-
Myungho Jung authored
make_bad_inode() sets inode->i_mode to S_IFREG if I/O error is detected in fuse_do_getattr()/fuse_do_setattr(). If the inode is not a regular file, write_files and queued_writes in fuse_inode are not initialized and have NULL or invalid pointers written by other members in a union. So, list_empty() returns false in fuse_destroy_inode(). Add is_bad_inode() to check if make_bad_inode() was called. Reported-by: syzbot+b9c89b84423073226299@syzkaller.appspotmail.com Fixes: ab2257e9 ("fuse: reduce size of struct fuse_inode") Signed-off-by:
Myungho Jung <mhjungk@gmail.com> Signed-off-by:
Miklos Szeredi <mszeredi@redhat.com>
4fc4bb79
