Auto-invalidating old syzbot reports?

From: Eric Biggers
Date: Mon Jun 06 2022 - 18:19:15 EST


Currently the upstream Linux kernel has 888 open syzbot reports
(https://syzkaller.appspot.com/upstream). However, nearly two-thirds of them
(577) were reported more than 1 year ago. Old reports are often for bugs that
were already fixed. They can also be reports that got overlooked, forgotten
about, not sent to the right place, etc. Kernel maintainers also change over
time, so the current maintainer(s) might never have received the original report
even if syzbot sent the original report to the correct maintainer(s).

Having these old reports open is preventing syzbot from re-reporting any bugs
with the same crash signature (where a crash signature is something like
"KASAN: null-ptr-deref Read in percpu_ref_exit") if it is still being seen.

syzbot does auto-invalidate some old bugs, but only ones without a reproducer.

Given that humans aren't keeping up with these reports, has it been considered
to auto-invalidate all old syzbot reports -- not just ones without a reproducer?

- Eric