Re: [syzbot] [btrfs?] kernel BUG in btrfs_folio_end_all_writers

[Edward Adam Davis]

in cow_file_range, only ret == 0 means succuess

#syz test: upstream b1bc554e009e

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index d62c96f00ff8..a82acc9df20f 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -762,7 +762,8 @@ static noinline int cow_file_range_inline(struct btrfs_inode *inode, u64 offset,
 		return ret;
 	}
 
-	extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
+	if (ret == 0)
+		extent_clear_unlock_delalloc(inode, offset, end, NULL, &cached,
 				     clear_flags,
 				     PAGE_UNLOCK | PAGE_START_WRITEBACK |
 				     PAGE_END_WRITEBACK);
@@ -1043,8 +1044,15 @@ static void compress_file_range(struct btrfs_work *work)
 		ret = cow_file_range_inline(inode, start, end, total_compressed,
 					    compress_type, folios[0], false);
 	if (ret <= 0) {
-		if (ret < 0)
+		if (ret < 0) {
+			unsigned long clear_flags = EXTENT_DELALLOC | EXTENT_DELALLOC_NEW |
+					 EXTENT_DEFRAG | EXTENT_DO_ACCOUNTING | EXTENT_LOCKED;
 			mapping_set_error(mapping, -EIO);
+			extent_clear_unlock_delalloc(inode, start, end, NULL, NULL,
+				     clear_flags,
+				     PAGE_UNLOCK | PAGE_START_WRITEBACK |
+				     PAGE_END_WRITEBACK);
+		}
 		goto free_pages;
 	}
 
@@ -1361,7 +1369,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
 		/* lets try to make an inline extent */
 		ret = cow_file_range_inline(inode, start, end, 0,
 					    BTRFS_COMPRESS_NONE, NULL, false);
-		if (ret <= 0) {
+		if (ret == 0) {
 			/*
 			 * We succeeded, return 1 so the caller knows we're done
 			 * with this page and already handled the IO.
@@ -1369,8 +1377,7 @@ static noinline int cow_file_range(struct btrfs_inode *inode,
 			 * If there was an error then cow_file_range_inline() has
 			 * already done the cleanup.
 			 */
-			if (ret == 0)
-				ret = 1;
+			ret = 1;
 			goto done;
 		}
 	}