This is a note to let you know that I've just added the patch titled reiserfs: only call unlock_new_inode() if I_NEW to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: reiserfs-only-call-unlock_new_inode-if-i_new.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 2c0903a9a23d2acf3e4120aecdad7bea5de163de Author: Eric Biggers <ebiggers@xxxxxxxxxx> Date: Sun Jun 28 00:00:57 2020 -0700 reiserfs: only call unlock_new_inode() if I_NEW [ Upstream commit 8859bf2b1278d064a139e3031451524a49a56bd0 ] unlock_new_inode() is only meant to be called after a new inode has already been inserted into the hash table. But reiserfs_new_inode() can call it even before it has inserted the inode, triggering the WARNING in unlock_new_inode(). Fix this by only calling unlock_new_inode() if the inode has the I_NEW flag set, indicating that it's in the table. This addresses the syzbot report "WARNING in unlock_new_inode" (https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7). Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@xxxxxxxxxx Reported-by: syzbot+187510916eb6a14598f7@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Signed-off-by: Jan Kara <jack@xxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index 70387650436cf..ac35ddf0dd603 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -2161,7 +2161,8 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th, out_inserted_sd: clear_nlink(inode); th->t_trans_id = 0; /* so the caller can't use this handle later */ - unlock_new_inode(inode); /* OK to do even if we hadn't locked it */ + if (inode->i_state & I_NEW) + unlock_new_inode(inode); iput(inode); return err; }