On Wed, May 9, 2018 at 1:01 PM, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > From 606d54cd24b5b00e7a7e3597aabbe89719defc56 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Date: Tue, 1 May 2018 13:12:14 +0900 > Subject: [PATCH] fuse: don't keep dead fuse_conn at fuse_fill_super(). > > syzbot is reporting use-after-free at fuse_kill_sb_blk() [1]. > Since sb->s_fs_info field is not cleared after fc was released by > fuse_conn_put() when initialization failed, fuse_kill_sb_blk() finds > already released fc and tries to hold the lock. Fix this by clearing > sb->s_fs_info field after calling fuse_conn_put(). Thanks, applied. Miklos
