On Fri, 4 Mar 2022 at 19:15, Daniel P. Berrangé <berra...@redhat.com> wrote: > On Fri, Mar 04, 2022 at 06:46:51PM +0000, Peter Maydell wrote: > > Either of these is fine; my requirement is only that either: > > (1) the oss-fuzz gitlab CI job needs to in practice actually > > pass at least most of the time > > (2) we need to switch it to ok-to-fail or disable it > > > > so I don't have CI failing for every merge I make. > > This is far from the first time that oss-fuzz has caused us pain. It > feels like it has been flaky for prolonged periods of time, for as > long as it has existed. > > When I tried to switch CI to use Fedora 35 oss-fuzz was consistently > failing for months for no obvious reason that I could determine > despite days of debugging. Then one day I woke up and it magically > started working again, for no obvious reason. Inexplicable. > > Conceptually we benefit from fuzzing to find obscure bugs. > Have we actually found any real bugs from the oss-fuzz CI > job we have though ?
It did find a buffer-overrun bug in the 9p pullreq less than a month ago: https://lore.kernel.org/qemu-devel/cafeaca-vrnzxowmx4nppm0vqba1ufl5yvww5p1j9s2u7_fb...@mail.gmail.com/ But overall I'm sympathetic to the idea that as it stands it's costing us more than it's helping. -- PMM
