CVE-2025-38580

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix inode use after free in ext4endiorsvwork()

In ext4ioenddefercompletion(), check if ioend->listvec is empty to avoid adding an ioend that requires no conversion to the irsvconversionlist, which in turn prevents starting an unnecessary worker. An ext4emergencystate() check is also added to avoid attempting to abort the journal in an emergency state.

Additionally, ext4putioenddefer() is refactored to call ext4ioenddefercompletion() directly instead of being open-coded. This also prevents starting an unnecessary worker when EXT4IOENDFAILED is set but dataerr=abort is not enabled.

This ensures that the check in ext4putioenddefer() is consistent with the check in ext4endbio(). Otherwise, we might add an ioend to the irsvconversionlist and then call ext4finishbio(), after which the inode could be freed before ext4endiorsvwork() is called, triggering a use-after-free issue.