CVE-2025-37928
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37928
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37928.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37928
- Downstream
- Related
- Published
- 2025-05-20T15:21:54.592Z
- Modified
- 2025-11-27T02:33:23.301169Z
- Summary
- dm-bufio: don't schedule in atomic context
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dm-bufio: don't schedule in atomic context
A BUG was reported as below when CONFIGDEBUGATOMICSLEEP and tryverifyintasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preemptcount: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrinkwork+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/waltdebug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dmbufiocache shrinkwork [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : androidrvhschedulebug+0x0/0x8 [schedwaltdebug] [ 129.447435][ T934] lr : _traceiterandroidrvhschedulebug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] androidrvhschedulebug+0x0/0x8 [schedwaltdebug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] _mightresched+0x190/0x1a8 [ 129.447694][ T934] shrinkwork+0x180/0x248 [ 129.447706][ T934] processonework+0x260/0x624 [ 129.447718][ T934] workerthread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] retfromfork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]---
dmbufiolock will call spinlockbh when tryverifyintasklet is enabled, and _scan will be called in atomic context.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/37xxx/CVE-2025-37928.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/69a37b3ba85088fc6b903b8e1db7f0a1d4d0b52d
- https://git.kernel.org/stable/c/a3d8f0a7f5e8b193db509c7191fefeed3533fc44
- https://git.kernel.org/stable/c/a99f5bf4f7197009859dbce14c12f8e2ce5a5a69
- https://git.kernel.org/stable/c/c8c83052283bcf2fdd467a33d1d2bd5ba36e935a
- https://git.kernel.org/stable/c/f45108257280e0a1cc951ce254853721b40c0812
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cd326747f46ffe1c7bff5682e97dfbcb98990ecFixeda99f5bf4f7197009859dbce14c12f8e2ce5a5a69
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cd326747f46ffe1c7bff5682e97dfbcb98990ecFixedc8c83052283bcf2fdd467a33d1d2bd5ba36e935a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cd326747f46ffe1c7bff5682e97dfbcb98990ecFixedf45108257280e0a1cc951ce254853721b40c0812
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cd326747f46ffe1c7bff5682e97dfbcb98990ecFixed69a37b3ba85088fc6b903b8e1db7f0a1d4d0b52d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7cd326747f46ffe1c7bff5682e97dfbcb98990ecFixeda3d8f0a7f5e8b193db509c7191fefeed3533fc44