Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 141377 (IT#55725)

Summary: [PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
Product: Red Hat Enterprise Linux 3 Reporter: Steve Conklin <sconklin>
Component: kernelAssignee: David Miller <davem>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: jneedle, petrides, riel, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-05-18 13:28:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch fix for the bug. none

Description Steve Conklin 2004-11-30 19:33:11 UTC 
From IT# 55725:

This bug was reported for the U4 beta, but it's in U3 as well.

Description of problem:

 The ipv6 ping packet can be transmitted only up to 1024 times or less
by repeatedly executing the "interface up/down" processing and the
transmission of the ipv6 ping packet according to the following procedure.
 This cause is leak of the dst_entry structure.

Version-Release number of selected component (if applicable):
2.4.21-20.EL

How reproducible:
Always

Steps to Reproduce:
1.Connect two hosts:
      |host1|-(eth0)-------(LAN)---------|host2|
       3ffe:501:ffff::1        3ffe:501:ffff::2
      (RHEL3 is installed in the host1.)

2. Execute the following processing more than 1024 times repeatedly at
host1.

       # ifconfig eth0 down
       # ifconfig eth0 up
       # sleep 3
       # ifconfig eth0 add 3ffe:501:ffff::1/64
       # sleep 3
       # ping6 -c1 3ffe:501:ffff::2

3. 
    

Actual Results:  The ping6 command fails after 1025 times though it
succeeds 1024 times.

Expected Results:  The ping6 command should succeed more than 1024 times.

  note: The value 1024 is the value of
        /proc/sys/net/ipv6/neigh/default/gc_thresh3.

Additional info:

There are editing mistakes in functions
 ip6_{push,flush}_pending_frames()

 This problem can be solved by applying the undermentioned patch.

--- ip6_output.c.ORIG   2004-11-29 18:51:58.000000000 +0900
+++ ip6_output.c        2004-11-29 18:53:08.000000000 +0900
@@ -1475,6 +1475,7 @@
               np->cork.opt = NULL;
       }
       if (np->cork.rt) {
+               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       }
       if (np->cork.fl) {
@@ -1502,7 +1503,6 @@
       }
       if (np->cork.rt) {
               dst_release(&np->cork.rt->u.dst);
-               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       }
       if (np->cork.fl) {
Comment 3 David Miller 2005-02-09 01:14:49 UTC 
Created attachment 110840 [details]
Patch fix for the bug.

Just putting this here as a proper attachment instead of
inline.
Comment 4 Ernie Petrides 2005-02-16 12:32:31 UTC 
A fix for this problem has just been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.14.EL).
Comment 5 Tim Powers 2005-05-18 13:28:45 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-294.html