{"id":"CVE-2022-49297","summary":"nbd: fix io hung while disconnecting device","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix io hung while disconnecting device\n\nIn our tests, \"qemu-nbd\" triggers a io hung:\n\nINFO: task qemu-nbd:11445 blocked for more than 368 seconds.\n      Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:qemu-nbd        state:D stack:    0 pid:11445 ppid:     1 flags:0x00000000\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x480/0x1050\n ? _raw_spin_lock_irqsave+0x3e/0xb0\n schedule+0x9c/0x1b0\n blk_mq_freeze_queue_wait+0x9d/0xf0\n ? ipi_rseq+0x70/0x70\n blk_mq_freeze_queue+0x2b/0x40\n nbd_add_socket+0x6b/0x270 [nbd]\n nbd_ioctl+0x383/0x510 [nbd]\n blkdev_ioctl+0x18e/0x3e0\n __x64_sys_ioctl+0xac/0x120\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fd8ff706577\nRSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577\nRDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f\nRBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0\nR10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d\nR13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0\n\n\"qemu-ndb -d\" will call ioctl 'NBD_DISCONNECT' first, however, following\nmessage was found:\n\nblock nbd0: Send disconnect failed -32\n\nWhich indicate that something is wrong with the server. Then,\n\"qemu-nbd -d\" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear\nrequests after commit 2516ab1543fd(\"nbd: only clear the queue on device\nteardown\"). And in the meantime, request can't complete through timeout\nbecause nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which\nmeans such request will never be completed in this situation.\n\nNow that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't\ncomplete multiple times, switch back to call nbd_clear_sock() in\nnbd_clear_sock_ioctl(), so that inflight requests can be cleared.","modified":"2026-04-02T08:27:28.582548Z","published":"2025-02-26T02:01:26.628Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49297.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/09dadb5985023e27d4740ebd17e6fea4640110e5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/141318e62db87105b0103fccc59c9c5940da248d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54b06dc2a206b4d67349bb56b92d4bd32700b7b1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/62d227f67a8c25d5e16f40e5290607f9306d2188"},{"type":"WEB","url":"https://git.kernel.org/stable/c/67e403136a0e1a55fef6a05f103a3979a39ad3fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69893d6d7f5c10d8306c1b5fc64b71efc91aa6cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4ba982bd5084fa659ef518aaf159e4dab02ecda"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f72df77600a43e59b3189e53b47f8685739867d3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49297.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49297"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2516ab1543fdd1f9d08385d73cae51f668a9f3dc"},{"fixed":"67e403136a0e1a55fef6a05f103a3979a39ad3fd"},{"fixed":"62d227f67a8c25d5e16f40e5290607f9306d2188"},{"fixed":"69893d6d7f5c10d8306c1b5fc64b71efc91aa6cd"},{"fixed":"f72df77600a43e59b3189e53b47f8685739867d3"},{"fixed":"c4ba982bd5084fa659ef518aaf159e4dab02ecda"},{"fixed":"54b06dc2a206b4d67349bb56b92d4bd32700b7b1"},{"fixed":"141318e62db87105b0103fccc59c9c5940da248d"},{"fixed":"09dadb5985023e27d4740ebd17e6fea4640110e5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49297.json"}}],"schema_version":"1.7.5"}