RHEL 7/8 - panic and/or list_del corruption in cifs_reconnect while iterating retry_list due to use-after-free of a struct mid_q_entry

Solution Verified - Updated -

Issue

  • System panics while using cifs
  • list_del corruption encountered while using cifs:
list_del corruption. next->prev should be ffff88082bfb2000, but was ffff88082bfb2e00

Environment

  • Red Hat Enterprise Linux 8 (cifs client)
    • believed to affect all RHEL8 kernels until at least 4.18.0-147.el7
    • seen on kernel-4.18.0-147.el7 and 4.18.0-64.el8
  • Red Hat Enterprise Linux 7 (cifs client)
    • seen on 3.10.0-957.el7 and above
  • cifs
  • some network or SMB server event that causes cifs client to reconnect

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content