From owner-freebsd-net@FreeBSD.ORG Fri Jun 20 19:55:26 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33BF2D04; Fri, 20 Jun 2014 19:55:26 +0000 (UTC) Received: from stargate.chelsio.com (99-65-72-228.uvs.sntcca.sbcglobal.net [99.65.72.228]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EC42624FE; Fri, 20 Jun 2014 19:55:25 +0000 (UTC) Received: from nice.asicdesigners.com (nice.asicdesigners.com [10.192.160.7]) by stargate.chelsio.com (8.13.8/8.13.8) with ESMTP id s5KJFM0e001824; Fri, 20 Jun 2014 12:15:22 -0700 Received: from [10.192.166.0] (10.192.166.0) by nice.asicdesigners.com (10.192.160.7) with Microsoft SMTP Server id 14.2.247.3; Fri, 20 Jun 2014 12:15:22 -0700 Message-ID: <53A48849.8080504@chelsio.com> Date: Fri, 20 Jun 2014 12:15:21 -0700 From: Navdeep Parhar User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: "freebsd-net@freebsd.org" , Subject: ifaddr refcount problem Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.192.166.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 19:55:26 -0000 Revision 264905 and 266860 that followed it seem to leak ifaddr references. ifa_ifwithdstaddr and ifa_ifwithnet both install a reference on the ifaddr returned to the caller but ip_output does not release it, eventually leading to a panic when the refcount wraps over to 0 and the ifaddr is freed while it is still on various lists. I'm using this patch for now. Thoughts? Regards, Navdeep diff -r 6dfcecd314af sys/netinet/ip_output.c --- a/sys/netinet/ip_output.c Fri Jun 20 10:33:22 2014 -0700 +++ b/sys/netinet/ip_output.c Fri Jun 20 12:07:12 2014 -0700 @@ -243,6 +243,7 @@ again: ifp = ia->ia_ifp; ip->ip_ttl = 1; isbroadcast = 1; + ifa_free((void *)ia); } else if (flags & IP_ROUTETOIF) { if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL && (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) { @@ -253,6 +254,7 @@ again: ifp = ia->ia_ifp; ip->ip_ttl = 1; isbroadcast = in_broadcast(dst->sin_addr, ifp); + ifa_free((void *)ia); } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && imo != NULL && imo->imo_multicast_ifp != NULL) { /*