VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50730

CVE-2022-50730

Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: silence the warning when evicting inode with dioread_nolock

When evicting an inode with default dioread_nolock, it could be raced by the unwritten extents converting kworker after writeback some new allocated dirty blocks. It convert unwritten extents to written, the extents could be merged to upper level and free extent blocks, so it could mark the inode dirty again even this inode has been marked I_FREEING. But the inode->i_io_list check and warning in ext4_evict_inode() missing this corner case. Fortunately, ext4_evict_inode() will wait all extents converting finished before this check, so it will not lead to inode use-after-free problem, every thing is OK besides this warning. The WARN_ON_ONCE was originally designed for finding inode use-after-free issues in advance, but if we add current dioread_nolock case in, it will become not quite useful, so fix this warning by just remove this check.

====== WARNING: CPU: 7 PID: 1092 at fs/ext4/inode.c:227 ext4_evict_inode+0x875/0xc60 ... RIP: 0010:ext4_evict_inode+0x875/0xc60 ... Call Trace:

evict+0x11c/0x2b0 iput+0x236/0x3a0 do_unlinkat+0x1b4/0x490 __x64_sys_unlinkat+0x4c/0xb0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fa933c1115b ======

rm kworker ext4_end_io_end() vfs_unlink() ext4_unlink() ext4_convert_unwritten_io_end_vec() ext4_convert_unwritten_extents() ext4_map_blocks() ext4_ext_map_blocks() ext4_ext_try_to_merge_up() __mark_inode_dirty() check !I_FREEING locked_inode_to_wb_and_lock_list() iput() iput_final() evict() ext4_evict_inode() truncate_inode_pages_final() //wait release io_end inode_io_list_move_locked() ext4_release_io_end() trigger WARN_ON_ONCE()

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A race condition in ext4's dioread_nolock mode can trigger a spurious WARN_ON during inode eviction, fixed by removing the warning check.

Vulnerability

Description

CVE-2022-50730 is a bug in the Linux kernel's ext4 filesystem that causes a spurious kernel warning (WARN_ON_ONCE) when evicting an inode that uses the default dioread_nolock mode. The root cause is a race condition between the inode eviction path and a background kworker that converts unwritten extents to written ones. After writeback of newly allocated dirty blocks, the kworker may merge extents and free blocks, which can mark the inode dirty again even though the inode has already been flagged I_FREEING. The warning check in ext4_ext4_evict_inode()` did not account for this specific race scenario.

Exploitation and

Attack Surface

Exploitation requires an attacker to trigger a specific sequence of file operations (e.g., unlinking a file) while the ext4 filesystem is performing writeback with dioreadoread_nolock enabled. No special privileges are needed beyond the ability to create and delete files on an ext4 filesystem. The race window is narrow and involves concurrent execution of the unlink system call and the ext4 end I/O worker.

Impact

The impact is limited to a spurious kernel warning message and a stack trace printed to the kernel log. The developers confirmed that the race does not lead to an inode use-after-free or any memory corruption because ext4_evict_inode() waits for alls` waits for all extent conversions to finish before the warning check. Therefore, the bug is a correctness issue in the warning logic rather than a security vulnerability that could be exploited for privilege escalation or denial of service beyond the warning itself.

Mitigation

The fix removes the WARN_ON_ONCE check that was triggering the false positive. The patch has been applied to the stable kernel branches as referenced in the commit [1] and [2]. Users should update their Linux kernel to a version containing the fix to eliminate the unnecessary warning messages.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

5
bdc698ce91f2
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
0d041b7251c1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
3b893cc9a8d8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b085fb43feed
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
bc12ac98ea2e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.