On Tue, Apr 16, 2024 at 09:14:52PM +0300, Amir Goldstein wrote: > Protect against use after free when filesystem calls fsnotify_sb_error() > during fs shutdown. > > Move freeing of sb->s_fsnotify_info to destroy_super_work(), because it > may be accessed from fs shutdown context. > > Reported-by: syzbot+5e3f9b2a67b45f16d4e6@xxxxxxxxxxxxxxxxxxxxxxxxx > Suggested-by: Jan Kara <jack@xxxxxxx> > Link: https://lore.kernel.org/linux-fsdevel/20240416173211.4lnmgctyo4jn5fha@quack3/ > Fixes: 07a3b8d0bf72 ("fsnotify: lazy attach fsnotify_sb_info state to sb") > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> > --- Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
