Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Regular crash dumps

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 735 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • junicastJ Offline
      junicast
      last edited by junicast

      Hi everybody

      I've got a virtualized pfSense (Proxmox 6) running 4 cores and 2 GB RAM.
      pfSense 2.4.4 hardware checksum offload disabled.
      Since a couple of weeks I'm getting crash dumps on a regular basis.

      Most of the times the system is acting normally though. In some cases there were DNS issues.
      Could someone please take a look, thank you.
      textdump.tar.0 info.0

      1 Reply Last reply Reply Quote 0
      • junicastJ Offline
        junicast
        last edited by junicast

        I just spotted that the following two processes were missing completely:

        /usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vtnet1 vtnet2 vtnet3 vtnet5 v
        /usr/local/sbin/dhcpleases6 -c /usr/local/bin/php-cgi -f /usr/local/sbin/prefixes.php|/bin/sh -l /var/dhcpd/var/db/dhcpd6.leases
        

        After I restarted dhcpd from services the processes came back on again.
        But even after dhcpd -6 is up again it does not provide DHCPv6 addresses on vtnet3 (subnet6 2000:1111:2222:5000::/64).
        Another DHCPv6 domain is working which is configured very similar, i.e. vtnet5 (subnet6 2000:1111:2222:6004::/64).
        This is my config:

        option domain-name "my.domain.name";
        option ldap-server code 95 = text;
        option domain-search-list code 119 = text;
        
        default-lease-time 7200;
        max-lease-time 86400;
        log-facility local7;
        one-lease-per-client true;
        deny duplicates;
        ping-check true;
        update-conflict-detection false;
        authoritative;
        subnet6 2000:1111:2222:1b::/64 {
                range6 2000:1111:2222:1b::1000 2000:1111:2222:1b::2000;
                option domain-name "my.domain.name";
                option domain-search "my.domain.name";
                ddns-domainname "my.domain.name";
                allow client-updates;
                option dhcp6.name-servers 2620:fe::fe,2620:fe::9;
                default-lease-time 84000;
                max-lease-time 164000;
        
        }
        key dns.server.com {
                algorithm hmac-md5;
                secret blablablablablablablablablabalblablablablablablablablablab;
        }
        zone my.domain.name. {
                primary 10.10.100.52;
                key srv201.my.domain.name;
        }
        subnet6 2000:1111:2222:6002::/64 {
                range6 2000:1111:2222:6002::1000 2000:1111:2222:6002::2000;
                do-forward-updates false;
                option dhcp6.name-servers 2000:1111:2222:6002:3cbe:80ff:fe25:e608;
                prefix6 2000:1111:2222:3000:: 2000:1111:2222:3ff0:: /60;
        
        }
        subnet6 2000:1111:2222:5000::/64 {
                range6 2000:1111:2222:5000::1000 2000:1111:2222:5000::2000;
                option domain-name "my.domain.name";
                option domain-search "my.domain.name";
                do-forward-updates false;
                option dhcp6.name-servers 2620:fe::9,2620:fe::fe;
        
        }
        subnet6 2000:1111:2222:6004::/64 {
                range6 2000:1111:2222:6004::1000 2000:1111:2222:6004::2000;
                option domain-name "another.domain";
                option domain-search "another.domain";
                ddns-domainname "another.domain";
                allow client-updates;
                option dhcp6.name-servers 2620:fe::fe,2620:fe::9;
                prefix6 2000:1111:2222:3000:: 2000:1111:2222:3ff0:: /60;
                default-lease-time 72000;
                max-lease-time 148000;
        option domain-name "my.domain.name";
        option ldap-server code 95 = text;
        option domain-search-list code 119 = text;
        
        default-lease-time 7200;
        max-lease-time 86400;
        log-facility local7;
        one-lease-per-client true;
        deny duplicates;
        ping-check true;
        update-conflict-detection false;
        authoritative;
        subnet6 2000:1111:2222:1b::/64 {
                range6 2000:1111:2222:1b::1000 2000:1111:2222:1b::2000;
                option domain-name "my.domain.name";
                option domain-search "my.domain.name";
                ddns-domainname "my.domain.name";
                allow client-updates;
                option dhcp6.name-servers 2620:fe::fe,2620:fe::9;
                default-lease-time 84000;
                max-lease-time 164000;
        
        }
        key dns.server.com {
                algorithm hmac-md5;
                secret blablablablablablablablablabalblablablablablablablablablab;
        }
        zone my.domain.name. {
                primary 10.10.100.52;
                key srv201.my.domain.name;
        }
        subnet6 2000:1111:2222:6002::/64 {
                range6 2000:1111:2222:6002::1000 2000:1111:2222:6002::2000;
                do-forward-updates false;
                option dhcp6.name-servers 2000:1111:2222:6002:3cbe:80ff:fe25:e608;
                prefix6 2000:1111:2222:3000:: 2000:1111:2222:3ff0:: /60;
        
        }
        subnet6 2000:1111:2222:5000::/64 {
                range6 2000:1111:2222:5000::1000 2000:1111:2222:5000::2000;
                option domain-name "my.domain.name";
                option domain-search "my.domain.name";
                do-forward-updates false;
                option dhcp6.name-servers 2620:fe::9,2620:fe::fe;
        
        }
        subnet6 2000:1111:2222:6004::/64 {
                range6 2000:1111:2222:6004::1000 2000:1111:2222:6004::2000;
                option domain-name "another.domain";
                option domain-search "another.domain";
                ddns-domainname "another.domain";
                allow client-updates;
                option dhcp6.name-servers 2620:fe::fe,2620:fe::9;
                prefix6 2000:1111:2222:3000:: 2000:1111:2222:3ff0:: /60;
                default-lease-time 72000;
                max-lease-time 148000;
        
        1 Reply Last reply Reply Quote 0
        • kiokomanK Offline
          kiokoman LAYER 8
          last edited by

          i found a 3d with a similar problem if you have CARP / limiters
          https://redmine.pfsense.org/issues/4310

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          junicastJ 1 Reply Last reply Reply Quote 0
          • junicastJ Offline
            junicast @kiokoman
            last edited by junicast

            @kiokoman
            I don't think so. Neither do I use CARP nor do I have Kernel Panics or reboots.

            Edit:
            I filed a bug since I'm convinced this is one: https://redmine.pfsense.org/issues/9723

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Key parts of that crash are:

              db:0:kdb.enter.default>  show pcpu
              cpuid        = 1
              dynamic pcpu = 0xfffffe00f8025380
              curthread    = 0xfffff80036d9f620: pid 12 "swi1: pfsync"
              curpcb       = 0xfffffe0079efdcc0
              fpcurthread  = none
              idlethread   = 0xfffff8000451a620: tid 100004 "idle: cpu1"
              curpmap      = 0xffffffff82b85998
              tssp         = 0xffffffff82bb6878
              commontssp   = 0xffffffff82bb6878
              rsp0         = 0xfffffe0079efdcc0
              gs32p        = 0xffffffff82bbd0d0
              ldt          = 0xffffffff82bbd110
              tss          = 0xffffffff82bbd100
              db:0:kdb.enter.default>  bt
              Tracing pid 12 tid 100130 td 0xfffff80036d9f620
              pfsync_state_export() at pfsync_state_export+0x1e/frame 0xfffffe0079efda60
              pfsync_sendout() at pfsync_sendout+0x19f/frame 0xfffffe0079efdaf0
              pfsyncintr() at pfsyncintr+0x59/frame 0xfffffe0079efdb20
              intr_event_execute_handlers() at intr_event_execute_handlers+0xe9/frame 0xfffffe0079efdb60
              ithread_loop() at ithread_loop+0xe7/frame 0xfffffe0079efdbb0
              fork_exit() at fork_exit+0x83/frame 0xfffffe0079efdbf0
              fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0079efdbf0
              --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
              db:0:kdb.enter.default>  ps
              

              and

              Fatal trap 12: page fault while in kernel mode
              cpuid = 1; apic id = 01
              fault virtual address	= 0x0
              fault code		= supervisor read data, page not present
              instruction pointer	= 0x20:0xffffffff80f541de
              stack pointer	        = 0x28:0xfffffe0079efda50
              frame pointer	        = 0x28:0xfffffe0079efda60
              code segment		= base 0x0, limit 0xfffff, type 0x1b
              			= DPL 0, pres 1, long 1, def32 0, gran 1
              processor eflags	= interrupt enabled, resume, IOPL = 0
              current process		= 12 (swi1: pfsync)
              

              I doubt it's 4310 directly (that was finally fixed a while back) but it does look similar.

              What are you using pfSync for if you don't have CARP? Do you have any HA features configured?

              Steve

              1 Reply Last reply Reply Quote 0
              • junicastJ Offline
                junicast
                last edited by junicast

                Neither CARP nor pfsync are being used, just a single firewall.

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  It is crashing in the pfSync code so it's to see how that could happen unless something is using it.

                  The pfsync interface does get created on all installs but I'm not aware of ever seeing an issue like that previously without it actually syncing.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.