From nobody Mon Oct 02 11:45:41 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RzfKK6T5Rz4vyyj for ; Mon, 2 Oct 2023 11:45:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RzfKK5PZRz3FZQ for ; Mon, 2 Oct 2023 11:45:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696247141; a=rsa-sha256; cv=none; b=cwi3iSYRMgxXt4fDmfS7rYTmJMSxRWjbylCu+KyBriQXnoUQwu1bEPZgT7yrLfvjYoukpp DKUQQa3AzjcinFlEQZkDnORWERSp7VCqbeNfMeZngnG2laGwVgDPXcKf87RGcglLmRQ3g8 c00iMUDQnM3GD/IDouv10BimFYjIoUpdZKNftYRRNoJerFk2erKzPcFXvO3Zkgd9ufSJUs cJxOPUCkSGdrg7toU3ap4Wfsdp9fWEGNxX/nHVJ4+ClvA4f9pPzz6/ZNagXneRx/jFUP+/ Kpcc+A+Ad2aHoX3st53ii/TGkmbmUL7TPK18GgbZ5hbnAS8OPxoqSIFWbq/gHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1696247141; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EKrIJ0wobo30BeKM2a/TJfmUNY6A6FurU1DZaNirGEY=; b=qnYX3av6Go7BgjFjUtS7QOp1UqbcQXWOrw8FO6TB1usL4eLvTLkr/M+ZPL5Fw+b81hFsTb Klky3+W8TR2WAS2IXgUQ9VufsyLOo+qCLdcUhMOHSfjvng3zJ0iYIGoSIoY9LqKVS4fDJO ChFS1BQPw2cEtjrJUuupSw2RBGlo7bShVPW6YcMeMJ1Wj+ZLp5qZHEodBH8RpFHfUP+XfC FoMT//2LStFWx+17DWUB6XX7Jyhasph4VqNbxTRPf0TBvu4Ux1RnMfoJMDaFB/LZo+yZCS xJqDeURQG9nesaNpHOyFa0S5fmue4eSLC9syzkfaCDyIpQUrscoHpCc5X6pyow== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RzfKK4PJyz19kn for ; Mon, 2 Oct 2023 11:45:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 392Bjflq037615 for ; Mon, 2 Oct 2023 11:45:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 392Bjfab037613 for net@FreeBSD.org; Mon, 2 Oct 2023 11:45:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 274009] in_pcblookup_hash_locked: invalid local address panic on sendto(2) to ipv4-mapped Date: Mon, 02 Oct 2023 11:45:41 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-CURRENT X-Bugzilla-Keywords: crash X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: freebsd@dev.thsi.be X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: tuexen@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274009 --- Comment #9 from Benjamin Jacobs --- (In reply to Mark Johnston from comment #6) Hi, yes it does seem to be that same issue. (In reply to Michael Tuexen from comment #8) My 2 cents: the version flag is indeed tricky because - as noted by Mark in its revision - an AF_INET6 UDP socket can transition back and forth between v4 and v6 (either by using connect() and/or sendto). I'm not sure either that getting rid of it is the right approach because the code ends up having to pass around an extra flag argument all over the place. But there are also some unclear locking rules, as stated in the comment around the in_pcb stuff, which makes the whole concept far from trivial for me to understand :) Nonetheless, I made a patch in a way for me to have something working. But it does seem all very hacky and ugly to carry an argument for "it is actually a v4-mapped" flag to all callers, and callers of callers, of the in_pcb_lport_dest. Also I did not completely understood the implication w.r.t. the handling of wildcard addresses. And possible concurrency issues are likely not addressed. Anyway, that might be of interest to you. Side note: it is trivial to trigger the bug using "sysctl net.inet6.ip6.v6only=3D0; drill @::ffff:8.8.8.8 freebsd.org" --=20 You are receiving this mail because: You are on the CC list for the bug.=