Received: by 10.192.165.148 with SMTP id m20csp469376imm;
        Wed, 9 May 2018 16:23:55 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqLlwDLMMZaKl/4ZJHYyRgXlEWsAO3ATii1ZJfO/DgZKfORTVOslj2eEDjwM0IN+S+RTaMK
X-Received: by 2002:a63:603:: with SMTP id 3-v6mr3459064pgg.435.1525908235683;
        Wed, 09 May 2018 16:23:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525908235; cv=none;
        d=google.com; s=arc-20160816;
        b=TjUO+d0CLG5cGk/1Zpc/FPn5OzjpwNdxrM1EgPVse45RMwH0NWRJsqLLOX4dSsgOKy
         N/OCj0Qmpaf+YNvglHGqeteuN8a3GRiDNOmpRTxPM06C6T6+Js1rvlituLzwSMAvZKfY
         uhY6vEGc7qNhisKzCmdRO6RvazJFiO8aQR7kVOsZn0wYedeo1GcyyVZ4QlKeYXdDoslH
         ExM2PsyH5vo/XA5sYOBOIrl8TLhkejaUEplggoP83kRflLcNhKqVH9k1ywzVct64gTAs
         hkwAiKpUludDc/iqE9YCGpbQpdFf5tIgRR4/kPKkY6rOng+lXJm8Ceqz4OMr8Z3L13py
         n1Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=v3h9stgcPRDvMSfPbJOoLWK/R8a2IQfpQB9MwlWAcrc=;
        b=i3FaQDyEXaQM/ZX6CXAlefP9XETJsFxIQDlEmfRpCHOcOosrTJGs24r0d9YD2DEhzE
         yBadBBbPOsAOu7iGm+wvygoDARSvTODHgIEK5/b0WFG/Gutth/sajva6RdYvtlhtmJZo
         1MNhQxBcwZlyRn3A+LiE/4Vwbj4s5lKGiAonrbjd5KRVkpxc34TWILqPX3ug/O+ND4BG
         SuEDS/f2vLYbYBNyzQld8YnVaV2Dah7KQVN95UwsAE9s7z3vErxEkrcmzP7dVovS9qiK
         tDi5vc+PqaA4GlacrNO9OkDeYW57kTBJx53qphThIxwQ7cfXMboEkMdcrLpY/vFT6JQ/
         xZjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k139si28023460pfd.97.2018.05.09.16.23.40;
        Wed, 09 May 2018 16:23:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966010AbeEIXW7 (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Wed, 9 May 2018 19:22:59 -0400
Received: from ipmail06.adl6.internode.on.net ([150.101.137.145]:43573 "EHLO
        ipmail06.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S965902AbeEIXW5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 May 2018 19:22:57 -0400
Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252])
  by ipmail06.adl6.internode.on.net with ESMTP; 10 May 2018 08:52:55 +0930
Received: from dave by dastard with local (Exim 4.80)
        (envelope-from <david@fromorbit.com>)
        id 1fGYQA-0005HP-4A; Thu, 10 May 2018 09:22:54 +1000
Date:   Thu, 10 May 2018 09:22:54 +1000
From:   Dave Chinner <david@fromorbit.com>
To:     Dmitry Vyukov <dvyukov@google.com>
Cc:     Eric Sandeen <sandeen@sandeen.net>,
        "Darrick J. Wong" <darrick.wong@oracle.com>,
        syzbot <syzbot+84a67953651a971809ba@syzkaller.appspotmail.com>,
        LKML <linux-kernel@vger.kernel.org>, linux-xfs@vger.kernel.org,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Theodore Ts'o <tytso@mit.edu>,
        syzkaller <syzkaller@googlegroups.com>
Subject: Re: WARNING: bad unlock balance in xfs_iunlock
Message-ID: <20180509232254.GQ10363@dastard>
References: <20180406161053.GF7500@magnolia>
 <CACT4Y+aaEOffkFA-B-hMzwzSiQwVpkPrc2udC087a55OTnkS4g@mail.gmail.com>
 <95c1400b-94f2-1af4-2d5d-c61c274c28ff@sandeen.net>
 <CACT4Y+aiwgRg5pk+N7bq9HYpgumTFyqG6-y3EZ8pWkq9-uB1aA@mail.gmail.com>
 <9f8d657c-7f42-7bd9-4477-6c3addf16dee@sandeen.net>
 <CACT4Y+bUx4jw83Ux7w9URL9bCy1ERLaVGTTwvA9Fe_UtLFeqCw@mail.gmail.com>
 <d7c8e0eb-61ed-1aad-6faa-82a0ef8c25b8@sandeen.net>
 <CACT4Y+YNRt5YSrOYKKFUP25jodpK0xeZhysSGoz2UaiGs_Gx=A@mail.gmail.com>
 <9adacfed-0de6-cb94-bf14-3e639678a02a@sandeen.net>
 <CACT4Y+Ya0cSP7eKjzcbfxQHYLJeR8Qnp_f4MwcM_QU91unnD5w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACT4Y+Ya0cSP7eKjzcbfxQHYLJeR8Qnp_f4MwcM_QU91unnD5w@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 09, 2018 at 10:43:05AM +0200, Dmitry Vyukov wrote:
> Does "xfstests fuzzing infrastructure" use coverage-guidance?

It's guided manually to fuzz a substantial proportion of the fields
in the on-disk format that are susceptible to fuzzing bqased
attacks. It's not complete coverage yet, but it's getting better and
better, and we're finding more problems from it that random bit
based fuzzing has ever uncovered.

Also, the xfstests fuzzing defeats the CRC protection now built into
the metadata, which means it can exercise all the new filesystem
features that random bit fuzzers cannot exercise. That's the problem
with fuzzers like syzbot - they can only usefully fuzz the legacy
filesystem format which doesn't have CRC validation, nor many of the
other protections that the current filesystem format has to detect
corruption. This will also allow us to test things like online
repair of fuzzed structures....

Random bit perturbation filesystem image fuzzing was state of the
art ~10 years ago.  They were made redundant by filesystems like
XFS and ext4 adding metadata CRC checking ~5 years ago. The legacy
filesystem formats are essentially unfixable, and it's largely a
waste of time to be trying to make them robust against random bit
fuzzing because such random bit corruptions (like the syzbot images)
do not occur in the real world.

IOWs, we've had to advance the "state of the art" ourselves because
nobody else in the fuzzing world responded to the fact we've
essentially defeated random bit image fuzzing. Not only that, we
have our own infrastructure that produces repeatable, understandable
and debuggable failures, and this is something that many 3rd party
fuzzing efforts do not provide us with.

> If not, it would be useful to add. Among some solutions there are
> LibFuzzer (https://llvm.org/docs/LibFuzzer.html), AFL >
> (http://lcamtuf.coredump.cx/afl/), kernel-fuzzing
> (https://github.com/oracle/kernel-fuzzing).  I don't know how
> xfstests fuzzing works, so I can't say what would be more suitable
> there.

I think only AFL would be a usable infrastructure, but it would
require being taught about the ondisk format so it could perturb the
image in ways that are useful to modern filesystem formats. Lots(!)
of work, and it's not clear it would do any better than what we
already have.

Given the results we're getting from our own fuzzers, I don't see
much point in (XFS developers) investing huge amounts of effort to
make some other fuzzer equivalent to what we already have. If
someone else starts fuzzing the current format (v5) XFS filesystems
and finding problems we haven't, then I'm going to be interested in
their fuzzing tools.  But (guided) random bit perturbation fuzzing
of legacy filesystem formats is really not that useful or
interesting to us right now.

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com