Hi David, On Mon, Dec 02, 2019 at 11:54:00AM -0800, syzbot wrote: > syzbot has bisected this bug to: > > commit a194dfe6e6f6f7205eea850a420f2bc6a1541209 > Author: David Howells <dhowells@xxxxxxxxxx> > Date: Fri Sep 20 15:32:19 2019 +0000 > > pipe: Rearrange sequence in pipe_write() to preallocate slot > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16085abce00000 > start commit: b94ae8ad Merge tag 'seccomp-v5.5-rc1' of git://git.kernel... > git tree: upstream > final crash: https://syzkaller.appspot.com/x/report.txt?x=15085abce00000 > console output: https://syzkaller.appspot.com/x/log.txt?x=11085abce00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=ff560c3de405258c > dashboard link: https://syzkaller.appspot.com/bug?extid=838eb0878ffd51f27c41 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146a9f86e00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1791d82ae00000 > > Reported-by: syzbot+838eb0878ffd51f27c41@xxxxxxxxxxxxxxxxxxxxxxxxx > Fixes: a194dfe6e6f6 ("pipe: Rearrange sequence in pipe_write() to > preallocate slot") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > It looks like the 'mask' variable in pipe_write() is not being updated after the pipe mutex was dropped in pipe_wait(), to take into account the pipe size possibly having been changed in the mean time. BTW, I see that the pipe changes were not in linux-next before being sent to Linus. Please do this next time so that syzbot can find the obvious bugs before they reach mainline. It's annoying having my system crash on latest mainline during normal use, due to a bug easily found in < 1 day by an automated system. - Eric
