Vulnerability-Lookup

FKIE_CVE-2025-71194

Vulnerability from fkie_nvd - Published: 2026-02-04 17:16 - Updated: 2026-02-06 17:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_transaction(), it currently waits for a blocked transaction without considering whether the given transaction type actually needs to wait for that particular transaction state. The btrfs_blocked_trans_types[] array already defines which transaction types should wait for which transaction states, but this check was missing in wait_current_trans(). This can lead to a deadlock scenario involving two transactions and pending ordered extents: 1. Transaction A is in TRANS_STATE_COMMIT_DOING state 2. A worker processing an ordered extent calls start_transaction() with TRANS_JOIN 3. join_transaction() returns -EBUSY because Transaction A is in TRANS_STATE_COMMIT_DOING 4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes 5. A new Transaction B is created (TRANS_STATE_RUNNING) 6. The ordered extent from step 2 is added to Transaction B's pending ordered extents 7. Transaction B immediately starts commit by another task and enters TRANS_STATE_COMMIT_START 8. The worker finally reaches wait_current_trans(), sees Transaction B in TRANS_STATE_COMMIT_START (a blocked state), and waits unconditionally 9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START according to btrfs_blocked_trans_types[] 10. Transaction B is waiting for pending ordered extents to complete 11. Deadlock: Transaction B waits for ordered extent, ordered extent waits for Transaction B This can be illustrated by the following call stacks: CPU0 CPU1 btrfs_finish_ordered_io() start_transaction(TRANS_JOIN) join_transaction() # -EBUSY (Transaction A is # TRANS_STATE_COMMIT_DOING) # Transaction A completes # Transaction B created # ordered extent added to # Transaction B's pending list btrfs_commit_transaction() # Transaction B enters # TRANS_STATE_COMMIT_START # waiting for pending ordered # extents wait_current_trans() # waits for Transaction B # (should not wait!) Task bstore_kv_sync in btrfs_commit_transaction waiting for ordered extents: __schedule+0x2e7/0x8a0 schedule+0x64/0xe0 btrfs_commit_transaction+0xbf7/0xda0 [btrfs] btrfs_sync_file+0x342/0x4d0 [btrfs] __x64_sys_fdatasync+0x4b/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Task kworker in wait_current_trans waiting for transaction commit: Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs] __schedule+0x2e7/0x8a0 schedule+0x64/0xe0 wait_current_trans+0xb0/0x110 [btrfs] start_transaction+0x346/0x5b0 [btrfs] btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs] btrfs_work_helper+0xe8/0x350 [btrfs] process_one_work+0x1d3/0x3c0 worker_thread+0x4d/0x3e0 kthread+0x12d/0x150 ret_from_fork+0x1f/0x30 Fix this by passing the transaction type to wait_current_trans() and checking btrfs_blocked_trans_types[cur_trans->state] against the given type before deciding to wait. This ensures that transaction types which are allowed to join during certain blocked states will not unnecessarily wait and cause deadlocks.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674baab50cb2
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac046cc8633d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e563f59395981fcd69d130761290929806e728d6

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n  1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n  2. A worker processing an ordered extent calls start_transaction()\n     with TRANS_JOIN\n\n  3. join_transaction() returns -EBUSY because Transaction A is in\n     TRANS_STATE_COMMIT_DOING\n\n  4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n  5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n  6. The ordered extent from step 2 is added to Transaction B\u0027s\n     pending ordered extents\n\n  7. Transaction B immediately starts commit by another task and\n     enters TRANS_STATE_COMMIT_START\n\n  8. The worker finally reaches wait_current_trans(), sees Transaction B\n     in TRANS_STATE_COMMIT_START (a blocked state), and waits\n     unconditionally\n\n  9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n     according to btrfs_blocked_trans_types[]\n\n  10. Transaction B is waiting for pending ordered extents to complete\n\n  11. Deadlock: Transaction B waits for ordered extent, ordered extent\n      waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n  CPU0                              CPU1\n                                    btrfs_finish_ordered_io()\n                                      start_transaction(TRANS_JOIN)\n                                        join_transaction()\n                                          # -EBUSY (Transaction A is\n                                          # TRANS_STATE_COMMIT_DOING)\n  # Transaction A completes\n  # Transaction B created\n  # ordered extent added to\n  # Transaction B\u0027s pending list\n  btrfs_commit_transaction()\n    # Transaction B enters\n    # TRANS_STATE_COMMIT_START\n    # waiting for pending ordered\n    # extents\n                                        wait_current_trans()\n                                          # waits for Transaction B\n                                          # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n  btrfs_sync_file+0x342/0x4d0 [btrfs]\n  __x64_sys_fdatasync+0x4b/0x80\n  do_syscall_64+0x33/0x40\n  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n  Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  wait_current_trans+0xb0/0x110 [btrfs]\n  start_transaction+0x346/0x5b0 [btrfs]\n  btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n  btrfs_work_helper+0xe8/0x350 [btrfs]\n  process_one_work+0x1d3/0x3c0\n  worker_thread+0x4d/0x3e0\n  kthread+0x12d/0x150\n  ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans-\u003estate] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: corrige interbloqueo en wait_current_trans() debido a un tipo de transacci\u00f3n ignorado\n\nCuando se llama a wait_current_trans() durante start_transaction(), actualmente espera por una transacci\u00f3n bloqueada sin considerar si el tipo de transacci\u00f3n dado realmente necesita esperar por ese estado de transacci\u00f3n particular. El array btrfs_blocked_trans_types[] ya define qu\u00e9 tipos de transacci\u00f3n deben esperar por qu\u00e9 estados de transacci\u00f3n, pero esta verificaci\u00f3n faltaba en wait_current_trans().\n\nEsto puede llevar a un escenario de interbloqueo que involucra dos transacciones y extensiones ordenadas pendientes:\n\n  1. La Transacci\u00f3n A est\u00e1 en estado TRANS_STATE_COMMIT_DOING\n  2. Un worker que procesa una extensi\u00f3n ordenada llama a start_transaction() con TRANS_JOIN\n  3. join_transaction() devuelve -EBUSY porque la Transacci\u00f3n A est\u00e1 en TRANS_STATE_COMMIT_DOING\n  4. La Transacci\u00f3n A pasa a TRANS_STATE_UNBLOCKED y se completa\n  5. Se crea una nueva Transacci\u00f3n B (TRANS_STATE_RUNNING)\n  6. La extensi\u00f3n ordenada del paso 2 se a\u00f1ade a las extensiones ordenadas pendientes de la Transacci\u00f3n B\n  7. La Transacci\u00f3n B inicia inmediatamente la confirmaci\u00f3n por otra tarea y entra en TRANS_STATE_COMMIT_START\n  8. El worker finalmente llega a wait_current_trans(), ve la Transacci\u00f3n B en TRANS_STATE_COMMIT_START (un estado bloqueado), y espera incondicionalmente\n  9. Sin embargo, TRANS_JOIN NO deber\u00eda esperar por TRANS_STATE_COMMIT_START seg\u00fan btrfs_blocked_trans_types[]\n  10. La Transacci\u00f3n B est\u00e1 esperando que las extensiones ordenadas pendientes se completen\n  11. Interbloqueo: La Transacci\u00f3n B espera por la extensi\u00f3n ordenada, la extensi\u00f3n ordenada espera por la Transacci\u00f3n B\n\nEsto puede ilustrarse con las siguientes pilas de llamadas:\n  CPU0                              CPU1\n                                    btrfs_finish_ordered_io()\n                                      start_transaction(TRANS_JOIN)\n                                        join_transaction()\n                                          # -EBUSY (La Transacci\u00f3n A est\u00e1 en\n                                          # TRANS_STATE_COMMIT_DOING)\n  # La Transacci\u00f3n A se completa\n  # La Transacci\u00f3n B creada\n  # extensi\u00f3n ordenada a\u00f1adida a\n  # la lista pendiente de la Transacci\u00f3n B\n  btrfs_commit_transaction()\n    # La Transacci\u00f3n B entra en\n    # TRANS_STATE_COMMIT_START\n    # esperando por extensiones ordenadas\n    # pendientes\n                                        wait_current_trans()\n                                          # espera por la Transacci\u00f3n B\n                                          # (\u00a1no deber\u00eda esperar!)\n\nTarea bstore_kv_sync en btrfs_commit_transaction esperando por extensiones ordenadas:\n\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n  btrfs_sync_file+0x342/0x4d0 [btrfs]\n  __x64_sys_fdatasync+0x4b/0x80\n  do_syscall_64+0x33/0x40\n  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTarea kworker en wait_current_trans esperando por la confirmaci\u00f3n de la transacci\u00f3n:\n\n  Cola de trabajo: btrfs-syno_nocow btrfs_work_helper [btrfs]\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  wait_current_trans+0xb0/0x110 [btrfs]\n  start_transaction+0x346/0x5b0 [btrfs]\n  btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n  btrfs_work_helper+0xe8/0x350 [btrfs]\n  process_one_work+0x1d3/0x3c0\n  worker_thread+0x4d/0x3e0\n  kthread+0x12d/0x150\n  ret_from_fork+0x1f/0x30\n\nSolucione esto pasando el tipo de transacci\u00f3n a wait_current_trans() y verificando btrfs_blocked_trans_types[cur_trans-\u0026gt;state] contra el tipo dado antes de decidir esperar. Esto asegura que los tipos de transacci\u00f3n a los que se les permite unirse durante ciertos estados bloqueados no esperar\u00e1n innecesariamente y causar\u00e1n interbloqueos."
    }
  ],
  "id": "CVE-2025-71194",
  "lastModified": "2026-02-06T17:16:19.230",
  "metrics": {},
  "published": "2026-02-04T17:16:11.297",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674baab50cb2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac046cc8633d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e563f59395981fcd69d130761290929806e728d6"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-71194 (GCVE-0-2025-71194)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:04 – Updated: 2026-02-09 08:36

Title

btrfs: fix deadlock in wait_current_trans() due to ignored transaction type

Summary

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e563f59395981fcd6…
	https://git.kernel.org/stable/c/dc84036c173cff6a4…
	https://git.kernel.org/stable/c/d7b04b40ac8e6d814…
	https://git.kernel.org/stable/c/99da896614d17e8a8…
	https://git.kernel.org/stable/c/8b0bb145d3bc26436…
	https://git.kernel.org/stable/c/9ac63333d600732a5…
	https://git.kernel.org/stable/c/5037b342825df7094…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < e563f59395981fcd69d130761290929806e728d6 (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < dc84036c173cff6a432d9ab926298850b1d2a659 (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < d7b04b40ac8e6d814e35202a0e1568809b818295 (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < 99da896614d17e8a84aeb2b2d464ac046cc8633d (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < 8b0bb145d3bc264360f525c9717653be3522e528 (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < 9ac63333d600732a56b35ee1fa46836da671eb50 (git)
Affected: 4a9d8bdee368de78ace8b36da4eb2186afea162d , < 5037b342825df7094a4906d1e2a9674baab50cb2 (git)

Linux

Affected: 3.11
Unaffected: 0 , < 3.11 (semver)
Unaffected: 5.10.249 , ≤ 5.10.* (semver)
Unaffected: 5.15.199 , ≤ 5.15.* (semver)
Unaffected: 6.1.162 , ≤ 6.1.* (semver)
Unaffected: 6.6.122 , ≤ 6.6.* (semver)
Unaffected: 6.12.67 , ≤ 6.12.* (semver)
Unaffected: 6.18.7 , ≤ 6.18.* (semver)
Unaffected: 6.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/transaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e563f59395981fcd69d130761290929806e728d6",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "dc84036c173cff6a432d9ab926298850b1d2a659",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "d7b04b40ac8e6d814e35202a0e1568809b818295",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "99da896614d17e8a84aeb2b2d464ac046cc8633d",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "8b0bb145d3bc264360f525c9717653be3522e528",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "9ac63333d600732a56b35ee1fa46836da671eb50",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            },
            {
              "lessThan": "5037b342825df7094a4906d1e2a9674baab50cb2",
              "status": "affected",
              "version": "4a9d8bdee368de78ace8b36da4eb2186afea162d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/transaction.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "lessThan": "3.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.249",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.122",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.249",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.199",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.162",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.122",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.67",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.7",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n  1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n  2. A worker processing an ordered extent calls start_transaction()\n     with TRANS_JOIN\n\n  3. join_transaction() returns -EBUSY because Transaction A is in\n     TRANS_STATE_COMMIT_DOING\n\n  4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n  5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n  6. The ordered extent from step 2 is added to Transaction B\u0027s\n     pending ordered extents\n\n  7. Transaction B immediately starts commit by another task and\n     enters TRANS_STATE_COMMIT_START\n\n  8. The worker finally reaches wait_current_trans(), sees Transaction B\n     in TRANS_STATE_COMMIT_START (a blocked state), and waits\n     unconditionally\n\n  9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n     according to btrfs_blocked_trans_types[]\n\n  10. Transaction B is waiting for pending ordered extents to complete\n\n  11. Deadlock: Transaction B waits for ordered extent, ordered extent\n      waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n  CPU0                              CPU1\n                                    btrfs_finish_ordered_io()\n                                      start_transaction(TRANS_JOIN)\n                                        join_transaction()\n                                          # -EBUSY (Transaction A is\n                                          # TRANS_STATE_COMMIT_DOING)\n  # Transaction A completes\n  # Transaction B created\n  # ordered extent added to\n  # Transaction B\u0027s pending list\n  btrfs_commit_transaction()\n    # Transaction B enters\n    # TRANS_STATE_COMMIT_START\n    # waiting for pending ordered\n    # extents\n                                        wait_current_trans()\n                                          # waits for Transaction B\n                                          # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n  btrfs_sync_file+0x342/0x4d0 [btrfs]\n  __x64_sys_fdatasync+0x4b/0x80\n  do_syscall_64+0x33/0x40\n  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n  Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n  __schedule+0x2e7/0x8a0\n  schedule+0x64/0xe0\n  wait_current_trans+0xb0/0x110 [btrfs]\n  start_transaction+0x346/0x5b0 [btrfs]\n  btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n  btrfs_work_helper+0xe8/0x350 [btrfs]\n  process_one_work+0x1d3/0x3c0\n  worker_thread+0x4d/0x3e0\n  kthread+0x12d/0x150\n  ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans-\u003estate] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T08:36:19.806Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e563f59395981fcd69d130761290929806e728d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295"
        },
        {
          "url": "https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac046cc8633d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50"
        },
        {
          "url": "https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674baab50cb2"
        }
      ],
      "title": "btrfs: fix deadlock in wait_current_trans() due to ignored transaction type",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71194",
    "datePublished": "2026-02-04T16:04:15.389Z",
    "dateReserved": "2026-01-31T11:36:51.190Z",
    "dateUpdated": "2026-02-09T08:36:19.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-71194

CVE-2025-71194 (GCVE-0-2025-71194)

Tags

Sightings

Nomenclature