CVE-2025-22115 (GCVE-0-2025-22115)

Vulnerability from cvelistv5 – Published: 2025-04-16 14:13 – Updated: 2026-05-23 15:57
VLAI
Title
btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after btrfs_make_block_group() adds it to the space_info with btrfs_add_bg_to_space_info(), but before creation is completely completed in btrfs_create_pending_block_groups(). As a result, it is possible for a block group to go unused and have 'btrfs_mark_bg_unused' called on it concurrently with 'btrfs_create_pending_block_groups'. This causes a number of issues, which were fixed with the block group flag 'BLOCK_GROUP_FLAG_NEW'. However, this fix is not quite complete. Since it does not use the unused_bg_lock, it is possible for the following race to occur: btrfs_create_pending_block_groups btrfs_mark_bg_unused if list_empty // false list_del_init clear_bit else if (test_bit) // true list_move_tail And we get into the exact same broken ref count and invalid new_bgs state for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to prevent. The broken refcount aspect will result in a warning like: [1272.943527] refcount_t: underflow; use-after-free. [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs] [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108 [1272.946368] Tainted: [W]=WARN [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs] [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110 [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282 [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000 [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268 [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0 [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0 [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000 [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0 [1272.954474] Call Trace: [1272.954655] <TASK> [1272.954812] ? refcount_warn_saturate+0xba/0x110 [1272.955173] ? __warn.cold+0x93/0xd7 [1272.955487] ? refcount_warn_saturate+0xba/0x110 [1272.955816] ? report_bug+0xe7/0x120 [1272.956103] ? handle_bug+0x53/0x90 [1272.956424] ? exc_invalid_op+0x13/0x60 [1272.956700] ? asm_exc_invalid_op+0x16/0x20 [1272.957011] ? refcount_warn_saturate+0xba/0x110 [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs] [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs] [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs] [1272.958729] process_one_work+0x130/0x290 [1272.959026] worker_thread+0x2ea/0x420 [1272.959335] ? __pfx_worker_thread+0x10/0x10 [1272.959644] kthread+0xd7/0x1c0 [1272.959872] ? __pfx_kthread+0x10/0x10 [1272.960172] ret_from_fork+0x30/0x50 [1272.960474] ? __pfx_kthread+0x10/0x10 [1272.960745] ret_from_fork_asm+0x1a/0x30 [1272.961035] </TASK> [1272.961238] ---[ end trace 0000000000000000 ]--- Though we have seen them in the async discard workfn as well. It is most likely to happen after a relocation finishes which cancels discard, tears down the block group, etc. Fix this fully by taking the lock arou ---truncated---
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 0657b20c5a76c938612f8409735a8830d257866e , < ee56da95f8962b86fec4ef93f866e64c8d025a58 (git)
Affected: 0657b20c5a76c938612f8409735a8830d257866e , < 9d383a6fc59271aaaf07a33b23b2eac5b9268b7a (git)
Affected: 0657b20c5a76c938612f8409735a8830d257866e , < 2d8e5168d48a91e7a802d3003e72afb4304bebfa (git)
Affected: 6297644db23f77c02ae7961cc542d162629ae2c4 (git)
Affected: 7569c4294ba6ff9f194635b14876198f8a687c4a (git)
Affected: 6.1.47 , < 6.2 (semver)
Affected: 6.4.12 , < 6.5 (semver)
Create a notification for this product.
Linux Linux Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 6.12.40 , ≤ 6.12.* (semver)
Unaffected: 6.14.2 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ee56da95f8962b86fec4ef93f866e64c8d025a58",
              "status": "affected",
              "version": "0657b20c5a76c938612f8409735a8830d257866e",
              "versionType": "git"
            },
            {
              "lessThan": "9d383a6fc59271aaaf07a33b23b2eac5b9268b7a",
              "status": "affected",
              "version": "0657b20c5a76c938612f8409735a8830d257866e",
              "versionType": "git"
            },
            {
              "lessThan": "2d8e5168d48a91e7a802d3003e72afb4304bebfa",
              "status": "affected",
              "version": "0657b20c5a76c938612f8409735a8830d257866e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6297644db23f77c02ae7961cc542d162629ae2c4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7569c4294ba6ff9f194635b14876198f8a687c4a",
              "versionType": "git"
            },
            {
              "lessThan": "6.2",
              "status": "affected",
              "version": "6.1.47",
              "versionType": "semver"
            },
            {
              "lessThan": "6.5",
              "status": "affected",
              "version": "6.4.12",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/block-group.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.40",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.2",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.1.47",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\n\nBlock group creation is done in two phases, which results in a slightly\nunintuitive property: a block group can be allocated/deallocated from\nafter btrfs_make_block_group() adds it to the space_info with\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\nblock group to go unused and have \u0027btrfs_mark_bg_unused\u0027 called on it\nconcurrently with \u0027btrfs_create_pending_block_groups\u0027. This causes a\nnumber of issues, which were fixed with the block group flag\n\u0027BLOCK_GROUP_FLAG_NEW\u0027.\n\nHowever, this fix is not quite complete. Since it does not use the\nunused_bg_lock, it is possible for the following race to occur:\n\nbtrfs_create_pending_block_groups            btrfs_mark_bg_unused\n                                           if list_empty // false\n        list_del_init\n        clear_bit\n                                           else if (test_bit) // true\n                                                list_move_tail\n\nAnd we get into the exact same broken ref count and invalid new_bgs\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\nprevent.\n\nThe broken refcount aspect will result in a warning like:\n\n  [1272.943527] refcount_t: underflow; use-after-free.\n  [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\n  [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\n  [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G        W          6.14.0-rc5+ #108\n  [1272.946368] Tainted: [W]=WARN\n  [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n  [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\n  [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\n  [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\n  [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\n  [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\n  [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\n  [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\n  [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\n  [1272.952850] FS:  0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\n  [1272.953458] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\n  [1272.954474] Call Trace:\n  [1272.954655]  \u003cTASK\u003e\n  [1272.954812]  ? refcount_warn_saturate+0xba/0x110\n  [1272.955173]  ? __warn.cold+0x93/0xd7\n  [1272.955487]  ? refcount_warn_saturate+0xba/0x110\n  [1272.955816]  ? report_bug+0xe7/0x120\n  [1272.956103]  ? handle_bug+0x53/0x90\n  [1272.956424]  ? exc_invalid_op+0x13/0x60\n  [1272.956700]  ? asm_exc_invalid_op+0x16/0x20\n  [1272.957011]  ? refcount_warn_saturate+0xba/0x110\n  [1272.957399]  btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\n  [1272.957853]  btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\n  [1272.958289]  btrfs_discard_workfn+0x194/0x380 [btrfs]\n  [1272.958729]  process_one_work+0x130/0x290\n  [1272.959026]  worker_thread+0x2ea/0x420\n  [1272.959335]  ? __pfx_worker_thread+0x10/0x10\n  [1272.959644]  kthread+0xd7/0x1c0\n  [1272.959872]  ? __pfx_kthread+0x10/0x10\n  [1272.960172]  ret_from_fork+0x30/0x50\n  [1272.960474]  ? __pfx_kthread+0x10/0x10\n  [1272.960745]  ret_from_fork_asm+0x1a/0x30\n  [1272.961035]  \u003c/TASK\u003e\n  [1272.961238] ---[ end trace 0000000000000000 ]---\n\nThough we have seen them in the async discard workfn as well. It is\nmost likely to happen after a relocation finishes which cancels discard,\ntears down the block group, etc.\n\nFix this fully by taking the lock arou\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:57:53.782Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ee56da95f8962b86fec4ef93f866e64c8d025a58"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d383a6fc59271aaaf07a33b23b2eac5b9268b7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d8e5168d48a91e7a802d3003e72afb4304bebfa"
        }
      ],
      "title": "btrfs: fix block group refcount race in btrfs_create_pending_block_groups()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22115",
    "datePublished": "2025-04-16T14:13:01.293Z",
    "dateReserved": "2024-12-29T08:45:45.823Z",
    "dateUpdated": "2026-05-23T15:57:53.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-22115",
      "date": "2026-05-26",
      "epss": "0.00019",
      "percentile": "0.0547"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22115\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-16T15:16:05.710\",\"lastModified\":\"2025-11-03T18:37:29.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix block group refcount race in btrfs_create_pending_block_groups()\\n\\nBlock group creation is done in two phases, which results in a slightly\\nunintuitive property: a block group can be allocated/deallocated from\\nafter btrfs_make_block_group() adds it to the space_info with\\nbtrfs_add_bg_to_space_info(), but before creation is completely completed\\nin btrfs_create_pending_block_groups(). As a result, it is possible for a\\nblock group to go unused and have \u0027btrfs_mark_bg_unused\u0027 called on it\\nconcurrently with \u0027btrfs_create_pending_block_groups\u0027. This causes a\\nnumber of issues, which were fixed with the block group flag\\n\u0027BLOCK_GROUP_FLAG_NEW\u0027.\\n\\nHowever, this fix is not quite complete. Since it does not use the\\nunused_bg_lock, it is possible for the following race to occur:\\n\\nbtrfs_create_pending_block_groups            btrfs_mark_bg_unused\\n                                           if list_empty // false\\n        list_del_init\\n        clear_bit\\n                                           else if (test_bit) // true\\n                                                list_move_tail\\n\\nAnd we get into the exact same broken ref count and invalid new_bgs\\nstate for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to\\nprevent.\\n\\nThe broken refcount aspect will result in a warning like:\\n\\n  [1272.943527] refcount_t: underflow; use-after-free.\\n  [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110\\n  [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs]\\n  [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G        W          6.14.0-rc5+ #108\\n  [1272.946368] Tainted: [W]=WARN\\n  [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\\n  [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs]\\n  [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110\\n  [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282\\n  [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000\\n  [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff\\n  [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268\\n  [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0\\n  [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0\\n  [1272.952850] FS:  0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000\\n  [1272.953458] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n  [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0\\n  [1272.954474] Call Trace:\\n  [1272.954655]  \u003cTASK\u003e\\n  [1272.954812]  ? refcount_warn_saturate+0xba/0x110\\n  [1272.955173]  ? __warn.cold+0x93/0xd7\\n  [1272.955487]  ? refcount_warn_saturate+0xba/0x110\\n  [1272.955816]  ? report_bug+0xe7/0x120\\n  [1272.956103]  ? handle_bug+0x53/0x90\\n  [1272.956424]  ? exc_invalid_op+0x13/0x60\\n  [1272.956700]  ? asm_exc_invalid_op+0x16/0x20\\n  [1272.957011]  ? refcount_warn_saturate+0xba/0x110\\n  [1272.957399]  btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs]\\n  [1272.957853]  btrfs_put_block_group.cold+0x5d/0x8e [btrfs]\\n  [1272.958289]  btrfs_discard_workfn+0x194/0x380 [btrfs]\\n  [1272.958729]  process_one_work+0x130/0x290\\n  [1272.959026]  worker_thread+0x2ea/0x420\\n  [1272.959335]  ? __pfx_worker_thread+0x10/0x10\\n  [1272.959644]  kthread+0xd7/0x1c0\\n  [1272.959872]  ? __pfx_kthread+0x10/0x10\\n  [1272.960172]  ret_from_fork+0x30/0x50\\n  [1272.960474]  ? __pfx_kthread+0x10/0x10\\n  [1272.960745]  ret_from_fork_asm+0x1a/0x30\\n  [1272.961035]  \u003c/TASK\u003e\\n  [1272.961238] ---[ end trace 0000000000000000 ]---\\n\\nThough we have seen them in the async discard workfn as well. It is\\nmost likely to happen after a relocation finishes which cancels discard,\\ntears down the block group, etc.\\n\\nFix this fully by taking the lock arou\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: correcci\u00f3n de la ejecuci\u00f3n de recuento de referencias de grupos de bloques en btrfs_create_pending_block_groups(). La creaci\u00f3n de grupos de bloques se realiza en dos fases, lo que resulta en una propiedad poco intuitiva: un grupo de bloques se puede asignar/desasignar despu\u00e9s de que btrfs_make_block_group() lo a\u00f1ada a space_info con btrfs_add_bg_to_space_info(), pero antes de que la creaci\u00f3n se complete por completo en btrfs_create_pending_block_groups(). Como resultado, es posible que un grupo de bloques quede sin usar y que se invoque \u0027btrfs_mark_bg_unused\u0027 simult\u00e1neamente con \u0027btrfs_create_pending_block_groups\u0027. Esto causa varios problemas, que se solucionaron con la bandera de grupo de bloques \u0027BLOCK_GROUP_FLAG_NEW\u0027. Sin embargo, esta correcci\u00f3n no est\u00e1 del todo completa. Dado que no utiliza el bloqueo de bloques no utilizados (unused_bg_lock), es posible que se produzca la siguiente ejecuci\u00f3n: btrfs_create_pending_block_groups btrfs_mark_bg_unused if list_empty // false list_del_init clear_bit else if (test_bit) // true list_move_tail. Y llegamos al mismo estado de recuento de referencias err\u00f3neo y new_bgs no v\u00e1lido para la limpieza de transacciones, que BLOCK_GROUP_FLAG_NEW pretend\u00eda evitar. El aspecto de recuento de referencias err\u00f3neo generar\u00e1 una advertencia como: [1272.943527] refcount_t: underflow; use-after-free. [1272.943967] ADVERTENCIA: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs] [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108 [1272.946368] Tainted: [W]=WARN [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs] [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110 [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282 [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000 [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268 [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0 [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0 [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000 [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0 [1272.954474] Call Trace: [1272.954655]  [1272.954812] ? refcount_warn_saturate+0xba/0x110 [1272.955173] ? __warn.cold+0x93/0xd7 [1272.955487] ? refcount_warn_saturate+0xba/0x110 [1272.955816] ? report_bug+0xe7/0x120 [1272.956103] ? handle_bug+0x53/0x90 [1272.956424] ? exc_invalid_op+0x13/0x60 [1272.956700] ? asm_exc_invalid_op+0x16/0x20 [1272.957011] ? refcount_warn_saturate+0xba/0x110 [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs] [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs] [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs] [1272.958729] process_one_work+0x130/0x290 [1272.959026] worker_thread+0x2ea/0x420 [1272.959335] ? __pfx_worker_thread+0x10/0x10 [1272.959644] kthread+0xd7/0x1c0 [1272.959872] ? __pfx_kthread+0x10/0x10 [1272.960172] ret_from_fork+0x30/0x50 [1272.960474] ? __pfx_kthread+0x10/0x10 [1272.960745] ret_from_fork_asm+0x1a/0x30 [1272.961035]  [1272.961238] ---[ end trace 0000000000000000 ]--- Aunque tambi\u00e9n los hemos visto en la funci\u00f3n de trabajo de descarte as\u00edncrono. Es m\u00e1s probable que ocurra despu\u00e9s de finalizar una reubicaci\u00f3n que cancela el descarte, desmantela el grupo de bloques, etc. Solucione esto completamente desmantelando el bloqueo de ---truncated---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.47\",\"versionEndExcluding\":\"6.2\",\"matchCriteriaId\":\"D1F612F9-77E3-497B-A0D3-1DB468280B2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.12\",\"versionEndExcluding\":\"6.5\",\"matchCriteriaId\":\"97D4ABA8-7E8D-4975-800D-9D82A24DB7DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5.1\",\"versionEndExcluding\":\"6.12.40\",\"matchCriteriaId\":\"510AE6D6-CC44-4BD3-AA6A-698FAEA94528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.14.2\",\"matchCriteriaId\":\"633A38C1-75C8-452D-8F1C-DA0269FD2687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D9420A-9BF4-4C16-B6DA-8A1D279F7384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5608371-157A-4318-8A2E-4104C3467EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2226A776-DF8C-49E0-A030-0A7853BB018A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F15C659-DF06-455A-9765-0E6DE920F29A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1C14ED-ABC4-41D3-8D9C-D38C6A65B4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.5:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F187F8CD-249A-4AF1-877B-08E8C24A1A10\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d8e5168d48a91e7a802d3003e72afb4304bebfa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9d383a6fc59271aaaf07a33b23b2eac5b9268b7a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ee56da95f8962b86fec4ef93f866e64c8d025a58\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.