On Thu, Nov 22, 2018 at 12:18 AM Myungho Jung <mhjungk@xxxxxxxxx> wrote: > > make_bad_inode() sets inode->i_mode to S_IFREG if I/O error is detected > in fuse_do_getattr()/fuse_do_setattr(). If the inode is not a regular > file, write_files and queued_writes in fuse_inode are not initialized > and have NULL or invalid pointers written by other members in a union. > So, list_empty() returns false in fuse_destroy_inode(). Add > is_bad_inode() to check if make_bad_inode() was called. > > Reported-by: syzbot+b9c89b84423073226299@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Myungho Jung <mhjungk@xxxxxxxxx> Thanks, applied. Miklos
