{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47510","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-24T15:02:54.823Z","datePublished":"2024-05-24T15:09:26.019Z","dateUpdated":"2025-05-04T07:12:34.135Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:12:34.135Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix re-dirty process of tree-log nodes\n\nThere is a report of a transaction abort of -EAGAIN with the following\nscript.\n\n  #!/bin/sh\n\n  for d in sda sdb; do\n          mkfs.btrfs -d single -m single -f /dev/\\${d}\n  done\n\n  mount /dev/sda /mnt/test\n  mount /dev/sdb /mnt/scratch\n\n  for dir in test scratch; do\n          echo 3 >/proc/sys/vm/drop_caches\n          fio --directory=/mnt/\\${dir} --name=fio.\\${dir} --rw=read --size=50G --bs=64m \\\n                  --numjobs=$(nproc) --time_based --ramp_time=5 --runtime=480 \\\n                  --group_reporting |& tee /dev/shm/fio.\\${dir}\n          echo 3 >/proc/sys/vm/drop_caches\n  done\n\n  for d in sda sdb; do\n          umount /dev/\\${d}\n  done\n\nThe stack trace is shown in below.\n\n  [3310.967991] BTRFS: error (device sda) in btrfs_commit_transaction:2341: errno=-11 unknown (Error while writing out transaction)\n  [3310.968060] BTRFS info (device sda): forced readonly\n  [3310.968064] BTRFS warning (device sda): Skipping commit of aborted transaction.\n  [3310.968065] ------------[ cut here ]------------\n  [3310.968066] BTRFS: Transaction aborted (error -11)\n  [3310.968074] WARNING: CPU: 14 PID: 1684 at fs/btrfs/transaction.c:1946 btrfs_commit_transaction.cold+0x209/0x2c8\n  [3310.968131] CPU: 14 PID: 1684 Comm: fio Not tainted 5.14.10-300.fc35.x86_64 #1\n  [3310.968135] Hardware name: DIAWAY Tartu/Tartu, BIOS V2.01.B10 04/08/2021\n  [3310.968137] RIP: 0010:btrfs_commit_transaction.cold+0x209/0x2c8\n  [3310.968144] RSP: 0018:ffffb284ce393e10 EFLAGS: 00010282\n  [3310.968147] RAX: 0000000000000026 RBX: ffff973f147b0f60 RCX: 0000000000000027\n  [3310.968149] RDX: ffff974ecf098a08 RSI: 0000000000000001 RDI: ffff974ecf098a00\n  [3310.968150] RBP: ffff973f147b0f08 R08: 0000000000000000 R09: ffffb284ce393c48\n  [3310.968151] R10: ffffb284ce393c40 R11: ffffffff84f47468 R12: ffff973f101bfc00\n  [3310.968153] R13: ffff971f20cf2000 R14: 00000000fffffff5 R15: ffff973f147b0e58\n  [3310.968154] FS:  00007efe65468740(0000) GS:ffff974ecf080000(0000) knlGS:0000000000000000\n  [3310.968157] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  [3310.968158] CR2: 000055691bcbe260 CR3: 000000105cfa4001 CR4: 0000000000770ee0\n  [3310.968160] PKRU: 55555554\n  [3310.968161] Call Trace:\n  [3310.968167]  ? dput+0xd4/0x300\n  [3310.968174]  btrfs_sync_file+0x3f1/0x490\n  [3310.968180]  __x64_sys_fsync+0x33/0x60\n  [3310.968185]  do_syscall_64+0x3b/0x90\n  [3310.968190]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n  [3310.968194] RIP: 0033:0x7efe6557329b\n  [3310.968200] RSP: 002b:00007ffe0236ebc0 EFLAGS: 00000293 ORIG_RAX: 000000000000004a\n  [3310.968203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe6557329b\n  [3310.968204] RDX: 0000000000000000 RSI: 00007efe58d77010 RDI: 0000000000000006\n  [3310.968205] RBP: 0000000004000000 R08: 0000000000000000 R09: 00007efe58d77010\n  [3310.968207] R10: 0000000016cacc0c R11: 0000000000000293 R12: 00007efe5ce95980\n  [3310.968208] R13: 0000000000000000 R14: 00007efe6447c790 R15: 0000000c80000000\n  [3310.968212] ---[ end trace 1a346f4d3c0d96ba ]---\n  [3310.968214] BTRFS: error (device sda) in cleanup_transaction:1946: errno=-11 unknown\n\nThe abort occurs because of a write hole while writing out freeing tree\nnodes of a tree-log tree. For zoned btrfs, we re-dirty a freed tree\nnode to ensure btrfs can write the region and does not leave a hole on\nwrite on a zoned device. The current code fails to re-dirty a node\nwhen the tree-log tree's depth is greater or equal to 2. That leads to\na transaction abort with -EAGAIN.\n\nFix the issue by properly re-dirtying a node on walking up the tree."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/tree-log.c"],"versions":[{"version":"d3575156f6623eecf086a20bcf99a63f1598109c","lessThan":"477675049ca803aa95ff77468ffbddd966b415b0","status":"affected","versionType":"git"},{"version":"d3575156f6623eecf086a20bcf99a63f1598109c","lessThan":"84c25448929942edacba905cecc0474e91114e7a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/tree-log.c"],"versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","status":"unaffected","versionType":"semver"},{"version":"5.15.8","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0"},{"url":"https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a"}],"title":"btrfs: fix re-dirty process of tree-log nodes","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.687Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/477675049ca803aa95ff77468ffbddd966b415b0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/84c25448929942edacba905cecc0474e91114e7a","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47510","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:35:36.503255Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:52.488Z"}}]}}