Bug #11551
closed
SG-3100 with pfBlockerNG doesn't pass traffic
0%
Description
SG-3100 appliance doesn't pass traffic on boot and I see error messages in `dmesg`:
pid 833 (php-cgi), jid 0, uid 0: exited on signal 11 (core dumped)
sometimes it won't load WebGUI and I need to restart php-fpm + webconfigurator from the console/ssh
but if I disable pfBlockerNG and reboot, it works fine,
If I enable pfBlockerNG (DNSBL python or unbound mode) it stops passing traffic again and I see:
pid 357 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped)
same issue if I disable all pfBlockerNG IP feeds
pfSense+ 21.02/21.02-p1
unbound 1.13.1
pfBlockerNG-devel 3.0.0_10
see also #11444
php core dumps:
https://drive.google.com/drive/folders/1xwLzDKy3aQbJejLi8MmEpeb8qcGieKBK
Files
Updated by Jim Pingle over 3 years ago
The PHP segfault may be similar to, or the same as, #11466
Updated by Bill Meeks over 3 years ago
Jim Pingle wrote:
The PHP segfault may be similar to, or the same as, #11466
I definitely agree. Something weird is up with PHP on 32-bit ARM hardware (or maybe all 32-bit hardware, but there are no longer x86 images to test with).
I worked all day yesterday on the Snort issue on an SG-3100. I put notes in the Issue #11466 ticket. I "fixed" the Snort problem, but I don't think I actually fixed the real problem. So I'm not willing to claim that issue can be closed yet.
Updated by Loh Phat over 3 years ago
The patch contained at https://redmine.pfsense.org/issues/11466#note-32 has stopped the PHP crashes. So this bug could be marked as dependent upon it for a perm fix.
Updated by Jim Pingle over 3 years ago
The patch should fix the behavior, but the package could also implement the fix on its own using ini_set("pcre.jit", "0"); in PHP on 32-bit ARM multi-core systems before performing PCRE operations. Doing it in the package would allow systems without the patch installed to benefit from the change.
Updated by Jim Pingle over 3 years ago
- Status changed from New to Closed
Closing this as it appears to be the same root cause as #11466 which has a workaround applied as #12004 -- Users can wait for that to be integrated into a release or apply it manually using the instructions on that issue.
If you apply that workaround properly and still have problems, report them on the forum at https://forum.netgate.com/topic/164725/netgate-3100-php-crashes and include any error messages displayed in the GUI or log, crash reports, and other relevant data.