On Thu, Dec 08, 2016 at 11:11:33PM +0100, Frank Groeneveld wrote:
> On Sun, Dec 04, 2016 at 07:17:44PM +0100, Jeremie Courreges-Anglas wrote:
> >
> > Hi,
> >
> > Frank Groeneveld <frank+openbsd-m...@frankgroeneveld.nl> writes:
> >
> > > On Sun, Nov 20, 2016 at 03:21:32PM +0100, Martin Pieuchot wrote:
> > >> On 20/11/16(Sun) 13:58, Frank Groeneveld wrote:
> > >> > A few week back there was an outage at my ISP. Afterwards, I kept
> > >> > getting crashed on igmpproxy after changing channels on the tv a few
> > >> > times:
> > >>
> > >> This has been fixed in -current.
> > >
> > > Thanks for the pointer. Does it fix both the igmpproxy crash and the
> > > kernel crash? Or just the igmpproxy crash?
> >
> > This igmpproxy crash would probably be trivial to solve, if we had
> > a backtrace. If you're on -current,
> >
> > make clean repackage reinstall DEBUG=-g
> >
> > would install an igmpproxy package with debug symbols. Then running
> > igmpproxy under gdb and typing 'bt' once you hit the crash would give us
> > a helpful backtrace, which you could then send (to ports@ or to me).
> >
> > --
> > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
> That would be great! I've not upgraded to -current yet, but I captured
> the backtrace on 5.9. I've also included some debugging output from
> before the crash.
>
> Let me know how I can help resolve this.
>
> Frank
>
Forgot the attachment...
Current routing table (Remove route);
-----------------------------------------------------
Debu: #0: Dst: 224.3.2.6, Age:2, St: A, OutVifs: 0x00000002
Debu: #0: Origin: 213.75.167.58 floodIf -1 pktcnt 224
Debu: #1: Dst: 224.0.251.124, Age:2, St: A, OutVifs: 0x00000002
Debu: #1: Origin: 213.75.167.6 floodIf -1 pktcnt 12686
Debu: #2: Dst: 224.0.251.126, Age:2, St: A, OutVifs: 0x00000002
Debu: #2: Origin: 213.75.167.6 floodIf -1 pktcnt 6384
Debu: #3: Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000002
Debu: #3: Origin: 192.168.1.2 floodIf 2 pktcnt 368
Debu: #3: Origin: 192.168.2.10 floodIf 1 pktcnt 26
Debu:
-----------------------------------------------------
Debu: About to call timeout 15 (#1)
Debu: Aging Origin 213.75.167.6 Dst 224.0.251.124 PktCnt 12686 -> 12686
Debu: Origin 213.75.167.6 Vif bits : 0x00000002
Debu: Setting TTL for Vif 1 to 1
Debu: Identified VIF #2 as upstream.
Note: Removing MFC: 213.75.167.6 -> 224.0.251.124, InpVIf: 2
igmpproxy(26355) in free(): error: use after free 0xee1e9c3adc0
Program received signal SIGABRT, Aborted.
0x00000ee1e7a5487a in thrkill () at <stdin>:2
2 <stdin>: No such file or directory.
in <stdin>
Current language: auto; currently asm
(gdb) bt
#0 0x00000ee1e7a5487a in thrkill () at <stdin>:2
#1 0x00000ee1e7a4ff39 in *_libc_abort ()
at /usr/src/lib/libc/stdlib/abort.c:52
#2 0x00000ee1e7a32279 in wrterror (msg=0xee1e7b5b378 "use after free",
p=0xee1e9c3adc0) at /usr/src/lib/libc/stdlib/malloc.c:283
#3 0x00000ee1e7a3384c in ofree (p=0xee1e9c3adc0)
at /usr/src/lib/libc/stdlib/malloc.c:1235
#4 0x00000ee1e7a338ee in free (ptr=0xee19f72fac0)
at /usr/src/lib/libc/stdlib/malloc.c:1340
#5 0x00000edeecb03f4e in internAgeRoute (croute=0xee16d3c9cc0)
at rttable.c:614
#6 0x00000edeecb04118 in lastMemberGroupAge (group=Variable "group" is not
available.
) at rttable.c:483
#7 0x00000edeecb03070 in sendGroupSpecificMemberQuery (argument=0xee1e9c3c500)
at request.c:156
#8 0x00000edeecb05880 in age_callout_queue (elapsed_time=0) at callout.c:91
#9 0x00000edeecb01e06 in igmpProxyRun () at igmpproxy.c:378
#10 0x00000edeecb02321 in main (ArgCn=2, ArgVc=0x7f7ffffe32c8)
at igmpproxy.c:181
