RHEL 7/8 - panic and/or list_del corruption in cifs_reconnect while iterating retry_list due to use-after-free of a struct mid_q_entry
Issue
- System panics while using
cifs
list_del
corruption encountered while usingcifs
:
list_del corruption. next->prev should be ffff88082bfb2000, but was ffff88082bfb2e00
Environment
- Red Hat Enterprise Linux 8 (cifs client)
- believed to affect all RHEL8 kernels until at least 4.18.0-147.el7
- seen on kernel-4.18.0-147.el7 and 4.18.0-64.el8
- Red Hat Enterprise Linux 7 (cifs client)
- seen on 3.10.0-957.el7 and above
- cifs
- some network or SMB server event that causes cifs client to reconnect
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.