lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Mar 2017 16:23:47 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     David Ahern <dsa@...ulusnetworks.com>
Cc:     Eric Dumazet <eric.dumazet@...il.com>,
        Mahesh Bandewar <maheshb@...gle.com>,
        Eric Dumazet <edumazet@...gle.com>,
        David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        James Morris <jmorris@...ei.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Patrick McHardy <kaber@...sh.net>,
        netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Cong Wang <xiyou.wangcong@...il.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone

On Mon, Mar 27, 2017 at 3:57 PM, David Ahern <dsa@...ulusnetworks.com> wrote:
> On 3/27/17 6:42 AM, Dmitry Vyukov wrote:
>> A friendly ping. This still happens all the time for us.
>
> Haven't looked at this in a couple of weeks. I have syzkaller installed
> on a machine locally and never was able to reproduce this ipv6 problem.
> I am using a jessie rootfs; from the syzkaller files I take it you are
> using wheezy. Should not matter but as I recall there are differences in
> sysctl setttings. Regardless, can you send me the output of 'sysctl
> net.ipv6'?

Hi David,

So you have syzkaller running locally. Great!
Yes, we are using wheezy. I've attached output of sysctl net.ipv6.
We are also using "sandbox": "namespace" parameter in config, which
enables USER_NS-based sandboxing. It can be relevant as it results in
lots of network namespaces being created and destroyed. Also TUN
config can have effect as it make syzkaller create/destroy private
interfaces. Also make sure to enable CONFIG_KASAN as it detects most
of the failure modes, and CONFIG_KCOV which allows syzkaller to use
coverage guidance. I've attached my config.
Also try to bump count and procs parameters in syzkaller config.
"procs" is number of parallel test processes per VM, we usually use 8.
"count" is number of VMs to create, reasonable number depends on
amount of RAM you have. Both should increase fuzzing speed and
increase probability of hitting the crash.
We currently hit 20-40 crashes per day with 40 test VMs.


> It is spring break week here, and I am taking a couple of days off. With
> netdev next week, I realistically won't have time to come back to this
> for 2-3 weeks.

No problem. Just wanted to make sure that it's not completely
forgotten. Thanks for looking into this.

Download attachment "net.ipv6.sysctl" of type "application/octet-stream" (13921 bytes)

Download attachment ".config.syz" of type "application/octet-stream" (119868 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ