CVE-2025-40196
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: quota: create dedicated workqueue for quota_release_work
There is a kernel panic due to WARN_ONCE when panic_on_warn is set.
This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors.
This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work.
————[ cut here ]———— WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set …
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bcacb52a985f1b6d280f698a470b873dfe52728a < f846eacde280ecc3daedfe001580e3033565179e | affected |
| Linux | Linux | 8ea87e34792258825d290f4dc5216276e91cb224 < f12039df1515d5daf7d92e586ece5cefeb39561b | affected |
| Linux | Linux | ac6f420291b3fee1113f21d612fa88b628afab5b < 8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0 | affected |
| Linux | Linux | ac6f420291b3fee1113f21d612fa88b628afab5b < 72b7ceca857f38a8ca7c5629feffc63769638974 | affected |
| Linux | Linux | a5abba5e0e586e258ded3e798fe5f69c66fec198 | affected |
| Linux | Linux | 6f3821acd7c3143145999248087de5fb4b48cf26 | affected |
| Linux | Linux | ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb | affected |
| Linux | Linux | 3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb | affected |
| Linux | Linux | 6.6.64 < 6.6.114 | affected |
| Linux | Linux | 6.12.4 < 6.12.54 | affected |
| Linux | Linux | 5.4.287 < 5.5 | affected |
| Linux | Linux | 5.10.231 < 5.11 | affected |
| Linux | Linux | 5.15.174 < 5.16 | affected |
| Linux | Linux | 6.1.120 < 6.2 | affected |
| Linux | Linux | 6.13 | affected |
| Linux | Linux | 0 < 6.13 | unaffected |
| Linux | Linux | 6.6.114 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.54 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.4 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/f846eacde280ecc3daedfe001580e3033565179e
- https://git.kernel.org/stable/c/f12039df1515d5daf7d92e586ece5cefeb39561b
- https://git.kernel.org/stable/c/8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0
- https://git.kernel.org/stable/c/72b7ceca857f38a8ca7c5629feffc63769638974
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.