lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250612200650.4049799-1-kuni1840@gmail.com>
Date: Thu, 12 Jun 2025 13:05:58 -0700
From: Kuniyuki Iwashima <kuni1840@...il.com>
To: wangxianying546@...il.com
Cc: dsahern@...nel.org,
	edumazet@...gle.com,
	horms@...nel.org,
	kuba@...nel.org,
	linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org,
	pabeni@...hat.com
Subject: Re: [BUG] BUG_Address_NUMNUMac1414bbbb_on_device_lo_is_missing_its_host_route

From: Xianying Wang <wangxianying546@...il.com>
Date: Thu, 12 Jun 2025 10:40:11 +0800
> Hi,
> 
> I discovered a kernel BUG described as
> "BUG_Address_NUMNUMac1414bbbb_on_device_lo_is_missing_its_host_route."
> This issue occurs in the IPv6 address configuration logic in the
> function addrconf_add_ifaddr() within net/ipv6/addrconf.c, where a
> BUG() assertion is triggered due to a missing host route for an IPv6
> address assigned to the loopback interface (lo).
> 
> In the triggering sequence, the loopback interface is assigned a
> unicast IPv6 address (e.g., 200:0:ac14:14bb::bb) and subsequently used
> in a bind() or connect() system call by an IPv6 socket. During this
> process, the kernel attempts to create a host route for the newly
> assigned address using ipv6_generate_host_route(), but the route
> installation fails, triggering a fatal BUG().
> 
> Suggested fix direction:
> 
> Investigate the logic in ipv6_generate_host_route() and
> addrconf_add_ifaddr() to ensure that assigning an IPv6 address to lo
> always either installs the appropriate host route or gracefully fails.
> Consider special casing the loopback device to avoid invalid or
> unnecessary host route installations.
> Add error handling or a fallback to prevent fatal BUG() when
> ipv6_generate_host_route() fails.
> 
> his can be reproduced on:
> 
> HEAD commit:
> 
> fac04efc5c793dccbd07e2d59af9f90b7fc0dca4

This is v6.13-rc2 and 2 dev cycles behind...


> 
> report: https://pastebin.com/raw/xe3fvj5Z
> 
> console output : https://pastebin.com/raw/8XXmK7B8
> 
> kernel config : https://pastebin.com/raw/6iC2wRBj
> 
> C reproducer : https://pastebin.com/raw/SN7zKXeN

I tired this but didn't reproduce the issue.

---8<---
# ./repro
executing program
[   24.926531] loop0: detected capacity change from 0 to 512
Bad system call (core dumped)
# 
---8<---


> 
> Let me know if you need more details or testing.

Could you test the repro on the latest net-next and do bisection
if it still reproduce ?

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ