{"id":"CVE-2022-50571","summary":"btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: call __btrfs_remove_free_space_cache_locked on cache load failure\n\nNow that lockdep is staying enabled through our entire CI runs I started\nseeing the following stack in generic/475\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0\nCPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\nWorkqueue: btrfs-cache btrfs_work_helper\nRIP: 0010:btrfs_discard_update_discardable+0x98/0xb0\nRSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e\nRBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010\nR13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80\nFS:  0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0\nCall Trace:\n\n __btrfs_remove_free_space_cache+0x27/0x30\n load_free_space_cache+0xad2/0xaf0\n caching_thread+0x40b/0x650\n ? lock_release+0x137/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_is_held_type+0xe2/0x140\n process_one_work+0x271/0x590\n ? process_one_work+0x590/0x590\n worker_thread+0x52/0x3b0\n ? process_one_work+0x590/0x590\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis is the code\n\n        ctl = block_group-\u003efree_space_ctl;\n        discard_ctl = &block_group-\u003efs_info-\u003ediscard_ctl;\n\n        lockdep_assert_held(&ctl-\u003etree_lock);\n\nWe have a temporary free space ctl for loading the free space cache in\norder to avoid having allocations happening while we're loading the\ncache.  When we hit an error we free it all up, however this also calls\nbtrfs_discard_update_discardable, which requires\nblock_group-\u003efree_space_ctl-\u003etree_lock to be held.  However this is our\ntemporary ctl so this lock isn't held.  Fix this by calling\n__btrfs_remove_free_space_cache_locked instead so that we only clean up\nthe entries and do not mess with the discardable stats.","modified":"2026-04-02T08:28:40.451598Z","published":"2025-10-22T13:23:27.187Z","related":["SUSE-SU-2025:4189-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50571.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/819a61301275dcc573e3f520be3dc2c8531bee2d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a1ae2781dee9fc21ca82db682d37bea4bd074ad"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50571.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50571"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cd79909bc7cdd8043a22d699aae1e8435792c824"},{"fixed":"819a61301275dcc573e3f520be3dc2c8531bee2d"},{"fixed":"8a1ae2781dee9fc21ca82db682d37bea4bd074ad"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50571.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.19.17"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50571.json"}}],"schema_version":"1.7.5"}