tmpfile_create() assigns the parentpath->mnt to the new file's path without mntget() it, so we'll get unbalanced reference count when the tmpfile is closed. Add the missing mntget().
Signed-off-by: Sascha Hauer <[email protected]> --- fs/fs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/fs.c b/fs/fs.c index 75fd3a3ef9..43840c3a7a 100644 --- a/fs/fs.c +++ b/fs/fs.c @@ -2675,6 +2675,7 @@ static struct file *tmpfile_create(const struct path *parentpath, if (!f) return ERR_PTR(-EMFILE); + mntget(parentpath->mnt); f->f_path.mnt = parentpath->mnt; f->f_path.dentry = d_alloc_anon(&fsdev->sb); f->f_flags = flags; -- 2.47.3
