|
When upgrading a SoC4 FortiGate from 7.4.3 to 7.4.4, a kernel panic may prevent the FortiGate from booting. The FortiGate will enter a continuous boot loop due to the kernel panic. A serial console connection to the FortiGate will be required to see the kernel panic output.
The kernel panic will occur if there is a virtual-switch with a VLAN ID set (shown as a VLAN switch on GUI) on the FortiGate before the upgrade.
FortiGate # show system virtual-switch
config system virtual-switch
edit "VLAN_Switch"
set physical-switch "sw0"
set vlan 5
config port
edit "port1"
next
edit "port2"
next
end
next
end
This can be verified from the kernel panic call trace if it contains the string ‘np6xlite_port_802_1x_enable+0x50/0xa0’.
Call trace:
[<ffffffbffc3ede68>] $x+0x68/0x448 [filter4]
[<ffffffbffc3ef320>] np6xlite_port_802_1x_enable+0x50/0xa0 [filter4]
[<ffffffbffc3ef988>] np6xlite_vs_port_mir_enable+0x548/0x618 [filter4]
[<ffffffbffc237bd8>] $x+0x370/0x610 [filter4]
[<ffffffc0003ee378>] dev_ifsioc+0x254/0x45c
[<ffffffc0003eed34>] dev_ioctl+0x7b4/0x8b0
[<ffffffc0003d6da0>] sock_ioctl+0x1ac/0x240
[<ffffffc000142220>] do_vfs_ioctl+0x2fc/0x58c
[<ffffffc000142558>] sys_ioctl+0xa8/0xd0
Workaround:
- Unset the VLAN on the virtual-switch before the upgrade.
config system virtual-switch
edit [NAME]
unset vlan
end
end
- Remove the VLAN-enabled virtual switch if it is not in use.
config system virtual-switch
delete [NAME]
end
This issue is documented in bug ID 1029441 which has been resolved in 7.4.5 and 7.6.0.
|
