{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54002","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:53:46.177Z","datePublished":"2025-12-24T10:55:37.699Z","dateUpdated":"2026-05-11T19:53:23.434Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:53:23.434Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion of exclop condition when starting balance\n\nBalance as exclusive state is compatible with paused balance and device\nadd, which makes some things more complicated. The assertion of valid\nstates when starting from paused balance needs to take into account two\nmore states, the combinations can be hit when there are several threads\nracing to start balance and device add. This won't typically happen when\nthe commands are started from command line.\n\nScenario 1: With exclusive_operation state == BTRFS_EXCLOP_NONE.\n\nConcurrently adding multiple devices to the same mount point and\nbtrfs_exclop_finish executed finishes before assertion in\nbtrfs_exclop_balance, exclusive_operation will changed to\nBTRFS_EXCLOP_NONE state which lead to assertion failed:\n\n  fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE ||\n  fs_info->exclusive_operation == BTRFS_EXCLOP_DEV_ADD,\n  in fs/btrfs/ioctl.c:456\n  Call Trace:\n   <TASK>\n   btrfs_exclop_balance+0x13c/0x310\n   ? memdup_user+0xab/0xc0\n   ? PTR_ERR+0x17/0x20\n   btrfs_ioctl_add_dev+0x2ee/0x320\n   btrfs_ioctl+0x9d5/0x10d0\n   ? btrfs_ioctl_encoded_write+0xb80/0xb80\n   __x64_sys_ioctl+0x197/0x210\n   do_syscall_64+0x3c/0xb0\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nScenario 2: With exclusive_operation state == BTRFS_EXCLOP_BALANCE_PAUSED.\n\nConcurrently adding multiple devices to the same mount point and\nbtrfs_exclop_balance executed finish before the latter thread execute\nassertion in btrfs_exclop_balance, exclusive_operation will changed to\nBTRFS_EXCLOP_BALANCE_PAUSED state which lead to assertion failed:\n\n  fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE ||\n  fs_info->exclusive_operation == BTRFS_EXCLOP_DEV_ADD ||\n  fs_info->exclusive_operation == BTRFS_EXCLOP_NONE,\n  fs/btrfs/ioctl.c:458\n  Call Trace:\n   <TASK>\n   btrfs_exclop_balance+0x240/0x410\n   ? memdup_user+0xab/0xc0\n   ? PTR_ERR+0x17/0x20\n   btrfs_ioctl_add_dev+0x2ee/0x320\n   btrfs_ioctl+0x9d5/0x10d0\n   ? btrfs_ioctl_encoded_write+0xb80/0xb80\n   __x64_sys_ioctl+0x197/0x210\n   do_syscall_64+0x3c/0xb0\n   entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAn example of the failed assertion is below, which shows that the\npaused balance is also needed to be checked.\n\n  root@syzkaller:/home/xsk# ./repro\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  Failed to add device /dev/vda, errno 14\n  [  416.611428][ T7970] BTRFS info (device loop0): fs_info exclusive_operation: 0\n  Failed to add device /dev/vda, errno 14\n  [  416.613973][ T7971] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.615456][ T7972] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.617528][ T7973] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.618359][ T7974] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.622589][ T7975] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.624034][ T7976] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.626420][ T7977] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.627643][ T7978] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Failed to add device /dev/vda, errno 14\n  [  416.629006][ T7979] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  [  416.630298][ T7980] BTRFS info (device loop0): fs_info exclusive_operation: 3\n  Fai\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/ioctl.c"],"versions":[{"version":"a174c0a2e857081195db6888323802f0fae793ef","lessThan":"17eaeee4c5f24946aad0298d51f32981c3161d13","status":"affected","versionType":"git"},{"version":"a174c0a2e857081195db6888323802f0fae793ef","lessThan":"7877dc1136ada770622d22041be306539902951b","status":"affected","versionType":"git"},{"version":"a174c0a2e857081195db6888323802f0fae793ef","lessThan":"6062e9e335a3bf409b5118bfe4cc10aff4b6adb1","status":"affected","versionType":"git"},{"version":"a174c0a2e857081195db6888323802f0fae793ef","lessThan":"ac868bc9d136cde6e3eb5de77019a63d57a540ff","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/ioctl.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.1.29","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.16","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.3","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.2.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.3.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17eaeee4c5f24946aad0298d51f32981c3161d13"},{"url":"https://git.kernel.org/stable/c/7877dc1136ada770622d22041be306539902951b"},{"url":"https://git.kernel.org/stable/c/6062e9e335a3bf409b5118bfe4cc10aff4b6adb1"},{"url":"https://git.kernel.org/stable/c/ac868bc9d136cde6e3eb5de77019a63d57a540ff"}],"title":"btrfs: fix assertion of exclop condition when starting balance","x_generator":{"engine":"bippy-1.2.0"}}}}