Commit d93ff5fa authored by Kent Overstreet's avatar Kent Overstreet

bcachefs: Fix race path in bch2_inode_insert()

__destroy_new_inode() is appropriate when we have _just_allocated the
inode, but not when it's been fully initialized and on i_sb_list.

Reported-by: syzbot+a0ddc9873c280a4cb18f@syzkaller.appspotmail.com
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent cd3b31f9
...@@ -188,8 +188,7 @@ static struct bch_inode_info *bch2_inode_insert(struct bch_fs *c, struct bch_ino ...@@ -188,8 +188,7 @@ static struct bch_inode_info *bch2_inode_insert(struct bch_fs *c, struct bch_ino
BUG_ON(!old); BUG_ON(!old);
if (unlikely(old != inode)) { if (unlikely(old != inode)) {
__destroy_inode(&inode->v); discard_new_inode(&inode->v);
kmem_cache_free(bch2_inode_cache, inode);
inode = old; inode = old;
} else { } else {
mutex_lock(&c->vfs_inodes_lock); mutex_lock(&c->vfs_inodes_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment