Linux Kernel Busy Inode Handling Vulnerability in Btrfs

A vulnerability in the Linux kernel's Btrfs file system has been identified, related to improper inode management. When the function 'btrfs_alloc_path()' fails, the 'btrfs_iget()' function returns without releasing the inode that was already allocated. This oversight leads to a 'busy inode' situation during the unmount process, causing a kernel bug. The issue has been reproduced by a syzbot tool, which reported the busy inode problem along with a kernel bug indication at a specific point in the file system's superblock management.

Impact

The vulnerability causes a kernel bug by leaving inodes busy after unmounting a Btrfs file system, which can lead to system instability or crashes.

Reproduction

The vulnerability can be reproduced by using the syzbot tool, which can trigger the inode leak issue in the Btrfs file system. This involves mounting a Btrfs file system on a loop device, performing operations that cause 'btrfs_alloc_path()' to fail, and then unmounting the file system. The unmount process will reveal the busy inode issue, along with a kernel bug report indicating an invalid opcode error.

Remediation

Users can apply the latest patches from the Linux kernel's official repository, where this vulnerability has been addressed.