On Mon, Mar 30, 2015 at 06:26:47PM +0100, Filipe Manana wrote: > If we pass a length of 0 to the extent_same ioctl, we end up locking an > extent range with a start offset greater then its end offset (if the > destination file's offset is greater than zero). This results in a warning > from extent_io.c:insert_state through the following call chain: > > btrfs_extent_same() > btrfs_double_lock() > lock_extent_range() > lock_extent(inode->io_tree, offset, offset + len - 1) > lock_extent_bits() > __set_extent_bit() > insert_state() > --> WARN_ON(end < start) > > This leads to an infinite loop when evicting the inode. This is the same > problem that my previous patch titled > "Btrfs: fix inode eviction infinite loop after cloning into it" addressed > but for the extent_same ioctl instead of the clone ioctl. > > CC: <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx> Reviewed-by: Omar Sandoval <osandov@xxxxxxxxxxx> Reproduced with https://github.com/markfasheh/duperemove/blob/master/btrfs-extent-same.c ./btrfs-extent-same 0 foo 4096 bar 4096 -- Omar -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html