A few week back there was an outage at my ISP. Afterwards, I kept
getting crashed on igmpproxy after changing channels on the tv a few
times:
-----------------------------------------------------
Note: RECV Leave message from 192.168.1.2 to 224.0.0.2 (ip_hl
24, data 8)
Debu: Got leave message from 192.168.1.2 to 224.0.251.136. Starting last
member detection.
Debu: Leaving group 224.0.251.136 upstream on IF address 10.36.229.63
Note: leaveMcGroup: 224.0.251.136 on vlan4
Debu: SENT Membership query from 192.168.1.1 to 224.0.251.136
Debu: Sent membership query from 192.168.1.1 to 224.0.251.136. Delay: 10
Debu: Created timeout 18 (#6) - delay 5 secs
Debu: (Id:12, Time:1)
Debu: (Id:13, Time:0)
Debu: (Id:14, Time:1)
Debu: (Id:15, Time:1)
Debu: (Id:16, Time:1)
Debu: (Id:17, Time:1)
Debu: (Id:18, Time:5)
Debu: (Id:10, Time:7)
Debu: About to call timeout 12 (#0)
Debu: Aging Origin 213.75.167.6 Dst 224.0.251.126 PktCnt 1022 -> 1022
Debu: Origin 213.75.167.6 Vif bits : 0x00000002
Debu: Setting TTL for Vif 1 to 1
Debu: Identified VIF #2 as upstream.
Note: Removing MFC: 213.75.167.6 -> 224.0.251.126, InpVIf: 2
igmpproxy(18177) in free(): error: use after free 0x1116efc3b400
Abort trap (core dumped)
-----------------------------------------------------
Because I didn't have time to debug it, I started igmpproxy in a while
true loop and was able to watch television with some minor hickups now and
then.
Today I finally had time to have a go at it, but wasn't able to figure
out the cause. Still being on 5.9-stable I decided to first upgrade to
6.0-stable and see whether that helped. This made my problem worse,
because now as soon as igmpproxy was running it would panic (full dmeg
attached with the panic at the bottom).
I found mention of said panic in plus60.html:
> In pf(4), don't panic if an mbuf(9) already has a statekey. This should
> help finding the remaining corner cases of packets looped back in the
> stack.
This leads me to believe that my panic should not occur, but it still
is. Does anybody have a clue how I can work around this? Is there maybe
something wrong with my pf rules? I've attached them and the
igmpproxy.conf as well.
For now I've downgraded to 5.9-stable again.
Thanks in advance,
Frank
booting hd0a:/bsd: 6893364+2179280+267272+0+663552 [72+726864+483332]=0xab3a20
entry point at 0x1001000 [7205c766, 34000004, 24448b12, 3be0a304]
[ using 1210912 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2016 OpenBSD. All rights reserved. http://www.OpenBSD.org
OpenBSD 6.0-stable (GENERIC.MP) #6: Sun Nov 20 10:16:50 CET 2016
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error
ff<clock_battery,ROM_cksum,config_unit,memory_size,fixed_disk,invalid_time>
real mem = 4246003712 (4049MB)
avail mem = 4112846848 (3922MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdf16d820 (7 entries)
bios0: vendor coreboot version "4.0" date 09/08/2014
bios0: PC Engines APU
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT
acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4)
PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3)
UOH4(S3) UOH5(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD G-T40E Processor, 1000.14 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD G-T40E Processor, 1000.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 21, 24 pins
acpiprt0 at acpi0: bus -1 (AGPB)
acpiprt1 at acpi0: bus -1 (HDMI)
acpiprt2 at acpi0: bus 1 (PBR4)
acpiprt3 at acpi0: bus 2 (PBR5)
acpiprt4 at acpi0: bus 3 (PBR6)
acpiprt5 at acpi0: bus -1 (PBR7)
acpiprt6 at acpi0: bus 5 (PE20)
acpiprt7 at acpi0: bus -1 (PE21)
acpiprt8 at acpi0: bus -1 (PE22)
acpiprt9 at acpi0: bus -1 (PE23)
acpiprt10 at acpi0: bus 0 (PCI0)
acpiprt11 at acpi0: bus 4 (PIBR)
acpicpu0 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
cpu0: 1000 MHz: speeds: 1000 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00),
msi, address 00:0d:b9:3e:b2:dc
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00),
msi, address 00:0d:b9:3e:b2:dd
rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00),
msi, address 00:0d:b9:3e:b2:de
rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int 19, AHCI
1.2
ahci0: port 0: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, SATA SSD, S9FM> SCSI3 0/direct fixed
t10.ATA_SATA_SSD_EB8407541CB200351390
sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 18,
version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 18,
version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 "ATI SBx00 SMBus" rev 0x42: polling
iic0 at piixpm0
pcib0 at pci0 dev 20 function 3 "ATI SB700 ISA" rev 0x40
ppb3 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x40
pci4 at ppb3 bus 4
ohci2 at pci0 dev 20 function 5 "ATI SB700 USB" rev 0x00: apic 2 int 18,
version 1.0, legacy support
ppb4 at pci0 dev 21 function 0 "ATI SB800 PCIE" rev 0x00
pci5 at ppb4 bus 5
ohci3 at pci0 dev 22 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 18,
version 1.0, legacy support
ehci2 at pci0 dev 22 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17
usb2 at ehci2: USB revision 2.0
uhub2 at usb2 "ATI EHCI root hub" rev 2.00/1.00 addr 1
pchb1 at pci0 dev 24 function 0 "AMD AMD64 14h Link Cfg" rev 0x43
pchb2 at pci0 dev 24 function 1 "AMD AMD64 14h Address Map" rev 0x00
pchb3 at pci0 dev 24 function 2 "AMD AMD64 14h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 14h Misc Cfg" rev 0x00
pchb4 at pci0 dev 24 function 4 "AMD AMD64 14h CPU Power" rev 0x00
pchb5 at pci0 dev 24 function 5 "AMD AMD64 14h Reserved" rev 0x00
pchb6 at pci0 dev 24 function 6 "AMD AMD64 14h NB Power" rev 0x00
pchb7 at pci0 dev 24 function 7 "AMD AMD64 14h Reserved" rev 0x00
usb3 at ohci0: USB revision 1.0
uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb4 at ohci1: USB revision 1.0
uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
��0: con��+
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52
usb5 at ohci2: USB revision 1.0
uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1
usb6 at ohci3: USB revision 1.0
uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1
umass0 at uhub2 port 1 configuration 1 interface 0 "Generic Flash Card
Reader/Writer" rev 2.01/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: <Multiple, Card Reader, 1.00> SCSI2 0/direct
removable serial.058f6366058F63666485
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (aa1c78791a9b3b3c.a) swap on sd0b dump on sd0b
Automatic boot in progress: starting file system checks.
/dev/sd0a (aa1c78791a9b3b3c.a): file system is clean; not checking
/dev/sd0k (aa1c78791a9b3b3c.k): file system is clean; not checking
/dev/sd0d (aa1c78791a9b3b3c.d): file system is clean; not checking
/dev/sd0f (aa1c78791a9b3b3c.f): file system is clean; not checking
/dev/sd0g (aa1c78791a9b3b3c.g): file system is clean; not checking
/dev/sd0h (aa1c78791a9b3b3c.h): file system is clean; not checking
/dev/sd0j (aa1c78791a9b3b3c.j): file system is clean; not checking
/dev/sd0i (aa1c78791a9b3b3c.i): file system is clean; not checking
/dev/sd0e (aa1c78791a9b3b3c.e): file system is clean; not checking
setting tty flags
pf enabled
net.inet.ip.forwarding: 0 -> 1
net.inet.ip.mforwarding: 0 -> 1
starting network
DHCPREQUEST on vlan4 to 255.255.255.255
DHCPDISCOVER on vlan4 - interval 3
DHCPDISCOVER on vlan4 - interval 5
DHCPOFFER from XX.XX.XXX.XXX (XX:XX:XX:XX:XX:XX)
DHCPREQUEST on vlan4 to 255.255.255.255
DHCPACK from XX.XX.XXX.XXX (XX:XX:XX:XX:XX:XX)
bound to XX.XX.XXX.XXX -- renewal in 31393 seconds.
add net default: gateway 0.0.0.1
reordering libraries: done.
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd dhcpd smtpd sndiod.
starting package daemons: igmpproxy.
starting local daemons: apmd cron.
Sun Nov 20 13:01:29 CET 2016
mbuf 0xffffff00df13db00
m_type: 1 m_flags: 202<M_PKTHDR,M_MCAST>
m_next: 0xffffff00df13d300 m_nextpkt: 0x0
m_data: 0xffffff00df13db68 m_len: 20
m_dat: 0xffffff00df13db20 m_pktdat: 0xffffff00df13db68
m_ptkhdr.ph_ifidx: 6 m_pkthdr.len: 435
m_ptkhdr.ph_tags: 0x0 m_pkthdr.ph_tagsset: 0
m_pkthdr.ph_flowid: 32802 m_pkthdr.ph_loopcnt: 0
m_pkthdr.csum_flags: a8<IPV4_CSUM_IN_OK,TCP_CSUM_IN_OK,UDP_CSUM_IN_OK>
m_pkthdr.ether_vtag: 0 m_ptkhdr.ph_rtableid: 0
m_pkthdr.pf.statekey: 0xffffff011ddd52a8 m_pkthdr.pf.inp 0x0
m_pkthdr.pf.qid: 0 m_pkthdr.pf.tag: 0
m_pkthdr.pf.flags: 80<PROCESSED>
m_pkthdr.pf.routed: 0 m_pkthdr.pf.prio: 3
panic: incoming mbuf already has a statekey
Stopped at Debugger+0x9: leave
TID PID UID PRFLAGS PFLAGS CPU COMMAND
73309 73309 73 0x100010 0x80 1 syslogd
*70822 70822 0 0x14000 0x210 0 softnet
Debugger() at Debugger+0x9
panic() at panic+0xfe
pf_test() at pf_test+0xe24
ipv4_input() at ipv4_input+0x27e
ipintr() at ipintr+0x1e
if_netisr() at if_netisr+0x105
taskq_thread() at taskq_thread+0x6c
end trace frame: 0x0, count: 8
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# default deny
block in on pppoe0
# network address translation for the lan network
match out on pppoe0 inet nat-to (pppoe0)
# make sure mtu is honoured by natted machines
match on pppoe0 scrub (max-mss 1440)
# network address translation for the iptv network
match out on vlan4 inet from re2:network to any nat-to (vlan4)
# allow igmp packets
pass on { vlan4 re2 } proto igmp
# allow iptv data packets and tcp options
pass on { vlan4 re2 } to 224.0.0.0/4 allow-opts
# The "quickleave" should be used to avoid saturation
# of the upstream link. The option should only
# be used if it's absolutely necessary to
# accurately imitate just one Client.
quickleave
phyint vlan4 upstream ratelimit 0 threshold 1
altnet XX.XX.XXX.0/XX
altnet XXX.XX.X.0/XX
phyint re2 downstream ratelimit 0 threshold 1
phyint lo0 disabled
phyint re1 disabled
