--- zzzz-none-000/linux-4.4.60/net/ipv6/netfilter/ip6_tables.c	2017-04-08 07:53:53.000000000 +0000
+++ hawkeye-5590-729/linux-4.4.60/net/ipv6/netfilter/ip6_tables.c	2022-03-30 14:21:53.000000000 +0000
@@ -349,6 +349,8 @@
 	IP_NF_ASSERT(table->valid_hooks & (1 << hook));
 
 	local_bh_disable();
+	rcu_read_lock();
+
 	addend = xt_write_recseq_begin();
 	private = table->private;
 	/*
@@ -425,6 +427,10 @@
 			}
 			if (table_base + v != ip6t_next_entry(e) &&
 			    !(e->ipv6.flags & IP6T_F_GOTO)) {
+				if (unlikely(stackidx >= private->stacksize)) {
+					verdict = NF_DROP;
+					break;
+				}
 				jumpstack[stackidx++] = e;
 			}
 
@@ -444,6 +450,7 @@
 	} while (!acpar.hotdrop);
 
 	xt_write_recseq_end(addend);
+	rcu_read_unlock();
 	local_bh_enable();
 
 #ifdef DEBUG_ALLOW_ALL
@@ -1248,6 +1255,7 @@
 	xt_entry_foreach(iter, oldinfo->entries, oldinfo->size)
 		cleanup_entry(iter, net);
 
+	synchronize_rcu();
 	xt_free_table_info(oldinfo);
 	if (copy_to_user(counters_ptr, counters,
 			 sizeof(struct xt_counters) * num_counters) != 0) {