CVE-2025-39884

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between inode eviction and inode caching within the Btrfs file system. This condition can lead to a live struct btrfs inode being absent from the root->inodes xarray. Specifically, a window exists during eviction where an inode is removed from the xarray before being fully deleted. If btrfs iget() is called for the same inode during this window, it can be recreated and added to the xarray, only to be deleted again, resulting in a missing entry. This can cause issues during subvolume deletion, potentially leading to soft lockups in production environments. The issue arises from the premature call to btrfs add dead root() and an infinite loop within btrfs kill all delayed nodes() if a delayed node is attached to the lost inode. The fix involves ensuring that the xarray entry is only deleted if it matches the given inode using xa cmpxchg().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.