Hello, I’ve met a crash on kernel v5.4 when a v4 packet goes through a 464-clatd interface, thus converted to v6, and hits a netfilter rule that triggers a TCP reset to be sent back. Here is an example rule that can trigger it: ip6tables -t filter -I zone_wan_dest_ACCEPT 1 -p tcp -j REJECT --reject-with tcp-reset CONFIG_BRIDGE_NETFILTER is enabled. The crash is in skb_panic, when the code tries to add the eth header (dev_hard_header) but finds no room available. There seems to be a disconnect in the skb_alloc() and skb_reserve() values used in nf_send_reset6(), plus the eth header added. Anyone able to confirm? Thanks in advance, Thomas Traceback: [ 49.029989] -(2)[18620:modprobe] skb_panic+0x48/0x4c [ 49.030619] -(2)[18620:modprobe] skb_push+0x38/0x40 [ 49.031238] -(2)[18620:modprobe] eth_header+0x30/0xb8 [ 49.031880] -(2)[18620:modprobe] nf_send_reset6+0x234/0xc4c [nf_reject_ipv6] [ 49.032771] -(2)[18620:modprobe] 0xffffffc008df6084 [ 49.033389] -(2)[18620:modprobe] ip6t_do_table+0x398/0x820 [ip6_tables] [ 49.034223] -(2)[18620:modprobe] 0xffffffc008e0a054 [ 49.034841] -(2)[18620:modprobe] nf_hook_slow+0x40/0xbc [ 49.035502] -(2)[18620:modprobe] nf_hook.constprop.0+0x64/0x90 [ 49.036238] -(2)[18620:modprobe] ip6_forward+0x710/0x7b4 [ 49.036909] -(2)[18620:modprobe] ip6_rcv_finish+0x34/0x48
