On Tue, Aug 11, 2020 at 08:17:16PM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 5631c5e0 Merge tag 'xfs-5.9-merge-7' of git://git.kernel.o.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=17076984900000 > kernel config: https://syzkaller.appspot.com/x/.config?x=afba7c06f91e56eb > dashboard link: https://syzkaller.appspot.com/bug?extid=bbeb1c88016c7db4aa24 > compiler: gcc (GCC) 10.1.0-syz 20200507 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1502ce02900000 fix breakage in do_rmdir() putname() should happen only after we'd *not* branched to retry, same as it's done in do_unlinkat(). Fixes: e24ab0ef689d "fs: push the getname from do_rmdir into the callers" Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> --- diff --git a/fs/namei.c b/fs/namei.c index fde8fe086c09..9fa10c614de7 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -3770,11 +3770,11 @@ long do_rmdir(int dfd, struct filename *name) mnt_drop_write(path.mnt); exit1: path_put(&path); - putname(name); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } + putname(name); return error; }
