On Tue, Jun 16, 2020 at 04:28:22PM +0200, Andrey Konovalov wrote: > Hi, > > As of now all kernel changes required for USB fuzzing have been merged > into the mainline (the last one during the 5.8-rc1 merge window) > (woohoo! thanks for everyone's help :), so the USB fuzzing instance > [1] has been switched to target the Greg's usb-testing tree. As a > result, testing kernel patches on the USB fuzzing instance now follows > the same principle as on the mainline instances, with a few caveats > [2]: > > 1. You may specify any kernel tree for `syz test` as long as it > includes all mainline patches up to 5.8-rc1 (technically all dummy-hcd > and raw-gadget patches up to 5.8-rc1). (Specifying commit ids from the > usb-fuzzer branch still works too, for now.) > > 2. Some of the bugs have reproducers generated on kernel versions with > an old custom kernel (when fuzzing was performed with in-development > kernel patches), and therefore those reproducers might not work with > the mainline kernel. The recommended workflow is to: first, execute a > `syz test` command on a target tree to make sure that the bug > reproduces, and then execute a `syz test` command with a fix/debug > patch. > > On top of that, the USB fuzzing instance now has bisection enabled, > but it will only work for newly introduced bugs (as the old ones will > just bisect to raw-gadget patches). > > In time, as we get fresh bugs and reproducers, these issues should go away. > > At this point I think we can consider USB fuzzing support for > syzkaller completed. There are always some things to be improved of > course [3], but all the major parts are now in place. Very nice work, thanks for doing this! greg k-h
