Hi, As of now all kernel changes required for USB fuzzing have been merged into the mainline (the last one during the 5.8-rc1 merge window) (woohoo! thanks for everyone's help :), so the USB fuzzing instance [1] has been switched to target the Greg's usb-testing tree. As a result, testing kernel patches on the USB fuzzing instance now follows the same principle as on the mainline instances, with a few caveats [2]: 1. You may specify any kernel tree for `syz test` as long as it includes all mainline patches up to 5.8-rc1 (technically all dummy-hcd and raw-gadget patches up to 5.8-rc1). (Specifying commit ids from the usb-fuzzer branch still works too, for now.) 2. Some of the bugs have reproducers generated on kernel versions with an old custom kernel (when fuzzing was performed with in-development kernel patches), and therefore those reproducers might not work with the mainline kernel. The recommended workflow is to: first, execute a `syz test` command on a target tree to make sure that the bug reproduces, and then execute a `syz test` command with a fix/debug patch. On top of that, the USB fuzzing instance now has bisection enabled, but it will only work for newly introduced bugs (as the old ones will just bisect to raw-gadget patches). In time, as we get fresh bugs and reproducers, these issues should go away. At this point I think we can consider USB fuzzing support for syzkaller completed. There are always some things to be improved of course [3], but all the major parts are now in place. Thanks! [1] https://syzkaller.appspot.com/upstream?manager=ci2-upstream-usb [2] https://github.com/google/syzkaller/blob/master/docs/syzbot.md#usb-bugs [3] https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md#todo-list
