On Mon, Aug 19, 2019 at 2:37 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > Am Montag, den 19.08.2019, 14:17 +0200 schrieb Andrey Konovalov: > > On Thu, Aug 15, 2019 at 3:31 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > > > > > Am Mittwoch, den 14.08.2019, 06:38 -0700 schrieb syzbot: > > > > syzbot has tested the proposed patch but the reproducer still triggered > > > > crash: > > > > KASAN: use-after-free Read in usbtmc_disconnect > > > > > > I am afraid that is a difficiency in KASAN that should be fixed. > > > Is the class of the error compared if I leave in more of the > > > original bug report? Actually the ID is still there, so it really > > > should return an inconclusive in these cases. > > > > I don't get this, what kind of deficiency do you mean? > > The original error was a divide by zero. The first fix fixed that > but still another error showed up. If I propose a fix there are > other possibilities besides it working. > > I could have no effect on the original bug or my fix breaks > something else and KASAN is making no difference between > those cases. I think you mean syzbot here and not KASAN. Do I understand correctly, that you're saying that the original report was divide-by-zero, but when you requested to test the patch the reproducer triggered a use-after-free, and syzbot didn't treat the patch you provided as a correct fix? In this case this is working as intended, as a bug (especially some race) can manifest in different ways, so the kernel might crash with a different stack trace.
