ghsa-p2j7-x9rq-7fhv
Vulnerability from github
Published
2025-09-23 06:30
Modified
2025-09-23 06:30
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix runtime warning on truncate_folio_batch_exceptionals()

Commit 0e2f80afcfa6("fs/dax: ensure all pages are idle prior to filesystem unmount") introduced the WARN_ON_ONCE to capture whether the filesystem has removed all DAX entries or not and applied the fix to xfs and ext4.

Apply the missed fix on erofs to fix the runtime warning:

[ 5.266254] ------------[ cut here ]------------ [ 5.266274] WARNING: CPU: 6 PID: 3109 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xff/0x260 [ 5.266294] Modules linked in: [ 5.266999] CPU: 6 UID: 0 PID: 3109 Comm: umount Tainted: G S 6.16.0+ #6 PREEMPT(voluntary) [ 5.267012] Tainted: [S]=CPU_OUT_OF_SPEC [ 5.267017] Hardware name: Dell Inc. OptiPlex 5000/05WXFV, BIOS 1.5.1 08/24/2022 [ 5.267024] RIP: 0010:truncate_folio_batch_exceptionals+0xff/0x260 [ 5.267076] Code: 00 00 41 39 df 7f 11 eb 78 83 c3 01 49 83 c4 08 41 39 df 74 6c 48 63 f3 48 83 fe 1f 0f 83 3c 01 00 00 43 f6 44 26 08 01 74 df <0f> 0b 4a 8b 34 22 4c 89 ef 48 89 55 90 e8 ff 54 1f 00 48 8b 55 90 [ 5.267083] RSP: 0018:ffffc900013f36c8 EFLAGS: 00010202 [ 5.267095] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 5.267101] RDX: ffffc900013f3790 RSI: 0000000000000000 RDI: ffff8882a1407898 [ 5.267108] RBP: ffffc900013f3740 R08: 0000000000000000 R09: 0000000000000000 [ 5.267113] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 5.267119] R13: ffff8882a1407ab8 R14: ffffc900013f3888 R15: 0000000000000001 [ 5.267125] FS: 00007aaa8b437800(0000) GS:ffff88850025b000(0000) knlGS:0000000000000000 [ 5.267132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5.267138] CR2: 00007aaa8b3aac10 CR3: 000000024f764000 CR4: 0000000000f52ef0 [ 5.267144] PKRU: 55555554 [ 5.267150] Call Trace: [ 5.267154] [ 5.267181] truncate_inode_pages_range+0x118/0x5e0 [ 5.267193] ? save_trace+0x54/0x390 [ 5.267296] truncate_inode_pages_final+0x43/0x60 [ 5.267309] evict+0x2a4/0x2c0 [ 5.267339] dispose_list+0x39/0x80 [ 5.267352] evict_inodes+0x150/0x1b0 [ 5.267376] generic_shutdown_super+0x41/0x180 [ 5.267390] kill_block_super+0x1b/0x50 [ 5.267402] erofs_kill_sb+0x81/0x90 [erofs] [ 5.267436] deactivate_locked_super+0x32/0xb0 [ 5.267450] deactivate_super+0x46/0x60 [ 5.267460] cleanup_mnt+0xc3/0x170 [ 5.267475] __cleanup_mnt+0x12/0x20 [ 5.267485] task_work_run+0x5d/0xb0 [ 5.267499] exit_to_user_mode_loop+0x144/0x170 [ 5.267512] do_syscall_64+0x2b9/0x7c0 [ 5.267523] ? __lock_acquire+0x665/0x2ce0 [ 5.267535] ? __lock_acquire+0x665/0x2ce0 [ 5.267560] ? lock_acquire+0xcd/0x300 [ 5.267573] ? find_held_lock+0x31/0x90 [ 5.267582] ? mntput_no_expire+0x97/0x4e0 [ 5.267606] ? mntput_no_expire+0xa1/0x4e0 [ 5.267625] ? mntput+0x24/0x50 [ 5.267634] ? path_put+0x1e/0x30 [ 5.267647] ? do_faccessat+0x120/0x2f0 [ 5.267677] ? do_syscall_64+0x1a2/0x7c0 [ 5.267686] ? from_kgid_munged+0x17/0x30 [ 5.267703] ? from_kuid_munged+0x13/0x30 [ 5.267711] ? __do_sys_getuid+0x3d/0x50 [ 5.267724] ? do_syscall_64+0x1a2/0x7c0 [ 5.267732] ? irqentry_exit+0x77/0xb0 [ 5.267743] ? clear_bhb_loop+0x30/0x80 [ 5.267752] ? clear_bhb_loop+0x30/0x80 [ 5.267765] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 5.267772] RIP: 0033:0x7aaa8b32a9fb [ 5.267781] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 e9 83 0d 00 f7 d8 [ 5.267787] RSP: 002b:00007ffd7c4c9468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 5.267796] RAX: 0000000000000000 RBX: 00005a61592a8b00 RCX: 00007aaa8b32a9fb [ 5.267802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005a61592b2080 [ 5.267806] RBP: 00007ffd7c4c9540 R08: 00007aaa8b403b20 R09: 0000000000000020 [ 5.267812] R10: 0000000000000001 R11: 0000000000000246 R12: 00005a61592a8c00 [ 5.267817] R13: 00000000 ---truncated---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39868"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-23T06:15:45Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix runtime warning on truncate_folio_batch_exceptionals()\n\nCommit 0e2f80afcfa6(\"fs/dax: ensure all pages are idle prior to\nfilesystem unmount\") introduced the WARN_ON_ONCE to capture whether\nthe filesystem has removed all DAX entries or not and applied the\nfix to xfs and ext4.\n\nApply the missed fix on erofs to fix the runtime warning:\n\n[  5.266254] ------------[ cut here ]------------\n[  5.266274] WARNING: CPU: 6 PID: 3109 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xff/0x260\n[  5.266294] Modules linked in:\n[  5.266999] CPU: 6 UID: 0 PID: 3109 Comm: umount Tainted: G S                  6.16.0+ #6 PREEMPT(voluntary)\n[  5.267012] Tainted: [S]=CPU_OUT_OF_SPEC\n[  5.267017] Hardware name: Dell Inc. OptiPlex 5000/05WXFV, BIOS 1.5.1 08/24/2022\n[  5.267024] RIP: 0010:truncate_folio_batch_exceptionals+0xff/0x260\n[  5.267076] Code: 00 00 41 39 df 7f 11 eb 78 83 c3 01 49 83 c4 08 41 39 df 74 6c 48 63 f3 48 83 fe 1f 0f 83 3c 01 00 00 43 f6 44 26 08 01 74 df \u003c0f\u003e 0b 4a 8b 34 22 4c 89 ef 48 89 55 90 e8 ff 54 1f 00 48 8b 55 90\n[  5.267083] RSP: 0018:ffffc900013f36c8 EFLAGS: 00010202\n[  5.267095] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[  5.267101] RDX: ffffc900013f3790 RSI: 0000000000000000 RDI: ffff8882a1407898\n[  5.267108] RBP: ffffc900013f3740 R08: 0000000000000000 R09: 0000000000000000\n[  5.267113] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n[  5.267119] R13: ffff8882a1407ab8 R14: ffffc900013f3888 R15: 0000000000000001\n[  5.267125] FS:  00007aaa8b437800(0000) GS:ffff88850025b000(0000) knlGS:0000000000000000\n[  5.267132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  5.267138] CR2: 00007aaa8b3aac10 CR3: 000000024f764000 CR4: 0000000000f52ef0\n[  5.267144] PKRU: 55555554\n[  5.267150] Call Trace:\n[  5.267154]  \u003cTASK\u003e\n[  5.267181]  truncate_inode_pages_range+0x118/0x5e0\n[  5.267193]  ? save_trace+0x54/0x390\n[  5.267296]  truncate_inode_pages_final+0x43/0x60\n[  5.267309]  evict+0x2a4/0x2c0\n[  5.267339]  dispose_list+0x39/0x80\n[  5.267352]  evict_inodes+0x150/0x1b0\n[  5.267376]  generic_shutdown_super+0x41/0x180\n[  5.267390]  kill_block_super+0x1b/0x50\n[  5.267402]  erofs_kill_sb+0x81/0x90 [erofs]\n[  5.267436]  deactivate_locked_super+0x32/0xb0\n[  5.267450]  deactivate_super+0x46/0x60\n[  5.267460]  cleanup_mnt+0xc3/0x170\n[  5.267475]  __cleanup_mnt+0x12/0x20\n[  5.267485]  task_work_run+0x5d/0xb0\n[  5.267499]  exit_to_user_mode_loop+0x144/0x170\n[  5.267512]  do_syscall_64+0x2b9/0x7c0\n[  5.267523]  ? __lock_acquire+0x665/0x2ce0\n[  5.267535]  ? __lock_acquire+0x665/0x2ce0\n[  5.267560]  ? lock_acquire+0xcd/0x300\n[  5.267573]  ? find_held_lock+0x31/0x90\n[  5.267582]  ? mntput_no_expire+0x97/0x4e0\n[  5.267606]  ? mntput_no_expire+0xa1/0x4e0\n[  5.267625]  ? mntput+0x24/0x50\n[  5.267634]  ? path_put+0x1e/0x30\n[  5.267647]  ? do_faccessat+0x120/0x2f0\n[  5.267677]  ? do_syscall_64+0x1a2/0x7c0\n[  5.267686]  ? from_kgid_munged+0x17/0x30\n[  5.267703]  ? from_kuid_munged+0x13/0x30\n[  5.267711]  ? __do_sys_getuid+0x3d/0x50\n[  5.267724]  ? do_syscall_64+0x1a2/0x7c0\n[  5.267732]  ? irqentry_exit+0x77/0xb0\n[  5.267743]  ? clear_bhb_loop+0x30/0x80\n[  5.267752]  ? clear_bhb_loop+0x30/0x80\n[  5.267765]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  5.267772] RIP: 0033:0x7aaa8b32a9fb\n[  5.267781] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 e9 83 0d 00 f7 d8\n[  5.267787] RSP: 002b:00007ffd7c4c9468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\n[  5.267796] RAX: 0000000000000000 RBX: 00005a61592a8b00 RCX: 00007aaa8b32a9fb\n[  5.267802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005a61592b2080\n[  5.267806] RBP: 00007ffd7c4c9540 R08: 00007aaa8b403b20 R09: 0000000000000020\n[  5.267812] R10: 0000000000000001 R11: 0000000000000246 R12: 00005a61592a8c00\n[  5.267817] R13: 00000000\n---truncated---",
  "id": "GHSA-p2j7-x9rq-7fhv",
  "modified": "2025-09-23T06:30:27Z",
  "published": "2025-09-23T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39868"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/181993bb0d626cf88cc803f4356ce5c5abe86278"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91c34cd6ca1bc67ccf2d104834956af56b5893de"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.