CVE-2025-37904

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix the inode leak in btrfs_iget()

[BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time:

BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:650! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:genericshutdownsuper+0x2e9/0x390 fs/super.c:650 Call Trace: <TASK> killanonsuper+0x3a/0x60 fs/super.c:1237 btrfskillsuper+0x3b/0x50 fs/btrfs/super.c:2099 deactivatelockedsuper+0xbe/0x1a0 fs/super.c:473 deactivatesuper fs/super.c:506 [inline] deactivatesuper+0xe2/0x100 fs/super.c:502 cleanupmnt+0x21f/0x440 fs/namespace.c:1435 taskworkrun+0x14d/0x240 kernel/taskwork.c:227 resumeusermodework include/linux/resumeusermode.h:50 [inline] exittousermodeloop kernel/entry/common.c:114 [inline] exittousermodeprepare include/linux/entry-common.h:329 [inline] _syscallexittousermodework kernel/entry/common.c:207 [inline] syscallexittousermode+0x269/0x290 kernel/entry/common.c:218 dosyscall64+0xd4/0x250 arch/x86/entry/syscall64.c:100 entrySYSCALL64afterhwframe+0x77/0x7f </TASK>

[CAUSE] When btrfsallocpath() failed, btrfsiget() directly returned without releasing the inode already allocated by btrfsiget_locked().

This results the above busy inode and trigger the kernel BUG.

[FIX] Fix it by calling igetfailed() if btrfsalloc_path() failed.

If we hit error inside btrfsreadlockedinode(), it will properly call igetfailed(), so nothing to worry about.

Although the igetfailed() cleanup inside btrfsreadlockedinode() is a break of the normal error handling scheme, let's fix the obvious bug and backport first, then rework the error handling later.