On Mon, Mar 19, 2018 at 9:37 AM, Sowmini Varadhan <sowmini.varad...@oracle.com> wrote: > On (03/19/18 09:29), Dmitry Vyukov wrote: >> >> This looks the same as: >> >> #syz dup: KASAN: use-after-free Read in rds_cong_queue_updates > > correct, seems like the rds_destroy_pending() fixes did not seal > this race condition. I need to look at this more carefully to see > what race I missed.. no easy answer here, I am afraid.
Hi Sowmini, What fix do you mean? syzbot does not know about any fixes for any of the bugs as far as I see. So maybe your fix actually fixed it, but it's not in upstream yes, and syzbot still finds this in upstream. We tell syzbot about fixes (with Reported-by tags or "#syz fix" email commands) to be able to later make sense of the state of the bugs.
