pfctl crash (SIGABRT) in 3.6 release (rules optimizer related)


I have pfctl crashing with SIGABRT in a reproducible manner with a double free.
It looks to be related to the rules optimiser as it doesn't happen without -o.

I just searched the list archive and the post 3.6 change log and didn't see it

This is my live firewall and I'm not really set up for debugging on it but I'll
try to collect what other information may be useful. I don't want to post my
firewall rules to a public list so I haven't included pf.conf.

I can't use sendbug at the moment as my mail server is down with a hardware


pfctl output:

difference-engine# pfctl -o -f /etc/pf.conf
pfctl in free(): error: chunk is already free
Abort trap (core dumped)

When the above is run without -o it works. If I run pfctl -o -n -f /etc/pf.conf
it also works.

System      : OpenBSD 3.6
Architecture: OpenBSD.i386
Machine     : i386

