[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tencent_44C3065D498F6EC66EC90CB967EA46FC5206@qq.com>
Date: Sun, 28 Jul 2024 16:17:31 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+a14d8ac9af3a2a4fd0c8@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [btrfs?] kernel BUG in btrfs_folio_end_all_writers
in cow_file_range, only ret == 0 means succuess
#syz test: upstream b1bc554e009e
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d62c96f00ff8..d08138fc3dc7 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -762,7 +762,8 @@ static noinline int cow_file_range_inline(struct btrfs_inode *inode, u64 offset,
return ret;
}
- extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
+ if (ret == 0)
+ extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
clear_flags,
PAGE_UNLOCK | PAGE_START_WRITEBACK |
PAGE_END_WRITEBACK);
@@ -1043,8 +1044,15 @@ static void compress_file_range(struct btrfs_work *work)
ret = cow_file_range_inline(inode, start, end, total_compressed,
compress_type, folios[0], false);
if (ret <= 0) {
- if (ret < 0)
+ if (ret < 0) {
+ unsigned long clear_flags = EXTENT_DELALLOC | EXTENT_DELALLOC_NEW |
+ EXTENT_DEFRAG | EXTENT_DO_ACCOUNTING | EXTENT_LOCKED;
mapping_set_error(mapping, -EIO);
+ extent_clear_unlock_delalloc(inode, start, end, NULL, NULL,
+ clear_flags,
+ PAGE_UNLOCK | PAGE_START_WRITEBACK |
+ PAGE_END_WRITEBACK);
+ }
goto free_pages;
}
@@ -1361,7 +1369,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
/* lets try to make an inline extent */
ret = cow_file_range_inline(inode, start, end, 0,
BTRFS_COMPRESS_NONE, NULL, false);
- if (ret <= 0) {
+ if (ret == 0) {
/*
* We succeeded, return 1 so the caller knows we're done
* with this page and already handled the IO.
@@ -1369,10 +1377,10 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
* If there was an error then cow_file_range_inline() has
* already done the cleanup.
*/
- if (ret == 0)
- ret = 1;
+ ret = 1;
goto done;
- }
+ } else if (ret < 0)
+ goto out_unlock;
}
alloc_hint = get_extent_allocation_hint(inode, start, num_bytes);
Powered by blists - more mailing lists