ghsa-5g77-7644-h27q
Vulnerability from github
Published
2025-07-25 15:30
Modified
2025-07-25 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

fuse: fix runtime warning on truncate_folio_batch_exceptionals()

The WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() to capture whether the filesystem has removed all DAX entries or not.

And the fix has been applied on the filesystem xfs and ext4 by the commit 0e2f80afcfa6 ("fs/dax: ensure all pages are idle prior to filesystem unmount").

Apply the missed fix on filesystem fuse to fix the runtime warning:

[ 2.011450] ------------[ cut here ]------------ [ 2.011873] WARNING: CPU: 0 PID: 145 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0x272/0x2b0 [ 2.012468] Modules linked in: [ 2.012718] CPU: 0 UID: 1000 PID: 145 Comm: weston Not tainted 6.16.0-rc2-WSL2-STABLE #2 PREEMPT(undef) [ 2.013292] RIP: 0010:truncate_folio_batch_exceptionals+0x272/0x2b0 [ 2.013704] Code: 48 63 d0 41 29 c5 48 8d 1c d5 00 00 00 00 4e 8d 6c 2a 01 49 c1 e5 03 eb 09 48 83 c3 08 49 39 dd 74 83 41 f6 44 1c 08 01 74 ef <0f> 0b 49 8b 34 1e 48 89 ef e8 10 a2 17 00 eb df 48 8b 7d 00 e8 35 [ 2.014845] RSP: 0018:ffffa47ec33f3b10 EFLAGS: 00010202 [ 2.015279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 2.015884] RDX: 0000000000000000 RSI: ffffa47ec33f3ca0 RDI: ffff98aa44f3fa80 [ 2.016377] RBP: ffff98aa44f3fbf0 R08: ffffa47ec33f3ba8 R09: 0000000000000000 [ 2.016942] R10: 0000000000000001 R11: 0000000000000000 R12: ffffa47ec33f3ca0 [ 2.017437] R13: 0000000000000008 R14: ffffa47ec33f3ba8 R15: 0000000000000000 [ 2.017972] FS: 000079ce006afa40(0000) GS:ffff98aade441000(0000) knlGS:0000000000000000 [ 2.018510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.018987] CR2: 000079ce03e74000 CR3: 000000010784f006 CR4: 0000000000372eb0 [ 2.019518] Call Trace: [ 2.019729] [ 2.019901] truncate_inode_pages_range+0xd8/0x400 [ 2.020280] ? timerqueue_add+0x66/0xb0 [ 2.020574] ? get_nohz_timer_target+0x2a/0x140 [ 2.020904] ? timerqueue_add+0x66/0xb0 [ 2.021231] ? timerqueue_del+0x2e/0x50 [ 2.021646] ? __remove_hrtimer+0x39/0x90 [ 2.022017] ? srso_alias_untrain_ret+0x1/0x10 [ 2.022497] ? psi_group_change+0x136/0x350 [ 2.023046] ? _raw_spin_unlock+0xe/0x30 [ 2.023514] ? finish_task_switch.isra.0+0x8d/0x280 [ 2.024068] ? __schedule+0x532/0xbd0 [ 2.024551] fuse_evict_inode+0x29/0x190 [ 2.025131] evict+0x100/0x270 [ 2.025641] ? _atomic_dec_and_lock+0x39/0x50 [ 2.026316] ? __pfx_generic_delete_inode+0x10/0x10 [ 2.026843] __dentry_kill+0x71/0x180 [ 2.027335] dput+0xeb/0x1b0 [ 2.027725] __fput+0x136/0x2b0 [ 2.028054] __x64_sys_close+0x3d/0x80 [ 2.028469] do_syscall_64+0x6d/0x1b0 [ 2.028832] ? clear_bhb_loop+0x30/0x80 [ 2.029182] ? clear_bhb_loop+0x30/0x80 [ 2.029533] ? clear_bhb_loop+0x30/0x80 [ 2.029902] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 2.030423] RIP: 0033:0x79ce03d0d067 [ 2.030820] Code: b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 c3 a7 f8 ff [ 2.032354] RSP: 002b:00007ffef0498948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 2.032939] RAX: ffffffffffffffda RBX: 00007ffef0498960 RCX: 000079ce03d0d067 [ 2.033612] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 000000000000000d [ 2.034289] RBP: 00007ffef0498a30 R08: 000000000000000d R09: 0000000000000000 [ 2.034944] R10: 00007ffef0498978 R11: 0000000000000246 R12: 0000000000000001 [ 2.035610] R13: 00007ffef0498960 R14: 000079ce03e09ce0 R15: 0000000000000003 [ 2.036301] [ 2.036532] ---[ end trace 0000000000000000 ]---

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-38357"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T13:15:24Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix runtime warning on truncate_folio_batch_exceptionals()\n\nThe WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() to\ncapture whether the filesystem has removed all DAX entries or not.\n\nAnd the fix has been applied on the filesystem xfs and ext4 by the commit\n0e2f80afcfa6 (\"fs/dax: ensure all pages are idle prior to filesystem\nunmount\").\n\nApply the missed fix on filesystem fuse to fix the runtime warning:\n\n[    2.011450] ------------[ cut here ]------------\n[    2.011873] WARNING: CPU: 0 PID: 145 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0x272/0x2b0\n[    2.012468] Modules linked in:\n[    2.012718] CPU: 0 UID: 1000 PID: 145 Comm: weston Not tainted 6.16.0-rc2-WSL2-STABLE #2 PREEMPT(undef)\n[    2.013292] RIP: 0010:truncate_folio_batch_exceptionals+0x272/0x2b0\n[    2.013704] Code: 48 63 d0 41 29 c5 48 8d 1c d5 00 00 00 00 4e 8d 6c 2a 01 49 c1 e5 03 eb 09 48 83 c3 08 49 39 dd 74 83 41 f6 44 1c 08 01 74 ef \u003c0f\u003e 0b 49 8b 34 1e 48 89 ef e8 10 a2 17 00 eb df 48 8b 7d 00 e8 35\n[    2.014845] RSP: 0018:ffffa47ec33f3b10 EFLAGS: 00010202\n[    2.015279] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[    2.015884] RDX: 0000000000000000 RSI: ffffa47ec33f3ca0 RDI: ffff98aa44f3fa80\n[    2.016377] RBP: ffff98aa44f3fbf0 R08: ffffa47ec33f3ba8 R09: 0000000000000000\n[    2.016942] R10: 0000000000000001 R11: 0000000000000000 R12: ffffa47ec33f3ca0\n[    2.017437] R13: 0000000000000008 R14: ffffa47ec33f3ba8 R15: 0000000000000000\n[    2.017972] FS:  000079ce006afa40(0000) GS:ffff98aade441000(0000) knlGS:0000000000000000\n[    2.018510] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    2.018987] CR2: 000079ce03e74000 CR3: 000000010784f006 CR4: 0000000000372eb0\n[    2.019518] Call Trace:\n[    2.019729]  \u003cTASK\u003e\n[    2.019901]  truncate_inode_pages_range+0xd8/0x400\n[    2.020280]  ? timerqueue_add+0x66/0xb0\n[    2.020574]  ? get_nohz_timer_target+0x2a/0x140\n[    2.020904]  ? timerqueue_add+0x66/0xb0\n[    2.021231]  ? timerqueue_del+0x2e/0x50\n[    2.021646]  ? __remove_hrtimer+0x39/0x90\n[    2.022017]  ? srso_alias_untrain_ret+0x1/0x10\n[    2.022497]  ? psi_group_change+0x136/0x350\n[    2.023046]  ? _raw_spin_unlock+0xe/0x30\n[    2.023514]  ? finish_task_switch.isra.0+0x8d/0x280\n[    2.024068]  ? __schedule+0x532/0xbd0\n[    2.024551]  fuse_evict_inode+0x29/0x190\n[    2.025131]  evict+0x100/0x270\n[    2.025641]  ? _atomic_dec_and_lock+0x39/0x50\n[    2.026316]  ? __pfx_generic_delete_inode+0x10/0x10\n[    2.026843]  __dentry_kill+0x71/0x180\n[    2.027335]  dput+0xeb/0x1b0\n[    2.027725]  __fput+0x136/0x2b0\n[    2.028054]  __x64_sys_close+0x3d/0x80\n[    2.028469]  do_syscall_64+0x6d/0x1b0\n[    2.028832]  ? clear_bhb_loop+0x30/0x80\n[    2.029182]  ? clear_bhb_loop+0x30/0x80\n[    2.029533]  ? clear_bhb_loop+0x30/0x80\n[    2.029902]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[    2.030423] RIP: 0033:0x79ce03d0d067\n[    2.030820] Code: b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 c3 a7 f8 ff\n[    2.032354] RSP: 002b:00007ffef0498948 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[    2.032939] RAX: ffffffffffffffda RBX: 00007ffef0498960 RCX: 000079ce03d0d067\n[    2.033612] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 000000000000000d\n[    2.034289] RBP: 00007ffef0498a30 R08: 000000000000000d R09: 0000000000000000\n[    2.034944] R10: 00007ffef0498978 R11: 0000000000000246 R12: 0000000000000001\n[    2.035610] R13: 00007ffef0498960 R14: 000079ce03e09ce0 R15: 0000000000000003\n[    2.036301]  \u003c/TASK\u003e\n[    2.036532] ---[ end trace 0000000000000000 ]---",
  "id": "GHSA-5g77-7644-h27q",
  "modified": "2025-07-25T15:30:51Z",
  "published": "2025-07-25T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38357"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b48878aee8e7311411148c7a67c8f0b02f571d75"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/befd9a71d859ea625eaa84dae1b243efb3df3eca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.