In the Linux kernel, the following vulnerability has been resolved:
ocfs2: split transactions in dio completion to avoid credit exhaustion
During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitextent ocfs2trytomergeextent ocfs2extendrotatetransaction ocfs2extend_trans jbd2__journalrestart startthishandle output: JBD2: kworker/6:2 wants too many credits credits:5450 rsvcredits:0 max:5449
To prevent exceeding the credits limit, modify ocfs2dioendiowrite() to handle extents in a batch of transaction.
Additionally, relocate ocfs2delinodefromorphan(). The orphan inode should only be removed from the orphan list after the extent tree update is complete. This ensures that if a crash occurs in the middle of extent tree updates, we won't leave stale blocks beyond EOF.
This patch also changes the logic for updating the inode size and removing orphan, making it similar to ext4diowriteendio(). Both operations are performed only when everything looks good.
Finally, thanks to Jans and Joseph for providing the bug fix prototype and suggestions.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46080.json"
}