Run away PHP processes on latest firmware

Deathmage85 · July 22, 2025, 07:46:06 AM

Hello,

root@firewall1:~ # opnsense-version
OPNsense 25.1.11 (amd64)

I cant seem to get past this issue with the Main dashboard, it seem the widgets are causing a PHP loop that is pegging my CPU at 100%:

Here is the top -SH dump:

last pid: 2502; load averages: 18.75, 6.95, 2.82 03151:23:06:58 36 running, 250 sleeping, 29 waiting
CPU: 98.0% user, 0.0% nice, 2.0% system, 0.0% interrupt, 0.0% idle
Mem: 5858M Active, 4870M Inact, 3206M Wired, 637M Buf, 17G Free
Swap: 10G Total, 10G Free

PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
46478 root 101 0 117M 85M CPU6 6 0:07 64.58% php
47835 root 68 0 121M 88M piperd 4 0:10 60.97% php
92555 root 99 0 113M 80M RUN 7 0:04 47.68% php
33251 root 102 0 165M 129M RUN 4 0:10 43.04% php
97776 root 97 0 119M 77M RUN 5 0:02 42.44% php
82542 root 103 0 117M 85M RUN 5 0:06 39.67% php
94243 root 99 0 113M 79M CPU7 7 0:04 36.66% php
57773 root 68 0 217M 169M select 4 0:10 26.23% php
48910 root 97 0 117M 84M RUN 0 0:07 25.51% php
47339 root 97 0 117M 84M RUN 2 0:07 24.04% php
79294 root 97 0 115M 81M RUN 0 0:05 23.93% php
78748 root 97 0 113M 81M CPU0 0 0:05 23.63% php
84494 root 96 0 111M 79M RUN 1 0:03 22.56% php
81368 root 96 0 113M 80M RUN 3 0:04 22.54% php
42735 root 98 0 117M 85M RUN 3 0:08 22.26% php
47253 root 97 0 117M 85M RUN 1 0:07 21.72% php
50218 root 97 0 115M 83M RUN 1 0:06 21.72% php
91636 root 94 0 109M 77M RUN 2 0:02 21.72% php
83427 root 96 0 111M 79M RUN 3 0:03 21.58% php
93904 root 96 0 119M 78M RUN 1 0:03 20.80% php
37465 root 97 0 119M 87M RUN 0 0:09 20.25% php
82481 root 97 0 113M 80M RUN 3 0:04 20.11% php
58274 root 103 0 165M 130M RUN 5 0:10 19.64% php
95345 root 92 0 107M 74M RUN 0 0:01 19.46% php
91112 root 95 0 111M 79M RUN 2 0:03 18.21% php
79491 root 96 0 113M 81M CPU2 2 0:04 16.47% php
85055 root 21 0 223M 182M kqread 2 0:01 2.29% python3.11
1977 root 20 0 99M 67M select 4 0:01 1.93% php-cgi
11076 root 20 0 10G 6631M uwait 4 0:00 0.31% suricata{FM#01}
364 root 68 0 258M 120M accept 4 0:00 0.15% python3.11{python3.11}
48606 root 20 0 17M 4720K CPU1 1 0:00 0.14% top
11076 root 20 0 10G 6631M nanslp 7 1:43 0.12% suricata{suricata}
0 root -60 - 0B 1296K - 4 0:00 0.11% kernel{if_config_tqg_0}
0 root -60 - 0B 1296K - 2 0:00 0.09% kernel{if_io_tqg_2}
0 root -60 - 0B 1296K - 0 0:00 0.08% kernel{if_io_tqg_0}
11076 root 20 0 10G 6631M select 4 0:01 0.07% suricata{W#01-igc0}
18091 root 20 0 45M 16M kqread 1 0:00 0.07% syslog-ng{syslog-ng}
0 root -60 - 0B 1296K - 6 0:00 0.06% kernel{if_io_tqg_6}
97990 root 20 0 23M 11M kqread 3 0:00 0.06% lighttpd
11076 root 20 0 10G 6631M select 4 0:00 0.05% suricata{W#04-igc0}
70739 root 20 0 28M 14M select 4 0:00 0.04% python3.11
11076 root 20 0 10G 6631M select 4 0:00 0.03% suricata{W#03-igc0}
11076 root 20 0 10G 6631M select 4 0:00 0.03% suricata{W#02-igc0}
8 root -16 - 0B 48K psleep 4 0:00 0.03% pagedaemon{dom0}
2 root -60 - 0B 128K WAIT 0 0:00 0.03% clock{clock (0)}
23582 root 20 0 20M 8860K select 2 0:00 0.02% sshd-session
18091 root 20 0 45M 16M kqread 7 0:01 0.02% syslog-ng{syslog-ng}
11076 root 20 0 10G 6631M select 2 0:00 0.02% suricata{W#04-igc0^}
54398 root 20 0 14M 2616K bpf 4 0:00 0.02% filterlog
11076 root 20 0 10G 6631M select 4 0:00 0.02% suricata{W#01-igc0^}
11076 root 20 0 10G 6631M select 0 0:00 0.02% suricata{W#03-igc0^}
6 root -16 - 0B 16K pftm 4 0:00 0.02% pf purge
11076 root 20 0 10G 6631M select 4 0:00 0.02% suricata{W#02-igc0^}
0 root -60 - 0B 1296K - 7 0:00 0.02% kernel{if_io_tqg_7}
17 root 20 - 0B 144K sdflus 4 0:00 0.01% bufdaemon{/ worker}
0 root -60 - 0B 1296K - 5 0:00 0.01% kernel{if_io_tqg_5}
18091 root 20 0 45M 16M kqread 6 0:01 0.01% syslog-ng{syslog-ng}
7 root -16 - 0B 16K - 6 0:00 0.01% rand_harvestq
69544 root 20 0 27M 14M select 2 0:00 0.01% python3.11
30866 20 0 13M 2180K select 4 powerd

I thought it was maybe the Zenarmour and Suricata, but this has only started happening once I upgraded to latest firmware.

Anyone else running into this problem?

Do the devs know of how to correct this issue?

Deathmage85 · July 22, 2025, 03:43:15 PM

what logs and in which location on the firewall would help the developers troubleshoot why the plugins are causing this PHP loop?

Deathmage85 · July 22, 2025, 05:47:51 PM

Pinpointed the widgets crashing the firewall:

1. Interfaces
2. Interface statistics
3. Traffic Graph
4. Gateways

If I add these widgets one-by-one or all together with the other default widgets, it pegs the PHP at 100% on all 6 of my CPU cores on a 12th Gen Intel(R) Core(TM) i3-1215U (6 cores, 8 threads) chip. As soon as they are removed and the save finally goes thru and I then do a 'configctl webgui restart' the firewall stabalizes and is responsive in the GUI.

Should be noted, this has only occurred since upgrading to 25.1.11, previous version did not have this problem.

My plugins are presently very light, for testing, I have Zenarmor removed to help pinpoint the problem child, below are my current plugins:

os-frr (installed)   1.44_1   322KiB   2   OPNsense   The FRRouting Protocol Suite
os-intrusion-detection-content-et-open (installed)   1.0.2_2   6.92KiB   3   OPNsense   IDS Proofpoint full ET open ruleset complementary subset for ET Pro Telemetry edition
os-intrusion-detection-content-ptopen (installed)   1.0   1.13KiB   3   OPNsense   IDS Positive Technologies ESC ruleset
os-intrusion-detection-content-snort-vrt (installed)   1.2   12.8KiB   3   OPNsense   IDS Snort VRT ruleset (needs registration or subscription)
os-theme-cicada (installed)   1.39_1   5.28MiB   3   OPNsense   The cicada theme - dark grey onyx

Monviech (Cedrik) · July 22, 2025, 05:59:26 PM

If you think there is an issue please open one here, its easier to track:

https://github.com/opnsense/core/issues

Run away PHP processes on latest firmware

Deathmage85

July 22, 2025, 07:46:06 AM

Deathmage85

July 22, 2025, 03:43:15 PM #1

Deathmage85

July 22, 2025, 05:47:51 PM #2 Last Edit: July 22, 2025, 05:51:42 PM by Deathmage85

Monviech (Cedrik)

July 22, 2025, 05:59:26 PM #3