Re: [syzbot ci] Re: fuse: use iomap for buffered reads + readahead
7 views
Skip to first unread message
Joanne Koong
Sep 17, 2025, 3:59:40 PM (13 days ago) Sep 17
to syzbot ci, syzbot, bra...@kernel.org, djw...@kernel.org, gf...@lists.linux.dev, h...@infradead.org, h...@lst.de, hsia...@linux.alibaba.com, kerne...@meta.com, linux...@vger.kernel.org, linu...@vger.kernel.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, mik...@szeredi.hu, syz...@lists.linux.dev, syzkall...@googlegroups.com
On Wed, Sep 17, 2025 at 1:37 AM syzbot ci
<syzbot+ci9b5...@syzkaller.appspotmail.com> wrote:
>
> syzbot ci has tested the following series
>
> [v3] fuse: use iomap for buffered reads + readahead
> https://lore.kernel.org/all/20250916234425.127...@gmail.com
> * [PATCH v3 01/15] iomap: move bio read logic into helper function
> * [PATCH v3 02/15] iomap: move read/readahead bio submission logic into helper function
> * [PATCH v3 03/15] iomap: store read/readahead bio generically
> * [PATCH v3 04/15] iomap: iterate over entire folio in iomap_readpage_iter()
> * [PATCH v3 05/15] iomap: rename iomap_readpage_iter() to iomap_read_folio_iter()
> * [PATCH v3 06/15] iomap: rename iomap_readpage_ctx struct to iomap_read_folio_ctx
> * [PATCH v3 07/15] iomap: track read/readahead folio ownership internally
> * [PATCH v3 08/15] iomap: add public start/finish folio read helpers
> * [PATCH v3 09/15] iomap: add caller-provided callbacks for read and readahead
> * [PATCH v3 10/15] iomap: add bias for async read requests
> * [PATCH v3 11/15] iomap: move buffered io bio logic into new file
> * [PATCH v3 12/15] iomap: make iomap_read_folio() a void return
> * [PATCH v3 13/15] fuse: use iomap for read_folio
> * [PATCH v3 14/15] fuse: use iomap for readahead
> * [PATCH v3 15/15] fuse: remove fc->blkbits workaround for partial writes
>
> and found the following issues:
> * WARNING in iomap_iter_advance
> * WARNING in iomap_readahead
> * kernel BUG in folio_end_read
>
> Full report is available here:
> https://ci.syzbot.org/series/6845596a-1ec9-4396-b9c4-48bddc606bef
>
> ***
>
Thanks. Do you get run on every patchset that is sent upstream or is
it random? Trying to figure out if this means v2 is right and i just
messed up v3 or if you just didn't run on v2.
Thanks,
Joanne
<syzbot+ci9b5...@syzkaller.appspotmail.com> wrote:
>
> syzbot ci has tested the following series
>
> [v3] fuse: use iomap for buffered reads + readahead
> https://lore.kernel.org/all/20250916234425.127...@gmail.com
> * [PATCH v3 01/15] iomap: move bio read logic into helper function
> * [PATCH v3 02/15] iomap: move read/readahead bio submission logic into helper function
> * [PATCH v3 03/15] iomap: store read/readahead bio generically
> * [PATCH v3 04/15] iomap: iterate over entire folio in iomap_readpage_iter()
> * [PATCH v3 05/15] iomap: rename iomap_readpage_iter() to iomap_read_folio_iter()
> * [PATCH v3 06/15] iomap: rename iomap_readpage_ctx struct to iomap_read_folio_ctx
> * [PATCH v3 07/15] iomap: track read/readahead folio ownership internally
> * [PATCH v3 08/15] iomap: add public start/finish folio read helpers
> * [PATCH v3 09/15] iomap: add caller-provided callbacks for read and readahead
> * [PATCH v3 10/15] iomap: add bias for async read requests
> * [PATCH v3 11/15] iomap: move buffered io bio logic into new file
> * [PATCH v3 12/15] iomap: make iomap_read_folio() a void return
> * [PATCH v3 13/15] fuse: use iomap for read_folio
> * [PATCH v3 14/15] fuse: use iomap for readahead
> * [PATCH v3 15/15] fuse: remove fc->blkbits workaround for partial writes
>
> and found the following issues:
> * WARNING in iomap_iter_advance
> * WARNING in iomap_readahead
> * kernel BUG in folio_end_read
>
> Full report is available here:
> https://ci.syzbot.org/series/6845596a-1ec9-4396-b9c4-48bddc606bef
>
> ***
>
Thanks. Do you get run on every patchset that is sent upstream or is
it random? Trying to figure out if this means v2 is right and i just
messed up v3 or if you just didn't run on v2.
Thanks,
Joanne
Aleksandr Nogikh
Sep 18, 2025, 11:48:43 AM (12 days ago) Sep 18
to Joanne Koong, syzbot ci, syzbot, bra...@kernel.org, djw...@kernel.org, gf...@lists.linux.dev, h...@infradead.org, h...@lst.de, hsia...@linux.alibaba.com, kerne...@meta.com, linux...@vger.kernel.org, linu...@vger.kernel.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, mik...@szeredi.hu, syz...@lists.linux.dev, syzkall...@googlegroups.com
Hi Joanne,
The intent is to run on every patchset, but since the system is
currently still in the experimental state, some of the series are
skipped due to various reasons. E.g. syzbot tried to process v2, but
failed to find the kernel tree to which the series applies without
problems: https://ci.syzbot.org/series/7085b21e-ae1e-4bf9-b486-24a82ea9b37d
In the original email, there are links to the C reproducers, so these
can be used locally to determine if v1/v2 were affected.
--
Aleksandr
>
> Thanks,
> Joanne
>
currently still in the experimental state, some of the series are
skipped due to various reasons. E.g. syzbot tried to process v2, but
failed to find the kernel tree to which the series applies without
problems: https://ci.syzbot.org/series/7085b21e-ae1e-4bf9-b486-24a82ea9b37d
In the original email, there are links to the C reproducers, so these
can be used locally to determine if v1/v2 were affected.
--
Aleksandr
>
> Thanks,
> Joanne
>
Joanne Koong
Sep 18, 2025, 5:15:24 PM (12 days ago) Sep 18
to Aleksandr Nogikh, syzbot ci, syzbot, bra...@kernel.org, djw...@kernel.org, gf...@lists.linux.dev, h...@infradead.org, h...@lst.de, hsia...@linux.alibaba.com, kerne...@meta.com, linux...@vger.kernel.org, linu...@vger.kernel.org, linux-...@vger.kernel.org, linu...@vger.kernel.org, mik...@szeredi.hu, syz...@lists.linux.dev, syzkall...@googlegroups.com
It turns out the bug is in the upstream code. It's because
iomap_adjust_read_range() assumes the position and length passed in
are always block-aligned, so uptodate blocks get skipped by block-size
granularity, but in the case of non-block-aligned positions and
lengths, this can underflow the returned length and "overflow" the
returned position (return a position that's beyond the size of the
folio).
The warning never showed up upstream because the underflowed plen and
overflowed pos offset each other in the calculation:
length = pos - iter->pos + plen;
return iomap_iter_advance(iter, &length);
but now in this patchset, iter gets advanced first by "pos -
iter->pos" and then by "plen", which surfaces the warning.
I'll submit a fix for this separately and then resend this fuse iomap
patchset rebased on top of that.
Thanks,
Joanne
>
> --
> Aleksandr
>
> >
> > Thanks,
> > Joanne
> >
Reply all
Reply to author
Forward
0 new messages