reiserfs: only call unlock_new_inode() if I_NEW

[ Upstream commit 8859bf2b1278d064a139e3031451524a49a56bd0 ] unlock_new_inode() is only meant to be called after a new inode has already been inserted into the hash table. But reiserfs_new_inode() can call it even before it has inserted the inode, triggering the WARNING in unlock_new_inode(). Fix this by only calling unlock_new_inode() if the inode has the I_NEW flag set, indicating that it's in the table. This addresses the syzbot report "WARNING in unlock_new_inode" (https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7). Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@kernel.org Reported-by: syzbot+187510916eb6a14598f7@syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Eric Biggers <ebiggers@google.com> 2020-06-28 00:00:57 -0700
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-10-29 09:03:10 +0100
commit: 54900edfcb18987b504d6e22b157bd13022fd5e6 (patch)
tree: 370f6e794fff1bef7ca2dc58eceebaabadfddaa6 /fs/reiserfs/inode.c
parent: e2a3c02399babe23d3883ceb7cca1ab4c56e0de4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index cfb4691d9274..ccbb15ab029f 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -2157,7 +2157,8 @@ out_end_trans:
 out_inserted_sd:
 	clear_nlink(inode);
 	th->t_trans_id = 0;	/* so the caller can't use this handle later */
-	unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
+	if (inode->i_state & I_NEW)
+		unlock_new_inode(inode);
 	iput(inode);
 	return err;
 }
author	Eric Biggers <ebiggers@google.com>	2020-06-28 00:00:57 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-10-29 09:03:10 +0100
commit	54900edfcb18987b504d6e22b157bd13022fd5e6 (patch)
tree	370f6e794fff1bef7ca2dc58eceebaabadfddaa6 /fs/reiserfs/inode.c
parent	e2a3c02399babe23d3883ceb7cca1ab4c56e0de4 (diff)