iomap_iter_done() expects that the iterator position always lies within the current iomap range. However, during buffered writes combined with truncate or overwrite operations, the iterator position can advance past the end of the current iomap without the mapping being invalidated. When this happens, iomap_iter_done() triggers a warning because iomap.offset + iomap.length no longer covers iter->pos, even though this state can legitimately occur due to extent invalidation or write completion advancing the iterator position. Detect this condition immediately after iomap_begin(), mark the mapping as stale, reset the iterator state, and retry mapping from the current position. This ensures that iomap_end() invariants are preserved and prevents spurious warnings. Fixes: a66191c590b3b58eaff05d2277971f854772bd5b ("iomap: tighten iterator state validation") Tested-by: Piyush Patle Signed-off-by: Piyush Patle Reported-by: syzbot+bd5ca596a01d01bfa083@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=bd5ca596a01d01bfa083 --- fs/iomap/iter.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/iomap/iter.c b/fs/iomap/iter.c index c04796f6e57f..466a12b0c094 100644 --- a/fs/iomap/iter.c +++ b/fs/iomap/iter.c @@ -111,6 +111,13 @@ int iomap_iter(struct iomap_iter *iter, const struct iomap_ops *ops) &iter->iomap, &iter->srcmap); if (ret < 0) return ret; + if (iter->iomap.length && + iter->iomap.offset + iter->iomap.length <= iter->pos) { + iter->iomap.flags |= IOMAP_F_STALE; + iomap_iter_reset_iomap(iter); + return 1; + } + iomap_iter_done(iter); return 1; } -- 2.34.1