From nobody Sun Feb 8 11:16:46 2026 Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA5A82F3C1D for ; Mon, 22 Dec 2025 15:10:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766416222; cv=none; b=ee9vbEipT18Rs9JNl9Yn9VxryNCMBUjYPcIuWgqMoXSXIszJB8F5FMzI5b8FwHuNfTjo9WraFHIy8n9OoNYlOB7RbwgGEit3GRtZacvdJD2+ibuCCbagrmHXjC7jT8iFqVbAtc0ORxtdbJcvcHyvJZQ2sdGGlZmibXQ12EmTb/k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766416222; c=relaxed/simple; bh=SfqGh80I8FrcSVKXevuE9/FvTdIBLuY3heHppSf+wgg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=HfmySZRKJCIujIv1sPjyFz910E+a3HXDEpOY+yNba8Ujz1M2TRB1ptzp/RSCIyB7Rw4jZGa+SKcOssl9xhgJfnY6xt3vR/7jRdMNTo8iN/Fim4BtT2c3yAZT5//xR6zEtsI+gXH8fJbHGZ+bQLiwbZgRuN9QZK+SDThWya8hUNM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=S/UJgwJB; arc=none smtp.client-ip=209.85.218.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="S/UJgwJB" Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-b73161849e1so880324466b.2 for ; Mon, 22 Dec 2025 07:10:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766416219; x=1767021019; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=HlPdAwyqnDxqYQtejdfqu1lBbHFrUQJCJLatEJiEsKw=; b=S/UJgwJBQQ5D9fUuhwK3B4GXIqbsDKzU0BEXO5NvMh3yaY9rfaOMoXJwevD4VK1Vxl SB1P1066EUhJw5+lyon7Tk/TPVCJRqckMIKIFXakhYdsvdQQIu6FShO750Qdpd/v49th 3N8ZnWl5kh9P6Jo4mT8pIsad4bjSVZXA6jW7zqXFVmBGqLZ1RaqPK7KJVyyMBN2WryS7 Qhm+Mvl54sI45GnD92V1BkNnP9b1RdXe9dz/d3kMA+ElHwzgiouR3B3gs2PSzREXBvHV t7CV54GiYd8RoFex/U+Y59lI8PSXXmN/aYb+S6CWlPuJ2pNfWUiWb6YyVi2YvZfYNDtV tpAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766416219; x=1767021019; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=HlPdAwyqnDxqYQtejdfqu1lBbHFrUQJCJLatEJiEsKw=; b=oLJclaAnknnx6tRWgVOP30Q42Zyp6R2CdmOa9Fy7po1IxlDfdIe+Z+rCirM4eD+DE9 oLxuIpjE5N4avsiAdOA2Dy6sN4y4W7U9vpdcU9AxvUnMSlrvyi3XwW2lJHw66vK+9Bio FJxoAJet2Vbk/88j3CXsHih7wVYGhMTswoEPDGwL6JbXthWh5yxgPp9GpnkWISeyu+55 +BhgzIPaGmC3xtUKhNoPVN2MxyW2Z1TAswl8GHlwsHLVK887swJcsatBLW9pNcCsxy0i zeU/p3cvJoDNgU9wx6br0Y67C43rd+3p4LWtzgGL1TIneEP28rl8l1KHmGci0rAeh5XY NXLg== X-Forwarded-Encrypted: i=1; AJvYcCX9pZIjiqn1/5e6BVzS22paNuF/zspxokpJJPTWfH2cjPOSr0GH5qhpYASZGUP7biETVZlKovhWwgdXT/8=@vger.kernel.org X-Gm-Message-State: AOJu0Ywy/UJl8hQTlAa2CRVQlNbUvetpznHSTDZL2dpwDiOz26UNp58s Ig4vRV/k2xU2PdCSIxk6Qa36AKp3O63MapwAlVdILUjwD4aQlC54n/GL X-Gm-Gg: AY/fxX6U/HSn4MAGle6tBEM4K9VjmbDiRiCB1BWLwUJRv0/7zv7nClc+uGaBuur6ACC F4xtYnUnZpiaaiDT/lTkwWIq301yOd5/8KswNtC95x8Haqem4rp/O/6vxQ6USSMsalsxrJkZVjR 2kC5fR7XRwasAi5Fwi/E7pT7ZSSk/8nIG1Lu4QFxdcOe1GVqWqZZXvG+0oOdz1p/s8Lu03W8K22 3j6rO8Niu6uHhNUi12uj79KxLgWyg4DMZxHVVV2pc3oeJKpOzCO8SAEQDeH/mw3Oisbj9V+69up AilGOmT5QXWp1D2AU0abDh+VCrGpULFIwNoonvBNayq9++ZnxTiJe9zrlYm8o7oZfThHaXRuuSY 3XKZIUwN1jhwuRfDxJDwRhfNxN5hlNBS3qIIi+OLGUSTvt4LQQKjdo8ZhFR3s7lYYKOTnHxEOvd U= X-Google-Smtp-Source: AGHT+IE+DjLxllFCwHUucgC2ZGTAQWGoVl85Y1fOrYxe1JQ5f1u8ECZC9skOekjzzCH+Nvc7RsyrEQ== X-Received: by 2002:a17:907:6d22:b0:b79:f965:1ce1 with SMTP id a640c23a62f3a-b803705df6bmr1191603266b.42.1766416218828; Mon, 22 Dec 2025 07:10:18 -0800 (PST) Received: from prometheus ([85.11.110.37]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b80426fc164sm967450466b.30.2025.12.22.07.10.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Dec 2025 07:10:18 -0800 (PST) From: Szymon Wilczek To: almaz.alexandrovich@paragon-software.com Cc: ntfs3@lists.linux.dev, linux-kernel@vger.kernel.org, syzbot+5af33dd272b913b65880@syzkaller.appspotmail.com, Szymon Wilczek Subject: [PATCH] fs/ntfs3: fix deadlock in ni_readpage_cmpr Date: Mon, 22 Dec 2025 16:10:10 +0100 Message-ID: <20251222151010.17263-1-swilczek.lx@gmail.com> X-Mailer: git-send-email 2.52.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Syzbot reported a task hung in ni_readpage_cmpr. This is caused by a lock inversion deadlock involving the inode mutex (ni_lock) and page locks. Scenario: 1. Task A enters ntfs_read_folio() for page X. It acquires ni_lock. 2. Task A calls ni_readpage_cmpr(), which attempts to lock all pages in the compressed frame (including page Y). 3. Concurrently, Task B (e.g., via readahead) has locked page Y and calls ntfs_read_folio(). 4. Task B waits for ni_lock (held by A). 5. Task A waits for page Y lock (held by B). -> DEADLOCK. The fix is to restructure locking: do not take ni_lock in ntfs_read_folio(). Instead, acquire ni_lock inside ni_readpage_cmpr() ONLY AFTER all required page locks for the frame have been successfully acquired. This restores the correct lock ordering (Page Lock -> ni_lock) consistent with VFS. Reported-by: syzbot+5af33dd272b913b65880@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D5af33dd272b913b65880 Fixes: f35590ee26f5 ("fs/ntfs3: remove ntfs_bio_pages and use page cache fo= r compressed I/O") Signed-off-by: Szymon Wilczek --- fs/ntfs3/frecord.c | 2 ++ fs/ntfs3/inode.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 641ddaf8d4a0..f09a149cff9f 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -2107,7 +2107,9 @@ int ni_readpage_cmpr(struct ntfs_inode *ni, struct fo= lio *folio) pages[i] =3D pg; } =20 + ni_lock(ni); err =3D ni_read_frame(ni, frame_vbo, pages, pages_per_frame, 0); + ni_unlock(ni); =20 out1: for (i =3D 0; i < pages_per_frame; i++) { diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index 0a9ac5efeb67..33f819b162a5 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -735,9 +735,8 @@ static int ntfs_read_folio(struct file *file, struct fo= lio *folio) } =20 if (is_compressed(ni)) { - ni_lock(ni); + /* ni_lock is taken inside ni_readpage_cmpr after page locks */ err =3D ni_readpage_cmpr(ni, folio); - ni_unlock(ni); return err; } =20 --=20 2.52.0