From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030625 Description of problem: Just fooling around with ipv6. ping6 worked fine. Did a `traceroute6 ::1` to see what it would do. Crashed.... Repeatable: always crashes eventually, usually right away. Version-Release number of selected component (if applicable): kernel-2.6.6-1.435 How reproducible: Always Steps to Reproduce: 1. bring up a normal eth0 network connection 2. run "tracepath6 ::1" 3. watch it output several lines then crash Actual Results: It starts giving kernel errors on the console beginning with, e.g., Unable to handle kernel NULL pointer dereference at virtual address 00000000 then usually crashes right away. Sometimes continues responding to console, with interspersed "BUG: dst underflow 0: 02234f4d" lines saw crashes with eip in skb_drop_fraglist+0x13/0x38 or udp_v6_push_pending_frames+0xbf, etc. Sample dmesg output in the case where it didn't crash right away: eth0: no IPv6 routers present Unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: 12954179 *pde = 00000000 Oops: 0000 [#1] Modules linked in: parport_pc lp parport ipv6 autofs4 8139too mii floppy sg scsi_mod microcode nls_utf8 loop dm_mod uhci_hcd button battery asus_acpi ac ext3 jbd CPU: 0 EIP: 0060:[<12954179>] Not tainted EFLAGS: 00010286 (2.6.6-1.435) EIP is at udp_v6_push_pending_frames+0xbf/0x167 [ipv6] eax: cdd028c9 ebx: 00000000 ecx: cdd028c9 edx: 00000000 esi: 0f218954 edi: 11e3c440 ebp: 0f218900 esp: 0dbb8d40 ds: 007b es: 007b ss: 0068 Process tracepath6 (pid: 1692, threadinfo=0dbb8000 task=0dbfc710) Stack: 129547ab 0f218a88 0f218ad0 00000000 0f218aec 0dbb8ebc 0f218afc 129547d3 00002000 0dbb8f1c 00000000 0000400c 00000000 0f218a88 00000000 00000000 0f218adc 0f218a30 0f218ad0 0dbb8ebc 0f218900 0f263e40 00000006 00000000 Call Trace: [<129547ab>] udpv6_sendmsg+0x58a/0x6c8 [ipv6] [<129547d3>] udpv6_sendmsg+0x5b2/0x6c8 [ipv6] [<02232312>] sock_recvmsg+0x9c/0xb7 [<0226c11f>] inet_recvmsg+0x30/0x46 [<0226c16d>] inet_sendmsg+0x38/0x42 [<0223225c>] sock_sendmsg+0x88/0xa2 [<02140096>] get_user_size+0x2e/0x55 [<02233816>] sys_recvmsg+0x111/0x1e6 [<022338dc>] sys_recvmsg+0x1d7/0x1e6 [<022332df>] sys_sendto+0xc7/0xe2 [<0214fdec>] poll_freewait+0x33/0x3a [<02150199>] do_select+0x265/0x279 [<0213639b>] follow_page_pfn+0xec/0xfd [<0213639b>] follow_page_pfn+0xec/0xfd [<02233313>] sys_send+0x19/0x1d [<022339bd>] sys_socketcall+0xd2/0x179 [<0211a856>] sys_gettimeofday+0x25/0x55 Code: 8b 03 0f 18 00 90 8d 45 54 39 c3 75 e3 51 6a 08 57 e8 e1 e7 [...see attachment for more] Expected Results: well, I'm not sure, but certainly not a crash :-) Additional info: My network does not have an ipv6 router on it. Full dmesg output (starting with the boot messages) available on request.
Created attachment 101256 [details] output of dmesg - from boot to crash
Does the patch in bug 126021 fix the problem?
Fedora Core 2 has now reached end of life, and no further updates will be provided by Red Hat. The Fedora legacy project will be producing further kernel updates for security problems only. If this bug has not been fixed in the latest Fedora Core 2 update kernel, please try to reproduce it under Fedora Core 3, and reopen if necessary, changing the product version accordingly. Thank you.