This is one result of an ongoing debugging session from JasonWhen ABE was added (rS331214) to NewReno and leak fixed (rS333699) , Jasonit now has a destructor (newreno_cb_destroy) for per connection state. Other congestion controls may allocate and free cc_data on entry and exit, and Matt which should be uncontroversialbut the field is never explicitly NULLed if moving back to NewReno which only internally allocates stateful data (no entry contstructor) resulting in a situation where newreno_cb_destory might be called on a junk pointer.
When ABE was added (rS331214) to New Reno and leak fixed (rS333699) , it now has a destructor (newreno_cb_destroy) for per connection state. We are seeing a double free that seems to be related to some non-standard sysctls we use, but this patch is sufficient to solve that problem while we root cause or otherwise explain why the behavior that winds up calling the callback twice is proper.
* NULL out cc_data in the framework after calling {cc}_cb_destroy
* Check for cc_data before proceeding to act on any data in cdg_cb_destroy
* free(9) checks for NULL so there is no need to perform not NULL checks before calling free.
* Improve a comment about NewReno in tcp_ccalgounload
This is the result of a debugging session from Jason Wolfe, Jason Eggleston, and mmacy@ and very helpful insight from lstewart@.
Sponsored by: Limelight Networks