CVE-2024-58089 (GCVE-0-2024-58089)
Vulnerability from cvelistv5
Published
2025-03-12 09:41
Modified
2025-05-04 13:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locke ---truncated---
References
Impacted products
Vendor Product Version
Linux Linux Version: d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2
Version: d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2
Version: d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2
Version: eb124aaa2e85e9dceac37be5b7166a04b9b26735
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c",
            "fs/btrfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21333148b5c9e52f41fafcedec3810b56a5e0e40",
              "status": "affected",
              "version": "d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2",
              "versionType": "git"
            },
            {
              "lessThan": "0283ee1912c8e243c931f4ee5b3672e954fe0384",
              "status": "affected",
              "version": "d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2",
              "versionType": "git"
            },
            {
              "lessThan": "72dad8e377afa50435940adfb697e070d3556670",
              "status": "affected",
              "version": "d1051d6ebf8ef3517a5a3cf82bba8436d190f1c2",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "eb124aaa2e85e9dceac37be5b7166a04b9b26735",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c",
            "fs/btrfs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.17",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.5",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.73",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double accounting race when btrfs_run_delalloc_range() failed\n\n[BUG]\nWhen running btrfs with block size (4K) smaller than page size (64K,\naarch64), there is a very high chance to crash the kernel at\ngeneric/750, with the following messages:\n(before the call traces, there are 3 extra debug messages added)\n\n  BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental\n  BTRFS info (device dm-3): checking UUID tree\n  hrtimer: interrupt took 5451385 ns\n  BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28\n  BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28\n  BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]\n  CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G           OE      6.13.0-rc1-custom+ #89\n  Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n  Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\n  pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]\n  lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]\n  Call trace:\n   can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)\n   can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)\n   btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]\n   extent_writepage+0x10c/0x3b8 [btrfs]\n   extent_write_cache_pages+0x21c/0x4e8 [btrfs]\n   btrfs_writepages+0x94/0x160 [btrfs]\n   do_writepages+0x74/0x190\n   filemap_fdatawrite_wbc+0x74/0xa0\n   start_delalloc_inodes+0x17c/0x3b0 [btrfs]\n   btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]\n   shrink_delalloc+0x11c/0x280 [btrfs]\n   flush_space+0x288/0x328 [btrfs]\n   btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]\n   process_one_work+0x228/0x680\n   worker_thread+0x1bc/0x360\n   kthread+0x100/0x118\n   ret_from_fork+0x10/0x20\n  ---[ end trace 0000000000000000 ]---\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0\n  CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G        W  OE      6.13.0-rc1-custom+ #89\n  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n  Workqueue:  btrfs_work_helper [btrfs] (btrfs-endio-write)\n  pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : process_one_work+0x110/0x680\n  lr : worker_thread+0x1bc/0x360\n  Call trace:\n   process_one_work+0x110/0x680 (P)\n   worker_thread+0x1bc/0x360 (L)\n   worker_thread+0x1bc/0x360\n   kthread+0x100/0x118\n   ret_from_fork+0x10/0x20\n  Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception\n  SMP: stopping secondary CPUs\n  SMP: failed to stop secondary CPUs 2-3\n  Dumping ftrace buffer:\n     (ftrace buffer empty)\n  Kernel Offset: 0x275bb9540000 from 0xffff800080000000\n  PHYS_OFFSET: 0xffff8fbba0000000\n  CPU features: 0x100,00000070,00801250,8201720b\n\n[CAUSE]\nThe above warning is triggered immediately after the delalloc range\nfailure, this happens in the following sequence:\n\n- Range [1568K, 1636K) is dirty\n\n   1536K  1568K     1600K    1636K  1664K\n   |      |/////////|////////|      |\n\n  Where 1536K, 1600K and 1664K are page boundaries (64K page size)\n\n- Enter extent_writepage() for page 1536K\n\n- Enter run_delalloc_nocow() with locke\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:01:54.246Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21333148b5c9e52f41fafcedec3810b56a5e0e40"
        },
        {
          "url": "https://git.kernel.org/stable/c/0283ee1912c8e243c931f4ee5b3672e954fe0384"
        },
        {
          "url": "https://git.kernel.org/stable/c/72dad8e377afa50435940adfb697e070d3556670"
        }
      ],
      "title": "btrfs: fix double accounting race when btrfs_run_delalloc_range() failed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-58089",
    "datePublished": "2025-03-12T09:41:59.709Z",
    "dateReserved": "2025-03-06T15:52:09.187Z",
    "dateUpdated": "2025-05-04T13:01:54.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-58089\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-12T10:15:16.440\",\"lastModified\":\"2025-03-13T16:21:17.030\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix double accounting race when btrfs_run_delalloc_range() failed\\n\\n[BUG]\\nWhen running btrfs with block size (4K) smaller than page size (64K,\\naarch64), there is a very high chance to crash the kernel at\\ngeneric/750, with the following messages:\\n(before the call traces, there are 3 extra debug messages added)\\n\\n  BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental\\n  BTRFS info (device dm-3): checking UUID tree\\n  hrtimer: interrupt took 5451385 ns\\n  BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28\\n  BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28\\n  BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28\\n  ------------[ cut here ]------------\\n  WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]\\n  CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G           OE      6.13.0-rc1-custom+ #89\\n  Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\\n  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\\n  Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\\n  pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]\\n  lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]\\n  Call trace:\\n   can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)\\n   can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)\\n   btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]\\n   extent_writepage+0x10c/0x3b8 [btrfs]\\n   extent_write_cache_pages+0x21c/0x4e8 [btrfs]\\n   btrfs_writepages+0x94/0x160 [btrfs]\\n   do_writepages+0x74/0x190\\n   filemap_fdatawrite_wbc+0x74/0xa0\\n   start_delalloc_inodes+0x17c/0x3b0 [btrfs]\\n   btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]\\n   shrink_delalloc+0x11c/0x280 [btrfs]\\n   flush_space+0x288/0x328 [btrfs]\\n   btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]\\n   process_one_work+0x228/0x680\\n   worker_thread+0x1bc/0x360\\n   kthread+0x100/0x118\\n   ret_from_fork+0x10/0x20\\n  ---[ end trace 0000000000000000 ]---\\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0\\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0\\n  Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\\n  BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0\\n  CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G        W  OE      6.13.0-rc1-custom+ #89\\n  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\\n  Workqueue:  btrfs_work_helper [btrfs] (btrfs-endio-write)\\n  pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n  pc : process_one_work+0x110/0x680\\n  lr : worker_thread+0x1bc/0x360\\n  Call trace:\\n   process_one_work+0x110/0x680 (P)\\n   worker_thread+0x1bc/0x360 (L)\\n   worker_thread+0x1bc/0x360\\n   kthread+0x100/0x118\\n   ret_from_fork+0x10/0x20\\n  Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)\\n  ---[ end trace 0000000000000000 ]---\\n  Kernel panic - not syncing: Oops: Fatal exception\\n  SMP: stopping secondary CPUs\\n  SMP: failed to stop secondary CPUs 2-3\\n  Dumping ftrace buffer:\\n     (ftrace buffer empty)\\n  Kernel Offset: 0x275bb9540000 from 0xffff800080000000\\n  PHYS_OFFSET: 0xffff8fbba0000000\\n  CPU features: 0x100,00000070,00801250,8201720b\\n\\n[CAUSE]\\nThe above warning is triggered immediately after the delalloc range\\nfailure, this happens in the following sequence:\\n\\n- Range [1568K, 1636K) is dirty\\n\\n   1536K  1568K     1600K    1636K  1664K\\n   |      |/////////|////////|      |\\n\\n  Where 1536K, 1600K and 1664K are page boundaries (64K page size)\\n\\n- Enter extent_writepage() for page 1536K\\n\\n- Enter run_delalloc_nocow() with locke\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige la doble ejecuci\u00f3n de contabilidad cuando btrfs_run_delalloc_range() falla [ERROR] Al ejecutar btrfs con un tama\u00f1o de bloque (4K) menor que el tama\u00f1o de p\u00e1gina (64K, aarch64), hay una gran posibilidad de que se bloquee el kernel en generic/750, con los siguientes mensajes: (antes de los seguimientos de llamadas, se agregan 3 mensajes de depuraci\u00f3n adicionales) Advertencia de BTRFS (dispositivo dm-3): lectura y escritura para tama\u00f1o de sector 4096 con tama\u00f1o de p\u00e1gina 65536 es experimental Informaci\u00f3n de BTRFS (dispositivo dm-3): comprobando \u00e1rbol UUID hrtimer: la interrupci\u00f3n tom\u00f3 5451385 ns Error de BTRFS (dispositivo dm-3): cow_file_range fall\u00f3, root=4957 inode=257 start=1605632 len=69632: -28 Error de BTRFS (dispositivo dm-3): run_delalloc_nocow fall\u00f3, ra\u00edz=4957 inodo=257 inicio=1605632 len=69632: -28 Error de BTRFS (dispositivo dm-3): no se pudo ejecutar el rango delalloc, ra\u00edz=4957 ino=257 folio=1572864 submit_bitmap=8-15 inicio=1605632 len=69632: -28 ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locke ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"6.12.17\",\"matchCriteriaId\":\"B01A86DD-3782-4226-B75E-C55791CCFDF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.13.5\",\"matchCriteriaId\":\"72E69ABB-9015-43A6-87E1-5150383CFFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.19.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95AAB7F6-7CB7-4223-8494-F756447DC6FF\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0283ee1912c8e243c931f4ee5b3672e954fe0384\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/21333148b5c9e52f41fafcedec3810b56a5e0e40\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72dad8e377afa50435940adfb697e070d3556670\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.