Pfsense crashing randomly pfsnese plus 24.03
-
@ssjucrono you may want to check the Redmine issue for a workaround (https://redmine.pfsense.org/issues/15684#note-14)
-
Yup let us know if disabling
net.inet.tcp.sack.enableworks to prevent it.For reference that looks like:
-
T toni8 referenced this topic on
-
@stephenw10 Thank you for the update. I don't have net.inet.tcp.sack.enable in my system tunables? should I add it? or just leave it as is?
-
Yes you will need to add that. It's not a default tunable.
-
@stephenw10 I have not seen this crash in awhile. I will set this though.
Maybe it was caused by my Unraid Docker Containers being backed up each night. So they are all stopped and then started within about 12minutes. I do get a flapping warning from arpwatch each night when this occurs. Perhaps that was the cause of the initial crash?
-
I doubt it. But it's unclear what actually triggers it since most users never hit it.
-
@stephenw10 said in Pfsense crashing randomly pfsnese plus 24.03:
Yup let us know if disabling
net.inet.tcp.sack.enableworks to prevent it.For reference that looks like:
It works. I had random crashes, but once I added "net.inet.tcp.sack.enable=0", I haven't experienced any crashes.
-
Great. That should be patched in the next release.
-
I wonder if this is what hit me the other day.
Will post the dumps to see if they are of any use.
Will upgrading to 24.11 fix this? I normally just update the system patches (currently 2.2.11_17)
Thanks
Rob
info.0 -
Upgrading to latest version always recommended.
or you can try adding this entry in System Tunnable : "net.inet.tcp.sack.enable=0"
I am running 24.11 - Pretty solid
-
@enthu19 well 24.03 was until it wasn’t. 6 months ish uptime from memory and then I suspect the ISP changed my WAN IP (PPPOE) and I got a page fault. Thought updating the system packages was an alternative to doing a full upgrade.
Was this system tunable added to 24.11 otherwise I don’t see how upgrading will help with my problem. -
@hulleyrob
no, I added System Tunnable entry in 24.03, -
@hulleyrob The sysctl above avoids a bug with selective ACK that's been fixed in 24.11.
However, the backtrace in your dump does not match that problem. In fact, it doesn't match any known problem. Or has any useful hints about what the problem could be.
Does this problem happen regularly? Is it always the same backtrace?In any event, upgrading to the latest version is always a good idea.
-
@kprovost nope can’t remember the last time I had a crash I think none since I got the 6100.
I’ve preferred the system update route since it was added to avoid the downtime of a full system update. I thought they would leave the system in the same state code wise and only upgraded to 24.03 for something but can’t remember what it was maybe a WireGuard update?
I did hold of on 24.11 on purpose due to the high cpu usage reports initially.
-
@hulleyrob said in Pfsense crashing randomly pfsnese plus 24.03:
I thought they would leave the system in the same state code wise
That's not the case. Updates to a new version really do need a reboot. It's the only way you're going to run the new kernel.
-
@kprovost I didn’t see anything in the release notes about a kernel upgrade which is why I thought the update to system packages would leave my system in the same state.
-
The kernel is almost always rebuilt, even between development snapshots. It's certainly different between 24.03 and 24.11.
But that's not the only reason you should use the full upgrade. There are a number of other things that are run by doing that. ZFS BE snapshot, config upgrade etc.
If you're running ZFS the downtime is minimal because the new upgrade process creates and upgrades a new BE before booting into it.
-
@stephenw10 ok thanks will schedule the update once I’ve backed up some files and got a copy of the firmware from TAC support.
