On Tue, Sep 25, 2018 at 11:28 AM, Kirill Tkhai <[email protected]> wrote: > We may pick freed req in this way: > > [cpu0] [cpu1] > fuse_dev_do_read() fuse_dev_do_write() > list_move_tail(&req->list, &fpq->processing); ... > spin_unlock(&fpq->lock); ... > ... request_end(fc, req); > ... fuse_put_request(fc, > req); > if (test_bit(FR_INTERRUPTED, &req->flags)) > queue_interrupt(fiq, req); > > Fix that by keeping req alive till we finish all manipulations. > > Reported-by: [email protected] > Signed-off-by: Kirill Tkhai <[email protected]>
Applied. Thanks, Miklos
