| From 86d5eb9cd1c0d63c2936501371c593075f652ef7 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Fri, 13 Jun 2025 11:05:34 +0800 |
| Subject: jfs: truncate good inode pages when hard link is 0 |
| |
| From: Lizhi Xu <lizhi.xu@windriver.com> |
| |
| [ Upstream commit 2d91b3765cd05016335cd5df5e5c6a29708ec058 ] |
| |
| The fileset value of the inode copy from the disk by the reproducer is |
| AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its |
| inode pages are not truncated. This causes the bugon to be triggered when |
| executing clear_inode() because nrpages is greater than 0. |
| |
| Reported-by: syzbot+6e516bb515d93230bc7b@syzkaller.appspotmail.com |
| Closes: https://syzkaller.appspot.com/bug?extid=6e516bb515d93230bc7b |
| Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com> |
| Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| fs/jfs/inode.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c |
| index d1ec920aa030..d41891bb617a 100644 |
| --- a/fs/jfs/inode.c |
| +++ b/fs/jfs/inode.c |
| @@ -145,9 +145,9 @@ void jfs_evict_inode(struct inode *inode) |
| if (!inode->i_nlink && !is_bad_inode(inode)) { |
| dquot_initialize(inode); |
| |
| + truncate_inode_pages_final(&inode->i_data); |
| if (JFS_IP(inode)->fileset == FILESYSTEM_I) { |
| struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap; |
| - truncate_inode_pages_final(&inode->i_data); |
| |
| if (test_cflag(COMMIT_Freewmap, inode)) |
| jfs_free_zero_link(inode); |
| -- |
| 2.39.5 |
| |
