Received: by 10.223.176.46 with SMTP id f43csp4566394wra;
        Tue, 23 Jan 2018 11:04:36 -0800 (PST)
X-Google-Smtp-Source: AH8x226yjOEwQteOhpuLMVNzmtTUmJsbKY/EVaI8PXJZfaFM7FHnn5NvZh71Fuqj66KRvcVor6U8
X-Received: by 10.157.87.133 with SMTP id q5mr8503181oth.106.1516734276186;
        Tue, 23 Jan 2018 11:04:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516734276; cv=none;
        d=google.com; s=arc-20160816;
        b=ZJd7ughUr+VEYX7rZBivunUyPdLgUwwmetsxxi64l3xn3CA37LhGpNZNojr46QiueQ
         h1ulCQ8dNFZs8LQFTsA+4OMbnrwnOI5ccXWM+SwNxAaiz8dFCx1lc31nriphVwcLiHAL
         DnTVlfFiAHgz8tUe4bgKJYVxnyZYKThzOwJ3QyKmYt2Wiiex/S8MgDuZ3W4tXOCex7gG
         It8Oa9h/n1HIk5dHcf3MC1lWKvric0r/plXK4GKqWEQG4xIFhGq+S6dvAvvMZctQ/iuQ
         jKPu4Fw7bBg80nhneVUMs09wgz5B0k1KpKaYOR/aUMLL5eXQjcrr+UT8phy11S8NvxOX
         EYKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=ap33yKu+HwAavJXkYdTVs8Erw8UL8Ed98+LX+lQEOXQ=;
        b=TAUvdeQH9ePuRUF/kjdvLIGz4OXE8T+JMqWTsikhI8K8EJBVXq8+zt9fJ0E+/FDLA3
         35xls2qFAFbuJ3mv6K0+aGBhEJUxwIArS1afgFEWQU+Dtno8zTQfq4cDwNtltdV99iUk
         56sTRvvlyONBD5swVqGUgZFuNKPcrRfuOSTGq9I/seIqebmnXY5FthrSZgcmsSvzhUMX
         GUKdrpJRMMkXb9inRf1YAvux6qqLNvgZYd2O6hrstBT7Wnb6HKCqcgIPwIys22v6UFBd
         a86xWHi6MrUxFy5DXB8IGuJSELPYcDP2Xc9nDI3yr9XHOtlQf6vNjx/JELhgrMH9tnDV
         9Yiw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=e4QluiCf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g77si15809277ioi.38.2018.01.23.11.04.20;
        Tue, 23 Jan 2018 11:04:36 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=e4QluiCf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751807AbeAWTD6 (ORCPT <rfc822;marvinzhang.kernel@gmail.com>
        + 99 others); Tue, 23 Jan 2018 14:03:58 -0500
Received: from mail-pf0-f182.google.com ([209.85.192.182]:42142 "EHLO
        mail-pf0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751389AbeAWTD5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Jan 2018 14:03:57 -0500
Received: by mail-pf0-f182.google.com with SMTP id b25so1043347pfd.9
        for <linux-kernel@vger.kernel.org>; Tue, 23 Jan 2018 11:03:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=ap33yKu+HwAavJXkYdTVs8Erw8UL8Ed98+LX+lQEOXQ=;
        b=e4QluiCfmNqV8nxGSRUCwK67QULRCqSPWVzGOlQQmd+sFHO5WOSUW8TexwBnvctooh
         doalsTAt7wmEHpb7RC7KhzSYtfis9c1VT8p0zqiGeXPG59q9WvykwHyD+IPt6BQxxSY6
         OwBIPqL1ex7inYX3zs/1W8UMNACloI1QwH3bFwLouKepWFFv+gTDiwQSd8t1ZEpehIYB
         jMC6awbI3dSsYSBdg9zzVKrEHOi3w648/Bwirqobb7QNNvLE95SHHqCI4ZZ/ZMo/6jMq
         CeclzXp1Ww1mDC7r+yYv7qXQFWfhhrx627PoDG0ZdJkT033qm7W7mVWZn6Ra6/Ghbqp2
         ftpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=ap33yKu+HwAavJXkYdTVs8Erw8UL8Ed98+LX+lQEOXQ=;
        b=ViXcfZMc1bihQKuNGY0krFD4rPrH/eDSySjxR7jeZ94QvxPQNz1GmXRtNf4QkFO9Na
         tF510qYkUowjFew6KNmzPe7ugJPrVrCxKu3JqdQBNgVv+zh5jzxAjllShB7Wr58MO7RE
         3fYj0fQqAORel0k5fY9d1AePcKquWWN0fEO4ImC94nYCcDo7Y2aawx9INaUGrN2YhGZL
         h+JV6pGhWddtTyi6BRobfCt/PWT6dkNQs4vkwZ/8m521YJF1qyy3Z9wwrfOJT+gJ7kZu
         S0z6Le0hzb2ziWJlf+IjRSXYIkISR4SpBXPY0Oc2kPDAzxsOE7dGHxjrpaX+MgKOtiQI
         fR9w==
X-Gm-Message-State: AKwxytcvwpiadHu3RYdvG7fTTjEGeLljIbs5f650XUXlgaQSa3YKtETm
        hXId40bHoBfjbMHzJqcDAP7auO4jWtjQsec51tLbFQ==
X-Received: by 10.101.90.10 with SMTP id y10mr9488501pgs.445.1516734235889;
 Tue, 23 Jan 2018 11:03:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.236.140.151 with HTTP; Tue, 23 Jan 2018 11:03:35 -0800 (PST)
In-Reply-To: <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com>
References: <001a113e9f281d2cc3056362d99a@google.com> <7d3e467c-543c-7076-e900-25028a2c54b5@gmail.com>
 <CALDO+SYve37kS1C_NdLg_pO2B9zLuM_Mjv_mNV4h+phngxdV_A@mail.gmail.com>
 <CALDO+SYScmeUsG5fqngNAuYAZZbPjkfFERKHuKgry_r+W194SA@mail.gmail.com> <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Tue, 23 Jan 2018 20:03:35 +0100
Message-ID: <CACT4Y+YxpCmKkxbZ7Eg90E3hpehOFAahD0PWQoPoEAxaBo055A@mail.gmail.com>
Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit
To:     David Ahern <dsahern@gmail.com>
Cc:     William Tu <u9012063@gmail.com>,
        syzbot <syzbot+9723f2d288e49b492cf0@syzkaller.appspotmail.com>,
        David Miller <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux Kernel Network Developers <netdev@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 23, 2018 at 7:58 PM, David Ahern <dsahern@gmail.com> wrote:
> On 1/23/18 11:50 AM, William Tu wrote:
>> Hi,
>>
>> I'm new to kasan and trying to follow this instruction to reproduce the issue:
>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>>
>> After re-compile my kernel with KASAN related config enable, I run
>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
>>
>> I wonder does the "program" mean the repro.c.txt? or I should compile
>> it to binary?
>> # gcc -o program repro.c.txt
>> # ./syz-execprog myprogram
>> 2018/01/23 10:45:19 parsed 0 programs
>>
>> And how to use the "repro.syz.txt"?
>> It seems to have some command like "syz_emit_ethernet" to generate packet.
>> but I have no clue where to run it. Maybe I'm still missing something?
>>
>
> In the past I have only compiled a kernel with KASAN, compiled the
> reproducer program and run it in a VM. No need for the syzbot overhead.

Yes, if C program reproducer the crash then it's easier to use.
repro.c.txt is the C program, you need to rename it to repro.c,
compile with gcc and run just as ./a.out.
But make sure that you have a gcc that supports KASAN (kernel build
does not in the beginning on compiler not supporting KASAN). I think
it's at least gcc 5+, but gcc 7+ would be better.

You can also run the syzkaller reproducer as:
./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt