The function ext4_release_io_end() can be called by
ext4_put_io_end_defer() with the EXT4_IO_UNWRITTEN flag set and
io_end->size is 0. In that case, it's safe to release the io_end
structure, since if io_end->size is zero, there is no unwritten region
to release.
This can be reproduced using generic/300, although not very reliably,
and almost never using a freshly rebooted kernel.
Google-Bug-Id: 15054006
Signed-off-by: "Theodore Ts'o" <tytso@xxxxxxx>
---
fs/ext4/page-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index de6fe969f773..15125e5b4827 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -153,7 +153,7 @@ static void ext4_release_io_end(ext4_io_end_t *io_end)
struct bio *bio, *next_bio;
BUG_ON(!list_empty(&io_end->list));
- BUG_ON(io_end->flag & EXT4_IO_END_UNWRITTEN);
+ BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
WARN_ON(io_end->handle);
for (bio = io_end->bio; bio; bio = next_bio) {
--
2.24.1
