pfSense fatal error allowed memory exhausted cause

TSJaime · Sep 8, 2020, 7:51 PM

I'm in the process of testing a pfsense (v2.4.5) as a DNS firewall using the latest stable Bind 9 package via the WebUI's package manager.

I am testing different size Response Policy Zones, which all went well except while testing the largest. I crashed with the following error:

Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 87749944 bytes) in /etc/inc/xmlparse.inc on line 285 PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 285, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 87749944 bytes)

This issue caused the web UI to become unresponsive and forced me to SSH in to fix it. I'm not against editing config files via SSH, but if I'm instructing someone else with less CLI knowledge that can become a hurdle for them.

After reading various threads searching for a solution (results are a bit overwhelming for searching for this pretty common error) I came across one showing how to increase the memory_limit. This sort of works, but has some drawbacks.

SSH into the pfsense and edit /etc/inc/config.inc

// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
        ini_set("memory_limit", "1024M");
        // ini_set("memory_limit", "512M"); //-- increased to 1G
} else {
        ini_set("memory_limit", "128M");
}

This solution seems to work temporarily. Upgrades will revert the setting back to 512mb, which in turn will cause the crash. I'm also concerned I'm doing something outside the scope of what NetGate intended. Is the 512mb memory limit there for any other security related reason, something else I'm overlooking, etc..?

Can anyone explain why php-fpm is running out of memory to start Bind? I'm not getting the connection between PHP and Bind. Is php-fpm creating a child process to start Bind?
Does anyone know if there is a more durable solution to increasing the memory_limit setting that survives upgrades etc..?

mikahe · Sep 5, 2021, 8:13 AM

I bumped to something similar in 2.5.2 first when making a simple change in one firewall rule. 2nd crash after removing some obsolete and disabled rules. I don't have any massive amount of them, as there are no large rulesets generated by optional packages. The installation config has many years of age, though, and the setup is probably more complex than average.

Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1936029064 bytes) in /etc/inc/xmlparse.inc on line 293 PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 293, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1936029064 bytes)

Crash report begins. Anonymous machine information:

amd64
12.2-STABLE
FreeBSD 12.2-STABLE fd0f54f44b5c(RELENG_2_5_0) pfSense

Crash report details:

PHP Errors:
[04-Sep-2021 15:22:46 Europe/Helsinki] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 1936029064 bytes) in /etc/inc/xmlparse.inc on line 293

Gertjan · Sep 6, 2021, 9:43 AM

@mikahe said in pfSense fatal error allowed memory exhausted cause:

tried to allocate 1936029064 bytes

Or 1 936 018 054 Bytes Or 1 936 018 Kilo bytes r 1 936 Mega bytes or 1,9 Giga bytes.

Really ? A pfSense config file that 'weighs' 1;9 Giga ??

stephenw10 · Sep 7, 2021, 4:13 PM

Yeah, something waaay off there. Especially just editing a firewall rule.

Likely completely different problem to the OP who was doing something very unusual that legitimately caused a huge config (and still not that huge!).

Steve

mikahe · Sep 30, 2021, 5:42 PM

@mikahe Now with small stack traces:

Crash report begins. Anonymous machine information:

amd64
12.2-STABLE
FreeBSD 12.2-STABLE fd0f54f44b5c(RELENG_2_5_0) pfSense

Crash report details:

PHP Errors:
[25-Sep-2021 00:23:00 Europe/Helsinki] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 6992529389211575168 bytes) in /etc/inc/config.gui.inc on line 40
[25-Sep-2021 00:23:00 Europe/Helsinki] PHP Fatal error: Uncaught Error: Call to undefined function log_error() in /etc/inc/config.lib.inc:1114
Stack trace:
#0 [internal function]: pfSense_clear_globals()
#1 {main}
thrown in /etc/inc/config.lib.inc on line 1114
[27-Sep-2021 18:45:00 Europe/Helsinki] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 6992529389211575168 bytes) in /etc/inc/config.gui.inc on line 40
[27-Sep-2021 18:45:00 Europe/Helsinki] PHP Fatal error: Uncaught Error: Call to undefined function log_error() in /etc/inc/config.lib.inc:1114
Stack trace:
#0 [internal function]: pfSense_clear_globals()
#1 {main}
thrown in /etc/inc/config.lib.inc on line 1114
[28-Sep-2021 14:06:00 Europe/Helsinki] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 6992529389211575168 bytes) in /etc/inc/config.gui.inc on line 40
[28-Sep-2021 14:06:00 Europe/Helsinki] PHP Fatal error: Uncaught Error: Call to undefined function log_error() in /etc/inc/config.lib.inc:1114
Stack trace:
#0 [internal function]: pfSense_clear_globals()
#1 {main}
thrown in /etc/inc/config.lib.inc on line 1114

No FreeBSD crash data found.

stephenw10 · Sep 30, 2021, 10:45 PM

@mikahe said in pfSense fatal error allowed memory exhausted cause:

PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 6992529389211575168 bytes) in /etc/inc/config.gui.inc on line 40

Mmm, that's like 7000PB. An impossibly huge number!
It can't be real. How big is your actual config file? What were you doing at that time?

Steve