From afbe63565fa444f13359425554c871cc924d9547 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Mon, 13 Feb 2023 14:47:09 +0000
Subject: [PATCH 1/2] Fix RPZ reference counting error on shutdown

A dns_rpz_unref_rpzs() call is missing when taking the 'goto unlock;'
path on shutdown, in order to compensate for the earlier
dns_rpz_ref_rpzs() call.

Move the dns_rpz_ref_rpzs() call after the shutdown check.
---
 lib/dns/rpz.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c
index 70e341a153..8dc62d29e2 100644
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -1945,8 +1945,6 @@ dns__rpz_timer_cb(void *arg) {
 	REQUIRE(rpz->updb == NULL);
 	REQUIRE(rpz->updbversion == NULL);
 
-	dns_rpz_ref_rpzs(rpz->rpzs);
-
 	LOCK(&rpz->rpzs->maint_lock);
 
 	if (rpz->rpzs->shuttingdown) {
@@ -1966,6 +1964,7 @@ dns__rpz_timer_cb(void *arg) {
 	isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER,
 		      ISC_LOG_INFO, "rpz: %s: reload start", domain);
 
+	dns_rpz_ref_rpzs(rpz->rpzs);
 	isc_work_enqueue(rpz->loop, update_rpz_cb, update_rpz_done_cb, rpz);
 
 	isc_timer_destroy(&rpz->updatetimer);

From a5927f115128a4487961eca0159a71cb26d84844 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Mon, 13 Feb 2023 15:19:08 +0000
Subject: [PATCH 2/2] Add a CHANGES note for [GL #3866]

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index a7059ae332..6a9eee18f5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6096.	[bug]		Fix RPZ reference counting error on shutdown in
+			dns__rpz_timer_cb(). [GL #3866]
+
 6095.	[test]		Test various 'islands of trust' configurations when
 			using managed keys. [GL #3662]