lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACT4Y+YxpCmKkxbZ7Eg90E3hpehOFAahD0PWQoPoEAxaBo055A@mail.gmail.com>
Date:   Tue, 23 Jan 2018 20:03:35 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     David Ahern <dsahern@...il.com>
Cc:     William Tu <u9012063@...il.com>,
        syzbot <syzbot+9723f2d288e49b492cf0@...kaller.appspotmail.com>,
        David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit

On Tue, Jan 23, 2018 at 7:58 PM, David Ahern <dsahern@...il.com> wrote:
> On 1/23/18 11:50 AM, William Tu wrote:
>> Hi,
>>
>> I'm new to kasan and trying to follow this instruction to reproduce the issue:
>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>>
>> After re-compile my kernel with KASAN related config enable, I run
>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
>>
>> I wonder does the "program" mean the repro.c.txt? or I should compile
>> it to binary?
>> # gcc -o program repro.c.txt
>> # ./syz-execprog myprogram
>> 2018/01/23 10:45:19 parsed 0 programs
>>
>> And how to use the "repro.syz.txt"?
>> It seems to have some command like "syz_emit_ethernet" to generate packet.
>> but I have no clue where to run it. Maybe I'm still missing something?
>>
>
> In the past I have only compiled a kernel with KASAN, compiled the
> reproducer program and run it in a VM. No need for the syzbot overhead.

Yes, if C program reproducer the crash then it's easier to use.
repro.c.txt is the C program, you need to rename it to repro.c,
compile with gcc and run just as ./a.out.
But make sure that you have a gcc that supports KASAN (kernel build
does not in the beginning on compiler not supporting KASAN). I think
it's at least gcc 5+, but gcc 7+ would be better.

You can also run the syzkaller reproducer as:
./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ