserve[]: 0 503 503<4>Normal free:1276kB min:1024kB low:1280kB high:1536kB active_anon:16132kB inactive_anon:7036kB active_file:29088kB inactive_file:36812kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:516088kB managed:516088kB mlocked:0kB dirty:16kB writeback:0kB mapped:12132kB shmem:12552kB slab_reclaimable:6800kB slab_unreclaimable:135308kB kernel_stack:2784kB pagetables:760kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no<4>lowmem_reserve[]: 0 0 0<4>DMA32: 1118*4kB (UEM) 703*8kB (UM) 938*16kB (UEM) 520*32kB (UEM) 396*64kB (UEM) 449*128kB (UEM) 160*256kB (UEM) 30*512kB (UEM) 9*1024kB (UEM) 4*2048kB (UM) 686*4096kB (UMR) = 3008144kB<4>Normal: 95*4kB (UER) 4*8kB (R) 2*16kB (R) 2*32kB (R) 2*64kB (R) 1*128kB (R) 0*256kB 1*512kB (R) 0*1024kB 0*2048kB 0*4096kB = 1276kB<4>43844 total pagecache pages<4>0 pages in swap cache<4>Swap cache stats: add 0, delete 0, find 0/0<4>Free swap  = 0kB<4>Total swap = 0kB<4>1046271 pages RAM<4>49097 pages reserved<4>51520 pages shared<4>191526 pages non-shared

Zyxel_Cooldia

Hi @spallared,
It seems it can easily reproduce the crash issue by your configuration file as soon as you enable "HTTPS Domain Filter for HTTPS traffic".
Please send me your configuration via private message, i will apply your configuration file on local lab for testing and give you update.

spallared

Zyxel_Cooldia said:

Hi @spallared,
It seems it can easily reproduce the crash issue by your configuration file as soon as you enable "HTTPS Domain Filter for HTTPS traffic".
Please send me your configuration via private message, i will apply your configuration file on local lab for testing and give you update.

Hi @Zyxel_Cooldia, thanks for your reply. I'll do that right now...

Luca