Red Hat Bugzilla – Bug 126021
Kernel crash by user with traceroute6
Last modified: 2007-11-30 17:10:44 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116
Description of problem:
If a machine has IPv6 connectivity through a tunnel then any user can
crash the kernel by issuing a traceroute6 with a packet size equal to
or larger than the MTU of the tunnel device. The actual behaviour
seems to depend a bit on the selected packet size, some sizes produce
at least some syslog output before freezing.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add IPv6 by opening a tunnel (sit device)
2. Use traceroute6 with large packets as ordinary user. The packets
must be equal to or larger than the MTU of the tunnel device. Example:
traceroute6 www.kame.net 1500
3. Kernel crashes
Actual Results: Machine freezes, some debug output on the console.
Expected Results: At most an error message.
Bug report useless unless 'some debug output' is actually present in
the bug report.
Created attachment 101144 [details]
Syslog output when using traceroute6
I've asked Yoshifuji Hideaki of the USAGI project to take
a look at this.
Possibly bug 125958 is related to this one.
Created attachment 101228 [details]
Fix for traceroute6 kernel crash
This will definitely fix the problem.
Created attachment 101567 [details]
Excerpt from logs for IPv6 bug on 2.6.6-1.435.2.1
I see a very similar bug with 2.6.6-1.435 and 2.6.6.-1.435.2.1 when doing IPv6
SSM transmissions (Hi again David). The crashlog attachment is for 435.2.1, and
the flute binary is MAD-FLUTE v1.0 which you can Google for if necessary.
Is it impolite to ask for an ETA on Fedora kernel updates?
For anyone watching at home, reverting to the 2.6.5 FC2 release kernel fixes
The current Fedora2 kernel should have this fix in it.
My IPv6 SSM crash still happens with .435-2.3, so it must be a
I've created bug 127131 to cover that, I'm guessing you'll need to
take a look Dave.
So let's close this one and address the multicast ipv6 issue
in your bz#127131