From nobody Sun Feb 8 08:48:24 2026 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59987215F7D for ; Fri, 2 Jan 2026 18:48:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767379737; cv=none; b=I01jhF4zpwe/eGBeHm1Sp8og0Z8Hh5uwfb/Aedm0dCIDBRcyE9V3cAtBlaye76TDp/YS8g/OLPRU6J8DD5EqjBvOE0bIrvclsX9LCfj5TUOYWsVwHX21C441Mj9/ATUaZlHnnS5rHkAvwZXf3HKhrqbMsD7pWqfSzQScMKdt4JY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767379737; c=relaxed/simple; bh=zz9pO9lCHCSVh45kUTxIpxx55u6mZ1MJjPf73tGVAUQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=jDgC3ldnP8EBxbT4HpVfTF3TBP+w5DM2+9b/QeDo1mT7yvr+FK8GbrBicxCPNvOyHLDNUrGshsdMLAhWiZ3ZBqz+NfrCxcu2TwCVenoXZwpJp/YmBKKSw01RX+fSf2IKeVvMrvdahqtnZOUxeIZCNO+0nYyRE9pvC6vRdsgWv0Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=X5Idb8je; arc=none smtp.client-ip=209.85.208.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="X5Idb8je" Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-64b9230f564so14776441a12.1 for ; Fri, 02 Jan 2026 10:48:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767379734; x=1767984534; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=v4oacTi3nr84z9qP/uE6rFbcJexvIqwHfc6MGDOAK/o=; b=X5Idb8jea5XR7Vuw5oTB+6/ykjjhn1rSpqyS/J90JujJ4Oi5KuFtANb+yzdNRoaMQD HHtqouIlQ/oLyng1sWVetpGfGjPp4kvq7fxmJwRW5cTXbaBUixBajNic2q/vnN7F8+cu 29kzrQNE+LKlwtImCE9DA4mOQCzMbkAaz8PwDmHY+nctWSPYVEdchEgr6LgtPEVL+jI6 rP1as3ryHKjt3d1tdVEvk8/9YiQBsCNPjWJkdqB2kbHpLVt/xqUTIbSArUsg6D0Btx9O 74aCBkW/notB8hQBJoa0lQhOCO549APzkOQ35nwd4YawpYCtYo6jA4oLicaEpDVNy2h7 eZTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767379734; x=1767984534; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=v4oacTi3nr84z9qP/uE6rFbcJexvIqwHfc6MGDOAK/o=; b=pVdEeWSkO2W9ybwKaniNhYrwdQHrPkrXesmbvK336bqVwvJUG4XQL3EKdnThgfBQSg MvEVZMjarl+gJglNeyd1tZdRYZC67E8UtPEJBjNQk9QUQyNNPCe7ixiKclVC4CfwfBze FNis7z1Mi35Em9dIZQaU5+UFQGG4F1lTl1C/Tl9MVx0zMsZRndhX7sD/EroDUdomviTA uZHhU6LJrYUz/hEK0WmHUkFxNAxSmSI+zTdEehXNtchjDZUNZJA8JQ/cDwES8i4VNaDF DflRpb8oiCv40fxOCBKX8MMVLwWzqi/iPpx4Vj7wZ5JkDBn/vSXy3xJal98RMAyxPRKk 15mw== X-Gm-Message-State: AOJu0YySjOKNx415Hu4TlPvmRmVw15rXFJb7tbb6rnVUB78d1skxPLbL c/gprCvEMtNvANe+RZltnGjcDCxxRjCGqgifoL2ZkeGeyF5qUNLy8EsA X-Gm-Gg: AY/fxX68I2ODQk6M4xYxgc8fIdUp6tb48agR+yh5URUtlppAh9ach2FctXYTTeOj1tT MiVae557Sd3mwoGXrlWGtbCvq9+xLDOvvUEHeg5pVPxeH/sGstc/YiTdb+tGXNJqQ7zfMY+4iS2 jhFehHiSsp4Z3Xp3QncehEQ5b6g14Xl1Bz7Lg+ykzDXifl7WrOx2dKyP+0vldo+xe2Uh9A/evbA q4n6UNnCJhNhNuyjjDjAXjm4FCyOHa5vfeIhiI9xhz7BaEW/+L4S3yaBbI+F41MLF4nTAg9djJ9 RZYf7rJbw/VpwgBJx8wz10H2YMRCUN9UVifB9vV8djviSRHP4i8tZhA5gGAWYh3/CQ42S7nA4+5 jwrGfanfzig/vgkf8J6OCElqEHOk7TSHTkqZWpx6poHe29DjWuvKg8sEVPIZD6qoMj6tyqous0G bne+V+SspXlQcSSwwDkIrEpClxgZI0ADnp X-Google-Smtp-Source: AGHT+IGTE7fO6rSdedoJ9BhDiuu0KWLIeHS+ESEYY9vxTsP9u1m3m6XzzyUWfLw5Bs7eZx2Ek1qc/g== X-Received: by 2002:a17:906:730f:b0:b80:b7f:aa10 with SMTP id a640c23a62f3a-b80371d8c5cmr4543531966b.59.1767379733488; Fri, 02 Jan 2026 10:48:53 -0800 (PST) Received: from localhost.localdomain ([46.10.223.24]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8037f512e3sm4638909066b.67.2026.01.02.10.48.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jan 2026 10:48:53 -0800 (PST) From: "Nikola Z. Ivanov" To: shaggy@kernel.org, dmantipov@yandex.ru, quic_zhonhan@quicinc.com, eadavis@qq.com, jfs-discussion@lists.sourceforge.net Cc: linux-kernel@vger.kernel.org, "Nikola Z. Ivanov" , syzbot+d569e274f46ca86f78fa@syzkaller.appspotmail.com Subject: [PATCH] jfs: Check for discrepancies between iag and inomap iagctl Date: Fri, 2 Jan 2026 20:48:49 +0200 Message-ID: <20260102184849.1932768-1-zlatistiv@gmail.com> X-Mailer: git-send-email 2.51.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" syzbot reports "VFS: Busy inodes after unmount" which is caused by a deadlock in the jfsCommit thread, in a call to diFree. The filesystem from the syz repro can be used to reproduce the deadlock by mounting it, deleting a file and running "sync" or unmounting the filesystem. Running "fsck" on the filesystem image seemingly fixes the inconsistency and we no longer deadlock. This happens because the IAG that contains the inode we are freeing is head of the free list, but also holds nfreeinos =3D 0, which will lead to a deadlock when we try to add it as head of the free list, since it already is head of the list. Fix this by adding a check for the discrepancy before reading more metapages that could potentially match with "mp". Do the same for the extent free list as it may lead to a similar deadlock. Reported-by: syzbot+d569e274f46ca86f78fa@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dd569e274f46ca86f78fa Signed-off-by: Nikola Z. Ivanov --- fs/jfs/jfs_imap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index ecb8e05b8b84..fd9f9babaf46 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -902,6 +902,25 @@ int diFree(struct inode *ip) } iagp =3D (struct iag *) mp->data; =20 + /* We will deadlock if due to inconsistency + * the iag has no free inodes/extents but is + * head of the respective free list + */ + if (iagp->nfreeinos =3D=3D 0 && imap->im_agctl[agno].inofree =3D=3D iagno= ) { + IREAD_UNLOCK(ipimap); + AG_UNLOCK(imap, agno); + release_metapage(mp); + jfs_error(ip->i_sb, "nfreeinos =3D 0, but iag is head of freelist\n"); + return -EIO; + } + if (iagp->nfreeexts =3D=3D 0 && imap->im_agctl[agno].extfree =3D=3D iagno= ) { + IREAD_UNLOCK(ipimap); + AG_UNLOCK(imap, agno); + release_metapage(mp); + jfs_error(ip->i_sb, "nfreeexts =3D 0, but iag is head of freelist\n"); + return -EIO; + } + /* get the inode number and extent number of the inode within * the iag and the inode number within the extent. */ --=20 2.51.0