Commit 8859bf2b authored Jun 28, 2020 by Eric Biggers Committed by Jan Kara Sep 16, 2020

reiserfs: only call unlock_new_inode() if I_NEW

unlock_new_inode() is only meant to be called after a new inode has
already been inserted into the hash table.  But reiserfs_new_inode() can
call it even before it has inserted the inode, triggering the WARNING in
unlock_new_inode().  Fix this by only calling unlock_new_inode() if the
inode has the I_NEW flag set, indicating that it's in the table.

This addresses the syzbot report "WARNING in unlock_new_inode"
(https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7).

Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@kernel.org


Reported-by:  <syzbot+187510916eb6a14598f7@syzkaller.appspotmail.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>

parent c53ec7bc

fs/reiserfs/inode.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -2163,7 +2163,8 @@ out_end_trans:
		out_inserted_sd:
		clear_nlink(inode);
		th->t_trans_id = 0; /* so the caller can't use this handle later */
		unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
		if (inode->i_state & I_NEW)
		unlock_new_inode(inode);
		iput(inode);
		return err;
		}

Admin message