git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yuto Ohnuki <ytohnuki@amazon.com>
	Tue, 10 Mar 2026 18:38:37 +0000 (18:38 +0000)
committer	Carlos Maiolino <cem@kernel.org>
	Wed, 18 Mar 2026 08:40:31 +0000 (09:40 +0100)
commit	4f24a767e3d64a5f58c595b5c29b6063a201f1e3
tree	16fea93a3dcc9aaeda66535f915a1d28a16f4348	tree \| snapshot
parent	362c490980867930a098b99f421268fbd7ca05fd	commit \| diff

xfs: stop reclaim before pushing AIL during unmount

The unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while
background reclaim and inodegc are still running. This is broken
independently of any use-after-free issues - background reclaim and
inodegc should not be running while the AIL is being pushed during
unmount, as inodegc can dirty and insert inodes into the AIL during the
flush, and background reclaim can race to abort and free dirty inodes.

Reorder xfs_unmount_flush_inodes() to stop inodegc and cancel background
reclaim before pushing the AIL. Stop inodegc before cancelling
m_reclaim_work because the inodegc worker can re-queue m_reclaim_work
via xfs_inodegc_set_reclaimable.

Reported-by: syzbot+652af2b3c5569c4ab63c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=652af2b3c5569c4ab63c
Fixes: 90c60e164012 ("xfs: xfs_iflush() is no longer necessary")
Cc: stable@vger.kernel.org # v5.9
Signed-off-by: Yuto Ohnuki <ytohnuki@amazon.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>