Hi,
We notice that _cifsFileInfo_put() is called twice for cfile follow branch at #line 4874. Follow _cifsFileInfo_put->_cifsFileInfo_put->cifsFileInfo_put_final, cfile will be freed finally, so it calling this function on the same variable at twice looks like a double free issue. Would you like to have a look at it? We would like to provide a patch after confirmation.
https://github.com/torvalds/linux/blob/master/fs/cifs/file.c#L4874
Best regards,
Chengfeng