Bug 141377 - (IT#55725) [PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
[PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Miller
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2004-11-30 14:33 EST by Steve Conklin
Modified: 2010-10-21 22:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-18 09:28:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch fix for the bug. (525 bytes, patch)
2005-02-08 20:14 EST, David Miller
no flags Details | Diff

  None (edit)
Description Steve Conklin 2004-11-30 14:33:11 EST
From IT# 55725:

This bug was reported for the U4 beta, but it's in U3 as well.

Description of problem:

 The ipv6 ping packet can be transmitted only up to 1024 times or less
by repeatedly executing the "interface up/down" processing and the
transmission of the ipv6 ping packet according to the following procedure.
 This cause is leak of the dst_entry structure.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Connect two hosts:
       3ffe:501:ffff::1        3ffe:501:ffff::2
      (RHEL3 is installed in the host1.)

2. Execute the following processing more than 1024 times repeatedly at

       # ifconfig eth0 down
       # ifconfig eth0 up
       # sleep 3
       # ifconfig eth0 add 3ffe:501:ffff::1/64
       # sleep 3
       # ping6 -c1 3ffe:501:ffff::2


Actual Results:  The ping6 command fails after 1025 times though it
succeeds 1024 times.

Expected Results:  The ping6 command should succeed more than 1024 times.

  note: The value 1024 is the value of

Additional info:

There are editing mistakes in functions

 This problem can be solved by applying the undermentioned patch.

--- ip6_output.c.ORIG   2004-11-29 18:51:58.000000000 +0900
+++ ip6_output.c        2004-11-29 18:53:08.000000000 +0900
@@ -1475,6 +1475,7 @@
               np->cork.opt = NULL;
       if (np->cork.rt) {
+               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       if (np->cork.fl) {
@@ -1502,7 +1503,6 @@
       if (np->cork.rt) {
-               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       if (np->cork.fl) {
Comment 3 David Miller 2005-02-08 20:14:49 EST
Created attachment 110840 [details]
Patch fix for the bug.

Just putting this here as a proper attachment instead of
Comment 4 Ernie Petrides 2005-02-16 07:32:31 EST
A fix for this problem has just been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.14.EL).
Comment 5 Tim Powers 2005-05-18 09:28:45 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.