diff -ur sshfs-2.8.old/ChangeLog sshfs-2.8/ChangeLog
--- sshfs-2.8.old/ChangeLog	2016-06-22 19:38:01.000000000 +0100
+++ sshfs-2.8/ChangeLog	2021-09-07 08:17:35.352080786 +0100
@@ -1,3 +1,9 @@
+ Unreleased Changes
+ ------------------
+
++* Fixed a crash due to a race condition when listing
++  directory contents.
+
 Release 2.7 (2016-06-22)
 ------------------------
 
diff -ur sshfs-2.8.old/sshfs.c sshfs-2.8/sshfs.c
--- sshfs-2.8.old/sshfs.c	2016-06-08 16:42:12.000000000 +0100
+++ sshfs-2.8/sshfs.c	2021-09-07 08:17:06.339682726 +0100
@@ -2173,11 +2173,16 @@
 			outstanding--;
 
 			if (done) {
+				/* We need to cache want_reply, since processing
+				   thread may free req right after unlock() if
+				   want_reply == 0 */
+				int want_reply;
 				pthread_mutex_lock(&sshfs.lock);
 				if (sshfs_req_pending(req))
 					req->want_reply = 0;
+				want_reply = req->want_reply;
 				pthread_mutex_unlock(&sshfs.lock);
-				if (!req->want_reply)
+				if (!want_reply)
 					continue;
 			}