{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "bde708f1a65d025c45575bfe1e7bf7bdf7e71e87"
            },
            {
              "fixed": "91c34cd6ca1bc67ccf2d104834956af56b5893de"
            },
            {
              "fixed": "181993bb0d626cf88cc803f4356ce5c5abe86278"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39868.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix runtime warning on truncate_folio_batch_exceptionals()\n\nCommit 0e2f80afcfa6(\"fs/dax: ensure all pages are idle prior to\nfilesystem unmount\") introduced the WARN_ON_ONCE to capture whether\nthe filesystem has removed all DAX entries or not and applied the\nfix to xfs and ext4.\n\nApply the missed fix on erofs to fix the runtime warning:\n\n[  5.266254] ------------[ cut here ]------------\n[  5.266274] WARNING: CPU: 6 PID: 3109 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xff/0x260\n[  5.266294] Modules linked in:\n[  5.266999] CPU: 6 UID: 0 PID: 3109 Comm: umount Tainted: G S                  6.16.0+ #6 PREEMPT(voluntary)\n[  5.267012] Tainted: [S]=CPU_OUT_OF_SPEC\n[  5.267017] Hardware name: Dell Inc. OptiPlex 5000/05WXFV, BIOS 1.5.1 08/24/2022\n[  5.267024] RIP: 0010:truncate_folio_batch_exceptionals+0xff/0x260\n[  5.267076] Code: 00 00 41 39 df 7f 11 eb 78 83 c3 01 49 83 c4 08 41 39 df 74 6c 48 63 f3 48 83 fe 1f 0f 83 3c 01 00 00 43 f6 44 26 08 01 74 df \u003c0f\u003e 0b 4a 8b 34 22 4c 89 ef 48 89 55 90 e8 ff 54 1f 00 48 8b 55 90\n[  5.267083] RSP: 0018:ffffc900013f36c8 EFLAGS: 00010202\n[  5.267095] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[  5.267101] RDX: ffffc900013f3790 RSI: 0000000000000000 RDI: ffff8882a1407898\n[  5.267108] RBP: ffffc900013f3740 R08: 0000000000000000 R09: 0000000000000000\n[  5.267113] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n[  5.267119] R13: ffff8882a1407ab8 R14: ffffc900013f3888 R15: 0000000000000001\n[  5.267125] FS:  00007aaa8b437800(0000) GS:ffff88850025b000(0000) knlGS:0000000000000000\n[  5.267132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  5.267138] CR2: 00007aaa8b3aac10 CR3: 000000024f764000 CR4: 0000000000f52ef0\n[  5.267144] PKRU: 55555554\n[  5.267150] Call Trace:\n[  5.267154]  \u003cTASK\u003e\n[  5.267181]  truncate_inode_pages_range+0x118/0x5e0\n[  5.267193]  ? save_trace+0x54/0x390\n[  5.267296]  truncate_inode_pages_final+0x43/0x60\n[  5.267309]  evict+0x2a4/0x2c0\n[  5.267339]  dispose_list+0x39/0x80\n[  5.267352]  evict_inodes+0x150/0x1b0\n[  5.267376]  generic_shutdown_super+0x41/0x180\n[  5.267390]  kill_block_super+0x1b/0x50\n[  5.267402]  erofs_kill_sb+0x81/0x90 [erofs]\n[  5.267436]  deactivate_locked_super+0x32/0xb0\n[  5.267450]  deactivate_super+0x46/0x60\n[  5.267460]  cleanup_mnt+0xc3/0x170\n[  5.267475]  __cleanup_mnt+0x12/0x20\n[  5.267485]  task_work_run+0x5d/0xb0\n[  5.267499]  exit_to_user_mode_loop+0x144/0x170\n[  5.267512]  do_syscall_64+0x2b9/0x7c0\n[  5.267523]  ? __lock_acquire+0x665/0x2ce0\n[  5.267535]  ? __lock_acquire+0x665/0x2ce0\n[  5.267560]  ? lock_acquire+0xcd/0x300\n[  5.267573]  ? find_held_lock+0x31/0x90\n[  5.267582]  ? mntput_no_expire+0x97/0x4e0\n[  5.267606]  ? mntput_no_expire+0xa1/0x4e0\n[  5.267625]  ? mntput+0x24/0x50\n[  5.267634]  ? path_put+0x1e/0x30\n[  5.267647]  ? do_faccessat+0x120/0x2f0\n[  5.267677]  ? do_syscall_64+0x1a2/0x7c0\n[  5.267686]  ? from_kgid_munged+0x17/0x30\n[  5.267703]  ? from_kuid_munged+0x13/0x30\n[  5.267711]  ? __do_sys_getuid+0x3d/0x50\n[  5.267724]  ? do_syscall_64+0x1a2/0x7c0\n[  5.267732]  ? irqentry_exit+0x77/0xb0\n[  5.267743]  ? clear_bhb_loop+0x30/0x80\n[  5.267752]  ? clear_bhb_loop+0x30/0x80\n[  5.267765]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  5.267772] RIP: 0033:0x7aaa8b32a9fb\n[  5.267781] Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 e9 83 0d 00 f7 d8\n[  5.267787] RSP: 002b:00007ffd7c4c9468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\n[  5.267796] RAX: 0000000000000000 RBX: 00005a61592a8b00 RCX: 00007aaa8b32a9fb\n[  5.267802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005a61592b2080\n[  5.267806] RBP: 00007ffd7c4c9540 R08: 00007aaa8b403b20 R09: 0000000000000020\n[  5.267812] R10: 0000000000000001 R11: 0000000000000246 R12: 00005a61592a8c00\n[  5.267817] R13: 00000000\n---truncated---",
  "id": "CVE-2025-39868",
  "modified": "2026-04-01T23:09:16.928504631Z",
  "published": "2025-09-23T06:00:43.308Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/181993bb0d626cf88cc803f4356ce5c5abe86278"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/91c34cd6ca1bc67ccf2d104834956af56b5893de"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39868.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39868"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "erofs: fix runtime warning on truncate_folio_batch_exceptionals()"
}