Workflows Archive on lore.kernel.org
 help / color / Atom feed
From: Dmitry Vyukov <dvyukov@google.com>
To: Himadri Pandya <himadrispandya@gmail.com>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>,
	syzkaller <syzkaller@googlegroups.com>,
	linux-kernel-mentees@lists.linuxfoundation.org,
	Greg KH <gregkh@linuxfoundation.org>,
	workflows@vger.kernel.org
Subject: Re: Question regarding marking bugs as "invalid"
Date: Wed, 16 Sep 2020 08:01:11 +0200
Message-ID: <CACT4Y+a0avH73Fc-391Ft=XB240wxYA4HokgXZPWoejMk0C=ig@mail.gmail.com> (raw)
In-Reply-To: <CAOY-YV=Mfu2at2KzoGNszKSEyUpTHzBdbr-SjyVyE_BJBbw_uw@mail.gmail.com>

On Tue, Sep 15, 2020 at 4:15 PM Himadri Pandya <himadrispandya@gmail.com> wrote:
> > On Tue, Sep 15, 2020 at 3:23 PM Himadri Pandya <himadrispandya@gmail.com> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > Is it correct to mark bugs as "invalid" if they have reproducers but
> > > > > > the reproducer doesn't trigger any issue on testing current status? If
> > > > > > not, then what should be done about such bugs?
> > > > > >
> > > > > > Thanks & Regards,
> > > > > > Himadri
> > > > > >
> > > > >
> > > > > Himadri,
> > > > >
> > > > > if possible try to determine which commit fixed the issue the
> > > > > reproducer triggered.
> > > > >
> > > > > You can potentially bisect with the reproducer on the git history or
> > > > > you can simply look in the git log of the affected files if someone
> > > > > mentioned fixing something related to the trigger.
> > > > >
> > > > > That helps to make sure we do not just close reproducers that just
> > > > > need a lot of time, configuration or luck to hit a certain crash.
> > > >
> > > >
> > > > Hi Himadri,
> > > >
> > > > Basically what Lukas said.
> > > > Bulk closing all of them as "invalid" would be bad for several
> > > > reasons. Either do some reasonable amount of degging, or wait for
> > > > syzbot fix bisection, maybe it will shed some light. It should happen
> > > > after 30 days since last crash IIRC. Also all testing requests/results
> > > > are shown on the dashboard, so this bit of information is not lost.
> > >
> > > Understood.
> > >
> > > I incorrectly assumed(before posting this question) that I should mark
> > > such bugs as invalid and sent the command to syzbot for one such bug.
> > > Now I understand that it was not the right thing. It doesn't show on
> > > the dashboard and I don't know how to undo it :(.
> > >
> > > Bug's dashboard link -
> > > https://syzkaller.appspot.com/bug?id=4c7fd5b46451d957a3d8188f393f1982f9753fe7
> >
> > Hi Himadri,
> >
> > Transitions to terminal states are not undo-able. Consider the same
> > bug is rediscovered concurrently with one undoing "#syz invalid". Now
> > we have 2 versions of the same bug and it will be an incomprehensible
> > mess.
> >
>
> Understood. My sincerest apologies for being naive.
>
> My assumption was that commands like "invalid" are similar to the
> action of submitting a patch, it would generate some discussion about
> the bug and if it is really invalid, someone with authority(like
> maintainers) would actually go and mark it as "invalid". I was clearly
> mistaken. But if we don't have any gatekeeping on such commands and
> anyone can directly change the status of the bug by merely sending an
> email to syzbot, isn't it a security issue?

+workflows

What you are saying is all true. There is no authorization and anybody
can close any bug.

That's the process we could combine from parts we had. Implementing
proper support with users/permissions/assignees would require:
1. Implementing support in syzbot
2. Implementing and deploying some form of user identity and
authorization for kernel developers (emails is not a trusted media on
its own)
3. Finding responsible maintainers for all parts of the kernel and
making them do this additional work

All of these are problematic on different fronts. (2) can be replaced
with use of Bugzilla, but it does not seem to make the problem easier
overall. So so far we have the process we have.

       reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAOY-YVmJEQZhhOnC16bYyiow8z+B0o5FOsvQKmmXFqaaM-SAug@mail.gmail.com>
     [not found] ` <CAKXUXMzL6B+b0a6yDUSDdhV24jOaQZDiodbBW8OwgU=RCfDE_w@mail.gmail.com>
     [not found]   ` <CACT4Y+b+aYP05PG32ofpXG1oXEFBgQ8CYnoDD5ccggOPwc39nw@mail.gmail.com>
     [not found]     ` <CAOY-YVmYR70itmk6oNC_7L+o1kxfd2_W0EgCYn4KEQyGK-KPRw@mail.gmail.com>
     [not found]       ` <CACT4Y+Yo_m9C1t7AHpVq+5E-RDejMQYpK2eZUk1JTTwo+Lf3-Q@mail.gmail.com>
     [not found]         ` <CAOY-YV=Mfu2at2KzoGNszKSEyUpTHzBdbr-SjyVyE_BJBbw_uw@mail.gmail.com>
2020-09-16  6:01           ` Dmitry Vyukov [this message]
2020-09-16  7:23             ` Lukas Bulwahn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACT4Y+a0avH73Fc-391Ft=XB240wxYA4HokgXZPWoejMk0C=ig@mail.gmail.com' \
    --to=dvyukov@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=himadrispandya@gmail.com \
    --cc=linux-kernel-mentees@lists.linuxfoundation.org \
    --cc=lukas.bulwahn@gmail.com \
    --cc=syzkaller@googlegroups.com \
    --cc=workflows@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Workflows Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/workflows/0 workflows/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 workflows workflows/ https://lore.kernel.org/workflows \
		workflows@vger.kernel.org
	public-inbox-index workflows

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.workflows


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git