Received: by 10.223.176.46 with SMTP id f43csp4609100wra; Tue, 23 Jan 2018 11:46:58 -0800 (PST) X-Google-Smtp-Source: AH8x226fUMyQKx5ys+EAb1H6N4tcY3wAhd1r7kRqBOh+la7SywRtMR5O77DogyBQi8/efmkgPVCw X-Received: by 10.36.88.83 with SMTP id f80mr5559761itb.66.1516736818399; Tue, 23 Jan 2018 11:46:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516736818; cv=none; d=google.com; s=arc-20160816; b=qfdF8JbQy94t3rYK3rKKOJpC60fHdZr/oMY9D0ZhjdRdUI1S9diwW3yYP4M0096lUs KZ0A0qkJxy40MT3Cl/wufmxz/DcpQEdOdz/Zgaw0WlRN3YHun8hXz3Mo2r5VHZNLIgD2 zTascVQ/0qcm8yWvbi7s2nWYFADAn84dsg1RB7gsbERFtAa0ranRfE0/YfBYWZPCHF8L uU5nBZnR6Qc94euUIDBR2+B9zApOOUx9IBofYM5Y8lhyavsGsEMr7NEkHTbc7Byo02bt C/CqTkMqCEZ4yno3nH/3I6NsM90xh02/TFvgm2vhLjKpgVLhVMfhaRg5UQTpTUBtg+Un 7mvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=zWeJUDCR+wgvB2NU2eAhLrXejq99kDJkGwMK5IXyhlQ=; b=l2cYMc/79dtCyZIbSW6H7usd7C2wPTbksaAq6JiRVh0jVmnx6+ZTYBujJV24Lxbf+f OQJbVTjE+aDF9+Z83y1kBvyWPFOkrmuDwTO1J5FsNHQm+nAEoy0Y4c6TfLAqf6NFcnWN 6CBHTTYAh3mCf5yIf76+d8HpbzdSJl3oILWW3MHBicRMoAANXYz9rE4D0wFfgN3/y4QH xTSB1q329Wz4rEAxGjv3szk4TbrY2CGnKwGHVKlJcod4C2Vh4XIs5uLuE3oq93/eMhEj k45SCoYSbWEh8SL9M4T8ZSk2IrQN13Gg8Q4/yzwXi5g0/wyftVWCAbdXle2ex32pQnGe 0pBA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kGOjLz29; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j131si10220464ioj.178.2018.01.23.11.46.42; Tue, 23 Jan 2018 11:46:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kGOjLz29; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752226AbeAWTqU (ORCPT + 99 others); Tue, 23 Jan 2018 14:46:20 -0500 Received: from mail-pf0-f177.google.com ([209.85.192.177]:39646 "EHLO mail-pf0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752083AbeAWTqT (ORCPT ); Tue, 23 Jan 2018 14:46:19 -0500 Received: by mail-pf0-f177.google.com with SMTP id e11so1138001pff.6 for ; Tue, 23 Jan 2018 11:46:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zWeJUDCR+wgvB2NU2eAhLrXejq99kDJkGwMK5IXyhlQ=; b=kGOjLz29FxCRbgDZPzzFX7yPTiSnFnit7bBboGduRdIRwngeIP1Fb/GjDXpC7cplTe 9Ljfmeo54c6fS2mmBftfbwUL/IAy769LlzEcEiwVSfvaBupEKkewXGzm5BHvTPLZX54p h64PPX43v23YeVy0+mmBcMFOFj0V0qr4+ZvJ/f/Ciur+nC9NGa42DgrfJ/e7o0AAIN0o yC8+4TbhbB825AjxVGbcBlcKf3TzBu6TqguqIeS2hzIFqjO41VLYComF+n9ysWyvFU4U yRpErwoxXZRyGqTKtC2LCe7x0l2AgPE3bAnjTrbug8yIWWiLgcAkGUVpN053Q0AHAUGk QeMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zWeJUDCR+wgvB2NU2eAhLrXejq99kDJkGwMK5IXyhlQ=; b=ZW5jbK9iOduARV1lEhDVPyJyATddt53o3c+TryPCH8FkQyvNymGg8KinYvpO7khJnO a8cg+0R1lXbVX1YbB3Sc7Q7D38Sg9FFeIySqhlHdFz+jSLKc49+M0exKG9Uv5lFq1lRy KEZUvIyhN7WCjgR/q6PS91KW5o0iiIbZQytN4xmDw05U72iine90wij43G72W7MzPuyH ciXbBfWeWwNl/G4/rsvUFTWsmHo8bLoYfbQ2XLvWOJ/zuuExbcaB3VbN2YLIvr4l3erI 7aY4zTAkGVRLeKFhHhIxvkV2GHYAfLLZDN8zIJeuNVbm3hMA5pD7Pvlt5e2ikk/G+qV7 lE1w== X-Gm-Message-State: AKwxyte8aadlAKYdH+qpgE6Cbki+ThKzQ4vl92lJXwyATrVjWkvWPPtP kJwBWF6yqEN5Mdh/gC+X4MyMl1onW8GrUCj1LB6y/g== X-Received: by 10.98.155.8 with SMTP id r8mr10912128pfd.94.1516736778117; Tue, 23 Jan 2018 11:46:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.236.140.151 with HTTP; Tue, 23 Jan 2018 11:45:57 -0800 (PST) In-Reply-To: References: <001a113e9f281d2cc3056362d99a@google.com> <7d3e467c-543c-7076-e900-25028a2c54b5@gmail.com> <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com> From: Dmitry Vyukov Date: Tue, 23 Jan 2018 20:45:57 +0100 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit To: William Tu Cc: David Ahern , syzbot , David Miller , Alexey Kuznetsov , LKML , Linux Kernel Network Developers , syzkaller-bugs@googlegroups.com, Hideaki YOSHIFUJI Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 23, 2018 at 8:17 PM, William Tu wrote: > Thanks for the reply. > > On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov wrote: >> On Tue, Jan 23, 2018 at 7:58 PM, David Ahern wrote: >>> On 1/23/18 11:50 AM, William Tu wrote: >>>> Hi, >>>> >>>> I'm new to kasan and trying to follow this instruction to reproduce the issue: >>>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md >>>> >>>> After re-compile my kernel with KASAN related config enable, I run >>>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program >>>> >>>> I wonder does the "program" mean the repro.c.txt? or I should compile >>>> it to binary? >>>> # gcc -o program repro.c.txt >>>> # ./syz-execprog myprogram >>>> 2018/01/23 10:45:19 parsed 0 programs >>>> >>>> And how to use the "repro.syz.txt"? >>>> It seems to have some command like "syz_emit_ethernet" to generate packet. >>>> but I have no clue where to run it. Maybe I'm still missing something? >>>> >>> >>> In the past I have only compiled a kernel with KASAN, compiled the >>> reproducer program and run it in a VM. No need for the syzbot overhead. >> >> Yes, if C program reproducer the crash then it's easier to use. >> repro.c.txt is the C program, you need to rename it to repro.c, >> compile with gcc and run just as ./a.out. >> But make sure that you have a gcc that supports KASAN (kernel build >> does not in the beginning on compiler not supporting KASAN). I think >> it's at least gcc 5+, but gcc 7+ would be better. > > I was using gcc 5+ and "gcc repro.c". > Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+. > >> >> You can also run the syzkaller reproducer as: >> ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt > > When using repro.syz.txt, which binary or what tests does it execute? It interprets the program in syzkaller notation in repro.syz.txt file. It should be more of less equivalent to repro.c.txt C program in behavior. > I didn't see it uses/compiles the repro.c.txt. > But it seems to run something... > ~/net-next# ./syz-execprog -cover=0 -repeat=0 -procs=2 repro.syz.txt > 2018/01/23 11:15:24 parsed 1 programs > 2018/01/23 11:15:24 executed programs: 0 > 2018/01/23 11:15:29 executed programs: 210 > 2018/01/23 11:15:34 executed programs: 422 > .. > > Thanks > William