From: Shaurya Rane <ssrane_b23@xxxxxxxxxxxxx>
The done_path_create() function unconditionally calls inode_unlock() on
path->dentry->d_inode without verifying that the path and inode are valid.
Under certain error conditions or race scenarios, this can lead to attempting
to unlock an inode that was never locked or has been corrupted, resulting in
a WARNING from the rwsem debugging code.
Add defensive checks to ensure both path->dentry and path->dentry->d_inode
are valid before attempting to unlock. This prevents the rwsem warning while
maintaining existing behavior for normal cases.
Reported-by: syzbot+0cee785b798102696a4b@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Shaurya Rane <ssrane_b23@xxxxxxxxxxxxx>
---
fs/namei.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index cd43ff89fbaa..75ef579c38b7 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4174,7 +4174,8 @@ void done_path_create(struct path *path, struct dentry *dentry)
{
if (!IS_ERR(dentry))
dput(dentry);
- inode_unlock(path->dentry->d_inode);
+ if (path->dentry && path->dentry->d_inode)
+ inode_unlock(path->dentry->d_inode);
mnt_drop_write(path->mnt);
path_put(path);
}
--
2.34.1
