Received: by 10.223.176.46 with SMTP id f43csp48563wra; Tue, 23 Jan 2018 15:55:39 -0800 (PST) X-Google-Smtp-Source: AH8x224rIDTXrrs/gHqk9b1xZ4OwI6m3soEvd0QzQEAp+lKNSLmn0JKiG0z0tvsl2FmTkFtbYqbs X-Received: by 2002:a17:902:6e8c:: with SMTP id v12-v6mr6589970plk.14.1516751739482; Tue, 23 Jan 2018 15:55:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516751739; cv=none; d=google.com; s=arc-20160816; b=t/Af2GosANkZgUQ9v8lJM2Rq79TKu5tecKymZB8uv5QHT/uDI164+pXyIfV5PuXA1g 5xMnx+fYp4M2xbFmS59B5j4qKBOHweYebPzLeq3iDd0ULOFvVViPM0arFcw2NJ15Txeq ieWWm8DwDVMcxbzLNPjKr69eO4Lz37fFJF5tVvnX1V2iIM+ZyAp1THZKntsz7iSAzre9 6YJvWtn2Km5gvosJvwgjyYhWb+BUejBRWpAYf+TP+AX2bkCJ6vap9Xyxe/UjTUop6334 Ae2qjGPDECvXXSiDHiidq2ecEnUykiFg2HK1qseRqEvMCIDg0Gi2GLl/8ZxU7HEMBrld PVJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=XdtkOYkZMblc04mTmskqkPCuYLipWYoNUYEFucMp1FQ=; b=Rs/rlGlP0O/DEZfgi9QzI9DvvOE6lROR0OBEKzGB5yfbrQV2K7zkteZHTtmHYiQ0lN h6WYBQzd1J9InD/pcAYSebmqOEvLkuhc9ZPBA2Gay6qUHm/lBjl5kva0fiHM+vTJSktf vQ5nQrMFMPHNCJbOxNvMU1p1L1Q5xDANIWvpm1XF9QiNFDFuJ9ouiWjIr2laoTFOcT+n SOIDPdDSZv12drOb2DBREqMmK2svXZUzZ/Yhl1tZOGf74mSfAH1AN3zcMCXz8PKioWuq aX6g5+ntUn+W8aZOPOZ4jKg/OlHTmaEAaBKltU63EKRc66qDKp8u+Bl7S90L7zQ4k/Ph D/oA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=o3b8HDPw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i1si15468523pgo.426.2018.01.23.15.55.25; Tue, 23 Jan 2018 15:55:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=o3b8HDPw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752699AbeAWXyv (ORCPT + 99 others); Tue, 23 Jan 2018 18:54:51 -0500 Received: from mail-it0-f47.google.com ([209.85.214.47]:33187 "EHLO mail-it0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752680AbeAWXyo (ORCPT ); Tue, 23 Jan 2018 18:54:44 -0500 Received: by mail-it0-f47.google.com with SMTP id c102so16610124itd.0; Tue, 23 Jan 2018 15:54:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=XdtkOYkZMblc04mTmskqkPCuYLipWYoNUYEFucMp1FQ=; b=o3b8HDPwNOc1EPPad0AvXA2Tg5n65k5OKUO04ovignERLKo+kDn9dl1oDAk45k5G3l omCldSgF2QWXpNjaEXokwuXQIgp1N6RnMXOLVI54OWWw5oLT4VJa8LzZYS4Q0P7tMIE3 lGol00g44+sgW4STxpuXxVvQ4KsM/ltI4UQH/Nix75WNWfPPV0jsKfhRFFDIvrvP/q8L e380iWNnPz9UnvSmBcwieg0IQEqIZMcdkcylaQIsKuF6ACeoUs9YeF7X0FJXVw38Q11y qS7PkqvyDyvvUlFXQJKRywxPwE78vY+zz9XblYDalNiS1fkeND+eyGZNLlalBCf3xBrS 1O2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=XdtkOYkZMblc04mTmskqkPCuYLipWYoNUYEFucMp1FQ=; b=sHh4g4+8Ifondx39p09phIw0AfdRJscFhGJOI/0SoAKDREJTnmq851aDXICS9HR4pW xamuZcvMuTAt7Dl6ycB32Ae0KA9sXLeE4Dtyjnu98H6gx829ptCbdZ85/v93DomH6OrP PJHC+UXqlxZlpdmoavraw51opuqS7oH6xc/fnLRYx0xp/a4VwU0ZjF7kyhs5DT9Umiou PGwRDDj4oSbhm9M6VTsHwvPtPDd9fXfJHx8s016uhHbezmzIs0F6rhA4LDLoUzkcHqXF LGmKOo/WKtDqZBsiI/D+GqJurl+Vy+leNHaIdGE6ormF/nZ4QfQY2iD3CrGwpozj/ya2 SUlw== X-Gm-Message-State: AKwxytfUH0niya2Cf/tCoJrpWKr7LIlOIkVVXT0NIk/5jhGMwS8tKAe+ OBfkBcSi5+YnjHXGKw5kmPnm4WNEE7QOgsjJhM/odw== X-Received: by 10.36.165.79 with SMTP id w15mr6074774iti.127.1516751683848; Tue, 23 Jan 2018 15:54:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.214.151 with HTTP; Tue, 23 Jan 2018 15:54:03 -0800 (PST) In-Reply-To: References: <001a113e9f281d2cc3056362d99a@google.com> <7d3e467c-543c-7076-e900-25028a2c54b5@gmail.com> <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com> From: William Tu Date: Tue, 23 Jan 2018 15:54:03 -0800 Message-ID: Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit To: Dmitry Vyukov Cc: David Ahern , syzbot , David Miller , Alexey Kuznetsov , LKML , Linux Kernel Network Developers , syzkaller-bugs@googlegroups.com, Hideaki YOSHIFUJI Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 23, 2018 at 11:45 AM, Dmitry Vyukov wrote: > On Tue, Jan 23, 2018 at 8:17 PM, William Tu wrote: >> Thanks for the reply. >> >> On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov wrote: >>> On Tue, Jan 23, 2018 at 7:58 PM, David Ahern wrote: >>>> On 1/23/18 11:50 AM, William Tu wrote: >>>>> Hi, >>>>> >>>>> I'm new to kasan and trying to follow this instruction to reproduce the issue: >>>>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md >>>>> >>>>> After re-compile my kernel with KASAN related config enable, I run >>>>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program >>>>> >>>>> I wonder does the "program" mean the repro.c.txt? or I should compile >>>>> it to binary? >>>>> # gcc -o program repro.c.txt >>>>> # ./syz-execprog myprogram >>>>> 2018/01/23 10:45:19 parsed 0 programs >>>>> >>>>> And how to use the "repro.syz.txt"? >>>>> It seems to have some command like "syz_emit_ethernet" to generate packet. >>>>> but I have no clue where to run it. Maybe I'm still missing something? >>>>> >>>> >>>> In the past I have only compiled a kernel with KASAN, compiled the >>>> reproducer program and run it in a VM. No need for the syzbot overhead. >>> >>> Yes, if C program reproducer the crash then it's easier to use. >>> repro.c.txt is the C program, you need to rename it to repro.c, >>> compile with gcc and run just as ./a.out. >>> But make sure that you have a gcc that supports KASAN (kernel build >>> does not in the beginning on compiler not supporting KASAN). I think >>> it's at least gcc 5+, but gcc 7+ would be better. >> >> I was using gcc 5+ and "gcc repro.c". >> Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+. >> >>> >>> You can also run the syzkaller reproducer as: >>> ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt >> >> When using repro.syz.txt, which binary or what tests does it execute? > > It interprets the program in syzkaller notation in repro.syz.txt file. > It should be more of less equivalent to repro.c.txt C program in > behavior. > thanks!. Now I can reproduce the issue.