Received: by 10.223.148.5 with SMTP id 5csp6371499wrq;
        Wed, 17 Jan 2018 12:48:34 -0800 (PST)
X-Google-Smtp-Source: ACJfBosMy9Bv+YqqkWyfAzzJkfqzYeQ0e8nxCCGUwmhw8BbXK6mvBPBlj2TUVw0gtjZ6qlF8d2/o
X-Received: by 10.84.213.130 with SMTP id g2mr17832583pli.349.1516222114800;
        Wed, 17 Jan 2018 12:48:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516222114; cv=none;
        d=google.com; s=arc-20160816;
        b=vwIZYIdglnnp7R/fcjjlHc5kLcEgjSh0YE0McIGV54XjKUciWPDW7aeWKsU68b31Ps
         9jx8YObBkX4iTQBtgB/38iF0oQ9l7k+mFjYJt2bOK1PVYdV0UKR2HP2He2QNCsy7Qrre
         do4Phl+U/r74+IqYu4hf3Mv/+TC53vgM4wg94CTZZfqJLRv5Ud531QUi+aPuv7n+YEYE
         +s+/XieZR85RT+XIwsZFFkkykzwVkDUgHLZElYhxvI0cL6r1FP3RQuMh9sE+8CyF/yGz
         dmr6IbjUgU4IVj7+a3KkNHV4uKUBIDuUHS9u/BZO8yYDDvcEVRHa1vCkoU9z5LKLgpJg
         NhRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:mail-followup-to
         :message-id:subject:cc:to:from:date:dkim-signature
         :arc-authentication-results;
        bh=tjUMVSTZhvpZJulGwwURSy7FR8rnR+jLmd6w2Wu7go8=;
        b=sQf1mXjqmfyjcqMJ6pskxh/OVOUvYHoSyGNSj+7nC38PmJIdLYbDcUMMZkFxgeFVxR
         9PrrlchLG9anqUCQTwKye1sEpbPt3O2/E39U9fsX4wPjcEY2VcKP4Ff02om3Jjp0pVAh
         VsSvKjbe3etckUfC29wXYA7kddex0fpll12/53KaDzAn3324up6KI06qJG6+pIqrI99I
         AuX6YbcWMYPLpOLL8KrZDdkl8c9drFSxkTLOi5Jdcot2Jo1ScgDeefAXCf/AwMBqugoj
         m4qnMr/V7yZDtru9pzVsIpNX8r1C2XWrw91p59ae+P+M4nrCJB06Xp1vBErD8aF3eD1t
         qe4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=jrhsLYSV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y128si4402400pgy.597.2018.01.17.12.48.21;
        Wed, 17 Jan 2018 12:48:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=jrhsLYSV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754765AbeAQUru (ORCPT <rfc822;tibaldi.amos@gmail.com>
        + 99 others); Wed, 17 Jan 2018 15:47:50 -0500
Received: from imap.thunk.org ([74.207.234.97]:57698 "EHLO imap.thunk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754166AbeAQUrr (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Jan 2018 15:47:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org;
         s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
        Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
        Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
        :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
        List-Post:List-Owner:List-Archive;
        bh=tjUMVSTZhvpZJulGwwURSy7FR8rnR+jLmd6w2Wu7go8=; b=jrhsLYSV2cQGXfGL56MdzD72fv
        0Kh6HaO4obAdo1nrNS44IRM3jPtdTfmq80HgjOqRchiJtbPXPawnkcHqmsm0hNoMcgxu+cETKux5C
        FS2UhzgXtdU9KdQ7GOC+i9Rj0iaBu6bJrAiasjVL4bOeoMPpwWT+0juGAflWQqKs8gfo=;
Received: from root (helo=callcc.thunk.org)
        by imap.thunk.org with local-esmtp (Exim 4.89)
        (envelope-from <tytso@thunk.org>)
        id 1ebucV-0003BL-RS; Wed, 17 Jan 2018 20:47:40 +0000
Received: by callcc.thunk.org (Postfix, from userid 15806)
        id 6FD25C0091E; Wed, 17 Jan 2018 15:47:35 -0500 (EST)
Date:   Wed, 17 Jan 2018 15:47:35 -0500
From:   Theodore Ts'o <tytso@mit.edu>
To:     Dmitry Vyukov <dvyukov@google.com>
Cc:     Daniel Borkmann <daniel@iogearbox.net>,
        Pavel Machek <pavel@ucw.cz>,
        Alexei Starovoitov <ast@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        netdev <netdev@vger.kernel.org>, syzkaller-bugs@googlegroups.com
Subject: Re: dangers of bots on the mailing lists was Re: divide error in
 ___bpf_prog_run
Message-ID: <20180117204735.GC6948@thunk.org>
Mail-Followup-To: Theodore Ts'o <tytso@mit.edu>,
        Dmitry Vyukov <dvyukov@google.com>,
        Daniel Borkmann <daniel@iogearbox.net>, Pavel Machek <pavel@ucw.cz>,
        Alexei Starovoitov <ast@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        netdev <netdev@vger.kernel.org>, syzkaller-bugs@googlegroups.com
References: <001a11405130ff1e9705629eb53c@google.com>
 <20180117093225.GB20303@amd>
 <ea809ab2-51f8-9094-efe2-11acf53458c0@iogearbox.net>
 <CACT4Y+YOzrzdGFswy_zp=XOUSKKNebdOJcMHC=SYASRGj3b7FA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACT4Y+YOzrzdGFswy_zp=XOUSKKNebdOJcMHC=SYASRGj3b7FA@mail.gmail.com>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 17, 2018 at 12:09:18PM +0100, Dmitry Vyukov wrote:
> On Wed, Jan 17, 2018 at 10:49 AM, Daniel Borkmann <daniel@iogearbox.net> wrote:
> > Don't know if there's such a possibility, but it would be nice if we could
> > target fuzzing for specific subsystems in related subtrees directly (e.g.
> > for bpf in bpf and bpf-next trees as one example). Dmitry?
> 
> Hi Daniel,
> 
> It's doable.
> Let's start with one bpf tree. Will it be bpf or bpf-next? Which one
> contains more ongoing work? What's the exact git repo address/branch,
> so that I don't second guess?

As a suggestion, until the bpf subsystem is free from problems that
can be found by Syzkaller in Linus's upstream tree, maybe it's not
worth trying to test individual subsystem trees such as the bpf tree?
After all, there's no point trying to bisect our way checking to see
if the problem is with a newly added commit in a development tree, if
it turns out the problem was first introduced years ago in the 4.1 or
3.19 timeframe.

After all, finding these older problems is going to have much higher
value, since these are the sorts of potential security problems that
are worth backporting to real device kernels for Android/ChromeOS, and
for enterprise distro kernels.  So from an "impact to the industry"
perspective, focusing on Linus's tree is going to be far more
productive.  That's a win for the community, and it's a win for those
people on the Syzkaller team who might be going up for promo or
listing their achievements at performance review time.  :-)

This will also give the Syzkaller team more time to make the
automation more intelligent in terms of being able to do the automatic
bisection to find the first guilty commit, labelling the report with
the specific subsystem tree that that it came from, etc., etc.

Cheers,

						- Ted

P.S.  Something that might be *really* interesting is for those cases
where Syzkaller can find a repro, to test that repro on various stable
4.4, 4.9, 3.18, et. al. LTS kernels.  This will take less resources
than a full bisection, but it will add real value since knowledge that
it will trigger on a LTS kernel will help prioritize which reports
developers might be more interested in focusing upon, and it will give
them a head start in determining which fixes needed to be backported
to which stable kernels.