[syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    ee9a43b7cfe2 Merge tag 'net-6.11-rc3' of git://git.kernel...
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10b70c5d980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
dashboard link: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=139519d9980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13deb97d980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e6062f24de48/disk-ee9a43b7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5d3ec6153dbd/vmlinux-ee9a43b7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/98dbabb91d02/bzImage-ee9a43b7.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/4d05d229907e/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727 __iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727 iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Modules linked in:
CPU: 1 UID: 0 PID: 5222 Comm: syz-executor247 Not tainted 6.11.0-rc2-syzkaller-00111-gee9a43b7cfe2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:__iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
RIP: 0010:iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Code: b5 0d 01 90 48 c7 c7 a0 54 fa 8b e8 da 19 2b ff 90 0f 0b 90 90 e9 74 ef ff ff e8 5b f1 68 ff e9 4b f6 ff ff e8 51 f1 68 ff 90 <0f> 0b 90 bb fb ff ff ff e9 e9 fe ff ff e8 3e f1 68 ff 90 0f 0b 90
RSP: 0018:ffffc90003a577c0 EFLAGS: 00010293
RAX: ffffffff822a858f RBX: 0000000000000080 RCX: ffff888023080000
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000
RBP: ffffc90003a57a50 R08: ffffffff822a8294 R09: 1ffff11029263f69
R10: dffffc0000000000 R11: ffffed1029263f6a R12: ffffc90003a579b0
R13: ffffc90003a57bf0 R14: ffffc90003a57990 R15: 0000000000000800
FS:  000055555f8fc480(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 0000000079b06000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 iomap_unshare_iter fs/iomap/buffered-io.c:1351 [inline]
 iomap_file_unshare+0x460/0x780 fs/iomap/buffered-io.c:1391
 xfs_reflink_unshare+0x173/0x5f0 fs/xfs/xfs_reflink.c:1681
 xfs_file_fallocate+0x6be/0xa50 fs/xfs/xfs_file.c:997
 vfs_fallocate+0x553/0x6c0 fs/open.c:334
 ksys_fallocate fs/open.c:357 [inline]
 __do_sys_fallocate fs/open.c:365 [inline]
 __se_sys_fallocate fs/open.c:363 [inline]
 __x64_sys_fallocate+0xbd/0x110 fs/open.c:363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d716a6899
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd620c3d18 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d716a6899
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0700000000000000 R09: 0700000000000000
R10: 0000000000002000 R11: 0000000000000246 R12: 00007ffd620c3d60
R13: 00007ffd620c3fe8 R14: 431bde82d7b634db R15: 00007f2d716ef03b
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

On Tue, 2024-08-13 at 01:14 -0700, syzbot wrote:
Hi,

Is this still a valid problem, or is it a known issue? If it is still
valid, I'd like to dig it into, but do you have any ideas or
suggestions before I proceed? Thanks.

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    ee9a43b7cfe2 Merge tag 'net-6.11-rc3' of
> git://git.kernel...
> git tree:       upstream
> console+strace:
> https://syzkaller.appspot.com/x/log.txt?x=10b70c5d980000
> kernel config: 
> https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for
> Debian) 2.40
> syz repro:     
> https://syzkaller.appspot.com/x/repro.syz?x=139519d9980000
> C reproducer:  
> https://syzkaller.appspot.com/x/repro.c?x=13deb97d980000
> 
> Downloadable assets:
> disk image:
> https://storage.googleapis.com/syzbot-assets/e6062f24de48/disk-ee9a43b7.raw.xz
> vmlinux:
> https://storage.googleapis.com/syzbot-assets/5d3ec6153dbd/vmlinux-ee9a43b7.xz
> kernel image:
> https://storage.googleapis.com/syzbot-assets/98dbabb91d02/bzImage-ee9a43b7.xz
> mounted in repro:
> https://storage.googleapis.com/syzbot-assets/4d05d229907e/mount_0.gz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit:
> Reported-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727
> __iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
> WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727
> iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
> Modules linked in:
> CPU: 1 UID: 0 PID: 5222 Comm: syz-executor247 Not tainted 6.11.0-rc2-
> syzkaller-00111-gee9a43b7cfe2 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine,
> BIOS Google 06/27/2024
> RIP: 0010:__iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
> RIP: 0010:iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
> Code: b5 0d 01 90 48 c7 c7 a0 54 fa 8b e8 da 19 2b ff 90 0f 0b 90 90
> e9 74 ef ff ff e8 5b f1 68 ff e9 4b f6 ff ff e8 51 f1 68 ff 90 <0f>
> 0b 90 bb fb ff ff ff e9 e9 fe ff ff e8 3e f1 68 ff 90 0f 0b 90
> RSP: 0018:ffffc90003a577c0 EFLAGS: 00010293
> RAX: ffffffff822a858f RBX: 0000000000000080 RCX: ffff888023080000
> RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000
> RBP: ffffc90003a57a50 R08: ffffffff822a8294 R09: 1ffff11029263f69
> R10: dffffc0000000000 R11: ffffed1029263f6a R12: ffffc90003a579b0
> R13: ffffc90003a57bf0 R14: ffffc90003a57990 R15: 0000000000000800
> FS:  000055555f8fc480(0000) GS:ffff8880b9300000(0000)
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020001000 CR3: 0000000079b06000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <TASK>
>  iomap_unshare_iter fs/iomap/buffered-io.c:1351 [inline]
>  iomap_file_unshare+0x460/0x780 fs/iomap/buffered-io.c:1391
>  xfs_reflink_unshare+0x173/0x5f0 fs/xfs/xfs_reflink.c:1681
>  xfs_file_fallocate+0x6be/0xa50 fs/xfs/xfs_file.c:997
>  vfs_fallocate+0x553/0x6c0 fs/open.c:334
>  ksys_fallocate fs/open.c:357 [inline]
>  __do_sys_fallocate fs/open.c:365 [inline]
>  __se_sys_fallocate fs/open.c:363 [inline]
>  __x64_sys_fallocate+0xbd/0x110 fs/open.c:363
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f2d716a6899
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48
> 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48>
> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffd620c3d18 EFLAGS: 00000246 ORIG_RAX:
> 000000000000011d
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d716a6899
> RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000006
> RBP: 0000000000000000 R08: 0700000000000000 R09: 0700000000000000
> R10: 0000000000002000 R11: 0000000000000246 R12: 00007ffd620c3d60
> R13: 00007ffd620c3fe8 R14: 431bde82d7b634db R15: 00007f2d716ef03b
>  </TASK>
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before
> testing.
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup

Best Regards,
-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Christoph Hellwig]

On Tue, Aug 27, 2024 at 04:54:41PM +0800, Julian Sun wrote:
> On Tue, 2024-08-13 at 01:14 -0700, syzbot wrote:
> Hi,
> 
> Is this still a valid problem, or is it a known issue? If it is still
> valid, I'd like to dig it into, but do you have any ideas or
> suggestions before I proceed? Thanks.

I tried to reproduce it locally but haven't hit it.  Once reproduced
the next debug check would be which of the need zeroing conditions
triggers.

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

On Tue, 2024-08-27 at 03:13 -0700, Christoph Hellwig wrote:
> On Tue, Aug 27, 2024 at 04:54:41PM +0800, Julian Sun wrote:
> > On Tue, 2024-08-13 at 01:14 -0700, syzbot wrote:
> > Hi,
> > 
> > Is this still a valid problem, or is it a known issue? If it is
> > still
> > valid, I'd like to dig it into, but do you have any ideas or
> > suggestions before I proceed? Thanks.
> 
> I tried to reproduce it locally but haven't hit it.  Once reproduced
> the next debug check would be which of the need zeroing conditions
> triggers.
> 

Hi Christoph, thanks for your reply.

Did you use the config and reproducer provided by syzbot? I can easily
reproduce this issue using the config and c reproducer provided by
syzbot.  

Thanks,
-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Christoph Hellwig]

On Tue, Aug 27, 2024 at 07:13:57PM +0800, Julian Sun wrote:
> Did you use the config and reproducer provided by syzbot? I can easily
> reproduce this issue using the config and c reproducer provided by
> syzbot.  

I used the reproducer on my usual test config for a quick run.
I'll try the syzcaller config when I get some time.

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Aleksandr Nogikh]

On Tue, Aug 27, 2024 at 1:37 PM Christoph Hellwig <hch@infradead.org> wrote:
>
> On Tue, Aug 27, 2024 at 07:13:57PM +0800, Julian Sun wrote:
> > Did you use the config and reproducer provided by syzbot? I can easily
> > reproduce this issue using the config and c reproducer provided by
> > syzbot.
>
> I used the reproducer on my usual test config for a quick run.
> I'll try the syzcaller config when I get some time.

FWIW if you just want to check if the bug is still present in the
kernel tree, you can ask syzbot to build the latest revision and run
the reproducer there.

#syz test

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

On Tue, 2024-08-27 at 13:40 +0200, Aleksandr Nogikh wrote:
> On Tue, Aug 27, 2024 at 1:37 PM Christoph Hellwig <hch@infradead.org>
> wrote:
> > 
> > On Tue, Aug 27, 2024 at 07:13:57PM +0800, Julian Sun wrote:
> > > Did you use the config and reproducer provided by syzbot? I can
> > > easily
> > > reproduce this issue using the config and c reproducer provided
> > > by
> > > syzbot.
> > 
> > I used the reproducer on my usual test config for a quick run.
> > I'll try the syzcaller config when I get some time.
> 
> FWIW if you just want to check if the bug is still present in the
> kernel tree, you can ask syzbot to build the latest revision and run
> the reproducer there.
> 

> #syz test

Thanks for the remainder, I will try it.

Thanks,
-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in iomap_write_begin

XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
XFS (loop0): Ending clean mount
XFS (loop0): Quotacheck needed: Please wait.
XFS (loop0): Quotacheck: Done.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6042 at fs/iomap/buffered-io.c:727 __iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
WARNING: CPU: 0 PID: 6042 at fs/iomap/buffered-io.c:727 iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Modules linked in:
CPU: 0 UID: 0 PID: 6042 Comm: syz.0.15 Not tainted 6.11.0-rc5-syzkaller-00015-g3e9bff3bbe13 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
RIP: 0010:iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Code: b6 0d 01 90 48 c7 c7 e0 53 fa 8b e8 da 10 2b ff 90 0f 0b 90 90 e9 74 ef ff ff e8 eb ec 68 ff e9 4b f6 ff ff e8 e1 ec 68 ff 90 <0f> 0b 90 bb fb ff ff ff e9 e9 fe ff ff e8 ce ec 68 ff 90 0f 0b 90
RSP: 0018:ffffc9000315f7c0 EFLAGS: 00010293
RAX: ffffffff822a9ebf RBX: 0000000000000080 RCX: ffff88801ff39e00
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000
RBP: ffffc9000315fa50 R08: ffffffff822a9bc4 R09: 1ffff1100c1a82f9
R10: dffffc0000000000 R11: ffffed100c1a82fa R12: ffffc9000315f9b0
R13: ffffc9000315fbf0 R14: ffffc9000315f990 R15: 0000000000000800
FS:  00007f572bb8f6c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 0000000020098000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 iomap_unshare_iter fs/iomap/buffered-io.c:1351 [inline]
 iomap_file_unshare+0x460/0x780 fs/iomap/buffered-io.c:1391
 xfs_reflink_unshare+0x173/0x5f0 fs/xfs/xfs_reflink.c:1681
 xfs_file_fallocate+0x6be/0xa50 fs/xfs/xfs_file.c:997
 vfs_fallocate+0x553/0x6c0 fs/open.c:334
 ksys_fallocate fs/open.c:357 [inline]
 __do_sys_fallocate fs/open.c:365 [inline]
 __se_sys_fallocate fs/open.c:363 [inline]
 __x64_sys_fallocate+0xbd/0x110 fs/open.c:363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f572ad779f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f572bb8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f572af05f80 RCX: 00007f572ad779f9
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000006
RBP: 00007f572ade58ee R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f572af05f80 R15: 00007fff39de1648
 </TASK>


Tested on:

commit:         3e9bff3b Merge tag 'vfs-6.11-rc6.fixes' of gitolite.ke..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13ca847b980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a0455552d0b27491
dashboard link: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

On Tue, 2024-08-13 at 01:14 -0700, syzbot wrote:
Test the following patch.

#syz test: upstream ee9a43b7cfe2


diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
index 72c981e3dc92..6216c31aa3cc 100644
--- a/fs/xfs/xfs_iomap.c
+++ b/fs/xfs/xfs_iomap.c
@@ -1162,6 +1162,9 @@ xfs_buffered_write_iomap_begin(
        if (error)
                goto out_unlock;
 
+       /* Get extent info that may updated by
xfs_bmapi_reserve_delalloc() */
+       xfs_iext_lookup_extent(ip, &ip->i_df, offset_fsb, &icur,
&imap);
+
        /*
         * Flag newly allocated delalloc blocks with IOMAP_F_NEW so we
punch
         * them out if the write happens to fail.


> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    ee9a43b7cfe2 Merge tag 'net-6.11-rc3' of
> > git://git.kernel...
> > git tree:       upstream
> > console+strace:
> > https://syzkaller.appspot.com/x/log.txt?x=10b70c5d980000
> > kernel config: 
> > https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
> > dashboard link:
> > https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
> > compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils
> > for
> > Debian) 2.40
> > syz repro:     
> > https://syzkaller.appspot.com/x/repro.syz?x=139519d9980000
> > C reproducer:  
> > https://syzkaller.appspot.com/x/repro.c?x=13deb97d980000
> > 
> > Downloadable assets:
> > disk image:
> > https://storage.googleapis.com/syzbot-assets/e6062f24de48/disk-ee9a43b7.raw.xz
> > vmlinux:
> > https://storage.googleapis.com/syzbot-assets/5d3ec6153dbd/vmlinux-ee9a43b7.xz
> > kernel image:
> > https://storage.googleapis.com/syzbot-assets/98dbabb91d02/bzImage-ee9a43b7.xz
> > mounted in repro:
> > https://storage.googleapis.com/syzbot-assets/4d05d229907e/mount_0.gz
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to
> > the
> > commit:
> > Reported-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com
> > 
> > ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727
> > __iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
> > WARNING: CPU: 1 PID: 5222 at fs/iomap/buffered-io.c:727
> > iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
> > Modules linked in:
> > CPU: 1 UID: 0 PID: 5222 Comm: syz-executor247 Not tainted
> > 6.11.0-rc2-syzkaller-00111-gee9a43b7cfe2 #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine,
> > BIOS Google 06/27/2024
> > RIP: 0010:__iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
> > RIP: 0010:iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-
> > io.c:830
> > Code: b5 0d 01 90 48 c7 c7 a0 54 fa 8b e8 da 19 2b ff 90 0f 0b 90
> > 90
> > e9 74 ef ff ff e8 5b f1 68 ff e9 4b f6 ff ff e8 51 f1 68 ff 90 <0f>
> > 0b 90 bb fb ff ff ff e9 e9 fe ff ff e8 3e f1 68 ff 90 0f 0b 90
> > RSP: 0018:ffffc90003a577c0 EFLAGS: 00010293
> > RAX: ffffffff822a858f RBX: 0000000000000080 RCX: ffff888023080000
> > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000
> > RBP: ffffc90003a57a50 R08: ffffffff822a8294 R09: 1ffff11029263f69
> > R10: dffffc0000000000 R11: ffffed1029263f6a R12: ffffc90003a579b0
> > R13: ffffc90003a57bf0 R14: ffffc90003a57990 R15: 0000000000000800
> > FS:  000055555f8fc480(0000) GS:ffff8880b9300000(0000)
> > knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 0000000020001000 CR3: 0000000079b06000 CR4: 00000000003506f0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > Call Trace:
> >  <TASK>
> >  iomap_unshare_iter fs/iomap/buffered-io.c:1351 [inline]
> >  iomap_file_unshare+0x460/0x780 fs/iomap/buffered-io.c:1391
> >  xfs_reflink_unshare+0x173/0x5f0 fs/xfs/xfs_reflink.c:1681
> >  xfs_file_fallocate+0x6be/0xa50 fs/xfs/xfs_file.c:997
> >  vfs_fallocate+0x553/0x6c0 fs/open.c:334
> >  ksys_fallocate fs/open.c:357 [inline]
> >  __do_sys_fallocate fs/open.c:365 [inline]
> >  __se_sys_fallocate fs/open.c:363 [inline]
> >  __x64_sys_fallocate+0xbd/0x110 fs/open.c:363
> >  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> >  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
> >  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> > RIP: 0033:0x7f2d716a6899
> > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8
> > 48
> > 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48>
> > 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> > RSP: 002b:00007ffd620c3d18 EFLAGS: 00000246 ORIG_RAX:
> > 000000000000011d
> > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d716a6899
> > RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000006
> > RBP: 0000000000000000 R08: 0700000000000000 R09: 0700000000000000
> > R10: 0000000000002000 R11: 0000000000000246 R12: 00007ffd620c3d60
> > R13: 00007ffd620c3fe8 R14: 431bde82d7b634db R15: 00007f2d716ef03b
> >  </TASK>
> > 
> > 
> > ---
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkaller@googlegroups.com.
> > 
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > 
> > If the report is already addressed, let syzbot know by replying
> > with:
> > #syz fix: exact-commit-title
> > 
> > If you want syzbot to run the reproducer, reply with:
> > #syz test: git://repo/address.git branch-or-commit-hash
> > If you attach or paste a git patch, syzbot will apply it before
> > testing.
> > 
> > If you want to overwrite report's subsystems, reply with:
> > #syz set subsystems: new-subsystem
> > (See the list of subsystem names on the web dashboard)
> > 
> > If the report is a duplicate of another one, reply with:
> > #syz dup: exact-subject-of-another-report
> > 
> > If you want to undo deduplication, reply with:
> > #syz undup

-- 
Julian Sun <sunjunchao2870@gmail.com>

-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in iomap_write_begin

XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
XFS (loop0): Ending clean mount
XFS (loop0): Quotacheck needed: Please wait.
XFS (loop0): Quotacheck: Done.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6077 at fs/iomap/buffered-io.c:727 __iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
WARNING: CPU: 0 PID: 6077 at fs/iomap/buffered-io.c:727 iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Modules linked in:
CPU: 0 UID: 0 PID: 6077 Comm: syz.0.15 Not tainted 6.11.0-rc2-syzkaller-00111-gee9a43b7cfe2-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__iomap_write_begin fs/iomap/buffered-io.c:727 [inline]
RIP: 0010:iomap_write_begin+0x13f0/0x16f0 fs/iomap/buffered-io.c:830
Code: b5 0d 01 90 48 c7 c7 a0 54 fa 8b e8 da 19 2b ff 90 0f 0b 90 90 e9 74 ef ff ff e8 5b f1 68 ff e9 4b f6 ff ff e8 51 f1 68 ff 90 <0f> 0b 90 bb fb ff ff ff e9 e9 fe ff ff e8 3e f1 68 ff 90 0f 0b 90
RSP: 0018:ffffc90003e977c0 EFLAGS: 00010293
RAX: ffffffff822a858f RBX: 0000000000000080 RCX: ffff888020aeda00
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000000
RBP: ffffc90003e97a50 R08: ffffffff822a8294 R09: 1ffff11004494cf9
R10: dffffc0000000000 R11: ffffed1004494cfa R12: ffffc90003e979b0
R13: ffffc90003e97bf0 R14: ffffc90003e97990 R15: 0000000000000800
FS:  00007f4d396276c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 0000000023f3a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 iomap_unshare_iter fs/iomap/buffered-io.c:1351 [inline]
 iomap_file_unshare+0x460/0x780 fs/iomap/buffered-io.c:1391
 xfs_reflink_unshare+0x173/0x5f0 fs/xfs/xfs_reflink.c:1681
 xfs_file_fallocate+0x6be/0xa50 fs/xfs/xfs_file.c:997
 vfs_fallocate+0x553/0x6c0 fs/open.c:334
 ksys_fallocate fs/open.c:357 [inline]
 __do_sys_fallocate fs/open.c:365 [inline]
 __se_sys_fallocate fs/open.c:363 [inline]
 __x64_sys_fallocate+0xbd/0x110 fs/open.c:363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4d387779f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4d39627038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f4d38905f80 RCX: 00007f4d387779f9
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000006
RBP: 00007f4d387e58ee R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f4d38905f80 R15: 00007ffd9e61c108
 </TASK>


Tested on:

commit:         ee9a43b7 Merge tag 'net-6.11-rc3' of git://git.kernel...
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=173e3eeb980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
dashboard link: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=16b67cdb980000

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

The patch passed test locally, and the patch in the link 
appears to be messed up. Please retest.

#syz test: upstream ee9a43b7cfe2

diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
index 72c981e3dc92..6216c31aa3cc 100644
--- a/fs/xfs/xfs_iomap.c
+++ b/fs/xfs/xfs_iomap.c
@@ -1162,6 +1162,9 @@ xfs_buffered_write_iomap_begin(
 	if (error)
 		goto out_unlock;
 
+	/* Get extent info that may updated by xfs_bmapi_reserve_delalloc() */
+	xfs_iext_lookup_extent(ip, &ip->i_df, offset_fsb, &icur, &imap);
+
 	/*
 	 * Flag newly allocated delalloc blocks with IOMAP_F_NEW so we punch
 	 * them out if the write happens to fail.

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com
Tested-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com

Tested on:

commit:         ee9a43b7 Merge tag 'net-6.11-rc3' of git://git.kernel...
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=14a8e347980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
dashboard link: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13101f8d980000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[Julian Sun]

Test the following patch.

#syz test: upstream ee9a43b7cfe2

diff --git a/fs/iomap/iter.c b/fs/iomap/iter.c
index 79a0614eaab7..6e3f6109cac5 100644
--- a/fs/iomap/iter.c
+++ b/fs/iomap/iter.c
@@ -76,7 +76,8 @@ int iomap_iter(struct iomap_iter *iter, const struct iomap_ops *ops)
 	int ret;
 
 	if (iter->iomap.length && ops->iomap_end) {
-		ret = ops->iomap_end(iter->inode, iter->pos, iomap_length(iter),
+		ret = ops->iomap_end(iter->inode, iter->pos,
+				iter->processed > 0 ? iomap_length(iter) : iter->iomap.length,
 				iter->processed > 0 ? iter->processed : 0,
 				iter->flags, &iter->iomap);
 		if (ret < 0 && !iter->processed)

Re: [syzbot] [iomap?] [xfs?] WARNING in iomap_write_begin

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com
Tested-by: syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com

Tested on:

commit:         ee9a43b7 Merge tag 'net-6.11-rc3' of git://git.kernel...
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1710c453980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9358cc4a2e37fd30
dashboard link: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14f2e529980000

Note: testing is done by a robot and is best-effort only.