The function ext4_release_io_end() can be called by
ext4_put_io_end_defer() with the EXT4_IO_UNWRITTEN flag set and
io_end->size is 0. In that case, it's safe to release the io_end
structure, since if io_end->size is zero, there is no unwritten region
to release.
This can be reproduced using generic/300, although not very reliably,
and almost never using a freshly rebooted kernel.
Google-Bug-Id: 15054006
Signed-off-by: "Theodore Ts'o" <[email protected]>
---
fs/ext4/page-io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c
index de6fe969f773..15125e5b4827 100644
--- a/fs/ext4/page-io.c
+++ b/fs/ext4/page-io.c
@@ -153,7 +153,7 @@ static void ext4_release_io_end(ext4_io_end_t *io_end)
struct bio *bio, *next_bio;
BUG_ON(!list_empty(&io_end->list));
- BUG_ON(io_end->flag & EXT4_IO_END_UNWRITTEN);
+ BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
WARN_ON(io_end->handle);
for (bio = io_end->bio; bio; bio = next_bio) {
--
2.24.1
Hi Theodore,
I love your patch! Yet something to improve:
[auto build test ERROR on ext4/dev]
[also build test ERROR on v5.7-rc1 next-20200413]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Theodore-Ts-o/ext4-fix-BUG_ON-in-fs-ext4-page_io-c-ext4_release_io_end/20200414-105422
base: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
config: x86_64-defconfig (attached as .config)
compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <[email protected]>
All error/warnings (new ones prefixed by >>):
In file included from include/linux/export.h:43:0,
from include/linux/linkage.h:7,
from include/linux/fs.h:5,
from fs/ext4/page-io.c:10:
fs/ext4/page-io.c: In function 'ext4_release_io_end':
>> fs/ext4/page-io.c:158:57: error: 'ext4_io_end_t {aka struct ext4_io_end}' has no member named 'size'
BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
^
include/linux/compiler.h:78:42: note: in definition of macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
>> fs/ext4/page-io.c:158:2: note: in expansion of macro 'BUG_ON'
BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
^~~~~~
vim +158 fs/ext4/page-io.c
152
153 static void ext4_release_io_end(ext4_io_end_t *io_end)
154 {
155 struct bio *bio, *next_bio;
156
157 BUG_ON(!list_empty(&io_end->list));
> 158 BUG_ON((io_end->flag & EXT4_IO_END_UNWRITTEN) && io_end->size);
159 WARN_ON(io_end->handle);
160
161 for (bio = io_end->bio; bio; bio = next_bio) {
162 next_bio = bio->bi_private;
163 ext4_finish_bio(bio);
164 bio_put(bio);
165 }
166 ext4_free_io_end_vec(io_end);
167 kmem_cache_free(io_end_cachep, io_end);
168 }
169
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]