CVE-2025-40196 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors. This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set ...

PUBLISHED Reserved 2025-04-16 | Published 2025-11-12 | Updated 2025-12-01 | Assigner Linux

Product status

Default status

unaffected

bcacb52a985f1b6d280f698a470b873dfe52728a (git) before f846eacde280ecc3daedfe001580e3033565179e

affected

8ea87e34792258825d290f4dc5216276e91cb224 (git) before f12039df1515d5daf7d92e586ece5cefeb39561b

affected

ac6f420291b3fee1113f21d612fa88b628afab5b (git) before 8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0

affected

ac6f420291b3fee1113f21d612fa88b628afab5b (git) before 72b7ceca857f38a8ca7c5629feffc63769638974

affected

a5abba5e0e586e258ded3e798fe5f69c66fec198 (git)

affected

6f3821acd7c3143145999248087de5fb4b48cf26 (git)

affected

ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb (git)

affected

3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb (git)

affected

Default status

affected

6.13

affected

Any version before 6.13

unaffected

6.6.114 (semver)

unaffected

6.12.54 (semver)

unaffected

6.17.4 (semver)

unaffected

6.18 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/f846eacde280ecc3daedfe001580e3033565179e

git.kernel.org/...c/f12039df1515d5daf7d92e586ece5cefeb39561b

git.kernel.org/...c/8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0

git.kernel.org/...c/72b7ceca857f38a8ca7c5629feffc63769638974

cve.org (CVE-2025-40196)

nvd.nist.gov (CVE-2025-40196)

Download JSON