Received: by 10.223.176.46 with SMTP id f43csp4581480wra; Tue, 23 Jan 2018 11:18:32 -0800 (PST) X-Google-Smtp-Source: AH8x224d4NetEomtYJJw7F4VapQ1bzy18gJrTqPsDZVxL0NiZstuCcvcLV87IyeieNN5C2b/ieur X-Received: by 10.36.103.196 with SMTP id u187mr5433824itc.31.1516735112280; Tue, 23 Jan 2018 11:18:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516735112; cv=none; d=google.com; s=arc-20160816; b=lQAC2CSzeyf+KXwCXWk9AsoU5hREnXfhbep+mqqZ0MHr8JeMR/UErceBHTvvLspLQX e0xAYJZC5ThZXUGCuDpM+ECsXf/3+CL93nPFNWEG3LgtkP5W4ayQvw+Y504cFPeQoABN TippmHoChdikAdQ4Lecn9I+ojqYI+/Q8Xh+sDehyPD45qFXMqIz3Mdzpm1WWjrvbnqoz ic5HUMiKeSb9uv/J2qAd7FNtmoStBXjQq5PXuPvCKvFnRWFuFZ613tJ9uBRwmA28Lqns uPf7m37+Jnm6vFb/76+pRMuy+OTJb/2f0qmkz+dV7sqGn2haM8e8MDIaFJcIq0eynK3k 0LBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=WnycS0AjAUaB3MFZfvMYnZA4ZxuRKYHxtmaAOsC1gKw=; b=k+FOGrR2SfjwibiyTsNZXHk02uvI0rFIAdA89VrmYWF5g206QkrRP+CxjIEB4SFkEl cBb2hISXtVzPKhwccxhVLyuPptBaWr9wuT0gEQeHSSDylGEuct40RIHuBaPEiIpvZxxD AuQBGQgDkfkbpz0eAfi6qTIIqKxqbXysR6ZZm4FXUO4dKxDABYSnJeKDeoA9kYFwDVVy xFoNBZr5OLnt44YK8dg9t7/9jjOxHppFYtbweQ2SXtoqQ0T5GVxpNdU+9HSQVXbmEvCG q+s1S2y6Lb79PirMtwQERB/67eu4YemqeTAKJABBtNNSMpT2WLgRM+payuDBdWsVhGft v85w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AKTqSMMI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h7si14881489ioa.217.2018.01.23.11.18.18; Tue, 23 Jan 2018 11:18:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=AKTqSMMI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752003AbeAWTR4 (ORCPT + 99 others); Tue, 23 Jan 2018 14:17:56 -0500 Received: from mail-io0-f169.google.com ([209.85.223.169]:44724 "EHLO mail-io0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751682AbeAWTRy (ORCPT ); Tue, 23 Jan 2018 14:17:54 -0500 Received: by mail-io0-f169.google.com with SMTP id z6so2085901iob.11; Tue, 23 Jan 2018 11:17:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WnycS0AjAUaB3MFZfvMYnZA4ZxuRKYHxtmaAOsC1gKw=; b=AKTqSMMIc3ZKB7njAog4jwaPkWCa0ofqo4Inv5j2IxFR1Q47oU9CQ26S1MN+CLzdL2 9lYh6WIRfjeiJRl3QCaXyNEWLfmzTdQuRCOGV/AyavJ9PMHse4W/YXSpLNdMn3Lya2rC KKFmCE4zqqwEywc0PEWiZTtSPKYuY7Sl8eVDjQPDnbheJb5YnFOZOglJ6VtBK3C3Ag8R 3iTqHm+xSXZDmfOhCxaFbMvb38S4CtZPDDwC49zfUdXDQnKvJ6mCEYnAanGSCrwGuesu oWZEmLphVlbU19xHAfmlcnfxTLKwO/wGvPHDKkYjwGWhClEzP1J2/JG5Q2PJWLVI07qu qKFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WnycS0AjAUaB3MFZfvMYnZA4ZxuRKYHxtmaAOsC1gKw=; b=UVeQ1sth56ih35ytOU3SlMkvrOUMNhZN6LzyeEQrrHIZ1H5zn6gfhnoaysz5hqEdEa DvroSrrshCBcxRH4v6JYOYLUDuuvYzfm/WrEjzymJ4pVMT6k7OeAuqCGjJtNxFDX583N LpJGf3bfX2LyJMvEjRBVT+FU8A9cLsrT8mq66m+rTMtOHd/p3lLaz2NNi1cVKLyI5pgc Km80GWRQ1XOO7Fo46D13xKYS4ZMfGN1QGT68NsL4wGZYFW+qgyuonIYgoPoFTj4oqLa2 BuodeeW1AdiCxQAibGdhpSwYEMMWSJW+owEq329VncoZvq+D/R3il8R0odpgQubJ1oAt hOtQ== X-Gm-Message-State: AKwxytelN2JM5yi530+4ofw97UN9YoE4Ay0kRdYJM/ZzQEjbb4jB4tDK 5ubLtVG29URRa6ltfyZ+sk50TUBzqUGjPfvXa2Y= X-Received: by 10.107.5.129 with SMTP id 123mr2506344iof.281.1516735073615; Tue, 23 Jan 2018 11:17:53 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.214.151 with HTTP; Tue, 23 Jan 2018 11:17:12 -0800 (PST) In-Reply-To: References: <001a113e9f281d2cc3056362d99a@google.com> <7d3e467c-543c-7076-e900-25028a2c54b5@gmail.com> <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com> From: William Tu Date: Tue, 23 Jan 2018 11:17:12 -0800 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit To: Dmitry Vyukov Cc: David Ahern , syzbot , David Miller , Alexey Kuznetsov , LKML , Linux Kernel Network Developers , syzkaller-bugs@googlegroups.com, Hideaki YOSHIFUJI Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks for the reply. On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov wrote: > On Tue, Jan 23, 2018 at 7:58 PM, David Ahern wrote: >> On 1/23/18 11:50 AM, William Tu wrote: >>> Hi, >>> >>> I'm new to kasan and trying to follow this instruction to reproduce the issue: >>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md >>> >>> After re-compile my kernel with KASAN related config enable, I run >>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program >>> >>> I wonder does the "program" mean the repro.c.txt? or I should compile >>> it to binary? >>> # gcc -o program repro.c.txt >>> # ./syz-execprog myprogram >>> 2018/01/23 10:45:19 parsed 0 programs >>> >>> And how to use the "repro.syz.txt"? >>> It seems to have some command like "syz_emit_ethernet" to generate packet. >>> but I have no clue where to run it. Maybe I'm still missing something? >>> >> >> In the past I have only compiled a kernel with KASAN, compiled the >> reproducer program and run it in a VM. No need for the syzbot overhead. > > Yes, if C program reproducer the crash then it's easier to use. > repro.c.txt is the C program, you need to rename it to repro.c, > compile with gcc and run just as ./a.out. > But make sure that you have a gcc that supports KASAN (kernel build > does not in the beginning on compiler not supporting KASAN). I think > it's at least gcc 5+, but gcc 7+ would be better. I was using gcc 5+ and "gcc repro.c". Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+. > > You can also run the syzkaller reproducer as: > ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt When using repro.syz.txt, which binary or what tests does it execute? I didn't see it uses/compiles the repro.c.txt. But it seems to run something... ~/net-next# ./syz-execprog -cover=0 -repeat=0 -procs=2 repro.syz.txt 2018/01/23 11:15:24 parsed 1 programs 2018/01/23 11:15:24 executed programs: 0 2018/01/23 11:15:29 executed programs: 210 2018/01/23 11:15:34 executed programs: 422 .. Thanks William