Applied, thanks!
Have you checked that other calls of diskfs_lookup don't have the same
issue?
Samuel
Milos Nikic, le mer. 11 févr. 2026 23:31:26 -0800, a ecrit:
> We don't cleanup properly fnp in case lookup fails.
> This causes goto out to try to unlock fnp which is not
> locked at all. Crash!
> Setting it to NULL fixes this.
> ---
> libdiskfs/dir-renamed.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libdiskfs/dir-renamed.c b/libdiskfs/dir-renamed.c
> index a0c4bc6f..df59f283 100644
> --- a/libdiskfs/dir-renamed.c
> +++ b/libdiskfs/dir-renamed.c
> @@ -128,7 +128,12 @@ diskfs_rename_dir (struct node *fdp, struct node *fnp,
> const char *fromname,
> diskfs_nrele (tmpnp);
> diskfs_drop_dirstat (fdp, tmpds);
> if (err)
> - goto out;
> + {
> + assert_backtrace (!tmpnp);
> + /* diskfs_lookup has not locked fnp then, do not unlock it. */
> + fnp = NULL;
> + goto out;
> + }
>
> if (tnp)
> {
> --
> 2.52.0
>
