Squid: segmentation fault

[schnipp]

Since Opnsense 24.7.x (I don't exactly know) I observed that the squid proxy does not automatically start after booting up the firewall. The current Opnsense version 24.7.12_2 has the same issue. I tried to investigate via command line with the following result

Starting the proxy manually often works but raises segfault. Communication from the clients to the proxy is possible:

Code Select Expand

root@host:~ # configctl proxy start
Segmentation fault
Starting squid.
__ok__


Stopping the proxy works:

Code Select Expand

root@host:~ # configctl proxy stop
OK


Restarting the proxy using the "restart" command often leads to that communication from the clients to the proxy is not possible. It also raises segfaults:

Code Select Expand

root@host:~ # configctl proxy restart
Segmentation fault
Performing sanity check on squid configuration.
2025/01/30 17:52:32| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/ipv4_fallback.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/pre-auth/rfc1918.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2025/01/30 17:52:37| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2025/01/30 17:52:37| WARNING: HTTP requires the use of Via
2025/01/30 17:52:37| Set Current Directory to /var/squid/cache
Segmentation fault
root@host:~ #


The system log shows that there could be a problem with binding the socket.

Code Select Expand

<13>1 2025-01-30T17:52:26+01:00 xxxxxxxxx.com opnsense 50236 - [meta sequenceId="1"] /usr/local/sbin/pluginctl: plugins_configure webproxy (1,restart)
<13>1 2025-01-30T17:52:32+01:00 xxxxxxxxx.com kernel - - [meta sequenceId="2"] <6>pid 64359 (squid), jid 0, uid 100: exited on signal 11 (no core dump - bad address)
<13>1 2025-01-30T17:52:37+01:00 xxxxxxxxx.com kernel - - [meta sequenceId="3"] <6>pid 66993 (squid), jid 0, uid 100: exited on signal 11 (no core dump - bad address)

But I don't have a clue where the segfaults come from. Has anybody observed similar issues or can give me a hint to investigate further (maybe I have overlooked an option to increase debug logging)?

[schnipp]

Does anybody has an idea or observed a similar issue?

[glasi]

Same issue here.

Segmentation fault also popping up when verifying configuration file with the -k parse option.

Code Select Expand

squid -k parse

[nicholaswkc]

Try reinstall.

[franco]

https://github.com/opnsense/plugins/issues/4500

[schnipp]

Can anyone confirm that this issue is not causing Squid web proxy to malfunction in Opnsense version 25.1.1?

[schnipp]

Further discussion in forum of version 25.1.1 (link)

[aryanrai]

Does anybody has an idea or observed a similar issue?

Yes, I have same error, did your issue resolved ?

[franco]

To my knowledge a permanent workaround was added to FreeBSD ports which was released in OPNsense 25.1.10.

[schnipp]

No, the issue of "segmentation fault" still persists in Opnsense 25.7.1. In case squid crashes it will automatically be restarted. So, despite the log entries I never observed any interruptions of the squid service anymore.

[franco]

The silence in the GitHub plugin repo regarding the issue disagrees with your blanket statement, but I'm not here to challenge you on a local issue that may persist.

Personally, I don't like the fact that people come and complain about issues but once they are gone do not bother to give useful feedback. It is what it is, though.


Cheers,
Franco