Commit 89fff8e3 authored Jun 13, 2025 by Lizhi Xu Committed by Greg Kroah-Hartman Aug 28, 2025

jfs: truncate good inode pages when hard link is 0



[ Upstream commit 2d91b3765cd05016335cd5df5e5c6a29708ec058 ]

The fileset value of the inode copy from the disk by the reproducer is
AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its
inode pages are not truncated. This causes the bugon to be triggered when
executing clear_inode() because nrpages is greater than 0.

Reported-by:  <syzbot+6e516bb515d93230bc7b@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=6e516bb515d93230bc7b


Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 684c92bb

fs/jfs/inode.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -145,9 +145,9 @@ void jfs_evict_inode(struct inode *inode)
		if (!inode->i_nlink && !is_bad_inode(inode)) {
		dquot_initialize(inode);

		truncate_inode_pages_final(&inode->i_data);
		if (JFS_IP(inode)->fileset == FILESYSTEM_I) {
		struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap;
		truncate_inode_pages_final(&inode->i_data);

		if (test_cflag(COMMIT_Freewmap, inode))
		jfs_free_zero_link(inode);