There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy

stephenw10 · Mar 27, 2024, 2:40 PM

Just to be clear when this happens it just logs that and continues? It doesn't require manual intervention?

a.dresner · Mar 27, 2024, 9:27 PM

@stephenw10 It's crashed and I had to hire someone to go onsite and manually power cycle it

stephenw10 · Mar 27, 2024, 9:41 PM

I assume not every time that error is shown though?

a.dresner · Mar 27, 2024, 9:44 PM

@stephenw10 No, just 2x

stephenw10 · Mar 27, 2024, 10:10 PM

Hmm, OK. 2x too many!

Do you know if it remains responsive at the console when that happens?

a.dresner · Mar 27, 2024, 10:14 PM

@stephenw10 I wish I could say, but its a remote location and has only acted this way when I'm not on site... last time was 24 hours after I left...frustrating

stephenw10 · Mar 27, 2024, 10:20 PM

Are you able to upload a status file to us to review?

a.dresner · Mar 27, 2024, 10:23 PM

@stephenw10 of course, pls tell me what to do =)

stephenw10 · Mar 27, 2024, 10:35 PM

Great, you can pull the status_output file from the GUI. See:
https://docs.netgate.com/pfsense/en/latest/recipes/diagnostic-data.html#view-and-download-diagnostic-data-in-the-gui

Then upload it here:
https://nc.netgate.com/nextcloud/s/YfciQktBin7fLEM

a.dresner · Mar 27, 2024, 10:49 PM

@stephenw10 All done sir

stephenw10 · Mar 27, 2024, 10:50 PM

Great I see that. Checking....

stephenw10 · Mar 27, 2024, 11:45 PM

Mmm, OK nothing obvious there. I'm going to consult developers on this.

stephenw10 · Apr 1, 2024, 3:40 PM

Ok, the likely cause here is a race condition between filter reloads triggered close to simultaneously.

That obviously shouldn't happen but you can probably mitigate it by tuning your gateway parameters for the WG_VPN_HQ gateway. Currently that is continually throwing alarms and reloading the filter every time it does. I suspect when you see this error it ends up thowing several alarms and queing up reloads.

I would try either setting the monitoring values to far higher numbers, say 50% and 500ms, or disabling monitoring action on the gateway. If that prevents or reduces the errors you're seeing that would prove the theory.

Steve

a.dresner · Apr 2, 2024, 4:56 AM

@stephenw10 From a troubleshooting standpoint, it makes sense since these overseas vpn can have spotty connection from time to time. I already made those adjustments... waiting to see what happened :D Thanks @stephenw10 much appreciated!

wblanton · Apr 28, 2024, 11:29 AM

I’m also seeing this message pop up a lot recently on one of my 23.09.1 firewalls. I’m counting 8 messages between 4/15 to today (4/28).

It’s always an alert saying:

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:

Followed by another alert saying:

PF was wedged/busy and has been reset.

stephenw10 · Apr 28, 2024, 2:23 PM

Same question as the OP here. Anything logged? Any 'exotic' rules? Anything else unusual?

mangelot · Aug 26, 2024, 5:51 PM

Same issue here, almost every day (some times twice a day)

06:30:00 PF was wedged/busy and has been reset.
06:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:

system general log
Aug 26 06:30:00 php-cgi 51879 rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
Aug 26 06:30:00 php-cgi 51879 rc.filter_configure_sync: New alert found: PF was wedged/busy and has been reset.
Aug 26 06:28:00 sshguard 54936 Now monitoring attacks.
Aug 26 06:28:00 sshguard 55063 Exiting on signal.

stephenw10 · Aug 26, 2024, 7:46 PM

Is there anything else logged? An alert shown in the system?

Can you replicate it by running Status > Filter Reload?

mangelot · Aug 28, 2024, 12:26 PM

Only the warning in GUI and by email (twice a day)

yesterday
16:15:00 PF was wedged/busy and has been reset.
16:15:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
19:00:00 PF was wedged/busy and has been reset.
19:00:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:

monday:
06:30:00 PF was wedged/busy and has been reset.
06:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:
01:30:00 PF was wedged/busy and has been reset.
01:30:00 There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]:

Q: Can you replicate it by running Status > Filter Reload?
A: Cannot replicate the error, no issues when running filter reload, all rules are loaded normally

I can provide the status_output file from the GUI

a.dresner · Aug 28, 2024, 12:34 PM

Happened for me again 3x, on a different pfsense box..

pf_busy

PF was wedged/busy and has been reset. @ 2024-08-08 16:20:11
PF was wedged/busy and has been reset. @ 2024-08-13 06:44:50
PF was wedged/busy and has been reset. @ 2024-08-21 14:50:18
Filter Reload

There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-08 16:20:12
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-13 06:44:51
There were error(s) loading the rules: pfctl: DIOCADDRULENV: Device busy - The line in question reads [0]: @ 2024-08-21 14:50:19