if_purgeaddrs and in6_ifdetach are called by if_detach_internal, and both function can trigger ipv6 ia(interface address structure data) to be freed.
When interface is detached, this function is called, the calling statck is:
if_purgeaddrs -> in6_purgeifaddr -> in6_purgeifaddr
So ia is removed.
After that, in6_ifdetach is called, which call to in6_unlink_ifa( in6_ifdetach -> _in6_ifdetach ->
in6_unlink_ifa).
In in6_unlink_ifa, ifa_free is called directly without condition, so node of ia is duplicated free.
So, we add a new remove macro which can return find result.
the second change code is, remove the ifa_ref/ifa_free calling when use EVENTHANDLE_INVOKE in in6_notify_ifa,
because it is unnecessary.
Details
Details
- Reviewers
melifaro
Plug in/out the docker of supporting network.
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
There should be a strong reference model around ifa. In in6_unlink_ifa() and ifa is expected to be linked into both lists, thus unlinked from both and two references removed. Looks like you have find a scenario when on entry in6_unlink_ifa() isn't linked at least into one list. Can you provide please reproduce recipe for the problem?
Comment Actions
Hi glebius,
I made a mistake. There was a bug with the code we added ourselves. After I fixed it, the issue cannot reproduce now.
FreeBSD codes are no problem, because every time before in6_purgeaddr is called, the CK_STAILQ_FOREACH_SAFE has run.
I'm abandoning it now.