From owner-freebsd-bugs@FreeBSD.ORG  Wed Oct 29 21:02:41 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2FFEB96C
 for <freebsd-bugs@FreeBSD.org>; Wed, 29 Oct 2014 21:02:41 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 175006F1
 for <freebsd-bugs@FreeBSD.org>; Wed, 29 Oct 2014 21:02:41 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s9TL2e38021179
 for <freebsd-bugs@FreeBSD.org>; Wed, 29 Oct 2014 21:02:40 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 194577] mbuf packet header leakage when closing TUN devices
Date: Wed, 29 Oct 2014 21:02:41 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ae@FreeBSD.org
X-Bugzilla-Status: Needs Triage
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: attachments.created
Message-ID: <bug-194577-8-PmR2RnPule@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-194577-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-194577-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 21:02:41 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194577

--- Comment #10 from Andrey V. Elsukov <ae@FreeBSD.org> ---
Created attachment 148778
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148778&action=edit
Proposed patch

Hi, Hans,

can you try this patch?
My investigations led me to the following conclusions.
The leak isn't specific to tun(4) device, it could be reproduced with any
device where MLD works.

The backtrace to the allocation that will not be freed is

uma_zalloc_arg
mld_v2_enqueue_group_record+0x678
mld_change_state+0x3b9
in6_mc_join_locked+0x346
in6_mc_join+0x94
in6_joingroup+0x58
in6_update_ifa+0xd2c
in6_ifattach+0x506
ifioctl+0x8e0
kern_ioctl+0x3cd
sys_ioctl+0x13c

-- 
You are receiving this mail because:
You are the assignee for the bug.