Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-50549

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/10/2025
Last modified:
08/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata<br /> <br /> Following concurrent processes:<br /> <br /> P1(drop cache) P2(kworker)<br /> drop_caches_sysctl_handler<br /> drop_slab<br /> shrink_slab<br /> down_read(&amp;shrinker_rwsem) - LOCK A<br /> do_shrink_slab<br /> super_cache_scan<br /> prune_icache_sb<br /> dispose_list<br /> evict<br /> ext4_evict_inode<br /> ext4_clear_inode<br /> ext4_discard_preallocations<br /> ext4_mb_load_buddy_gfp<br /> ext4_mb_init_cache<br /> ext4_read_block_bitmap_nowait<br /> ext4_read_bh_nowait<br /> submit_bh<br /> dm_submit_bio<br /> do_worker<br /> process_deferred_bios<br /> commit<br /> metadata_operation_failed<br /> dm_pool_abort_metadata<br /> down_write(&amp;pmd-&gt;root_lock) - LOCK B<br /> __destroy_persistent_data_objects<br /> dm_block_manager_destroy<br /> dm_bufio_client_destroy<br /> unregister_shrinker<br /> down_write(&amp;shrinker_rwsem)<br /> thin_map |<br /> dm_thin_find_block ↓<br /> down_read(&amp;pmd-&gt;root_lock) --&gt; ABBA deadlock<br /> <br /> , which triggers hung task:<br /> <br /> [ 76.974820] INFO: task kworker/u4:3:63 blocked for more than 15 seconds.<br /> [ 76.976019] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910<br /> [ 76.978521] task:kworker/u4:3 state:D stack:0 pid:63 ppid:2<br /> [ 76.978534] Workqueue: dm-thin do_worker<br /> [ 76.978552] Call Trace:<br /> [ 76.978564] __schedule+0x6ba/0x10f0<br /> [ 76.978582] schedule+0x9d/0x1e0<br /> [ 76.978588] rwsem_down_write_slowpath+0x587/0xdf0<br /> [ 76.978600] down_write+0xec/0x110<br /> [ 76.978607] unregister_shrinker+0x2c/0xf0<br /> [ 76.978616] dm_bufio_client_destroy+0x116/0x3d0<br /> [ 76.978625] dm_block_manager_destroy+0x19/0x40<br /> [ 76.978629] __destroy_persistent_data_objects+0x5e/0x70<br /> [ 76.978636] dm_pool_abort_metadata+0x8e/0x100<br /> [ 76.978643] metadata_operation_failed+0x86/0x110<br /> [ 76.978649] commit+0x6a/0x230<br /> [ 76.978655] do_worker+0xc6e/0xd90<br /> [ 76.978702] process_one_work+0x269/0x630<br /> [ 76.978714] worker_thread+0x266/0x630<br /> [ 76.978730] kthread+0x151/0x1b0<br /> [ 76.978772] INFO: task test.sh:2646 blocked for more than 15 seconds.<br /> [ 76.979756] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910<br /> [ 76.982111] task:test.sh state:D stack:0 pid:2646 ppid:2459<br /> [ 76.982128] Call Trace:<br /> [ 76.982139] __schedule+0x6ba/0x10f0<br /> [ 76.982155] schedule+0x9d/0x1e0<br /> [ 76.982159] rwsem_down_read_slowpath+0x4f4/0x910<br /> [ 76.982173] down_read+0x84/0x170<br /> [ 76.982177] dm_thin_find_block+0x4c/0xd0<br /> [ 76.982183] thin_map+0x201/0x3d0<br /> [ 76.982188] __map_bio+0x5b/0x350<br /> [ 76.982195] dm_submit_bio+0x2b6/0x930<br /> [ 76.982202] __submit_bio+0x123/0x2d0<br /> [ 76.982209] submit_bio_noacct_nocheck+0x101/0x3e0<br /> [ 76.982222] submit_bio_noacct+0x389/0x770<br /> [ 76.982227] submit_bio+0x50/0xc0<br /> [ 76.982232] submit_bh_wbc+0x15e/0x230<br /> [ 76.982238] submit_bh+0x14/0x20<br /> [ 76.982241] ext4_read_bh_nowait+0xc5/0x130<br /> [ 76.982247] ext4_read_block_bitmap_nowait+0x340/0xc60<br /> [ 76.982254] ext4_mb_init_cache+0x1ce/0xdc0<br /> [ 76.982259] ext4_mb_load_buddy_gfp+0x987/0xfa0<br /> [ 76.982263] ext4_discard_preallocations+0x45d/0x830<br /> [ 76.982274] ext4_clear_inode+0x48/0xf0<br /> [ 76.982280] ext4_evict_inode+0xcf/0xc70<br /> [ 76.982285] evict+0x119/0x2b0<br /> [ 76.982290] dispose_list+0x43/0xa0<br /> [ 76.982294] prune_icache_sb+0x64/0x90<br /> [ 76.982298] super_cache_scan+0x155/0x210<br /> [ 76.982303] do_shrink_slab+0x19e/0x4e0<br /> [ 76.982310] shrink_slab+0x2bd/0x450<br /> [ 76.982317] drop_slab+0xcc/0x1a0<br /> [ 76.982323] drop_caches_sysctl_handler+0xb7/0xe0<br /> [ 76.982327] proc_sys_call_handler+0x1bc/0x300<br /> [ 76.982331] proc_sys_write+0x17/0x20<br /> [ 76.982334] vfs_write+0x3d3/0x570<br /> [ 76.982342] ksys_write+0x73/0x160<br /> [ 76.982347] __x64_sys_write+0x1e/0x30<br /> [ 76.982352] do_syscall_64+0x35/0x80<br /> [ 76.982357] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> Funct<br /> ---truncated---

Impact

References to Advisories, Solutions, and Tools