kern/165903: mbuf leak

Jeremy Chadwick jdc at
Wed Apr 17 20:17:41 UTC 2013

On Wed, Apr 17, 2013 at 05:38:12PM +0000, Chris Forgeron wrote:
> Hello,
>  I'm happy to report that the patch from Gleb has fixed the problem.
>  My system had 256 mbuf clusters in use at boot, and after a day, still only has 256 mbuf clusters in use.
>  From the patch, I see we are now dropping these packets (?) - Was the issue that the packets were being queued up for further work, but nothing was being done with them?

Not exactly.  Please open up the source file and follow along.

At line 538, a call to mtod() is performed, which is what allocates the
memory for the mbuf used for the ARP header.

Now go to lines 543 and 549.  These are error checks for certain kinds
of ARP headers which are either malformed (line 543) or should not be
honoured (line 549).

When these error checks proved true, the code simply did "return"
to get out of the function it was in (in_arpinput()), but never issued
m_freem() to free the previously-allocated mbuf, hence leaking mbufs.

The patch changes the "return" into "goto drop".  The drop label is at
line 873, which is where you'll find the m_freem(), followed immediately
by the function returning.

| Jeremy Chadwick                                   jdc at |
| UNIX Systems Administrator       |
| Mountain View, CA, US                                            |
| Making life hard for others since 1977.             PGP 4BD6C0CB |

More information about the freebsd-stable mailing list