sctp_packet_transmit NULL pointer dereference kernel panic

Solution Verified - Updated -

Issue

  • NULL pointer dereference kernel panic in sctp_packet_transmit with call trace similar to:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
IP: [<ffffffffa0096b32>] sctp_packet_transmit+0x502/0x570 [sctp]
CPU: 14 PID: 0 Comm: swapper/14 Tainted: GF          O--------------   3.10.0-229.el7.x86_64 #1
RIP: 0010:[<ffffffffa0096b32>]  [<ffffffffa0096b32>] sctp_packet_transmit+0x502/0x570 [sctp]
Call Trace:
 [<ffffffffa00961a0>] ? __sctp_packet_append_chunk+0xc0/0x1b0 [sctp]
 [<ffffffffa009647b>] ? sctp_packet_append_chunk+0xfb/0x260 [sctp]
 [<ffffffffa00770e2>] ? sctp_sf_pdiscard+0x42/0x60 [sctp]
 [<ffffffffa007e64b>] sctp_cmd_interpreter.isra.25+0xcbb/0x1330 [sctp]
 [<ffffffffa007a004>] ? sctp_sf_do_5_1B_init+0x314/0x330 [sctp]
 [<ffffffffa007a004>] ? sctp_sf_do_5_1B_init+0x314/0x330 [sctp]
 [<ffffffffa007d43f>] sctp_do_sm+0xaf/0x1b0 [sctp]
 [<ffffffffa00803b4>] sctp_endpoint_bh_rcv+0x124/0x260 [sctp]
 [<ffffffffa00893ac>] sctp_inq_push+0x4c/0x70 [sctp]
 [<ffffffffa00976e4>] sctp_rcv+0x9b4/0xa40 [sctp]
 [<ffffffff81112948>] ? __call_rcu_nocb_enqueue+0xa8/0xc0
 [<ffffffff8111386d>] ? call_rcu_sched+0x1d/0x20
 [<ffffffff815b4af9>] ? ip_route_input_noref+0x6f9/0xbd0
 [<ffffffff810b4fd6>] ? update_group_power+0x136/0x210
 [<ffffffff815b6a64>] ip_local_deliver_finish+0xb4/0x1f0
 [<ffffffff815b6d38>] ip_local_deliver+0x48/0x80
 [<ffffffff815b66dd>] ip_rcv_finish+0x7d/0x350
 [<ffffffff815b6fa4>] ip_rcv+0x234/0x380

Environment

  • Red Hat Enterprise Linux 7.2 or earlier
  • SCTP Stream Control Transmission Protocol

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content