lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jan 2018 20:45:57 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     William Tu <u9012063@...il.com>
Cc:     David Ahern <dsahern@...il.com>,
        syzbot <syzbot+9723f2d288e49b492cf0@...kaller.appspotmail.com>,
        David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit

On Tue, Jan 23, 2018 at 8:17 PM, William Tu <u9012063@...il.com> wrote:
> Thanks for the reply.
>
> On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov <dvyukov@...gle.com> wrote:
>> On Tue, Jan 23, 2018 at 7:58 PM, David Ahern <dsahern@...il.com> wrote:
>>> On 1/23/18 11:50 AM, William Tu wrote:
>>>> Hi,
>>>>
>>>> I'm new to kasan and trying to follow this instruction to reproduce the issue:
>>>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>>>>
>>>> After re-compile my kernel with KASAN related config enable, I run
>>>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
>>>>
>>>> I wonder does the "program" mean the repro.c.txt? or I should compile
>>>> it to binary?
>>>> # gcc -o program repro.c.txt
>>>> # ./syz-execprog myprogram
>>>> 2018/01/23 10:45:19 parsed 0 programs
>>>>
>>>> And how to use the "repro.syz.txt"?
>>>> It seems to have some command like "syz_emit_ethernet" to generate packet.
>>>> but I have no clue where to run it. Maybe I'm still missing something?
>>>>
>>>
>>> In the past I have only compiled a kernel with KASAN, compiled the
>>> reproducer program and run it in a VM. No need for the syzbot overhead.
>>
>> Yes, if C program reproducer the crash then it's easier to use.
>> repro.c.txt is the C program, you need to rename it to repro.c,
>> compile with gcc and run just as ./a.out.
>> But make sure that you have a gcc that supports KASAN (kernel build
>> does not in the beginning on compiler not supporting KASAN). I think
>> it's at least gcc 5+, but gcc 7+ would be better.
>
> I was using gcc 5+ and "gcc repro.c".
> Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+.
>
>>
>> You can also run the syzkaller reproducer as:
>> ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt
>
> When using repro.syz.txt, which binary or what tests does it execute?

It interprets the program in syzkaller notation in repro.syz.txt file.
It should be more of less equivalent to repro.c.txt C program in
behavior.


> I didn't see it uses/compiles the repro.c.txt.
> But it seems to run something...
> ~/net-next# ./syz-execprog -cover=0 -repeat=0 -procs=2 repro.syz.txt
> 2018/01/23 11:15:24 parsed 1 programs
> 2018/01/23 11:15:24 executed programs: 0
> 2018/01/23 11:15:29 executed programs: 210
> 2018/01/23 11:15:34 executed programs: 422
> ..
>
> Thanks
> William

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ