fs/jfs/namei.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
If nlink is maximal for a directory (-1) and inside that directory you
perform a rename for some child directory (not moving from the parent),
then the nlink of the first directory is first incremented and later
decremented. Normally this is fine, but when nlink = -1 this causes a
wrap around to 0, and then drop_nlink issues a warning.
After applying the patch syzbot no longer issues any warnings. I also
ran some basic fs tests to look for any regressions.
Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
Reported-by: syzbot+9131ddfd7870623b719f@syzkaller.appspotmail.com
Closes: https://syzbot.org/bug?extid=9131ddfd7870623b719f
---
fs/jfs/namei.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 65a218eba8fa..7879c049632b 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -1228,7 +1228,7 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
jfs_err("jfs_rename: dtInsert returned -EIO");
goto out_tx;
}
- if (S_ISDIR(old_ip->i_mode))
+ if (S_ISDIR(old_ip->i_mode) && old_dir != new_dir)
inc_nlink(new_dir);
}
/*
@@ -1244,7 +1244,9 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
goto out_tx;
}
if (S_ISDIR(old_ip->i_mode)) {
- drop_nlink(old_dir);
+ if (new_ip || old_dir != new_dir)
+ drop_nlink(old_dir);
+
if (old_dir != new_dir) {
/*
* Change inode number of parent for moved directory
--
2.51.0Below syzbot bug has not been fixed yet. If anyone has time I would greatly appreciate a review of my patch, so it can be moved along. It has been sitting for a few weeks. Thanks, Jori. Apologies for the resend, I messed up the email headers. > Op 28-10-2025 13:22 CET schreef Jori Koolstra <jkoolstra@xs4all.nl>: > > > If nlink is maximal for a directory (-1) and inside that directory you > perform a rename for some child directory (not moving from the parent), > then the nlink of the first directory is first incremented and later > decremented. Normally this is fine, but when nlink = -1 this causes a > wrap around to 0, and then drop_nlink issues a warning. > > After applying the patch syzbot no longer issues any warnings. I also > ran some basic fs tests to look for any regressions. > > Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl> > Reported-by: syzbot+9131ddfd7870623b719f@syzkaller.appspotmail.com > Closes: https://syzbot.org/bug?extid=9131ddfd7870623b719f
Below syzbot bug has not been fixed yet. If anyone has time I would greatly appreciate a review of my patch, so it can be moved along. It has been sitting for quite a few weeks. Thanks, Jori. > Op 28-10-2025 13:22 CET schreef Jori Koolstra <jkoolstra@xs4all.nl>: > > > If nlink is maximal for a directory (-1) and inside that directory you > perform a rename for some child directory (not moving from the parent), > then the nlink of the first directory is first incremented and later > decremented. Normally this is fine, but when nlink = -1 this causes a > wrap around to 0, and then drop_nlink issues a warning. > > After applying the patch syzbot no longer issues any warnings. I also > ran some basic fs tests to look for any regressions. > > Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl> > Reported-by: syzbot+9131ddfd7870623b719f@syzkaller.appspotmail.com > Closes: https://syzbot.org/bug?extid=9131ddfd7870623b719f
© 2016 - 2026 Red Hat, Inc.