Hi,

Ronnie, I think there are some memory issues (use-after-free) in the
smb2_ioctl_query_info() code path.

I have a fix to get rid of the KASAN splat. I've reordered the kfree()
calls but also replaced the SMB2_xxxx_free() to simply freeing the SMB
small buf.

It could be leaking the other rqst[i]->rq_iov[] though, I'm not sure if
there are extra stuff we need to free that is not in the vars buf. Can
you take a look?

See attached patch.