{"api_version":"1","generated_at":"2026-06-26T05:11:44+00:00","cve":"CVE-2026-53060","urls":{"html":"https://cve.report/CVE-2026-53060","api":"https://cve.report/api/cve/CVE-2026-53060.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53060","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53060"},"summary":{"title":"dm cache metadata: fix memory leak on metadata abort retry","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache metadata: fix memory leak on metadata abort retry\n\nWhen failing to acquire the root_lock in dm_cache_metadata_abort because\nthe block_manager is read-only, the temporary block_manager created\noutside the root_lock is not properly released, causing a memory leak.\n\nReproduce steps:\n\nThis can be reproduced by reloading a new table while the metadata\nis read-only. While the second call to dm_cache_metadata_abort is\ncaused by lack of support for table preload in dm-cache, mentioned\nin commit 9b1cc9f251af (\"dm cache: share cache-metadata object across\ninactive and active DM tables\"), it exposes the memory leak in\ndm_cache_metadata_abort when the function is called multiple times.\nSpecifically, dm-cache fails to sync the new cache object's mode during\npreresume, creating the reproducer condition.\n\nThis issue could also occur through concurrent metadata_operation_failed\ncalls due to races in cache mode updates, but the table preload scenario\nbelow provides a reliable reproducer.\n\n1. Create a cache device with some faulty trailing metadata blocks\n\ndmsetup create cmeta <<EOF\n0 200 linear /dev/sdc 0\n200 7992 error\nEOF\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 131072 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0\"\n\n2. Suspend and resume the cache to start a new metadata transaction and\n   trigger metadata io errors on the next metadata commit.\n\ndmsetup suspend cache\ndmsetup resume cache\n\n3. Write to the cache device to update metadata\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --size 64k\n\n4. Preload the same table\n\ndmsetup reload cache --table \"$(dmsetup table cache)\"\n\n5. Resume the new table. This triggers the memory leak.\n\ndmsetup suspend cache\ndmsetup resume cache\n\nkmemleak logs:\n\n<snip>\nunreferenced object 0xffff8880080c2010 (size 16):\n  comm \"dmsetup\", pid 132, jiffies 4294982580\n  hex dump (first 16 bytes):\n    00 38 b9 07 80 88 ff ff 6a 6b 6b 6b 6b 6b 6b a5 ...\n  backtrace (crc 3118f31c):\n    kmemleak_alloc+0x28/0x40\n    __kmalloc_cache_noprof+0x3d9/0x510\n    dm_block_manager_create+0x51/0x140\n    dm_cache_metadata_abort+0x85/0x320\n    metadata_operation_failed+0x103/0x1e0\n    cache_preresume+0xacd/0xe70\n    dm_table_resume_targets+0xd3/0x320\n    __dm_resume+0x1b/0xf0\n    dm_resume+0x127/0x170\n<snip>","state":"PUBLISHED","assigner":"Linux","published_at":"2026-06-24 17:17:18","updated_at":"2026-06-24 17:17:18"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f","name":"https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f","name":"https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a","name":"https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d","name":"https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303","name":"https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633","name":"https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee","name":"https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833","name":"https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53060","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53060","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b45e77b79215405bd039a690f5b06cc03e8ed27d 14f60e957f34f95a626caec76a8fae88cf4c397f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 28d307f380df88a598bc0186d527462902d9bda1 6b97cc7a42905755c56bbddc33aa8b792205caee git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f74b7c5a85e22cd9091845e0d62a1dd89d0f855f d1a79620c419a0af1911f99c873014b30740e303 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 352b837a5541690d4f843819028cf2b8be83d424 15c30997dca681f90dbf2d45ee629c1828bf0c0d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 352b837a5541690d4f843819028cf2b8be83d424 b0bd35535bdb6f58505f3a30ee5793986943997a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 352b837a5541690d4f843819028cf2b8be83d424 322a3b70368d49e39591fe9fc6c07d262128b05f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 352b837a5541690d4f843819028cf2b8be83d424 4311ca59a1891d33c4c8b7946f98c34f167fe833 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 352b837a5541690d4f843819028cf2b8be83d424 044ca491d4086dc5bf233e9fcb71db52df32f633 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6e237cacda8b4e976849e7bff9fe7dff0e968586 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3972ae47d0ee9b5b434af5d0cca6cdfd1e239d4f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 9958f5ffc44530b650fb4cc9038a4d167fa4f5c1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f472bfc95d9c9653172dbdad39219b32fabf9b92 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected bdd4e106929ac943f3226d8f03754b480701e97b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.10.163 5.10.258 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.15.87 5.15.209 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.1.4 6.1.175 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.9.337 4.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.14.303 4.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.19.270 4.20 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.4.229 5.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.0.18 6.1 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.2","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.2 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.258 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.209 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.175 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.141 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.91 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.33 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.10 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"53060","cve":"CVE-2026-53060","epss":"0.001840000","percentile":"0.081780000","score_date":"2026-06-25","updated_at":"2026-06-26 00:06:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/md/dm-cache-metadata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"14f60e957f34f95a626caec76a8fae88cf4c397f","status":"affected","version":"b45e77b79215405bd039a690f5b06cc03e8ed27d","versionType":"git"},{"lessThan":"6b97cc7a42905755c56bbddc33aa8b792205caee","status":"affected","version":"28d307f380df88a598bc0186d527462902d9bda1","versionType":"git"},{"lessThan":"d1a79620c419a0af1911f99c873014b30740e303","status":"affected","version":"f74b7c5a85e22cd9091845e0d62a1dd89d0f855f","versionType":"git"},{"lessThan":"15c30997dca681f90dbf2d45ee629c1828bf0c0d","status":"affected","version":"352b837a5541690d4f843819028cf2b8be83d424","versionType":"git"},{"lessThan":"b0bd35535bdb6f58505f3a30ee5793986943997a","status":"affected","version":"352b837a5541690d4f843819028cf2b8be83d424","versionType":"git"},{"lessThan":"322a3b70368d49e39591fe9fc6c07d262128b05f","status":"affected","version":"352b837a5541690d4f843819028cf2b8be83d424","versionType":"git"},{"lessThan":"4311ca59a1891d33c4c8b7946f98c34f167fe833","status":"affected","version":"352b837a5541690d4f843819028cf2b8be83d424","versionType":"git"},{"lessThan":"044ca491d4086dc5bf233e9fcb71db52df32f633","status":"affected","version":"352b837a5541690d4f843819028cf2b8be83d424","versionType":"git"},{"status":"affected","version":"6e237cacda8b4e976849e7bff9fe7dff0e968586","versionType":"git"},{"status":"affected","version":"3972ae47d0ee9b5b434af5d0cca6cdfd1e239d4f","versionType":"git"},{"status":"affected","version":"9958f5ffc44530b650fb4cc9038a4d167fa4f5c1","versionType":"git"},{"status":"affected","version":"f472bfc95d9c9653172dbdad39219b32fabf9b92","versionType":"git"},{"status":"affected","version":"bdd4e106929ac943f3226d8f03754b480701e97b","versionType":"git"},{"lessThan":"5.10.258","status":"affected","version":"5.10.163","versionType":"semver"},{"lessThan":"5.15.209","status":"affected","version":"5.15.87","versionType":"semver"},{"lessThan":"6.1.175","status":"affected","version":"6.1.4","versionType":"semver"},{"lessThan":"4.10","status":"affected","version":"4.9.337","versionType":"semver"},{"lessThan":"4.15","status":"affected","version":"4.14.303","versionType":"semver"},{"lessThan":"4.20","status":"affected","version":"4.19.270","versionType":"semver"},{"lessThan":"5.5","status":"affected","version":"5.4.229","versionType":"semver"},{"lessThan":"6.1","status":"affected","version":"6.0.18","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/md/dm-cache-metadata.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.2"},{"lessThan":"6.2","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.258","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.209","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.175","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.141","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.91","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.33","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.10","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.258","versionStartIncluding":"5.10.163","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.209","versionStartIncluding":"5.15.87","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.175","versionStartIncluding":"6.1.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.141","versionStartIncluding":"6.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.91","versionStartIncluding":"6.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.33","versionStartIncluding":"6.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.10","versionStartIncluding":"6.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1","versionStartIncluding":"6.2","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.337","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.303","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.270","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.229","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.18","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache metadata: fix memory leak on metadata abort retry\n\nWhen failing to acquire the root_lock in dm_cache_metadata_abort because\nthe block_manager is read-only, the temporary block_manager created\noutside the root_lock is not properly released, causing a memory leak.\n\nReproduce steps:\n\nThis can be reproduced by reloading a new table while the metadata\nis read-only. While the second call to dm_cache_metadata_abort is\ncaused by lack of support for table preload in dm-cache, mentioned\nin commit 9b1cc9f251af (\"dm cache: share cache-metadata object across\ninactive and active DM tables\"), it exposes the memory leak in\ndm_cache_metadata_abort when the function is called multiple times.\nSpecifically, dm-cache fails to sync the new cache object's mode during\npreresume, creating the reproducer condition.\n\nThis issue could also occur through concurrent metadata_operation_failed\ncalls due to races in cache mode updates, but the table preload scenario\nbelow provides a reliable reproducer.\n\n1. Create a cache device with some faulty trailing metadata blocks\n\ndmsetup create cmeta <<EOF\n0 200 linear /dev/sdc 0\n200 7992 error\nEOF\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 131072 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0\"\n\n2. Suspend and resume the cache to start a new metadata transaction and\n   trigger metadata io errors on the next metadata commit.\n\ndmsetup suspend cache\ndmsetup resume cache\n\n3. Write to the cache device to update metadata\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --size 64k\n\n4. Preload the same table\n\ndmsetup reload cache --table \"$(dmsetup table cache)\"\n\n5. Resume the new table. This triggers the memory leak.\n\ndmsetup suspend cache\ndmsetup resume cache\n\nkmemleak logs:\n\n<snip>\nunreferenced object 0xffff8880080c2010 (size 16):\n  comm \"dmsetup\", pid 132, jiffies 4294982580\n  hex dump (first 16 bytes):\n    00 38 b9 07 80 88 ff ff 6a 6b 6b 6b 6b 6b 6b a5 ...\n  backtrace (crc 3118f31c):\n    kmemleak_alloc+0x28/0x40\n    __kmalloc_cache_noprof+0x3d9/0x510\n    dm_block_manager_create+0x51/0x140\n    dm_cache_metadata_abort+0x85/0x320\n    metadata_operation_failed+0x103/0x1e0\n    cache_preresume+0xacd/0xe70\n    dm_table_resume_targets+0xd3/0x320\n    __dm_resume+0x1b/0xf0\n    dm_resume+0x127/0x170\n<snip>"}],"providerMetadata":{"dateUpdated":"2026-06-24T16:30:04.872Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/14f60e957f34f95a626caec76a8fae88cf4c397f"},{"url":"https://git.kernel.org/stable/c/6b97cc7a42905755c56bbddc33aa8b792205caee"},{"url":"https://git.kernel.org/stable/c/d1a79620c419a0af1911f99c873014b30740e303"},{"url":"https://git.kernel.org/stable/c/15c30997dca681f90dbf2d45ee629c1828bf0c0d"},{"url":"https://git.kernel.org/stable/c/b0bd35535bdb6f58505f3a30ee5793986943997a"},{"url":"https://git.kernel.org/stable/c/322a3b70368d49e39591fe9fc6c07d262128b05f"},{"url":"https://git.kernel.org/stable/c/4311ca59a1891d33c4c8b7946f98c34f167fe833"},{"url":"https://git.kernel.org/stable/c/044ca491d4086dc5bf233e9fcb71db52df32f633"}],"title":"dm cache metadata: fix memory leak on metadata abort retry","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-53060","datePublished":"2026-06-24T16:30:04.872Z","dateReserved":"2026-06-09T07:44:35.382Z","dateUpdated":"2026-06-24T16:30:04.872Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-24 17:17:18","lastModifiedDate":"2026-06-24 17:17:18","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53060","Ordinal":"1","Title":"dm cache metadata: fix memory leak on metadata abort retry","CVE":"CVE-2026-53060","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53060","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache metadata: fix memory leak on metadata abort retry\n\nWhen failing to acquire the root_lock in dm_cache_metadata_abort because\nthe block_manager is read-only, the temporary block_manager created\noutside the root_lock is not properly released, causing a memory leak.\n\nReproduce steps:\n\nThis can be reproduced by reloading a new table while the metadata\nis read-only. While the second call to dm_cache_metadata_abort is\ncaused by lack of support for table preload in dm-cache, mentioned\nin commit 9b1cc9f251af (\"dm cache: share cache-metadata object across\ninactive and active DM tables\"), it exposes the memory leak in\ndm_cache_metadata_abort when the function is called multiple times.\nSpecifically, dm-cache fails to sync the new cache object's mode during\npreresume, creating the reproducer condition.\n\nThis issue could also occur through concurrent metadata_operation_failed\ncalls due to races in cache mode updates, but the table preload scenario\nbelow provides a reliable reproducer.\n\n1. Create a cache device with some faulty trailing metadata blocks\n\ndmsetup create cmeta <<EOF\n0 200 linear /dev/sdc 0\n200 7992 error\nEOF\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 262144 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 131072 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 1 writethrough smq 0\"\n\n2. Suspend and resume the cache to start a new metadata transaction and\n   trigger metadata io errors on the next metadata commit.\n\ndmsetup suspend cache\ndmsetup resume cache\n\n3. Write to the cache device to update metadata\n\nfio --filename=/dev/mapper/cache --name test --rw=randwrite --bs=4k \\\n--randrepeat=0 --direct=1 --size 64k\n\n4. Preload the same table\n\ndmsetup reload cache --table \"$(dmsetup table cache)\"\n\n5. Resume the new table. This triggers the memory leak.\n\ndmsetup suspend cache\ndmsetup resume cache\n\nkmemleak logs:\n\n<snip>\nunreferenced object 0xffff8880080c2010 (size 16):\n  comm \"dmsetup\", pid 132, jiffies 4294982580\n  hex dump (first 16 bytes):\n    00 38 b9 07 80 88 ff ff 6a 6b 6b 6b 6b 6b 6b a5 ...\n  backtrace (crc 3118f31c):\n    kmemleak_alloc+0x28/0x40\n    __kmalloc_cache_noprof+0x3d9/0x510\n    dm_block_manager_create+0x51/0x140\n    dm_cache_metadata_abort+0x85/0x320\n    metadata_operation_failed+0x103/0x1e0\n    cache_preresume+0xacd/0xe70\n    dm_table_resume_targets+0xd3/0x320\n    __dm_resume+0x1b/0xf0\n    dm_resume+0x127/0x170\n<snip>","Type":"Description","Title":"dm cache metadata: fix memory leak on metadata abort retry"}]}}}