{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T15:05:48.377","vulnerabilities":[{"cve":{"id":"CVE-2025-71194","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:11.297","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n 1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n 2. A worker processing an ordered extent calls start_transaction()\n with TRANS_JOIN\n\n 3. join_transaction() returns -EBUSY because Transaction A is in\n TRANS_STATE_COMMIT_DOING\n\n 4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n 5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n 6. The ordered extent from step 2 is added to Transaction B's\n pending ordered extents\n\n 7. Transaction B immediately starts commit by another task and\n enters TRANS_STATE_COMMIT_START\n\n 8. The worker finally reaches wait_current_trans(), sees Transaction B\n in TRANS_STATE_COMMIT_START (a blocked state), and waits\n unconditionally\n\n 9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n according to btrfs_blocked_trans_types[]\n\n 10. Transaction B is waiting for pending ordered extents to complete\n\n 11. Deadlock: Transaction B waits for ordered extent, ordered extent\n waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n CPU0 CPU1\n btrfs_finish_ordered_io()\n start_transaction(TRANS_JOIN)\n join_transaction()\n # -EBUSY (Transaction A is\n # TRANS_STATE_COMMIT_DOING)\n # Transaction A completes\n # Transaction B created\n # ordered extent added to\n # Transaction B's pending list\n btrfs_commit_transaction()\n # Transaction B enters\n # TRANS_STATE_COMMIT_START\n # waiting for pending ordered\n # extents\n wait_current_trans()\n # waits for Transaction B\n # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n btrfs_sync_file+0x342/0x4d0 [btrfs]\n __x64_sys_fdatasync+0x4b/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n wait_current_trans+0xb0/0x110 [btrfs]\n start_transaction+0x346/0x5b0 [btrfs]\n btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n btrfs_work_helper+0xe8/0x350 [btrfs]\n process_one_work+0x1d3/0x3c0\n worker_thread+0x4d/0x3e0\n kthread+0x12d/0x150\n ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans->state] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: corrige interbloqueo en wait_current_trans() debido a un tipo de transacción ignorado\n\nCuando se llama a wait_current_trans() durante start_transaction(), actualmente espera por una transacción bloqueada sin considerar si el tipo de transacción dado realmente necesita esperar por ese estado de transacción particular. El array btrfs_blocked_trans_types[] ya define qué tipos de transacción deben esperar por qué estados de transacción, pero esta verificación faltaba en wait_current_trans().\n\nEsto puede llevar a un escenario de interbloqueo que involucra dos transacciones y extensiones ordenadas pendientes:\n\n 1. La Transacción A está en estado TRANS_STATE_COMMIT_DOING\n 2. Un worker que procesa una extensión ordenada llama a start_transaction() con TRANS_JOIN\n 3. join_transaction() devuelve -EBUSY porque la Transacción A está en TRANS_STATE_COMMIT_DOING\n 4. La Transacción A pasa a TRANS_STATE_UNBLOCKED y se completa\n 5. Se crea una nueva Transacción B (TRANS_STATE_RUNNING)\n 6. La extensión ordenada del paso 2 se añade a las extensiones ordenadas pendientes de la Transacción B\n 7. La Transacción B inicia inmediatamente la confirmación por otra tarea y entra en TRANS_STATE_COMMIT_START\n 8. El worker finalmente llega a wait_current_trans(), ve la Transacción B en TRANS_STATE_COMMIT_START (un estado bloqueado), y espera incondicionalmente\n 9. Sin embargo, TRANS_JOIN NO debería esperar por TRANS_STATE_COMMIT_START según btrfs_blocked_trans_types[]\n 10. La Transacción B está esperando que las extensiones ordenadas pendientes se completen\n 11. Interbloqueo: La Transacción B espera por la extensión ordenada, la extensión ordenada espera por la Transacción B\n\nEsto puede ilustrarse con las siguientes pilas de llamadas:\n CPU0 CPU1\n btrfs_finish_ordered_io()\n start_transaction(TRANS_JOIN)\n join_transaction()\n # -EBUSY (La Transacción A está en\n # TRANS_STATE_COMMIT_DOING)\n # La Transacción A se completa\n # La Transacción B creada\n # extensión ordenada añadida a\n # la lista pendiente de la Transacción B\n btrfs_commit_transaction()\n # La Transacción B entra en\n # TRANS_STATE_COMMIT_START\n # esperando por extensiones ordenadas\n # pendientes\n wait_current_trans()\n # espera por la Transacción B\n # (¡no debería esperar!)\n\nTarea bstore_kv_sync en btrfs_commit_transaction esperando por extensiones ordenadas:\n\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n btrfs_sync_file+0x342/0x4d0 [btrfs]\n __x64_sys_fdatasync+0x4b/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTarea kworker en wait_current_trans esperando por la confirmación de la transacción:\n\n Cola de trabajo: btrfs-syno_nocow btrfs_work_helper [btrfs]\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n wait_current_trans+0xb0/0x110 [btrfs]\n start_transaction+0x346/0x5b0 [btrfs]\n btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n btrfs_work_helper+0xe8/0x350 [btrfs]\n process_one_work+0x1d3/0x3c0\n worker_thread+0x4d/0x3e0\n kthread+0x12d/0x150\n ret_from_fork+0x1f/0x30\n\nSolucione esto pasando el tipo de transacción a wait_current_trans() y verificando btrfs_blocked_trans_types[cur_trans->state] contra el tipo dado antes de decidir esperar. Esto asegura que los tipos de transacción a los que se les permite unirse durante ciertos estados bloqueados no esperarán innecesariamente y causarán interbloqueos."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674baab50cb2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac046cc8633d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e563f59395981fcd69d130761290929806e728d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}