]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1014354)
jfs: truncate good inode pages when hard link is 0
authorLizhi Xu <lizhi.xu@windriver.com>
Fri, 13 Jun 2025 03:05:34 +0000 (11:05 +0800)
committerDave Kleikamp <dave.kleikamp@oracle.com>
Mon, 14 Jul 2025 22:08:14 +0000 (17:08 -0500)
The fileset value of the inode copy from the disk by the reproducer is
AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its
inode pages are not truncated. This causes the bugon to be triggered when
executing clear_inode() because nrpages is greater than 0.

Reported-by: syzbot+6e516bb515d93230bc7b@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6e516bb515d93230bc7b
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
fs/jfs/inode.c patch | blob | blame | history

diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c
index 60fc92dee24d2059b2d4780accac88c610131536..81e6b18e81e1b5581dde84a8b5ff43709c87ed72 100644 (file)
--- a/fs/jfs/inode.c
+++ b/fs/jfs/inode.c
@@ -145,9 +145,9 @@ void jfs_evict_inode(struct inode *inode)
        if (!inode->i_nlink && !is_bad_inode(inode)) {
                dquot_initialize(inode);
 
+               truncate_inode_pages_final(&inode->i_data);
                if (JFS_IP(inode)->fileset == FILESYSTEM_I) {
                        struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap;
-                       truncate_inode_pages_final(&inode->i_data);
 
                        if (test_cflag(COMMIT_Freewmap, inode))
                                jfs_free_zero_link(inode);
A mirror of Linus' kernel repository