Re: [syzbot] [btrfs?] WARNING in emit_fiemap_extent

David Sterba <dsterba@xxxxxxx> · Wed, 21 Jun 2023 14:33:50 +0200

On Tue, Jun 20, 2023 at 02:34:46PM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    40f71e7cd3c6 Merge tag 'net-6.4-rc7' of git://git.kernel.o..
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=166d2acf280000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=7ff8f87c7ab0e04e
> dashboard link: https://syzkaller.appspot.com/bug?extid=9992306148b06272f3bb
> compiler:       Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10c65e87280000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1094a78b280000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/2dc89d5fee38/disk-40f71e7c.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/0ced5a475218/vmlinux-40f71e7c.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/d543a4f69684/bzImage-40f71e7c.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/7cde8d2312ae/mount_0.gz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+9992306148b06272f3bb@xxxxxxxxxxxxxxxxxxxxxxxxx
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5351 at fs/btrfs/extent_io.c:2824 emit_fiemap_extent+0xee/0x410

2804 static int emit_fiemap_extent(struct fiemap_extent_info *fieinfo,
2805                                 struct fiemap_cache *cache,
2806                                 u64 offset, u64 phys, u64 len, u32 flags)
2807 {
2808         int ret = 0;
2809
2810         /* Set at the end of extent_fiemap(). */
2811         ASSERT((flags & FIEMAP_EXTENT_LAST) == 0);
2812
2813         if (!cache->cached)
2814                 goto assign;
2815
2816         /*
2817          * Sanity check, extent_fiemap() should have ensured that new
2818          * fiemap extent won't overlap with cached one.
2819          * Not recoverable.
2820          *
2821          * NOTE: Physical address can overlap, due to compression
2822          */
2823         if (cache->offset + cache->len > offset) {
2824                 WARN_ON(1);
2825                 return -EINVAL;
2826         }

Either we can drop the warning as the error is handled, or there was
another issue that was supposed to be caught earlier.