ip6_tables crash in socket_mt6_v1() due ipv6_find_hdr() returning bad offset

Solution Unverified - Updated -

Issue

  • ip6_tables crash in socket_mt6_v1() due ipv6_find_hdr() returning bad offset
  • Kernel panic ending in exception RIP: socket_mt6_v1 and backtrace similar to:
RIP: 0010:[<ffffffffa033f762>]  [<ffffffffa033f762>] socket_mt6_v1+0xe2/0x524 [xt_socket]
 [<ffffffffa0396034>] ? ipv6_find_hdr+0x1a4/0x1d0 [ip6_tables]
 [<ffffffffa039647a>] ip6t_do_table+0x29a/0x6ec [ip6_tables]
 [<ffffffffa0369e74>] ? ipv6_frag_rcv+0xa24/0xe50 [ipv6]
 [<ffffffffa03f80c3>] ip6t_in_hook+0x23/0x30 [ip6table_mangle]
 [<ffffffff81474de9>] nf_iterate+0x69/0xb0
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffff81474fa4>] nf_hook_slow+0x74/0x110
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffffa03243c3>] nf_ct_frag6_output+0x73/0xe0 [nf_defrag_ipv6]
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffffa0324099>] ipv6_defrag+0x89/0xb0 [nf_defrag_ipv6]
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffff81474de9>] nf_iterate+0x69/0xb0
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffff81474fa4>] nf_hook_slow+0x74/0x110
 [<ffffffffa03491b0>] ? ip6_rcv_finish+0x0/0x50 [ipv6]
 [<ffffffffa0349572>] ipv6_rcv+0x372/0x460 [ipv6]
 [<ffffffff8144891b>] __netif_receive_skb+0x4ab/0x750
 [<ffffffff81166ae9>] ? ksize+0x19/0x80
 [<ffffffff8144acf8>] netif_receive_skb+0x58/0x60

or

    [exception RIP: socket_mt6_v1+226]
 #9 [ffff8800282a3768] ip6t_do_table at ffffffffa028f47a [ip6_tables]
#10 [ffff8800282a38f8] ip6t_in_hook at ffffffffa02fb0c3 [ip6table_mangle]
#11 [ffff8800282a3908] nf_iterate at ffffffff81474de9
#12 [ffff8800282a3958] nf_hook_slow at ffffffff81474fa4
#13 [ffff8800282a39d8] nf_ct_frag6_output at ffffffffa02083c3 [nf_defrag_ipv6]
#14 [ffff8800282a3a48] ipv6_defrag at ffffffffa0208099 [nf_defrag_ipv6]
#15 [ffff8800282a3a88] nf_iterate at ffffffff81474de9
#16 [ffff8800282a3ad8] nf_hook_slow at ffffffff81474fa4
#17 [ffff8800282a3b58] ipv6_rcv at ffffffffa0242572 [ipv6]
#18 [ffff8800282a3ba8] __netif_receive_skb at ffffffff8144891b
#19 [ffff8800282a3c08] netif_receive_skb at ffffffff8144acf8

Environment

  • Red Hat Enterprise Linux 6.5 or earlier
  • IPv6 traffic
  • ip6tables IPv6 netfilter iptables firewall

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content