Acknowledged
Created: Aug 24, 2025
Updated: Aug 26, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]hfsplus: remove mutex_lock check in hfsplus_free_extents[EOL][EOL]Syzbot reported an issue in hfsplus filesystem:[EOL][EOL]------------[ cut here ]------------[EOL]WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346[EOL]\thfsplus_free_extents+0x700/0xad0[EOL]Call Trace:[EOL]<TASK>[EOL]hfsplus_file_truncate+0x768/0xbb0 fs/hfsplus/extents.c:606[EOL]hfsplus_write_begin+0xc2/0xd0 fs/hfsplus/inode.c:56[EOL]cont_expand_zero fs/buffer.c:2383 [inline][EOL]cont_write_begin+0x2cf/0x860 fs/buffer.c:2446[EOL]hfsplus_write_begin+0x86/0xd0 fs/hfsplus/inode.c:52[EOL]generic_cont_expand_simple+0x151/0x250 fs/buffer.c:2347[EOL]hfsplus_setattr+0x168/0x280 fs/hfsplus/inode.c:263[EOL]notify_change+0xe38/0x10f0 fs/attr.c:420[EOL]do_truncate+0x1fb/0x2e0 fs/open.c:65[EOL]do_sys_ftruncate+0x2eb/0x380 fs/open.c:193[EOL]do_syscall_x64 arch/x86/entry/common.c:50 [inline][EOL]do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80[EOL]entry_SYSCALL_64_after_hwframe+0x63/0xcd[EOL][EOL]To avoid deadlock, Commit 31651c607151 ("hfsplus: avoid deadlock[EOL]on file truncation") unlock extree before hfsplus_free_extents(),[EOL]and add check wheather extree is locked in hfsplus_free_extents().[EOL][EOL]However, when operations such as hfsplus_file_release,[EOL]hfsplus_setattr, hfsplus_unlink, and hfsplus_get_block are executed[EOL]concurrently in different files, it is very likely to trigger the[EOL]WARN_ON, which will lead syzbot and xfstest to consider it as an[EOL]abnormality.[EOL][EOL]The comment above this warning also describes one of the easy[EOL]triggering situations, which can easily trigger and cause[EOL]xfstest&syzbot to report errors.[EOL][EOL][task A]\t\t\t[task B][EOL]->hfsplus_file_release[EOL] ->hfsplus_file_truncate[EOL] ->hfs_find_init[EOL] ->mutex_lock[EOL] ->mutex_unlock[EOL]\t\t\t\t->hfsplus_write_begin[EOL]\t\t\t\t ->hfsplus_get_block[EOL]\t\t\t\t ->hfsplus_file_extend[EOL]\t\t\t\t ->hfsplus_ext_read_extent[EOL]\t\t\t\t ->hfs_find_init[EOL]\t\t\t\t\t ->mutex_lock[EOL] ->hfsplus_free_extents[EOL] WARN_ON(mutex_is_locked) !!![EOL][EOL]Several threads could try to lock the shared extents tree.[EOL]And warning can be triggered in one thread when another thread[EOL]has locked the tree. This is the wrong behavior of the code and[EOL]we need to remove the warning.
CREATE(Triage):(User=pbi-cn) [CVE-2025-38650 (https://nvd.nist.gov/vuln/detail/CVE-2025-38650)
