Date: Fri, 24 Oct 2014 13:55:26 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 194577] New: mbuf packet header leakage when closing TUN devices Message-ID: <bug-194577-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194577 Bug ID: 194577 Summary: mbuf packet header leakage when closing TUN devices Product: Base System Version: 9.2-STABLE Hardware: Any OS: Any Status: Needs Triage Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: hselasky@FreeBSD.org Hi, I have a VPN client running which has automatic restarts activated. That means the TUN device is regularly opened and closed. Every time the TUN device closes, an mbuf header of 256 bytes is leaked. After some weeks of uptime the system stops working. I've added some additional code into the kernel to trace this, and the backtrace of one of those allocations what are not freed after 60 seconds, are as follows: X=184 KDB: stack backtrace: db_trace_self_wrapper(c0a38777,c0a678ac,c06c87f0,c7bd3750,a,c7bd3798,5,ffffffff,0,0,553b80,c7bd3818,c2a47440,c7bd3778,c06c824e, c7bd3798,c7bd378c,c06c82fb,c0a678ac,c7bd3798) at db_trace_self_wrapper+0x26/frame 0xc7bd3730 kdb_backtrace(c0a678ac,b8,20,1,c29525e0,...) at kdb_backtrace+0x2b/frame 0xc7bd378c uma_zalloc_arg(c13e45a0,c7bd3860,1,c29525e0,c0aff0e4,...) at uma_zalloc_arg+0x706/frame 0xc7bd37dc mld_v2_enqueue_group_record(0,0,2,20,c2a12a60,...) at mld_v2_enqueue_group_record+0x909/frame 0xc7bd38a8 mld_change_state(c302e200,0,0,0,2,...) at mld_change_state+0x509/frame 0xc7bd3904 in6_mc_leave_locked(c302e200,0,c2895000,c7bd394c,c0676d4a,...) at in6_mc_leave_locked+0x2d/frame 0xc7bd3928 in6_mc_leave(c302e200,0,4,c7bd39ec,c084a1fa,...) at in6_mc_leave+0x37/frame 0xc7bd394c in6_leavegroup(c2e163d0,c3250e90,10,4,0,...) at in6_leavegroup+0x20/frame 0xc7bd3960 in6_purgeaddr(c3250e00,0,0,c3274238,c3274200,...) at in6_purgeaddr+0xea/frame 0xc7bd39ec if_purgeaddrs(c2a54800,2,4,c7bd3aa8,0,...) at if_purgeaddrs+0x10a/frame 0xc7bd3a58 tunclose(c3281800,7,2000,c2afc2f0,c7bd3abc,...) at tunclose+0x15f/frame 0xc7bd3a80 devfs_close(c7bd3af4,c7bd3af4,c338cd50,7,c7bd3b18,...) at devfs_close+0x17f/frame 0xc7bd3ac4 VOP_CLOSE_APV(c0a99ce0,c7bd3af4,c0a40f74,141,c0ad08a0,...) at VOP_CLOSE_APV+0x4a/frame 0xc7bd3adc vn_close(c338cd50,7,c2956180,c2afc2f0,0,...) at vn_close+0x99/frame 0xc7bd3b18 vn_closefile(c314b460,c2afc2f0,c314b460,0,c2afc2f0,...) at vn_closefile+0x53/frame 0xc7bd3b74 devfs_close_f(c314b460,c2afc2f0,3000000,0,1,...) at devfs_close_f+0x34/frame 0xc7bd3b90 _fdrop(c314b460,c2afc2f0,0,c7bd3c00,2,0,0,c2b7d2d8,4,2,c7bd3c1c,c09b22e9,c2957760,288df000,2,0,c7bd3c10,c06462a4,1f,c314b460) a t _fdrop+0x2d/frame 0xc7bd3bac closef(c314b460,c2afc2f0,0,c7bd3c38,c09b1d76,...) at closef+0x5b/frame 0xc7bd3c10 kern_close(c2afc2f0,6,c7bd3c98,c09bb3b2,c0aff1c0,...) at kern_close+0x18d/frame 0xc7bd3c48 syscall(c7bd3d08) at syscall+0x535/frame 0xc7bd3cfc Xint0x80_syscall() at Xint0x80_syscall+0x21/frame 0xc7bd3cfc --- syscall (6, FreeBSD ELF32, sys_close), eip = 0x283c2393, esp = 0xbfbfe37c, ebp = 0xbfbfe388 --- X=176 KDB: stack backtrace: db_trace_self_wrapper(c0a38777,c0a678ac,c06c87f0,d26fca30,a,d26fca78,5,ffffffff,0,0,d26fca70,c06d3f9d,c2e0ebc0,d26fca58,c06c824 e,d26fca78,d26fca6c,c06c82fb,c0a678ac,d26fca78) at db_trace_self_wrapper+0x26/frame 0xd26fca10 kdb_backtrace(c0a678ac,b0,20,2,c2edc6d4,...) at kdb_backtrace+0x2b/frame 0xd26fca6c uma_zalloc_arg(c13e45a0,d26fcadc,2,9d0001,0,...) at uma_zalloc_arg+0x706/frame 0xd26fcabc m_getm2(0,a1,2,1,2,...) at m_getm2+0xc1/frame 0xd26fcaf0 m_uiotombuf(d26fcbb0,2,800,64,2,...) at m_uiotombuf+0x80/frame 0xd26fcb24 sosend_generic(c32579c0,0,d26fcbb0,0,0,...) at sosend_generic+0x2be/frame 0xd26fcb80 kern_sendit(c326d000,4,d26fcc24,0,0,...) at kern_sendit+0x185/frame 0xd26fcbe0 sendit(0,0,0,d26fcc40,1,...) at sendit+0xda/frame 0xd26fcc18 sys_sendto(c326d000,d26fcccc,c0aff0e4,c09bb3b2,c0aff1c0,...) at sys_sendto+0x48/frame 0xd26fcc48 syscall(d26fcd08) at syscall+0x535/frame 0xd26fccfc Xint0x80_syscall() at Xint0x80_syscall+0x21/frame 0xd26fccfc --- syscall (133, FreeBSD ELF32, sys_sendto), eip = 0x283a148b, esp = 0xbfbfd39c, ebp = 0xbfbfd3c8 --- X=177 KDB: stack backtrace: db_trace_self_wrapper(c0a38777,c0a678ac,c06c87f0,d26fc9d4,a,d26fca1c,5,ffffffff,0,0,c0aff1c0,c326d000,c326d000,d26fc9fc,c06c824 e,d26fca1c,d26fca10,c06c82fb,c0a678ac,d26fca1c) at db_trace_self_wrapper+0x26/frame 0xd26fc9b4 kdb_backtrace(c0a678ac,b1,20,1,c0695933,...) at kdb_backtrace+0x2b/frame 0xd26fca10 uma_zalloc_arg(c13e45a0,d26fca78,1,c2b06d00,0,...) at uma_zalloc_arg+0x706/frame 0xd26fca60 sbappendaddr_locked_internal(0,0,0,c2edc680,4,...) at sbappendaddr_locked_internal+0x49/frame 0xd26fca8c sbappendaddr_locked(c2edc6d4,c0a3dec0,c2b06d00,0,c2b06d9c,...) at sbappendaddr_locked+0x6c/frame 0xd26fcaac uipc_send(c32579c0,0,c2b06d00,0,0,...) at uipc_send+0x763/frame 0xd26fcb24 sosend_generic(c32579c0,0,d26fcbb0,c2b06d00,0,...) at sosend_generic+0x385/frame 0xd26fcb80 kern_sendit(c326d000,4,d26fcc24,0,0,...) at kern_sendit+0x185/frame 0xd26fcbe0 sendit(0,0,0,d26fcc40,1,...) at sendit+0xda/frame 0xd26fcc18 sys_sendto(c326d000,d26fcccc,c0aff0e4,c09bb3b2,c0aff1c0,...) at sys_sendto+0x48/frame 0xd26fcc48 syscall(d26fcd08) at syscall+0x535/frame 0xd26fccfc Xint0x80_syscall() at Xint0x80_syscall+0x21/frame 0xd26fccfc --- syscall (133, FreeBSD ELF32, sys_sendto), eip = 0x283a148b, esp = 0xbfbfd39c, ebp = 0xbfbfd3c8 --- X=178 KDB: stack backtrace: db_trace_self_wrapper(c0a38777,c0a678ac,c06c87f0,d26fc9d4,a,d26fca1c,5,ffffffff,0,0,c0aff1c0,c326d000,c326d000,d26fc9fc,c06c824 e,d26fca1c,d26fca10,c06c82fb,c0a678ac,d26fca1c) at db_trace_self_wrapper+0x26/frame 0xd26fc9b4 kdb_backtrace(c0a678ac,b2,20,1,c0695933,...) at kdb_backtrace+0x2b/frame 0xd26fca10 uma_zalloc_arg(c13e45a0,d26fca78,1,c2b03700,0,...) at uma_zalloc_arg+0x706/frame 0xd26fca60 sbappendaddr_locked_internal(0,0,0,c2edc680,4,...) at sbappendaddr_locked_internal+0x49/frame 0xd26fca8c sbappendaddr_locked(c2edc6d4,c0a3dec0,c2b03700,0,c2b0379c,...) at sbappendaddr_locked+0x6c/frame 0xd26fcaac uipc_send(c32579c0,0,c2b03700,0,0,...) at uipc_send+0x763/frame 0xd26fcb24 sosend_generic(c32579c0,0,d26fcbb0,c2b03700,0,...) at sosend_generic+0x385/frame 0xd26fcb80 kern_sendit(c326d000,4,d26fcc24,0,0,...) at kern_sendit+0x185/frame 0xd26fcbe0 sendit(0,0,0,d26fcc40,1,...) at sendit+0xda/frame 0xd26fcc18 sys_sendto(c326d000,d26fcccc,d26fcc98,c09bb3b2,c0aff1c0,...) at sys_sendto+0x48/frame 0xd26fcc48 syscall(d26fcd08) at syscall+0x535/frame 0xd26fccfc Xint0x80_syscall() at Xint0x80_syscall+0x21/frame 0xd26fccfc --- syscall (133, FreeBSD ELF32, sys_sendto), eip = 0x283a148b, esp = 0xbfbfd58c, ebp = 0xbfbfd5b8 --- --HPS -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194577-8>