On 03/22, syzbot wrote: > > HEAD commit: fc444ada1310 Merge tag 'soc-fixes-6.14-2' of git://git.ker.. > git tree: upstream > console+strace: https://syzkaller.appspot.com/x/log.txt?x=1397319b980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=2e330e9768b5b8ff > dashboard link: https://syzkaller.appspot.com/bug?extid=62262fdc0e01d99573fc > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1057319b980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10d6a44c580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/924e6055daef/disk-fc444ada.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/0cd40093a53e/vmlinux-fc444ada.xz > kernel image: https://storage.googleapis.com/syzbot-assets/7370bbe4e1b8/bzImage-fc444ada.xz > > The issue was bisected to: > > commit aaec5a95d59615523db03dd53c2052f0a87beea7 > Author: Oleg Nesterov <oleg@xxxxxxxxxx> > Date: Thu Jan 2 14:07:15 2025 +0000 > > pipe_read: don't wake up the writer if the pipe is still full OMG :/ Just to ensure it does not help, #syz test: upstream aaec5a95d59615523db03dd53c2052f0a87beea7 diff --git a/fs/pipe.c b/fs/pipe.c index 82fede0f2111..7e36f54d21a5 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -417,8 +417,8 @@ static inline int is_packetized(struct file *file) /* Done while waiting without holding the pipe lock - thus the READ_ONCE() */ static inline bool pipe_writable(const struct pipe_inode_info *pipe) { - unsigned int head = READ_ONCE(pipe->head); unsigned int tail = READ_ONCE(pipe->tail); + unsigned int head = READ_ONCE(pipe->head); unsigned int max_usage = READ_ONCE(pipe->max_usage); return !pipe_full(head, tail, max_usage) ||
