The reproducer builds a corrupted file on disk with a negative i_size value.
Add a check when opening this file to avoid subsequent operation failures.

Reported-by: syzbot+630f6d40b3ccabc8e96e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=630f6d40b3ccabc8e96e
Tested-by: syzbot+630f6d40b3ccabc8e96e@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 fs/jfs/file.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 01b6912e60f8..742cadd1f37e 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -44,6 +44,9 @@ static int jfs_open(struct inode *inode, struct file *file)
 {
 	int rc;
 
+	if (S_ISREG(inode->i_mode) && inode->i_size < 0)
+		return -EIO;
+
 	if ((rc = dquot_file_open(inode, file)))
 		return rc;
 
-- 
2.43.0

On 6/4/25 1:48AM, Edward Adam Davis wrote:
> The reproducer builds a corrupted file on disk with a negative i_size value.
> Add a check when opening this file to avoid subsequent operation failures.

Looks good. I'll apply and test this.

Thanks,
Shaggy

> 
> Reported-by: syzbot+630f6d40b3ccabc8e96e@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=630f6d40b3ccabc8e96e
> Tested-by: syzbot+630f6d40b3ccabc8e96e@syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> ---
>   fs/jfs/file.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/fs/jfs/file.c b/fs/jfs/file.c
> index 01b6912e60f8..742cadd1f37e 100644
> --- a/fs/jfs/file.c
> +++ b/fs/jfs/file.c
> @@ -44,6 +44,9 @@ static int jfs_open(struct inode *inode, struct file *file)
>   {
>   	int rc;
>   
> +	if (S_ISREG(inode->i_mode) && inode->i_size < 0)
> +		return -EIO;
> +
>   	if ((rc = dquot_file_open(inode, file)))
>   		return rc;
>