Skip to content

test: Mock IBD in net_processing fuzzers #20332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maflcko merged 1 commit into from
Nov 10, 2020
Merged

test: Mock IBD in net_processing fuzzers #20332

maflcko merged 1 commit into from
Nov 10, 2020

Conversation

@maflcko
Copy link
Member

@maflcko maflcko commented Nov 7, 2020

Without this the fuzzers fail to detect trivial crasher bugs, such as #20317 (comment)

@maflcko maflcko added the Tests label Nov 7, 2020
@maflcko
Copy link
Member Author

maflcko commented Nov 7, 2020

https://drahtbot.space/host_reports/DrahtBot/reports/coverage_fuzz/MarcoFalke/bitcoin-core/fa4234d877ea3193/fuzz.coverage/src/net_processing.cpp.gcov.html

@practicalswift
Copy link
Contributor

practicalswift commented Nov 7, 2020
edited
Loading

Concept ACK

FWIW this is functionally equivalent to the local fuzzing harness modification that allowed me to find the recent wtxid crash bug. A vulnerability which luckily didn't make it to any release :)

@maflcko
Copy link
Member Author

maflcko commented Nov 10, 2020

@practicalswift Mind reviewing this? Without this, it is not possible to get meaningful coverage in net_processing. Also, I have more patches on top that increase coverage, which are blocked on this one.

@practicalswift
Copy link
Contributor

practicalswift commented Nov 10, 2020
edited
Loading

@MarcoFalke Yes, of course: my plan is to code review this one and verify that it finds the recent wtxid crash bug today or tomorrow at latest :)

Mutual review beg: Please consider reviewing the fuzzing PRs #19065 (May), #19203 (June), #19259 (June), #19288 (June), #19415 (June), #19972 (September) and #20188 (October) :)

I urge anyone interested in increasing fuzzing coverage to review MarcoFalke's #20332 (this PR) and the fuzzers above: I want the fuzzing coverage to break the current plateau where we've resided at during the last few months. Let's get the fuzzing momentum moving again! :) 🚀

@practicalswift
Copy link
Contributor

practicalswift commented Nov 10, 2020
edited
Loading

Tested ACK fa4234d

With this modification the fuzzer was able to find the recent wtxid crash bug (not part of any release luckily!) within a.) one minute if seeded with the Bitcoin Core qa-assets seed corpus, and b.) three hours if seeded from thin air (empty corpus). Thanks for fixing this!

Really nice to see the fuzzers catch real issues long before they have a chance to make it to a release.

<wish list>
Now we only need something like OSS-Fuzz' CIFuzz (fuzzing of open PR:s) to catch issues like this before merge. OSS-Fuzz is open source in the form of ClusterFuzz. I hope that some day we'll have a dedicated Bitcoin Core private ClusterFuzz installation where the security team would have immediate access to crash cases.

CI-Fuzz: "OSS-Fuzz offers CIFuzz, a GitHub action/CI job that runs your fuzz targets on pull requests. This works similarly to running unit tests in CI. CIFuzz helps you find and fix bugs before they make it into your codebase. Currently, CIFuzz only supports projects hosted on GitHub."

ClusterFuzz: "ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz."
</wish list>

@maflcko maflcko merged commit fa8dd34 into bitcoin:master Nov 10, 2020
@maflcko maflcko deleted the 2011-fuzzNet branch November 10, 2020 18:52
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Nov 11, 2020
Merge bitcoin#20332: test: Mock IBD in net_processing fuzzers
bf97947 
fa4234d test: Mock IBD in net_processing fuzzers (MarcoFalke)

Pull request description:

  Without this the fuzzers fail to detect trivial crasher bugs, such as bitcoin#20317 (comment)

ACKs for top commit:
  practicalswift:
    Tested ACK fa4234d

Tree-SHA512: ce5da5c0a604b7559805a98ffdde882b44ca4f91b003b493d6e1be230714ce4cccb11dbfc1fc175f9d8fc779551c0a4103ceb4b473552928207d7d78ae329e10
@practicalswift practicalswift mentioned this pull request Nov 11, 2020
Closed
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Feb 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maflcko @practicalswift