From: vincent-perrier <vincent-perrier@club-internet.fr>

Date: Fri, 11 Apr 2008 01:32:14 +0200
[ Please use netdev@vger.kernel.org so that this discussion
Now that the discussion has reached the mailing list, it won't die in

bugzilla like most such bugs do, and very likely will get fixed

quickly as a result.
Thank you.

--

From: David Miller <davem@davemloft.net>
I started looking actively at this.
There are a lot of complicated side effects here, especially when

subtrees are enabled as it is in your case.
The main issue is whether we added any references to 'rt' into

the routing tree.  If we get an error, we have to undo any

such added references.
And that's not being done when the "if (fn->leaf == NULL)" code

runs and fib6_add_rt2node() returns an error.
I think this patch will fix it, could you please test it out?
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c

index b3f6e03..50f3f8f 100644

--- a/net/ipv6/ip6_fib.c

+++ b/net/ipv6/ip6_fib.c

@@ -772,6 +772,10 @@ out:

 		 * If fib6_add_1 has cleared the old leaf pointer in the

 		 * super-tree leaf node we have to find a new one for it.

 		 */

+		if (pn != fn && pn->leaf == rt) {

+			pn->leaf = NULL;

+			atomic_dec(&rt->rt6i_ref);

+		}

 		if (pn != fn && !pn->leaf && !(pn->fn_flags & RTN_RTINFO)) {

 			pn->leaf = fib6_find_prefix(info->nl_net, pn);

 #if RT6_DEBUG >= 2
--

Hello,

I am very sorry, for the moment I cannot reproduce it and I am going

on holidays tomorow (we have a lot of holidays in france) and I have

no internet where I go.
Nevertheless, I have tried to reproduce the bug, but all my config has

changed a lot, the user soft as well as the kernel I use now.

I will try again during the week, but I will not be able to send mail

before next week.
Regards
--

Thanks to you, and also to Jesper for the "git bisect" explanation,

you have powerfull tools, it is all for the best, millions of users

are relying on you!
--