From nobody Sat Feb  7 04:47:27 2026
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B02F37B41F
	for <linux-kernel@vger.kernel.org>; Mon,  2 Feb 2026 15:45:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.173
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770047104; cv=none;
 b=obK+5nlcboGvxQoboIxTapAU720YjJ56iPn0qHqP8IzfmhQ9yHxhgTtkNWxmpeeJzCx9rWbkHiJ2WmhWxgVpNdAxZp43zIyZRh6F2X1dBRYsoJY+DoWiGQA+KfIBUhPacwRICRNiCt7DUCX8zd6yRm3BZjb6P+W7mAMIOyCSgOc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770047104; c=relaxed/simple;
	bh=apmosNlmlGXu84xxAwbeHewfRKLaSp4Y/cXTo8RIVDg=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=EP2JBnLsPDN7FbkAbdB1ivEpZ7EKNd+fxcauY0OhaBzcNmY0M1k7qCOXEU3kxtarH4IwmBrikV1hFyNB70KCFQfdC4xKbajFJuMwIYtwS6zkaL4Qz/IYcGQWIZLvHmjfFkaGVcSMiJHLEPXHJ7WQellv2zjzMJ6aK9gq1rFtBPY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=YbnDctMW; arc=none smtp.client-ip=209.85.210.173
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="YbnDctMW"
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-82318b640beso2507931b3a.0
        for <linux-kernel@vger.kernel.org>;
 Mon, 02 Feb 2026 07:45:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1770047103; x=1770651903;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=bK/86Nyk/EKSMMzdzRby3gSajMQfUiZyejcUNvrlmaI=;
        b=YbnDctMWIILWQWskhbR+4tTXyETdbS6st6Enj2mJO0kWkeGloerpg1yF+9v+X1t5W8
         Sj9syCkLZJn7KjVVY3gbLNxPDq9Hd2DRzwg/Eez5uviN+mnPbti+LhqQGLY5CM+BmmhH
         NvgoZlr5M31rSlr8XSAp1aDKEAah2MeZc+rQ/bAd5lFlh52C78qfufmRt/Mh3pWDhmrp
         EKiwyMcpXOpBcxowwNql9IE1Nv5a8VjFV8l9EbfQYuZP+xDqx+K7ih8/UL8DcCalXwOn
         oFmPQp1GU7Ub4r3dr0icNp6qTESH1RSLXM9RSHnDWGnqK/pratDDzyBr3gPXxmfq4Iv1
         j6bQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770047103; x=1770651903;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=bK/86Nyk/EKSMMzdzRby3gSajMQfUiZyejcUNvrlmaI=;
        b=lRd8fgku1cHJu7cXLp2GtFouVyxrpDQkdyzD+XrKlEtQNzNmHo9u5iG2hr5/d0x0tI
         +SSvh/dRAePrgea2YF1stdIsYJ9wfHr2jF7LidkVSUBfj5Ua9kKFqoHPB7u5mvk/6fMO
         8JGHYlLuLzOG1GKSBzmKrAHuFRez7ByTdr2D5zS67COubSNfZGoF6f/UT/2973oa/1tM
         Ou7hYyC02WK6pZOutnIqDdv4785OahJl1jCCXb+Wv/WNX6WvovaFmClc4YeLfbUYJJmV
         tz96quM+1p4JlTs7t1bzRnnoy8uzzLMbV/as05qXv99CTxw5Eus/rN3bn+wMfwjXJ/UM
         Hwnw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXYDV6Y148ke7GPY17nzNCENevG6nVap1Enp/pC1RIsujiSjfjnvi0LSh0Y4jN8VM35wwMo2uzaHkrUz08=@vger.kernel.org
X-Gm-Message-State: AOJu0YzR2vuCQq7ORHuV2dAR9MFaQn1byGOLnQ+7XfBquk3U7Go8Uhx0
	AGj4RD3vSPpsEiTctjvAH/qGNxySLPEm8pVFILB+Nd3Dz+tgsef66ohd
X-Gm-Gg: AZuq6aIesewc++VAvV1mWXyxE1msIVCnzcHvd0EZcRdekjvWfN/q3jf79PTW5UmeY0c
	WNfvgWpcknqI5PDLDfWwI46wHwu8Nxz1y54fWxh7BUFw9h9B5wT6ZbY0lb2IwPm4B24ylpX0DQW
	rDTiZv0hRbfhwkdPsTKlYnEEhInfgTkBpH6Y3SZlv+obb0XgbZAjxWmDmjzcex/EaiFEGbdqcC1
	Hq5NOvn6+qSLbf5PfSo6+5S9cMpLBmvMp3yIfMRa33Ye3v7XaBqPL178eWhiXZUNZLKiAJd8Jko
	bUqPtV26fLNiVIhbWh7PAna5x35aCFHJ6XPrUGghf9BPHZve6aXdxqgF4+IYRC0iffnVXqJLROp
	wuMmYQGvlWRP0uBA+x2CbRdPJPFYIirOAqO+y8eZV3Hsg0y+3jnrCJT4jTKaLXIaij+m5reofNJ
	5KLdWUfgodpKLsMXbuHciYCXbf9HDuOIT/kFG08r5ckWzz2lyK052Nw8KffkzJZ6NxEi49XFDPN
	dkpqNg+UtNd5/eYoSFvJ3xLwxFkFeqapfuRBMFYv0NJ22cXiE+0c/ho
X-Received: by 2002:a05:6a00:9185:b0:823:5f7:ecb6 with SMTP id
 d2e1a72fcca58-823aa43a1camr10597514b3a.17.1770047102767;
        Mon, 02 Feb 2026 07:45:02 -0800 (PST)
Received: from
 lorddaniel-VivoBook-ASUSLaptop-K3502ZA-S3502ZA.www.tendawifi.com
 ([14.139.108.62])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-82379b4ea8bsm20074206b3a.22.2026.02.02.07.44.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 Feb 2026 07:45:02 -0800 (PST)
From: Piyush Patle <piyushpatle228@gmail.com>
To: brauner@kernel.org
Cc: djwong@kernel.org,
	linux-xfs@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	syzbot+bd5ca596a01d01bfa083@syzkaller.appspotmail.com
Subject: [PATCH] iomap: handle iterator position advancing beyond current
 mapping
Date: Mon,  2 Feb 2026 21:14:53 +0530
Message-Id: <20260202154453.650471-1-piyushpatle228@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20260202130044.567989-1-piyushpatle228@gmail.com>
References: <20260202130044.567989-1-piyushpatle228@gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

iomap_iter_done() expects that the iterator position always lies within
the current iomap range.  However, during buffered writes combined with
truncate or overwrite operations, the iterator position can advance past
the end of the current iomap without the mapping being invalidated.

When this happens, iomap_iter_done() triggers a warning because
iomap.offset + iomap.length no longer covers iter->pos, even though this
state can legitimately occur due to extent invalidation or write completion
advancing the iterator position.

Detect this condition immediately after iomap_begin(), mark the mapping
as stale, reset the iterator state, and retry mapping from the current
position.  This ensures that iomap_end() invariants are preserved and
prevents spurious warnings.

Fixes: a66191c590b3b58eaff05d2277971f854772bd5b ("iomap: tighten iterator s=
tate validation")
Tested-by: Piyush Patle <piyushpatle288@gmail.com>
Signed-off-by: Piyush Patle <piyushpatle228@gmail.com>
Reported-by: syzbot+bd5ca596a01d01bfa083@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=3Dbd5ca596a01d01bfa083
---
 fs/iomap/iter.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/iomap/iter.c b/fs/iomap/iter.c
index c04796f6e57f..466a12b0c094 100644
--- a/fs/iomap/iter.c
+++ b/fs/iomap/iter.c
@@ -111,6 +111,13 @@ int iomap_iter(struct iomap_iter *iter, const struct i=
omap_ops *ops)
 			       &iter->iomap, &iter->srcmap);
 	if (ret < 0)
 		return ret;
+	if (iter->iomap.length &&
+	    iter->iomap.offset + iter->iomap.length <=3D iter->pos) {
+		iter->iomap.flags |=3D IOMAP_F_STALE;
+		iomap_iter_reset_iomap(iter);
+		return 1;
+	}
+
 	iomap_iter_done(iter);
 	return 1;
 }
--=20
2.34.1