CVE-2022-49068

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49068
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49068.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49068
Downstream
Published
2025-02-26T01:54:35.340Z
Modified
2026-04-02T08:27:16.054109Z
Summary
btrfs: release correct delalloc amount in direct IO write path
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: release correct delalloc amount in direct IO write path

Running generic/406 causes the following WARNING in btrfsdestroyinode() which tells there are outstanding extents left.

In btrfsgetblocksdirectwrite(), we reserve a temporary outstanding extents with btrfsdelallocreservemetadata() (or indirectly from btrfsdelallocreservespace(()). We then release the outstanding extents with btrfsdelallocrelease_extents(). However, the "len" can be modified in the COW case, which releases fewer outstanding extents than expected.

Fix it by calling btrfsdelallocrelease_extents() for the original length.

To reproduce the warning, the filesystem should be 1 GiB. It's triggering a short-write, due to not being able to allocate a large extent and instead allocating a smaller one.

WARNING: CPU: 0 PID: 757 at fs/btrfs/inode.c:8848 btrfsdestroyinode+0x1e6/0x210 [btrfs] Modules linked in: btrfs blake2bgeneric xor lzocompress lzodecompress raid6pq zstd zstddecompress zstdcompress xxhash zram zsmalloc CPU: 0 PID: 757 Comm: umount Not tainted 5.17.0-rc8+ #101 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014 RIP: 0010:btrfsdestroyinode+0x1e6/0x210 [btrfs] RSP: 0018:ffffc9000327bda8 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888100548b78 RCX: 0000000000000000 RDX: 0000000000026900 RSI: 0000000000000000 RDI: ffff888100548b78 RBP: ffff888100548940 R08: 0000000000000000 R09: ffff88810b48aba8 R10: 0000000000000001 R11: ffff8881004eb240 R12: ffff88810b48a800 R13: ffff88810b48ec08 R14: ffff88810b48ed00 R15: ffff888100490c68 FS: 00007f8549ea0b80(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f854a09e733 CR3: 000000010a2e9003 CR4: 0000000000370eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> destroyinode+0x33/0x70 disposelist+0x43/0x60 evictinodes+0x161/0x1b0 genericshutdownsuper+0x2d/0x110 killanonsuper+0xf/0x20 btrfskillsuper+0xd/0x20 [btrfs] deactivatelockedsuper+0x27/0x90 cleanupmnt+0x12c/0x180 taskworkrun+0x54/0x80 exittousermodeprepare+0x152/0x160 syscallexittousermode+0x12/0x30 dosyscall64+0x42/0x80 entrySYSCALL64afterhwframe+0x44/0xae RIP: 0033:0x7f854a000fb7

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49068.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5afd80c393f4e87451f14eefb7f2f24daf434e06
Fixed
07cacfd9d9dc134557ac8866c73d570a59b3d1f3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f0bfa76a11e93d0fe2c896fcb566568c5e8b5d3f
Fixed
a04d37ddfe4be431b9e52e8504490376ab0a39a4
Fixed
6d82ad13c4110e73c7b0392f00534a1502a1b520
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
96f1be29492d9e2fb97bb27f824478ab8cd3ab86

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49068.json"