[PATCH] fs/namei: fix WARNING in do_mknodat due to invalid inode unlock

[PATCH] fs/namei: fix WARNING in do_mknodat due to invalid inode unlock

[ssranevjti]

From: Shaurya Rane <ssrane_b23@ee.vjti.ac.in>

The done_path_create() function unconditionally calls inode_unlock() on
path->dentry->d_inode without verifying that the path and inode are valid.
Under certain error conditions or race scenarios, this can lead to attempting
to unlock an inode that was never locked or has been corrupted, resulting in
a WARNING from the rwsem debugging code.

Add defensive checks to ensure both path->dentry and path->dentry->d_inode
are valid before attempting to unlock. This prevents the rwsem warning while
maintaining existing behavior for normal cases.

Reported-by: syzbot+0cee785b798102696a4b@syzkaller.appspotmail.com

Signed-off-by: Shaurya Rane <ssrane_b23@ee.vjti.ac.in>
---
 fs/namei.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index cd43ff89fbaa..75ef579c38b7 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4174,7 +4174,8 @@ void done_path_create(struct path *path, struct dentry *dentry)
 {
 	if (!IS_ERR(dentry))
 		dput(dentry);
-	inode_unlock(path->dentry->d_inode);
+	if (path->dentry && path->dentry->d_inode)
+		inode_unlock(path->dentry->d_inode);
 	mnt_drop_write(path->mnt);
 	path_put(path);
 }
-- 
2.34.1

Re: [PATCH] fs/namei: fix WARNING in do_mknodat due to invalid inode unlock

[Al Viro]

On Mon, Aug 25, 2025 at 12:23:03AM +0530, ssranevjti@gmail.com wrote:
> From: Shaurya Rane <ssrane_b23@ee.vjti.ac.in>
> 
> The done_path_create() function unconditionally calls inode_unlock() on
> path->dentry->d_inode without verifying that the path and inode are valid.
> Under certain error conditions or race scenarios, this can lead to attempting
> to unlock an inode that was never locked or has been corrupted, resulting in
> a WARNING from the rwsem debugging code.
> 
> Add defensive checks to ensure both path->dentry and path->dentry->d_inode
> are valid before attempting to unlock. This prevents the rwsem warning while
> maintaining existing behavior for normal cases.
> 
> Reported-by: syzbot+0cee785b798102696a4b@syzkaller.appspotmail.com

No.  You are papering over some bugs you have not even bothered to describe -
"certain error conditions or race scenarios" is as useless as it gets.

Don't do that.  Fixing a bug found by syzbot is useful; papering over
it does no good whatsoever.

NAK.

Re: [PATCH] fs/namei: fix WARNING in do_mknodat due to invalid inode unlock

[Al Viro]

On Sun, Aug 24, 2025 at 08:07:14PM +0100, Al Viro wrote:
> On Mon, Aug 25, 2025 at 12:23:03AM +0530, ssranevjti@gmail.com wrote:
> > From: Shaurya Rane <ssrane_b23@ee.vjti.ac.in>
> > 
> > The done_path_create() function unconditionally calls inode_unlock() on
> > path->dentry->d_inode without verifying that the path and inode are valid.
> > Under certain error conditions or race scenarios, this can lead to attempting
> > to unlock an inode that was never locked or has been corrupted, resulting in
> > a WARNING from the rwsem debugging code.
> > 
> > Add defensive checks to ensure both path->dentry and path->dentry->d_inode
> > are valid before attempting to unlock. This prevents the rwsem warning while
> > maintaining existing behavior for normal cases.
> > 
> > Reported-by: syzbot+0cee785b798102696a4b@syzkaller.appspotmail.com
> 
> No.  You are papering over some bugs you have not even bothered to describe -
> "certain error conditions or race scenarios" is as useless as it gets.
> 
> Don't do that.  Fixing a bug found by syzbot is useful; papering over
> it does no good whatsoever.
> 
> NAK.

Incidentally, syzbot report in question seems to be the one at

https://lore.kernel.org/all/689edffb.050a0220.e29e5.000d.GAE@google.com/
"[syzbot] [gfs2?] WARNING in do_mknodat (3)"

I won't have time to look at it in details until tomorrow, though.

Again, the patch upthread is no-go.  Whatever is going on with that
reporducer, this is not a fix.