CVE-2022-50549
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50549
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50549.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50549
- Downstream
- Published
- 2025-10-07T15:21:12Z
- Modified
- 2025-10-15T19:37:46.072772Z
- Summary
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata
Following concurrent processes:
P1(drop cache) P2(kworker)dropcachessysctlhandler dropslab shrinkslab downread(&shrinkerrwsem) - LOCK A doshrinkslab supercachescan pruneicachesb disposelist evict ext4evictinode ext4clearinode ext4discardpreallocations ext4mbloadbuddygfp ext4mbinitcache ext4readblockbitmapnowait ext4readbhnowait submitbh dmsubmitbio doworker processdeferredbios commit metadataoperationfailed dmpoolabortmetadata downwrite(&pmd->rootlock) - LOCK B _destroypersistentdataobjects dmblockmanagerdestroy dmbufioclientdestroy unregistershrinker downwrite(&shrinkerrwsem) thinmap | dmthinfindblock ↓ downread(&pmd->rootlock) --> ABBA deadlock
, which triggers hung task:
[ 76.974820] INFO: task kworker/u4:3:63 blocked for more than 15 seconds. [ 76.976019] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910 [ 76.978521] task:kworker/u4:3 state:D stack:0 pid:63 ppid:2 [ 76.978534] Workqueue: dm-thin doworker [ 76.978552] Call Trace: [ 76.978564] _schedule+0x6ba/0x10f0 [ 76.978582] schedule+0x9d/0x1e0 [ 76.978588] rwsemdownwriteslowpath+0x587/0xdf0 [ 76.978600] downwrite+0xec/0x110 [ 76.978607] unregistershrinker+0x2c/0xf0 [ 76.978616] dmbufioclientdestroy+0x116/0x3d0 [ 76.978625] dmblockmanagerdestroy+0x19/0x40 [ 76.978629] _destroypersistentdataobjects+0x5e/0x70 [ 76.978636] dmpoolabortmetadata+0x8e/0x100 [ 76.978643] metadataoperationfailed+0x86/0x110 [ 76.978649] commit+0x6a/0x230 [ 76.978655] doworker+0xc6e/0xd90 [ 76.978702] processonework+0x269/0x630 [ 76.978714] workerthread+0x266/0x630 [ 76.978730] kthread+0x151/0x1b0 [ 76.978772] INFO: task test.sh:2646 blocked for more than 15 seconds. [ 76.979756] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910 [ 76.982111] task:test.sh state:D stack:0 pid:2646 ppid:2459 [ 76.982128] Call Trace: [ 76.982139] _schedule+0x6ba/0x10f0 [ 76.982155] schedule+0x9d/0x1e0 [ 76.982159] rwsemdownreadslowpath+0x4f4/0x910 [ 76.982173] downread+0x84/0x170 [ 76.982177] dmthinfindblock+0x4c/0xd0 [ 76.982183] thinmap+0x201/0x3d0 [ 76.982188] _mapbio+0x5b/0x350 [ 76.982195] dmsubmitbio+0x2b6/0x930 [ 76.982202] _submitbio+0x123/0x2d0 [ 76.982209] submitbionoacctnocheck+0x101/0x3e0 [ 76.982222] submitbionoacct+0x389/0x770 [ 76.982227] submitbio+0x50/0xc0 [ 76.982232] submitbhwbc+0x15e/0x230 [ 76.982238] submitbh+0x14/0x20 [ 76.982241] ext4readbhnowait+0xc5/0x130 [ 76.982247] ext4readblockbitmapnowait+0x340/0xc60 [ 76.982254] ext4mbinitcache+0x1ce/0xdc0 [ 76.982259] ext4mbloadbuddygfp+0x987/0xfa0 [ 76.982263] ext4discardpreallocations+0x45d/0x830 [ 76.982274] ext4clearinode+0x48/0xf0 [ 76.982280] ext4evictinode+0xcf/0xc70 [ 76.982285] evict+0x119/0x2b0 [ 76.982290] disposelist+0x43/0xa0 [ 76.982294] pruneicachesb+0x64/0x90 [ 76.982298] supercachescan+0x155/0x210 [ 76.982303] doshrinkslab+0x19e/0x4e0 [ 76.982310] shrinkslab+0x2bd/0x450 [ 76.982317] dropslab+0xcc/0x1a0 [ 76.982323] dropcachessysctlhandler+0xb7/0xe0 [ 76.982327] procsyscallhandler+0x1bc/0x300 [ 76.982331] procsyswrite+0x17/0x20 [ 76.982334] vfswrite+0x3d3/0x570 [ 76.982342] ksyswrite+0x73/0x160 [ 76.982347] _x64syswrite+0x1e/0x30 [ 76.982352] dosyscall64+0x35/0x80 [ 76.982357] entrySYSCALL64afterhwframe+0x63/0xcd
Funct ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/200aa33b5d781e7c0fa6c0c7db9dbcc3f574ce8f
- https://git.kernel.org/stable/c/2d891cc5a1706b6908bceb56af7176a463ee6d62
- https://git.kernel.org/stable/c/7e37578069737b04955c71dd85db8a3bc2709eff
- https://git.kernel.org/stable/c/8111964f1b8524c4bb56b02cd9c7a37725ea21fd
- https://git.kernel.org/stable/c/cdf7a39bcc427febbfe3c3b9fe829825ead96c27
- https://git.kernel.org/stable/c/f8c26c33fef588ee54852cffa7cbb9f9d9869405
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixed200aa33b5d781e7c0fa6c0c7db9dbcc3f574ce8f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixed7e37578069737b04955c71dd85db8a3bc2709eff
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixedf8c26c33fef588ee54852cffa7cbb9f9d9869405
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixed2d891cc5a1706b6908bceb56af7176a463ee6d62
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixedcdf7a39bcc427febbfe3c3b9fe829825ead96c27
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede49e582965b3694f07a106adc83ddb44aa4f0890Fixed8111964f1b8524c4bb56b02cd9c7a37725ea21fd