[Bug 233535] Fix refcount leak in IPv6 MLD code leading to loss of IPv6 connectivity

Thu Jan 17 17:27:48 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233535

Hans Petter Selasky <hselasky at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #201210|0                           |1
        is obsolete|                            |

--- Comment #41 from Hans Petter Selasky <hselasky at FreeBSD.org> ---
Created attachment 201220
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=201220&action=edit
Fix MLD refcounting in IPv6 code (including additional debugging).

Hi @ae,

Found one more bug. According to the logs you provided I figured out the inm
leaks when entering mld_v1_process_group_timer() and looking at the version
history this function should not disconnect the inm, only queue a v1_transmit.

I've uploaded a new patch. Can you re-test?

Thank you!

--HPS

@@ -1488,8 +1493,7 @@ mld_v1_process_group_timer(struct in6_multi_head *inmh,
struct in6_multi *in
m)
        case MLD_REPORTING_MEMBER:
                if (report_timer_expired) {
                        inm->in6m_state = MLD_IDLE_MEMBER;
-                       in6m_disconnect(inm);
-                       in6m_rele_locked(inmh, inm);
+                       SLIST_INSERT_HEAD(inmh, inm, in6m_nrele);

-- 
You are receiving this mail because:
You are on the CC list for the bug.
