CVE-2026-45924

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call ksmbd vfs kern path end removing() on some error paths

There are two places where ksmbd vfs kern path end removing() needs to be called in order to balance what the corresponding successful call to ksmbd vfs kern path start removing() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like:

BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handle ksmbd work 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sb writers#3){.+.+}-{0:0}, at: ksmbd vfs kern path locked+0x142/0x660 #1: ffff888130e966c0 (&type->i mutex dir key#3/1){+.+.}-{4:4}, at: ksmbd vfs kern path locked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handle ksmbd work Call Trace: dump stack lvl+0x44/0x5b process one work.cold+0x57/0x5c worker thread+0x82/0x600 kthread+0x153/0x190 ret from fork+0x22/0x30

Found by Linux Verification Center (linuxtesting.org).