Description: use-after-free in smb2_is_status_io_timeout()
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2154178
 https://bugzilla.redhat.com/show_bug.cgi?id=2154178#c24
 https://lore.kernel.org/linux-cifs/ZZgFEX3QNWWj_VxA@eldamar.lan
 https://lore.kernel.org/linux-cifs/aca1c4e755e8c005b874c57a6210c4c6a34d2324.camel@debian.org/
Notes:
 bwh> Introduced in 5.10 by commit 8e670f77c4a5 "Handle STATUS_IO_TIMEOUT
 bwh> gracefully".  I posted my analysis and an untested patch on RHBZ.
 carnil> Paulo Alcantara replied that this issue is supposed to be fixed
 carnil> with d527f51331ca ("cifs: Fix UAF in
 carnil> cifs_demultiplex_thread()") and that wile the commit mentions
 carnil> an UAF in >is_network_name_deleted() it should work as well for
 carnil> the smb2_is_status_io_timeout() case.
 carnil> But according to Ben this is another issue.
Bugs:
upstream: released (6.6-rc3) [d527f51331cace562393a8038d870b3e9916686f]
6.7-upstream-stable: N/A "Fixed before branching point"
6.6-upstream-stable: N/A "Fixed before branching point"
6.1-upstream-stable: released (6.1.56) [908b3b5e97d25e879de3d1f172a255665491c2c3]
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.5.6-1)
6.1-bookworm-security: released (6.1.64-1)
5.10-bullseye-security: needed
4.19-buster-security: N/A "Vulnerable code not present"