From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dmitry Vyukov <dvyukov@google.com>
Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit
Date: Tue, 23 Jan 2018 20:45:57 +0100
Message-ID: <CACT4Y+Yh9PAfG2k08BqTx07az7KLTkFvYmE4zCuuR4n0HF_WEw@mail.gmail.com>
References: <001a113e9f281d2cc3056362d99a@google.com> <7d3e467c-543c-7076-e900-25028a2c54b5@gmail.com>
 <CALDO+SYve37kS1C_NdLg_pO2B9zLuM_Mjv_mNV4h+phngxdV_A@mail.gmail.com>
 <CALDO+SYScmeUsG5fqngNAuYAZZbPjkfFERKHuKgry_r+W194SA@mail.gmail.com>
 <32f1adea-f2e3-9f29-bb1b-1b2116f13903@gmail.com> <CACT4Y+YxpCmKkxbZ7Eg90E3hpehOFAahD0PWQoPoEAxaBo055A@mail.gmail.com>
 <CALDO+SaRJ29kauv6Us0+UkZdgVsLGod8pEVjC_SvKcgMSdkLtA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Cc: David Ahern <dsahern@gmail.com>,
        syzbot <syzbot+9723f2d288e49b492cf0@syzkaller.appspotmail.com>,
        David Miller <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux Kernel Network Developers <netdev@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
To: William Tu <u9012063@gmail.com>
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <CALDO+SaRJ29kauv6Us0+UkZdgVsLGod8pEVjC_SvKcgMSdkLtA@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

On Tue, Jan 23, 2018 at 8:17 PM, William Tu <u9012063@gmail.com> wrote:
> Thanks for the reply.
>
> On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
>> On Tue, Jan 23, 2018 at 7:58 PM, David Ahern <dsahern@gmail.com> wrote:
>>> On 1/23/18 11:50 AM, William Tu wrote:
>>>> Hi,
>>>>
>>>> I'm new to kasan and trying to follow this instruction to reproduce the issue:
>>>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>>>>
>>>> After re-compile my kernel with KASAN related config enable, I run
>>>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
>>>>
>>>> I wonder does the "program" mean the repro.c.txt? or I should compile
>>>> it to binary?
>>>> # gcc -o program repro.c.txt
>>>> # ./syz-execprog myprogram
>>>> 2018/01/23 10:45:19 parsed 0 programs
>>>>
>>>> And how to use the "repro.syz.txt"?
>>>> It seems to have some command like "syz_emit_ethernet" to generate packet.
>>>> but I have no clue where to run it. Maybe I'm still missing something?
>>>>
>>>
>>> In the past I have only compiled a kernel with KASAN, compiled the
>>> reproducer program and run it in a VM. No need for the syzbot overhead.
>>
>> Yes, if C program reproducer the crash then it's easier to use.
>> repro.c.txt is the C program, you need to rename it to repro.c,
>> compile with gcc and run just as ./a.out.
>> But make sure that you have a gcc that supports KASAN (kernel build
>> does not in the beginning on compiler not supporting KASAN). I think
>> it's at least gcc 5+, but gcc 7+ would be better.
>
> I was using gcc 5+ and "gcc repro.c".
> Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+.
>
>>
>> You can also run the syzkaller reproducer as:
>> ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt
>
> When using repro.syz.txt, which binary or what tests does it execute?

It interprets the program in syzkaller notation in repro.syz.txt file.
It should be more of less equivalent to repro.c.txt C program in
behavior.


> I didn't see it uses/compiles the repro.c.txt.
> But it seems to run something...
> ~/net-next# ./syz-execprog -cover=0 -repeat=0 -procs=2 repro.syz.txt
> 2018/01/23 11:15:24 parsed 1 programs
> 2018/01/23 11:15:24 executed programs: 0
> 2018/01/23 11:15:29 executed programs: 210
> 2018/01/23 11:15:34 executed programs: 422
> ..
>
> Thanks
> William