lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAOU40uDOh7JY7nVmrS1Pr013zMP2Y=qLwiJeANvgEupNvuHnWw@mail.gmail.com>
Date: Thu, 12 Jun 2025 10:40:11 +0800
From: Xianying Wang <wangxianying546@...il.com>
To: dsahern@...nel.org
Cc: edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [BUG] BUG_Address_NUMNUMac1414bbbb_on_device_lo_is_missing_its_host_route

Hi,

I discovered a kernel BUG described as
"BUG_Address_NUMNUMac1414bbbb_on_device_lo_is_missing_its_host_route."
This issue occurs in the IPv6 address configuration logic in the
function addrconf_add_ifaddr() within net/ipv6/addrconf.c, where a
BUG() assertion is triggered due to a missing host route for an IPv6
address assigned to the loopback interface (lo).

In the triggering sequence, the loopback interface is assigned a
unicast IPv6 address (e.g., 200:0:ac14:14bb::bb) and subsequently used
in a bind() or connect() system call by an IPv6 socket. During this
process, the kernel attempts to create a host route for the newly
assigned address using ipv6_generate_host_route(), but the route
installation fails, triggering a fatal BUG().

Suggested fix direction:

Investigate the logic in ipv6_generate_host_route() and
addrconf_add_ifaddr() to ensure that assigning an IPv6 address to lo
always either installs the appropriate host route or gracefully fails.
Consider special casing the loopback device to avoid invalid or
unnecessary host route installations.
Add error handling or a fallback to prevent fatal BUG() when
ipv6_generate_host_route() fails.

his can be reproduced on:

HEAD commit:

fac04efc5c793dccbd07e2d59af9f90b7fc0dca4

report: https://pastebin.com/raw/xe3fvj5Z

console output : https://pastebin.com/raw/8XXmK7B8

kernel config : https://pastebin.com/raw/6iC2wRBj

C reproducer : https://pastebin.com/raw/SN7zKXeN

Let me know if you need more details or testing.

Best regards,

Xianying

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ