Description
While accessing SMB shares with Linux SMB kernel client, If the number of SMB responses from server with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect the connection. But we do not return the mid, or the credits returned for the mid, or reduce the number of in-flight requests. This bug could result in the server->in_flight count to go bad, and also cause a leak in the mids. Which results in undesired behavior by SMB client as flow control of SMB client depends on credits.
Bug has been fixed in mainline kernel, marked for stable kernels and also has been backported to all major distros.
Link to mainline commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69cba9d3c1284e0838ae408830a02c4a063104bc