Project

General

Profile

Actions

Bug #14092

closed

Kernel panic when PF passes a large/fragmented ICMP6 packet

Added by Jim Pingle over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Urgent
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

With pf enabled and a rule to pass IPv6 ICMP, the kernel may panic when receiving and passing a large ICMP6 packet:

ping6 -s 65500 <target address>

It happens against 2.7.0 (current snapshot, 2.7.0.a.20230310.0600) as well as Plus 23.01-RELEASE.

If the packet is blocked or if pf is disabled, the crash does not occur.

Textdump is attached from a 2.7.0 system as those still have debugging options enabled in the kernel.


Files

icmp6-65500-crash-textdump.tar (154 KB) icmp6-65500-crash-textdump.tar Jim Pingle, 03/10/2023 08:34 AM

Related issues

Related to Bug #14077: Kernel panic from incoming IPv6 connectionsResolvedKristof Provost

Actions
Actions

Also available in: Atom PDF