From: Lizhi Xu <lizhi.xu@windriver.com>
Date: Fri, 13 Jun 2025 03:05:34 +0000 (+0800)
Subject: jfs: truncate good inode pages when hard link is 0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d91b3765cd05016335cd5df5e5c6a29708ec058;p=thirdparty%2Flinux.git

jfs: truncate good inode pages when hard link is 0

The fileset value of the inode copy from the disk by the reproducer is
AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its
inode pages are not truncated. This causes the bugon to be triggered when
executing clear_inode() because nrpages is greater than 0.

Reported-by: syzbot+6e516bb515d93230bc7b@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=6e516bb515d93230bc7b
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
---

diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c
index 60fc92dee24d2..81e6b18e81e1b 100644
--- a/fs/jfs/inode.c
+++ b/fs/jfs/inode.c
@@ -145,9 +145,9 @@ void jfs_evict_inode(struct inode *inode)
 	if (!inode->i_nlink && !is_bad_inode(inode)) {
 		dquot_initialize(inode);
 
+		truncate_inode_pages_final(&inode->i_data);
 		if (JFS_IP(inode)->fileset == FILESYSTEM_I) {
 			struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap;
-			truncate_inode_pages_final(&inode->i_data);
 
 			if (test_cflag(COMMIT_Freewmap, inode))
 				jfs_free_zero_link(inode);