On Tue, Apr 29, 2025 at 03:55:18PM +0800, Zhang Yi wrote: > After debugging, I found that this problem is caused by punching a hole > with an offset variable larger than max_end on a corrupted ext4 inode, > whose i_size is larger than maxbyte. It will result in a negative length > in the truncate_inode_partial_folio(), which will trigger this problem. It seems to me like we're asking for trouble when we allow an inode with an i_size larger than max_end to be instantiated. There are probably other places which assume it is smaller than max_end. We should probably decline to create the bad inode in the first place?
