CVE-2022-49702 (GCVE-0-2022-49702)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:24 – Updated: 2026-05-11 19:05
VLAI
Title
btrfs: fix hang during unmount when block group reclaim task is running
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when block group reclaim task is running When we start an unmount, at close_ctree(), if we have the reclaim task running and in the middle of a data block group relocation, we can trigger a deadlock when stopping an async reclaim task, producing a trace like the following: [629724.498185] task:kworker/u16:7 state:D stack: 0 pid:681170 ppid: 2 flags:0x00004000 [629724.499760] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [btrfs] [629724.501267] Call Trace: [629724.501759] <TASK> [629724.502174] __schedule+0x3cb/0xed0 [629724.502842] schedule+0x4e/0xb0 [629724.503447] btrfs_wait_on_delayed_iputs+0x7c/0xc0 [btrfs] [629724.504534] ? prepare_to_wait_exclusive+0xc0/0xc0 [629724.505442] flush_space+0x423/0x630 [btrfs] [629724.506296] ? rcu_read_unlock_trace_special+0x20/0x50 [629724.507259] ? lock_release+0x220/0x4a0 [629724.507932] ? btrfs_get_alloc_profile+0xb3/0x290 [btrfs] [629724.508940] ? do_raw_spin_unlock+0x4b/0xa0 [629724.509688] btrfs_async_reclaim_metadata_space+0x139/0x320 [btrfs] [629724.510922] process_one_work+0x252/0x5a0 [629724.511694] ? process_one_work+0x5a0/0x5a0 [629724.512508] worker_thread+0x52/0x3b0 [629724.513220] ? process_one_work+0x5a0/0x5a0 [629724.514021] kthread+0xf2/0x120 [629724.514627] ? kthread_complete_and_exit+0x20/0x20 [629724.515526] ret_from_fork+0x22/0x30 [629724.516236] </TASK> [629724.516694] task:umount state:D stack: 0 pid:719055 ppid:695412 flags:0x00004000 [629724.518269] Call Trace: [629724.518746] <TASK> [629724.519160] __schedule+0x3cb/0xed0 [629724.519835] schedule+0x4e/0xb0 [629724.520467] schedule_timeout+0xed/0x130 [629724.521221] ? lock_release+0x220/0x4a0 [629724.521946] ? lock_acquired+0x19c/0x420 [629724.522662] ? trace_hardirqs_on+0x1b/0xe0 [629724.523411] __wait_for_common+0xaf/0x1f0 [629724.524189] ? usleep_range_state+0xb0/0xb0 [629724.524997] __flush_work+0x26d/0x530 [629724.525698] ? flush_workqueue_prep_pwqs+0x140/0x140 [629724.526580] ? lock_acquire+0x1a0/0x310 [629724.527324] __cancel_work_timer+0x137/0x1c0 [629724.528190] close_ctree+0xfd/0x531 [btrfs] [629724.529000] ? evict_inodes+0x166/0x1c0 [629724.529510] generic_shutdown_super+0x74/0x120 [629724.530103] kill_anon_super+0x14/0x30 [629724.530611] btrfs_kill_super+0x12/0x20 [btrfs] [629724.531246] deactivate_locked_super+0x31/0xa0 [629724.531817] cleanup_mnt+0x147/0x1c0 [629724.532319] task_work_run+0x5c/0xa0 [629724.532984] exit_to_user_mode_prepare+0x1a6/0x1b0 [629724.533598] syscall_exit_to_user_mode+0x16/0x40 [629724.534200] do_syscall_64+0x48/0x90 [629724.534667] entry_SYSCALL_64_after_hwframe+0x44/0xae [629724.535318] RIP: 0033:0x7fa2b90437a7 [629724.535804] RSP: 002b:00007ffe0b7e4458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [629724.536912] RAX: 0000000000000000 RBX: 00007fa2b9182264 RCX: 00007fa2b90437a7 [629724.538156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555d6cf20dd0 [629724.539053] RBP: 0000555d6cf20ba0 R08: 0000000000000000 R09: 00007ffe0b7e3200 [629724.539956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [629724.540883] R13: 0000555d6cf20dd0 R14: 0000555d6cf20cb0 R15: 0000000000000000 [629724.541796] </TASK> This happens because: 1) Before entering close_ctree() we have the async block group reclaim task running and relocating a data block group; 2) There's an async metadata (or data) space reclaim task running; 3) We enter close_ctree() and park the cleaner kthread; 4) The async space reclaim task is at flush_space() and runs all the existing delayed iputs; 5) Before the async space reclaim task calls btrfs_wait_on_delayed_iputs(), the block group reclaim task which is doing the data block group relocation, creates a delayed iput at replace_file_extents() (called when COWing leaves that have file extent items pointing to relocated data exten ---truncated---
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 18bb8bbf13c1839b43c9e09e76d397b753989af2 , < 341d33128a940c6634175dcb6ca92dc454cfa7d2 (git)
Affected: 18bb8bbf13c1839b43c9e09e76d397b753989af2 , < 9fadb11f1295289e0da4d3342ecb6b92c1c99540 (git)
Affected: 18bb8bbf13c1839b43c9e09e76d397b753989af2 , < 31e70e527806c546a72262f2fc3d982ee23c42d3 (git)
Create a notification for this product.
Linux Linux Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.51 , ≤ 5.15.* (semver)
Unaffected: 5.18.8 , ≤ 5.18.* (semver)
Unaffected: 5.19 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "341d33128a940c6634175dcb6ca92dc454cfa7d2",
              "status": "affected",
              "version": "18bb8bbf13c1839b43c9e09e76d397b753989af2",
              "versionType": "git"
            },
            {
              "lessThan": "9fadb11f1295289e0da4d3342ecb6b92c1c99540",
              "status": "affected",
              "version": "18bb8bbf13c1839b43c9e09e76d397b753989af2",
              "versionType": "git"
            },
            {
              "lessThan": "31e70e527806c546a72262f2fc3d982ee23c42d3",
              "status": "affected",
              "version": "18bb8bbf13c1839b43c9e09e76d397b753989af2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.51",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.8",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix hang during unmount when block group reclaim task is running\n\nWhen we start an unmount, at close_ctree(), if we have the reclaim task\nrunning and in the middle of a data block group relocation, we can trigger\na deadlock when stopping an async reclaim task, producing a trace like the\nfollowing:\n\n[629724.498185] task:kworker/u16:7   state:D stack:    0 pid:681170 ppid:     2 flags:0x00004000\n[629724.499760] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [btrfs]\n[629724.501267] Call Trace:\n[629724.501759]  \u003cTASK\u003e\n[629724.502174]  __schedule+0x3cb/0xed0\n[629724.502842]  schedule+0x4e/0xb0\n[629724.503447]  btrfs_wait_on_delayed_iputs+0x7c/0xc0 [btrfs]\n[629724.504534]  ? prepare_to_wait_exclusive+0xc0/0xc0\n[629724.505442]  flush_space+0x423/0x630 [btrfs]\n[629724.506296]  ? rcu_read_unlock_trace_special+0x20/0x50\n[629724.507259]  ? lock_release+0x220/0x4a0\n[629724.507932]  ? btrfs_get_alloc_profile+0xb3/0x290 [btrfs]\n[629724.508940]  ? do_raw_spin_unlock+0x4b/0xa0\n[629724.509688]  btrfs_async_reclaim_metadata_space+0x139/0x320 [btrfs]\n[629724.510922]  process_one_work+0x252/0x5a0\n[629724.511694]  ? process_one_work+0x5a0/0x5a0\n[629724.512508]  worker_thread+0x52/0x3b0\n[629724.513220]  ? process_one_work+0x5a0/0x5a0\n[629724.514021]  kthread+0xf2/0x120\n[629724.514627]  ? kthread_complete_and_exit+0x20/0x20\n[629724.515526]  ret_from_fork+0x22/0x30\n[629724.516236]  \u003c/TASK\u003e\n[629724.516694] task:umount          state:D stack:    0 pid:719055 ppid:695412 flags:0x00004000\n[629724.518269] Call Trace:\n[629724.518746]  \u003cTASK\u003e\n[629724.519160]  __schedule+0x3cb/0xed0\n[629724.519835]  schedule+0x4e/0xb0\n[629724.520467]  schedule_timeout+0xed/0x130\n[629724.521221]  ? lock_release+0x220/0x4a0\n[629724.521946]  ? lock_acquired+0x19c/0x420\n[629724.522662]  ? trace_hardirqs_on+0x1b/0xe0\n[629724.523411]  __wait_for_common+0xaf/0x1f0\n[629724.524189]  ? usleep_range_state+0xb0/0xb0\n[629724.524997]  __flush_work+0x26d/0x530\n[629724.525698]  ? flush_workqueue_prep_pwqs+0x140/0x140\n[629724.526580]  ? lock_acquire+0x1a0/0x310\n[629724.527324]  __cancel_work_timer+0x137/0x1c0\n[629724.528190]  close_ctree+0xfd/0x531 [btrfs]\n[629724.529000]  ? evict_inodes+0x166/0x1c0\n[629724.529510]  generic_shutdown_super+0x74/0x120\n[629724.530103]  kill_anon_super+0x14/0x30\n[629724.530611]  btrfs_kill_super+0x12/0x20 [btrfs]\n[629724.531246]  deactivate_locked_super+0x31/0xa0\n[629724.531817]  cleanup_mnt+0x147/0x1c0\n[629724.532319]  task_work_run+0x5c/0xa0\n[629724.532984]  exit_to_user_mode_prepare+0x1a6/0x1b0\n[629724.533598]  syscall_exit_to_user_mode+0x16/0x40\n[629724.534200]  do_syscall_64+0x48/0x90\n[629724.534667]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[629724.535318] RIP: 0033:0x7fa2b90437a7\n[629724.535804] RSP: 002b:00007ffe0b7e4458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\n[629724.536912] RAX: 0000000000000000 RBX: 00007fa2b9182264 RCX: 00007fa2b90437a7\n[629724.538156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555d6cf20dd0\n[629724.539053] RBP: 0000555d6cf20ba0 R08: 0000000000000000 R09: 00007ffe0b7e3200\n[629724.539956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[629724.540883] R13: 0000555d6cf20dd0 R14: 0000555d6cf20cb0 R15: 0000000000000000\n[629724.541796]  \u003c/TASK\u003e\n\nThis happens because:\n\n1) Before entering close_ctree() we have the async block group reclaim\n   task running and relocating a data block group;\n\n2) There\u0027s an async metadata (or data) space reclaim task running;\n\n3) We enter close_ctree() and park the cleaner kthread;\n\n4) The async space reclaim task is at flush_space() and runs all the\n   existing delayed iputs;\n\n5) Before the async space reclaim task calls\n   btrfs_wait_on_delayed_iputs(), the block group reclaim task which is\n   doing the data block group relocation, creates a delayed iput at\n   replace_file_extents() (called when COWing leaves that have file extent\n   items pointing to relocated data exten\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:05:05.519Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/341d33128a940c6634175dcb6ca92dc454cfa7d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fadb11f1295289e0da4d3342ecb6b92c1c99540"
        },
        {
          "url": "https://git.kernel.org/stable/c/31e70e527806c546a72262f2fc3d982ee23c42d3"
        }
      ],
      "title": "btrfs: fix hang during unmount when block group reclaim task is running",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49702",
    "datePublished": "2025-02-26T02:24:22.030Z",
    "dateReserved": "2025-02-26T02:21:30.443Z",
    "dateUpdated": "2026-05-11T19:05:05.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-49702",
      "date": "2026-07-17",
      "epss": "0.00199",
      "percentile": "0.09883"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49702\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:45.827\",\"lastModified\":\"2026-06-17T05:18:54.503\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: fix hang during unmount when block group reclaim task is running\\n\\nWhen we start an unmount, at close_ctree(), if we have the reclaim task\\nrunning and in the middle of a data block group relocation, we can trigger\\na deadlock when stopping an async reclaim task, producing a trace like the\\nfollowing:\\n\\n[629724.498185] task:kworker/u16:7   state:D stack:    0 pid:681170 ppid:     2 flags:0x00004000\\n[629724.499760] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [btrfs]\\n[629724.501267] Call Trace:\\n[629724.501759]  \u003cTASK\u003e\\n[629724.502174]  __schedule+0x3cb/0xed0\\n[629724.502842]  schedule+0x4e/0xb0\\n[629724.503447]  btrfs_wait_on_delayed_iputs+0x7c/0xc0 [btrfs]\\n[629724.504534]  ? prepare_to_wait_exclusive+0xc0/0xc0\\n[629724.505442]  flush_space+0x423/0x630 [btrfs]\\n[629724.506296]  ? rcu_read_unlock_trace_special+0x20/0x50\\n[629724.507259]  ? lock_release+0x220/0x4a0\\n[629724.507932]  ? btrfs_get_alloc_profile+0xb3/0x290 [btrfs]\\n[629724.508940]  ? do_raw_spin_unlock+0x4b/0xa0\\n[629724.509688]  btrfs_async_reclaim_metadata_space+0x139/0x320 [btrfs]\\n[629724.510922]  process_one_work+0x252/0x5a0\\n[629724.511694]  ? process_one_work+0x5a0/0x5a0\\n[629724.512508]  worker_thread+0x52/0x3b0\\n[629724.513220]  ? process_one_work+0x5a0/0x5a0\\n[629724.514021]  kthread+0xf2/0x120\\n[629724.514627]  ? kthread_complete_and_exit+0x20/0x20\\n[629724.515526]  ret_from_fork+0x22/0x30\\n[629724.516236]  \u003c/TASK\u003e\\n[629724.516694] task:umount          state:D stack:    0 pid:719055 ppid:695412 flags:0x00004000\\n[629724.518269] Call Trace:\\n[629724.518746]  \u003cTASK\u003e\\n[629724.519160]  __schedule+0x3cb/0xed0\\n[629724.519835]  schedule+0x4e/0xb0\\n[629724.520467]  schedule_timeout+0xed/0x130\\n[629724.521221]  ? lock_release+0x220/0x4a0\\n[629724.521946]  ? lock_acquired+0x19c/0x420\\n[629724.522662]  ? trace_hardirqs_on+0x1b/0xe0\\n[629724.523411]  __wait_for_common+0xaf/0x1f0\\n[629724.524189]  ? usleep_range_state+0xb0/0xb0\\n[629724.524997]  __flush_work+0x26d/0x530\\n[629724.525698]  ? flush_workqueue_prep_pwqs+0x140/0x140\\n[629724.526580]  ? lock_acquire+0x1a0/0x310\\n[629724.527324]  __cancel_work_timer+0x137/0x1c0\\n[629724.528190]  close_ctree+0xfd/0x531 [btrfs]\\n[629724.529000]  ? evict_inodes+0x166/0x1c0\\n[629724.529510]  generic_shutdown_super+0x74/0x120\\n[629724.530103]  kill_anon_super+0x14/0x30\\n[629724.530611]  btrfs_kill_super+0x12/0x20 [btrfs]\\n[629724.531246]  deactivate_locked_super+0x31/0xa0\\n[629724.531817]  cleanup_mnt+0x147/0x1c0\\n[629724.532319]  task_work_run+0x5c/0xa0\\n[629724.532984]  exit_to_user_mode_prepare+0x1a6/0x1b0\\n[629724.533598]  syscall_exit_to_user_mode+0x16/0x40\\n[629724.534200]  do_syscall_64+0x48/0x90\\n[629724.534667]  entry_SYSCALL_64_after_hwframe+0x44/0xae\\n[629724.535318] RIP: 0033:0x7fa2b90437a7\\n[629724.535804] RSP: 002b:00007ffe0b7e4458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\\n[629724.536912] RAX: 0000000000000000 RBX: 00007fa2b9182264 RCX: 00007fa2b90437a7\\n[629724.538156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555d6cf20dd0\\n[629724.539053] RBP: 0000555d6cf20ba0 R08: 0000000000000000 R09: 00007ffe0b7e3200\\n[629724.539956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\n[629724.540883] R13: 0000555d6cf20dd0 R14: 0000555d6cf20cb0 R15: 0000000000000000\\n[629724.541796]  \u003c/TASK\u003e\\n\\nThis happens because:\\n\\n1) Before entering close_ctree() we have the async block group reclaim\\n   task running and relocating a data block group;\\n\\n2) There\u0027s an async metadata (or data) space reclaim task running;\\n\\n3) We enter close_ctree() and park the cleaner kthread;\\n\\n4) The async space reclaim task is at flush_space() and runs all the\\n   existing delayed iputs;\\n\\n5) Before the async space reclaim task calls\\n   btrfs_wait_on_delayed_iputs(), the block group reclaim task which is\\n   doing the data block group relocation, creates a delayed iput at\\n   replace_file_extents() (called when COWing leaves that have file extent\\n   items pointing to relocated data exten\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige un bloqueo durante el desmontaje cuando se est\u00e1 ejecutando la tarea de recuperaci\u00f3n del grupo de bloques Cuando iniciamos un desmontaje, en close_ctree(), si tenemos la tarea de recuperaci\u00f3n en ejecuci\u00f3n y estamos en medio de una reubicaci\u00f3n del grupo de bloques de datos, podemos provocar un bloqueo al detener una tarea de recuperaci\u00f3n as\u00edncrona, lo que produce un seguimiento como el siguiente: [629724.498185] task:kworker/u16:7 state:D stack: 0 pid:681170 ppid: 2 flags:0x00004000 [629724.499760] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [btrfs] [629724.501267] Call Trace: [629724.501759]  [629724.502174] __schedule+0x3cb/0xed0 [629724.502842] schedule+0x4e/0xb0 [629724.503447] btrfs_wait_on_delayed_iputs+0x7c/0xc0 [btrfs] [629724.504534] ? prepare_to_wait_exclusive+0xc0/0xc0 [629724.505442] flush_space+0x423/0x630 [btrfs] [629724.506296] ? rcu_read_unlock_trace_special+0x20/0x50 [629724.507259] ? lock_release+0x220/0x4a0 [629724.507932] ? btrfs_get_alloc_profile+0xb3/0x290 [btrfs] [629724.508940] ? do_raw_spin_unlock+0x4b/0xa0 [629724.509688] btrfs_async_reclaim_metadata_space+0x139/0x320 [btrfs] [629724.510922] process_one_work+0x252/0x5a0 [629724.511694] ? process_one_work+0x5a0/0x5a0 [629724.512508] worker_thread+0x52/0x3b0 [629724.513220] ? process_one_work+0x5a0/0x5a0 [629724.514021] kthread+0xf2/0x120 [629724.514627] ? kthread_complete_and_exit+0x20/0x20 [629724.515526] ret_from_fork+0x22/0x30 [629724.516236]  [629724.516694] task:umount state:D stack: 0 pid:719055 ppid:695412 flags:0x00004000 [629724.518269] Call Trace: [629724.518746]  [629724.519160] __schedule+0x3cb/0xed0 [629724.519835] schedule+0x4e/0xb0 [629724.520467] schedule_timeout+0xed/0x130 [629724.521221] ? lock_release+0x220/0x4a0 [629724.521946] ? lock_acquired+0x19c/0x420 [629724.522662] ? trace_hardirqs_on+0x1b/0xe0 [629724.523411] __wait_for_common+0xaf/0x1f0 [629724.524189] ? usleep_range_state+0xb0/0xb0 [629724.524997] __flush_work+0x26d/0x530 [629724.525698] ? flush_workqueue_prep_pwqs+0x140/0x140 [629724.526580] ? lock_acquire+0x1a0/0x310 [629724.527324] __cancel_work_timer+0x137/0x1c0 [629724.528190] close_ctree+0xfd/0x531 [btrfs] [629724.529000] ? evict_inodes+0x166/0x1c0 [629724.529510] generic_shutdown_super+0x74/0x120 [629724.530103] kill_anon_super+0x14/0x30 [629724.530611] btrfs_kill_super+0x12/0x20 [btrfs] [629724.531246] deactivate_locked_super+0x31/0xa0 [629724.531817] cleanup_mnt+0x147/0x1c0 [629724.532319] task_work_run+0x5c/0xa0 [629724.532984] exit_to_user_mode_prepare+0x1a6/0x1b0 [629724.533598] syscall_exit_to_user_mode+0x16/0x40 [629724.534200] do_syscall_64+0x48/0x90 [629724.534667] entry_SYSCALL_64_after_hwframe+0x44/0xae [629724.535318] RIP: 0033:0x7fa2b90437a7 [629724.535804] RSP: 002b:00007ffe0b7e4458 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [629724.536912] RAX: 0000000000000000 RBX: 00007fa2b9182264 RCX: 00007fa2b90437a7 [629724.538156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555d6cf20dd0 [629724.539053] RBP: 0000555d6cf20ba0 R08: 0000000000000000 R09: 00007ffe0b7e3200 [629724.539956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [629724.540883] R13: 0000555d6cf20dd0 R14: 0000555d6cf20cb0 R15: 0000000000000000 [629724.541796]  Esto sucede porque: 1) Antes de ingresar a close_ctree() tenemos la tarea de recuperaci\u00f3n de grupo de bloques as\u00edncronos ejecut\u00e1ndose y reubicando un grupo de bloques de datos; 2) Hay una tarea de recuperaci\u00f3n de espacio de metadatos (o datos) as\u00edncronos ejecut\u00e1ndose; 3) Ingresamos a close_ctree() y estacionamos el kthread m\u00e1s limpio; 4) La tarea de recuperaci\u00f3n de espacio as\u00edncrona est\u00e1 en flush_space() y ejecuta todas las entradas retrasadas existentes; 5) Antes de que la tarea de recuperaci\u00f3n de espacio as\u00edncrona llame a btrfs_wait_on_delayed_iputs(), la tarea de recuperaci\u00f3n de grupo de bloques que est\u00e1 realizando la reubicaci\u00f3n del grupo de bloques de datos, crea una entrada  ---truncada---\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"fs/btrfs/disk-io.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"18bb8bbf13c1839b43c9e09e76d397b753989af2\",\"lessThan\":\"341d33128a940c6634175dcb6ca92dc454cfa7d2\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"18bb8bbf13c1839b43c9e09e76d397b753989af2\",\"lessThan\":\"9fadb11f1295289e0da4d3342ecb6b92c1c99540\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"18bb8bbf13c1839b43c9e09e76d397b753989af2\",\"lessThan\":\"31e70e527806c546a72262f2fc3d982ee23c42d3\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"fs/btrfs/disk-io.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.13\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.13\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.51\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.18.8\",\"lessThanOrEqual\":\"5.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.19\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.15.51\",\"matchCriteriaId\":\"AA59AD4A-9F0B-4A17-9F76-4D464C6F1DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.18.8\",\"matchCriteriaId\":\"0172D3FA-DDEB-482A-A270-4A1495A8798C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C30C2D-F82D-4D37-AB48-D76ABFBD5377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8547FC-C849-4F1B-804B-A93AE2F04A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3068028-F453-4A1C-B80F-3F5609ACEF60\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31e70e527806c546a72262f2fc3d982ee23c42d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/341d33128a940c6634175dcb6ca92dc454cfa7d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9fadb11f1295289e0da4d3342ecb6b92c1c99540\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "redhat_vex": {
      "aggregate_severity": "Moderate",
      "current_release_date": "2026-06-29T21:15:48+00:00",
      "cve": "CVE-2022-49702",
      "id": "CVE-2022-49702",
      "initial_release_date": "2022-01-01T00:00:00+00:00",
      "product_status:known_affected": "42",
      "product_status:known_not_affected": "232",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "kernel: btrfs: fix hang during unmount when block group reclaim task is running",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49702.json",
      "version": "3"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…