On Tue, Apr 13, 2021 at 8:43 PM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > On Tue, 13 Apr 2021 14:40:09 -0400 > Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > > ------------[ cut here ]------------ > > raw_local_irq_restore() called with IRQs enabled > > WARNING: CPU: 0 PID: 8777 at kernel/locking/irqflag-debug.c:9 warn_bogus_irq_restore kernel/locking/irqflag-debug.c:9 [inline] > > WARNING: CPU: 0 PID: 8777 at kernel/locking/irqflag-debug.c:9 warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:7 > > In fact, when you have the above, which is a WARN() with text: > > "raw_local_irq_restore() called with IRQs enabled" > > It is pretty much guaranteed that all triggers of this bug will have the > above warning with the same text. This looks nice on paper and looking at only 1 bisection log. But unfortunately in practice theory and practice are different... This was discussed at length multiple times: https://groups.google.com/g/syzkaller/search?q=bisection+different+manifestations https://groups.google.com/g/syzkaller-bugs/c/nFeC8-UG1gg/m/y6gUEsvAAgAJ https://groups.google.com/g/syzkaller/c/sR8aAXaWEF4/m/tTWYRgvmAwAJ https://groups.google.com/g/syzkaller/c/9NdprHsGBqo/m/Yj9uWRDgBQAJ If you look at substantial base of bisection logs, you will find lots of cases where bug types, functions don't match. Kernel crashes differently even on the same revision. And obviously things change if you change revisions. Also if you see presumably a different bug, what does it say regarding the original bug. I would very much like to improve automatic bisection quality, but it does not look trivial at all. Some random examples where, say, your hypothesis of WARN-to-WARN, BUG-to-BUG does not hold even on the same kernel revision (add to this different revisions and the fact that a different bug does not give info regarding the original bug): run #0: crashed: KASAN: use-after-free Read in fuse_dev_do_read run #1: crashed: WARNING in request_end run #2: crashed: KASAN: use-after-free Read in fuse_dev_do_read run #3: OK run #4: OK run #0: crashed: KASAN: slab-out-of-bounds Read in __ip_append_data run #1: crashed: inconsistent lock state in rhashtable_walk_enter run #2: crashed: inconsistent lock state in rhashtable_walk_enter run #3: crashed: inconsistent lock state in rhashtable_walk_enter run #4: crashed: inconsistent lock state in rhashtable_walk_enter run #5: crashed: inconsistent lock state in rhashtable_walk_enter run #6: crashed: inconsistent lock state in rhashtable_walk_enter run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: inconsistent lock state in rhashtable_walk_enter run #9: crashed: inconsistent lock state in rhashtable_walk_enter run #0: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #1: crashed: inconsistent lock state in rhashtable_walk_enter run #2: crashed: inconsistent lock state in rhashtable_walk_enter run #3: crashed: inconsistent lock state in rhashtable_walk_enter run #4: crashed: inconsistent lock state in rhashtable_walk_enter run #5: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #6: crashed: inconsistent lock state in rhashtable_walk_enter run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: inconsistent lock state in rhashtable_walk_enter run #9: crashed: inconsistent lock state in rhashtable_walk_enter run #0: crashed: KASAN: use-after-free Read in __vb2_perform_fileio run #1: crashed: KASAN: use-after-free Write in __vb2_cleanup_fileio run #2: crashed: KASAN: use-after-free Read in __vb2_perform_fileio run #3: crashed: KASAN: use-after-free Read in __vb2_perform_fileio run #4: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #5: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #6: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #7: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #8: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #9: crashed: INFO: task hung in vivid_stop_generating_vid_cap run #0: crashed: general protection fault in sctp_assoc_rwnd_increase run #1: crashed: general protection fault in sctp_ulpevent_free run #2: crashed: general protection fault in sctp_assoc_rwnd_increase run #3: crashed: general protection fault in sctp_assoc_rwnd_increase run #4: crashed: general protection fault in sctp_assoc_rwnd_increase run #5: crashed: general protection fault in sctp_assoc_rwnd_increase run #6: crashed: general protection fault in sctp_assoc_rwnd_increase run #7: crashed: general protection fault in sctp_assoc_rwnd_increase run #0: crashed: general protection fault in sctp_assoc_rwnd_increase run #1: crashed: general protection fault in sctp_assoc_rwnd_increase run #2: crashed: general protection fault in sctp_assoc_rwnd_increase run #3: crashed: general protection fault in sctp_assoc_rwnd_increase run #4: crashed: general protection fault in corrupted run #5: crashed: general protection fault in sctp_assoc_rwnd_increase run #6: crashed: general protection fault in sctp_assoc_rwnd_increase run #7: crashed: general protection fault in corrupted run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in ext4_file_write_iter run #2: crashed: INFO: rcu detected stall in sys_sendfile64 run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in ext4_file_write_iter run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in ext4_file_write_iter run #8: crashed: INFO: rcu detected stall in sys_sendfile64 run #9: crashed: INFO: rcu detected stall in ext4_file_write_iter run #0: crashed: INFO: rcu detected stall in sys_sendfile64 run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in sys_sendfile64 run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in sys_sendfile64 run #9: crashed: INFO: rcu detected stall in corrupted run #0: crashed: INFO: rcu detected stall in rw_verify_area run #1: crashed: INFO: rcu detected stall in ext4_file_write_iter run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in ext4_file_write_iter run #5: crashed: INFO: rcu detected stall in ext4_file_write_iter run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in ext4_file_write_iter run #8: crashed: INFO: rcu detected stall in ext4_file_write_iter run #9: crashed: INFO: rcu detected stall in rw_verify_area run #0: crashed: INFO: rcu detected stall in ext4_file_write_iter run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in sys_sendfile64 run #3: crashed: INFO: rcu detected stall in sys_sendfile64 run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in sys_sendfile64 run #6: crashed: INFO: rcu detected stall in sys_sendfile64 run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in sys_sendfile64 run #0: crashed: KASAN: use-after-free Read in link_path_walk run #1: crashed: KASAN: use-after-free Read in link_path_walk run #2: crashed: KASAN: use-after-free Read in trailing_symlink run #3: crashed: KASAN: use-after-free Read in trailing_symlink run #4: crashed: KASAN: use-after-free Read in trailing_symlink run #5: crashed: KASAN: use-after-free Read in link_path_walk run #6: crashed: KASAN: use-after-free Read in link_path_walk run #7: crashed: KASAN: use-after-free Read in link_path_walk run #8: crashed: KASAN: use-after-free Read in trailing_symlink run #9: crashed: KASAN: use-after-free Read in trailing_symlink run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #4: crashed: WARNING: ODEBUG bug in corrupted run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in mrvl_setup run #0: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #1: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #2: crashed: general protection fault in delayed_uprobe_remove run #3: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #4: crashed: general protection fault in delayed_uprobe_remove run #5: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #6: OK run #7: OK run #8: OK run #9: OK run #0: crashed: general protection fault in delayed_uprobe_remove run #1: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #2: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #3: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #4: crashed: general protection fault in delayed_uprobe_remove run #5: crashed: KASAN: use-after-free Read in delayed_uprobe_remove run #6: OK run #7: OK run #8: OK run #9: OK