On Fri, Jul 06, 2018 at 05:35:48PM +0200, Miklos Szeredi wrote:
> iput() ends up calling ->evict() on new inode, which is not yet initialized
> by owning fs. So use destroy_inode() instead.
>
> Add to sb->s_inodes list only after the inode has been inserted into the
> hash. The exact point at which the inode is added onto the sb list
> shouldn't matter as long as it is done while the inode is in the I_NEW
> state.
>
> Reported-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
> Fixes: 80ea09a002bf ("vfs: factor out inode_insert5()")
Check 22dc9a168272 (new primitive: discard_new_inode()) in vfs.git; IMO yours
should go on top of that and I would seriously consider going for just
alloc_inode() - to hell with new_inode_pseudo(). I_CREATING gives an easy
way for insert_inode5() to decide whether we need to move into ->i_sb_list...
