{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53865","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-09T01:27:17.829Z","datePublished":"2025-12-09T01:30:34.588Z","dateUpdated":"2026-05-11T19:53:00.964Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:53:00.964Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix warning when putting transaction with qgroups enabled after abort\n\nIf we have a transaction abort with qgroups enabled we get a warning\ntriggered when doing the final put on the transaction, like this:\n\n  [552.6789] ------------[ cut here ]------------\n  [552.6815] WARNING: CPU: 4 PID: 81745 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x123/0x130 [btrfs]\n  [552.6817] Modules linked in: btrfs blake2b_generic xor (...)\n  [552.6819] CPU: 4 PID: 81745 Comm: btrfs-transacti Tainted: G        W          6.4.0-rc6-btrfs-next-134+ #1\n  [552.6819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n  [552.6819] RIP: 0010:btrfs_put_transaction+0x123/0x130 [btrfs]\n  [552.6821] Code: bd a0 01 00 (...)\n  [552.6821] RSP: 0018:ffffa168c0527e28 EFLAGS: 00010286\n  [552.6821] RAX: ffff936042caed00 RBX: ffff93604a3eb448 RCX: 0000000000000000\n  [552.6821] RDX: ffff93606421b028 RSI: ffffffff92ff0878 RDI: ffff93606421b010\n  [552.6821] RBP: ffff93606421b000 R08: 0000000000000000 R09: ffffa168c0d07c20\n  [552.6821] R10: 0000000000000000 R11: ffff93608dc52950 R12: ffffa168c0527e70\n  [552.6821] R13: ffff93606421b000 R14: ffff93604a3eb420 R15: ffff93606421b028\n  [552.6821] FS:  0000000000000000(0000) GS:ffff93675fb00000(0000) knlGS:0000000000000000\n  [552.6821] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [552.6821] CR2: 0000558ad262b000 CR3: 000000014feda005 CR4: 0000000000370ee0\n  [552.6822] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  [552.6822] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  [552.6822] Call Trace:\n  [552.6822]  <TASK>\n  [552.6822]  ? __warn+0x80/0x130\n  [552.6822]  ? btrfs_put_transaction+0x123/0x130 [btrfs]\n  [552.6824]  ? report_bug+0x1f4/0x200\n  [552.6824]  ? handle_bug+0x42/0x70\n  [552.6824]  ? exc_invalid_op+0x14/0x70\n  [552.6824]  ? asm_exc_invalid_op+0x16/0x20\n  [552.6824]  ? btrfs_put_transaction+0x123/0x130 [btrfs]\n  [552.6826]  btrfs_cleanup_transaction+0xe7/0x5e0 [btrfs]\n  [552.6828]  ? _raw_spin_unlock_irqrestore+0x23/0x40\n  [552.6828]  ? try_to_wake_up+0x94/0x5e0\n  [552.6828]  ? __pfx_process_timeout+0x10/0x10\n  [552.6828]  transaction_kthread+0x103/0x1d0 [btrfs]\n  [552.6830]  ? __pfx_transaction_kthread+0x10/0x10 [btrfs]\n  [552.6832]  kthread+0xee/0x120\n  [552.6832]  ? __pfx_kthread+0x10/0x10\n  [552.6832]  ret_from_fork+0x29/0x50\n  [552.6832]  </TASK>\n  [552.6832] ---[ end trace 0000000000000000 ]---\n\nThis corresponds to this line of code:\n\n  void btrfs_put_transaction(struct btrfs_transaction *transaction)\n  {\n      (...)\n          WARN_ON(!RB_EMPTY_ROOT(\n                          &transaction->delayed_refs.dirty_extent_root));\n      (...)\n  }\n\nThe warning happens because btrfs_qgroup_destroy_extent_records(), called\nin the transaction abort path, we free all entries from the rbtree\n\"dirty_extent_root\" with rbtree_postorder_for_each_entry_safe(), but we\ndon't actually empty the rbtree - it's still pointing to nodes that were\nfreed.\n\nSo set the rbtree's root node to NULL to avoid this warning (assign\nRB_ROOT)."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/qgroup.c"],"versions":[{"version":"40ea30638d20c92b44107247415842b72c460459","lessThan":"ae91ab710d8e309f6c9eba07ce0d9d0b5d9040f0","status":"affected","versionType":"git"},{"version":"81f7eb00ff5bb8326e82503a32809421d14abb8a","lessThan":"d2c667cc18314c9bad3ec86ae071c0342132aa09","status":"affected","versionType":"git"},{"version":"81f7eb00ff5bb8326e82503a32809421d14abb8a","lessThan":"c9060caab4135dd660c4676d1ea33a6e0d3fc09d","status":"affected","versionType":"git"},{"version":"81f7eb00ff5bb8326e82503a32809421d14abb8a","lessThan":"89e994688e965813ec0a09fb30b87fb8cee06474","status":"affected","versionType":"git"},{"version":"81f7eb00ff5bb8326e82503a32809421d14abb8a","lessThan":"62dd82bc7a90b5052c062a0ad5be6d8a479a3cfb","status":"affected","versionType":"git"},{"version":"81f7eb00ff5bb8326e82503a32809421d14abb8a","lessThan":"aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6","status":"affected","versionType":"git"},{"version":"4e2e49d4211db43e0ec932579dab6a969e7e8df1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/qgroup.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.4.251","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.188","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.123","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.42","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.7","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.23","versionEndExcluding":"5.4.251"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.188"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.123"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.4.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ae91ab710d8e309f6c9eba07ce0d9d0b5d9040f0"},{"url":"https://git.kernel.org/stable/c/d2c667cc18314c9bad3ec86ae071c0342132aa09"},{"url":"https://git.kernel.org/stable/c/c9060caab4135dd660c4676d1ea33a6e0d3fc09d"},{"url":"https://git.kernel.org/stable/c/89e994688e965813ec0a09fb30b87fb8cee06474"},{"url":"https://git.kernel.org/stable/c/62dd82bc7a90b5052c062a0ad5be6d8a479a3cfb"},{"url":"https://git.kernel.org/stable/c/aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6"}],"title":"btrfs: fix warning when putting transaction with qgroups enabled after abort","x_generator":{"engine":"bippy-1.2.0"}}}}