On Mon, Aug 19, 2019 at 3:49 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > Am Montag, den 19.08.2019, 15:18 +0200 schrieb Andrey Konovalov: > > On Mon, Aug 19, 2019 at 3:09 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > > > > > Am Montag, den 19.08.2019, 14:43 +0200 schrieb Andrey Konovalov: > > > > On Mon, Aug 19, 2019 at 2:37 PM Oliver Neukum <oneukum@xxxxxxxx> wrote: > > > > > The original error was a divide by zero. The first fix fixed that > > > > > but still another error showed up. If I propose a fix there are > > > > > other possibilities besides it working. > > > > > > > > > > I could have no effect on the original bug or my fix breaks > > > > > something else and KASAN is making no difference between > > > > > those cases. > > > > > > > > I think you mean syzbot here and not KASAN. Do I understand correctly, > > > > that you're saying that the original report was > > > > > > Yes, sorry syzbot. > > > > > > > divide-by-zero, but > > > > when you requested to test the patch the reproducer triggered a > > > > use-after-free, and syzbot didn't treat the patch you provided as a > > > > correct fix? > > > > > > No, obviously there is still a bug. What I would like syzbot to have > > > would be a third category: inconclusive. > > > Seeing another bug instead may also mean the first bug struck > > > before the second could ever happen. We just lack data to tell. > > > > OK, I see. The exact words that syzbot uses in this case are "syzbot > > has tested the proposed patch but the reproducer still triggered > > crash". What would you like to see instead? > > > > "syzbot has tested the proposed patch but the reproducer triggered > another crash" would make it clearer. This implies that we can differentiate between different crashes. We can differentiate between different manifestations of crashes, but those can be caused by the same bug. I think we can remove the word "still" though, so the words will be: "syzbot has tested the proposed patch, but the reproducer triggered a crash". Dmitry, WDYT?
