In the reproducer, when calling renameat2(), olddirfd and newdirfd passed are the same value r0, see [1]. This situation should be avoided. [1] renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0) Reported-by: syzbot+321477fad98ea6dd35b7@xxxxxxxxxxxxxxxxxxxxxxxxx Closes: https://syzkaller.appspot.com/bug?extid=321477fad98ea6dd35b7 Tested-by: syzbot+321477fad98ea6dd35b7@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 84a0e0b0111c..ff843007ca94 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -5013,7 +5013,7 @@ int vfs_rename(struct renamedata *rd) struct name_snapshot old_name; bool lock_old_subdir, lock_new_subdir; - if (source == target) + if (source == target || old_dir == target) return 0; error = may_delete(rd->old_mnt_idmap, old_dir, old_dentry, is_dir); -- 2.43.0
