I don't seem to be able to reproduce. I did try making a patch though that you can try that adds a separate reference count to fuse_io_priv separate from the request count. I don't know if it fixes anything that moving spin_unlock() doesn't, but to me this seems more straightforward and less error prone than having the request count serve kind of as a reference count but not really.
A build with my patch and the iocb use-after-free fix are at http://people.canonical.com/~sforshee/lp1505948/. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
