xfs: drop the scrub file's iolock when transaction allocation fails

If the transaction allocation in the !orphanage_available case of
xrep_nlinks_repair_inode fails, we need to drop the IOLOCK of the file
being scrubbed before exiting.

Found by fuzzing u3.sfdir3.list[1].name = zeroes in xfs/1546.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>

diff --git a/fs/xfs/scrub/nlinks_repair.c b/fs/xfs/scrub/nlinks_repair.c
index 78d0f650fe897d2384460eff406b3858b53cbd83..b3e707f47b7b522393678e7ae596db97e4db31f8 100644 (file)
--- a/fs/xfs/scrub/nlinks_repair.c
+++ b/fs/xfs/scrub/nlinks_repair.c
@@ -138,8 +138,10 @@ xrep_nlinks_repair_inode(
 
                error = xfs_trans_alloc(mp, &M_RES(mp)->tr_link, 0, 0, 0,
                                &sc->tp);
-               if (error)
+               if (error) {
+                       xchk_iunlock(sc, XFS_IOLOCK_EXCL);
                        return error;
+               }
 
                xchk_ilock(sc, XFS_ILOCK_EXCL);
                xfs_trans_ijoin(sc->tp, ip, 0);