lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALDO+SaRJ29kauv6Us0+UkZdgVsLGod8pEVjC_SvKcgMSdkLtA@mail.gmail.com>
Date:   Tue, 23 Jan 2018 11:17:12 -0800
From:   William Tu <u9012063@...il.com>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     David Ahern <dsahern@...il.com>,
        syzbot <syzbot+9723f2d288e49b492cf0@...kaller.appspotmail.com>,
        David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>
Subject: Re: KASAN: slab-out-of-bounds Read in erspan_xmit

Thanks for the reply.

On Tue, Jan 23, 2018 at 11:03 AM, Dmitry Vyukov <dvyukov@...gle.com> wrote:
> On Tue, Jan 23, 2018 at 7:58 PM, David Ahern <dsahern@...il.com> wrote:
>> On 1/23/18 11:50 AM, William Tu wrote:
>>> Hi,
>>>
>>> I'm new to kasan and trying to follow this instruction to reproduce the issue:
>>> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md
>>>
>>> After re-compile my kernel with KASAN related config enable, I run
>>> $ ./syz-execprog -cover=0 -repeat=0 -procs=16 program
>>>
>>> I wonder does the "program" mean the repro.c.txt? or I should compile
>>> it to binary?
>>> # gcc -o program repro.c.txt
>>> # ./syz-execprog myprogram
>>> 2018/01/23 10:45:19 parsed 0 programs
>>>
>>> And how to use the "repro.syz.txt"?
>>> It seems to have some command like "syz_emit_ethernet" to generate packet.
>>> but I have no clue where to run it. Maybe I'm still missing something?
>>>
>>
>> In the past I have only compiled a kernel with KASAN, compiled the
>> reproducer program and run it in a VM. No need for the syzbot overhead.
>
> Yes, if C program reproducer the crash then it's easier to use.
> repro.c.txt is the C program, you need to rename it to repro.c,
> compile with gcc and run just as ./a.out.
> But make sure that you have a gcc that supports KASAN (kernel build
> does not in the beginning on compiler not supporting KASAN). I think
> it's at least gcc 5+, but gcc 7+ would be better.

I was using gcc 5+ and "gcc repro.c".
Running ./a.out does not show any issue on dmesg. Let me switch to gcc 7+.

>
> You can also run the syzkaller reproducer as:
> ./syz-execprog -cover=0 -repeat=0 -procs=16 repro.syz.txt

When using repro.syz.txt, which binary or what tests does it execute?
I didn't see it uses/compiles the repro.c.txt.
But it seems to run something...
~/net-next# ./syz-execprog -cover=0 -repeat=0 -procs=2 repro.syz.txt
2018/01/23 11:15:24 parsed 1 programs
2018/01/23 11:15:24 executed programs: 0
2018/01/23 11:15:29 executed programs: 210
2018/01/23 11:15:34 executed programs: 422
..

Thanks
William

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ