Re: what trees/branches to test on syzbot

From: Dmitry Vyukov
Date: Fri Jun 15 2018 - 05:54:44 EST

Next message: Email: "Vanity Gods and the LKML attitude problem."
Previous message: Oleksandr Andrushchenko: "[PATCH] drm/xen-front: Replace NULL with error value in xen_drm_front_gem_get_sg_table"
In reply to: Theodore Y. Ts'o: "Re: what trees/branches to test on syzbot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 11, 2018 at 3:22 AM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote:
> On Sun, Jun 10, 2018 at 08:11:05AM +0200, Dmitry Vyukov wrote:
>>
>> The set of trees where a crash happened is visible on dashboard, so
>> one can see if it's only linux-next or whole set of trees. Potentially
>> syzbot can act differently depending on this predicate, but I don't
>> see what should be the difference. However, this does not fully save
>> from falsely assessing bugs as linux-next-only just because they
>> happened few times and only on linux-next so far.
>
> So how about this, only report something as being a linux-next
> regression if (a) there is a reproducer, and (b) the reproducer does
> not trigger any kind of crash on mainline?
>
>> There is also a problem with rebasing of linux-next: reported commit
>> hashes do not make sense and we can forget about bisection.
>
> If there is a valid reproducer, bisection should simply be a matter ofu
> running and if we know the reproducer doesn't trigger on mainline,
> then the bisection should only require no more than 8-10 VM runs. For
> Linux-next, this would be *super* valuable. Reporting the commit ID
> and the one-line commit summary will be enough for most maintainers,
> since even if they are using a rewinding head, so long as the
> bisection can be done quickly enough (e.g., within a few days), it
> will still be in their git repository.
>
> And if you have a reproducer, then once it's identified as a
> linux-next reproducer with a guilty commit, that can be confirmed by
> either (a) seeing if you can revert the commit and if it makes the
> problem go away, or (b) figure out which subsystem git tree the commit
> was introduced via, and then verify that the reproducer triggers on
> the tip of the subsystem git tree.
>
> All of this will require development effort, so I suspect it's not
> something we'll see from syzbot tomorrow --- but it's not
> *impossible*.
>
> I think though that sending e-mail about a linux-next syzbot crash if
> there is a reproducer and the reproducer doesn't trigger a crash on
> mainline should be really simple to implement, and it would add huge
> value without spamming the subsystem maintainers.

But if this also happens on upstream, then we want to report it
twofold. So this predicate can be reduced to "report crashes that
happen only on linux-next iff they have reproducers", right?
We will probably also need something that will auto-invalidate old
bugs that were never reported.

Re backwards bisection (when bug is introduced), we can actually test
linux-next-history instead of linux-next, right?
But forward bisection (when bug is fixed) unfortunately won't work
because these commits are not connected to HEAD. And forward bisection
is very important, otherwise who will bring order to all these
hundreds of open bugs?
https://syzkaller.appspot.com/

Next message: Email: "Vanity Gods and the LKML attitude problem."
Previous message: Oleksandr Andrushchenko: "[PATCH] drm/xen-front: Replace NULL with error value in xen_drm_front_gem_get_sg_table"
In reply to: Theodore Y. Ts'o: "Re: what trees/branches to test on syzbot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]