CVE-2025-71107
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Xfstests generic/335, generic/336 sometimes crash with the following message:
F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ————[ cut here ]———— kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_put_super+0x3b3/0x3c0 Call Trace: <TASK> generic_shutdown_super+0x7e/0x190 kill_block_super+0x1a/0x40 kill_f2fs_super+0x9d/0x190 deactivate_locked_super+0x30/0xb0 cleanup_mnt+0xba/0x150 task_work_run+0x5c/0xa0 exit_to_user_mode_loop+0xb7/0xc0 do_syscall_64+0x1ae/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> —[ end trace 0000000000000000 ]—
It appears that sometimes it is possible that f2fs_put_super() is called before all node page reads are completed. Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 20872584b8c0b006c007da9588a272c9e28d2e18 < c3031cf2b61f1508662fc95ef9ad505cb0882a5f | affected |
| Linux | Linux | 20872584b8c0b006c007da9588a272c9e28d2e18 < 3b15d5f12935e9e25f9a571e680716bc9ee61025 | affected |
| Linux | Linux | 20872584b8c0b006c007da9588a272c9e28d2e18 < 0b36fae23621a09e772c8adf918b9011158f8511 | affected |
| Linux | Linux | 20872584b8c0b006c007da9588a272c9e28d2e18 < 297baa4aa263ff8f5b3d246ee16a660d76aa82c4 | affected |
| Linux | Linux | 0e2577074b459bba7f4016f4d725ede37d48bb22 | affected |
| Linux | Linux | 6.4.16 < 6.5 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 6.6.120 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.64 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.3 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c3031cf2b61f1508662fc95ef9ad505cb0882a5f
- https://git.kernel.org/stable/c/3b15d5f12935e9e25f9a571e680716bc9ee61025
- https://git.kernel.org/stable/c/0b36fae23621a09e772c8adf918b9011158f8511
- https://git.kernel.org/stable/c/297baa4aa263ff8f5b3d246ee16a660d76aa82c4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.