Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PF was wedged/busy and has been reset.

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heiler
      last edited by

      This is happening every day! vmware esxi 6, with 3 vmxnet3 ethernet cards

      Version 2.3.2-RELEASE-p1 (amd64) FreeBSD 10.3-RELEASE-p9
      The system is on the latest version.
      CPU Type Intel(R) Xeon(R) CPU E5-2667 v2 @ 3.30GHz
      4 CPUs: 4 package(s) x 1 core(s)
      Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
      Uptime 58 Days 06 Hours 33 Minutes 38 Seconds
      State table size 10% (26204/250000) Show states
      MBUF Usage 29% (7600/26584)
      Load average 1.22, 1.25, 1.33
      CPU usage 19%
      Memory usage 23% of 2013 MiB
      SWAP usage 0% of 4096 MiB
      Disk usage ( / ) 3% of 35GiB - ufs
      Disk usage ( /var/run ) 7% of 3.4MiB - ufs in RAM

      Notices
      pf_busy

      PF was wedged/busy and has been reset. @ 2017-02-16 14:38:49
          PF was wedged/busy and has been reset. @ 2017-02-16 15:10:32
          PF was wedged/busy and has been reset. @ 2017-02-16 15:23:22
          PF was wedged/busy and has been reset. @ 2017-02-17 14:00:53
          PF was wedged/busy and has been reset. @ 2017-02-17 14:22:27
          PF was wedged/busy and has been reset. @ 2017-02-17 15:14:50

      Filter Reload

      There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [0]: @ 2017-02-16 14:38:50
          There were error(s) loading the rules: pfctl: DIOCADDADDR: Device busy - The line in question reads [0]: @ 2017-02-16 15:10:33
          There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [0]: @ 2017-02-16 15:23:23
          There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [0]: @ 2017-02-17 14:00:54
          There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [0]: @ 2017-02-17 14:22:28
          There were error(s) loading the rules: pfctl: DIOCADDRULE: Device busy - The line in question reads [0]: @ 2017-02-17 15:14:51

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It means, more or less, what it says. Something had a lock on pf when something else tried to reload the ruleset.

        That isn't usually very common, but if you have something constantly polling pf data like reloading the state table contents repeatedly with a large state table, it could happen.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          paulfox
          last edited by

          So how is this fixed? I didn't have any problems with my setup until after I enabled IPV6 with the Hurricane Electric setup. Now I have 42 or more notices every time I check my dashboard. It's always the same message. I have, after seeing this error, attempted to remove and unset EVERYTHING that had ANYTHING to do with IPV6. Nothing has resolved the problem. I have scoured the forums, the general web, and it seems to be persistent for those of us who have the issue. I have done everything short of rebuilding the entire firewall to no avail. I would prefer to actually correct this issue "the right way," instead of just wiping and reinstalling.

          I have only forwarding rules. I haven't installed any packages. Having poured through the forms relative these errors, I have concluded that this is an issue unrelated to hardware platform as there are even people reporting this issue with the "appliances," you can buy directly.

          PF was wedged/busy and has been reset. @ 2017-03-10 08:48:31
          There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: @ 2017-03-10 08:48:32

          Thanks for reading my post.

          1 Reply Last reply Reply Quote 0
          • P
            paulfox
            last edited by

            Anyone?

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              You showed the error.

              Can you show any relevant log lines when such an error happens - and 10, 20 logs lines before that ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • P
                paulfox
                last edited by

                I have attached a screen capture of what I see. I've gone through each link on the logs page and find nothing matching DIOCXCOMMIT on any of them so I'm unable to reply with your requested information.

                ![Screen Shot 2017-03-25 at 4.42.02 AM.png](/public/imported_attachments/1/Screen Shot 2017-03-25 at 4.42.02 AM.png)
                ![Screen Shot 2017-03-25 at 4.42.02 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-03-25 at 4.42.02 AM.png_thumb)

                1 Reply Last reply Reply Quote 0
                • P
                  paulfox
                  last edited by

                  I have found a couple more instances where the firewall was set to recognize the IPV6. First it was in the LAN rules list, and then again in my DNS settings. I have removed them and restarted, I hope that this corrects the issue.

                  Eventually, (as in sooner over later,) I'm going to have to master this IPV6 stuff. I've got a significantly better understanding than I had, but… I have disabled all of it in hopes to return to a state that I didn't get that DIOCXCOMMIT error message.

                  I suspect I missed, or mistyped, something along my configuration path. When I have more time, I'll actually attempt to reconfigure the HE IPV6 tunnel.

                  Thanks again for reviewing this issue.

                  1 Reply Last reply Reply Quote 0
                  • P
                    paulfox
                    last edited by

                    So far so good… no reported issue with the wedged/busy error. But now I'm finding unbound is crashing. I have noticed IPV6 entries in "Services -> DNS Resolver -> General Settings" in Network Interfaces and Outgoing Network Interfaces. I haven't been able to figure out how to remove those entries.

                    Unbound is reporting "error: cannot chdir to directory: (No such file or directory)." I'm finding it crashed throughout the day.

                    Mar 26 21:59:47	unbound	67080:0	info: [25%]=0 median[50%]=0 [75%]=0
Mar 26 21:59:47	unbound	67080:0	info: lower(secs) upper(secs) recursions
Mar 26 21:59:47	unbound	67080:0	info: 0.262144 0.524288 1
Mar 26 21:59:47	unbound	67080:0	notice: Restart of unbound 1.6.0.
Mar 26 21:59:47	unbound	67080:0	error: cannot chdir to directory: (No such file or directory)
Mar 26 21:59:47	unbound	67080:0	notice: init module 0: validator
Mar 26 21:59:47	unbound	67080:0	notice: init module 1: iterator
Mar 26 21:59:47	unbound	67080:0	info: start of service (unbound 1.6.0).
Mar 26 21:59:47	unbound	67080:0	info: service stopped (unbound 1.6.0).
Mar 26 21:59:47	unbound	67080:0	info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Mar 26 21:59:47	unbound	67080:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 26 21:59:47	unbound	67080:0	info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch
Mar 26 21:59:47	unbound	67080:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Mar 26 21:59:47	unbound	67080:0	notice: Restart of unbound 1.6.0.
Mar 26 21:59:47	unbound	67080:0	error: cannot chdir to directory: (No such file or directory)
Mar 26 21:59:47	unbound	67080:0	notice: init module 0: validator
Mar 26 21:59:47	unbound	67080:0	notice: init module 1: iterator
Mar 26 21:59:47	unbound	67080:0	info: start of service (unbound 1.6.0)

                    I'm not familiar enough with what I'm reading to know what it means yet. I've found a couple of other threads but they're not clear enough on what to do to resolve the issue.

                    1 Reply Last reply Reply Quote 0
                    • P
                      paulfox
                      last edited by

                      I have turned off the "forwarder," in "services -> DNS resolver," and that seems to have completely stabilized my firewall. No more notifications, no more errors, no more crashes (so far).

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.