Okay so a summary from my understanding, correct me if I'm wrong:
03f7767c9f612 introduced the issue in both 6.1 and 6.6.
On mainline, this is resolved by e5f1a5146ec3. This commit is painful to apply to 6.1 but does apply to 6.6 along with the rest of the patchset it was a part of (which is the set you just sent out for 6.6).
With the stable branches we try to balance the risk of introducing new bugs via huge fixes with the benefit of the fix itself. Especially if the patches don't apply cleanly, it might not be worth the risk and effort to do the porting. Hmm, since it seems like we might not even end up taking 03f7767c9f6120 to stable, I'd propose we just drop 03f7767c9f6120 for now. If the rest of the subsequent patches in the original set apply cleanly, I don't think we need to drop them all. We can then try to fix the UAF with a more targeted approach in a later patch instead of via direct cherry-picks.
What do you think?
- leah
Also, the backport set you mentioned was based on a set from 6.6.y. I don't see the suggested fix (e5f1a5146ec3) there either. If it's not too much hassle, could you see if we have the same problem for 6.6.y as well?
Yes, the crash occurs there, too. And for 6.6 case it actually is for a released kernel (since v6.6.24).
The remaining four patches of the original upstream series [1] - one of which is e5f1a5146ec3 - can be applied there without many problems, fortunately.
I'll send them to you in a separate thread.