CVE-2025-68369
Description
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: init run lock for extend inode
After setting the inode mode of $Extend to a regular file, executing the truncate system call will enter the do_truncate() routine, causing the run_lock uninitialized error reported by syzbot.
Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to a regular file, the do_truncate() routine would not be entered.
Add the run_lock initialization when loading $Extend.
syzbot reported: INFO: trying to register non-static key. Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984 register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299 __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590 ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860 ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387 ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, the ntfs3 filesystem fails to initialize the run_lock for the $Extend inode, leading to a lockdep error when truncate is called on that inode triggers ntfs_set_size.
Root
Cause
The vulnerability resides in the ntfs3 filesystem driver. When the $Extend inode's mode is set to a regular file, a subsequent truncate system call enters the do_truncate() routine, which eventually calls ntfs_set_size(). This function attempts to acquire the run_lock via down_write(), but the lock was never initialized for the $Extend inode. The issue was introduced after commit 4e8011ffec79, which changed the inode mode handling; previously, the mode was not set to a regular file, so do_truncate() was not reached [1][2][3].
Exploitation
An attacker with local access to a system using the ntfs3 filesystem can trigger the bug by mounting an NTFS volume and executing a truncate operation on the $Extend inode. No special privileges beyond normal user access are required. The attack surface is limited to systems that mount NTFS volumes with the ntfs3 driver.
Impact
The uninitialized run_lock causes a kernel lockdep warning and potential system instability. The syzbot report shows a stack trace leading to ntfs_set_size and ntfs_extend, indicating that the kernel use of an uninitialized lock can lead to undefined behavior, including crashes [1]. While the immediate impact is a warning, in some configurations it could lead to a denial-of-service condition.
Mitigation
The fix adds run_lock initialization of the run_lock when loading the $Extend inode. The patch has been applied to the stable kernel trees [1][2][3]. Users should update their kernel to a version containing the commit be99c62ac7e7af514e4b13f83c891a3cccefaa48 or later. No workaround is available; the only mitigation is to apply the kernel patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/19164d8228317f3f1fe2662a9ba587cfe3b2d29envd
- git.kernel.org/stable/c/433d1f7c628c3cbdd7efce064d6c7acd072cf6c4nvd
- git.kernel.org/stable/c/6e17555728bc469d484c59db4a0abc65c19bc315nvd
- git.kernel.org/stable/c/79c8a77b1782e2ace96d063be3c41ba540d1e20anvd
- git.kernel.org/stable/c/907bf69c6b6ce5d038eec7a599d67b45b62624bcnvd
- git.kernel.org/stable/c/ab5e8ebeee1caa4fcf8be7d8d62c0a7165469076nvd
- git.kernel.org/stable/c/be99c62ac7e7af514e4b13f83c891a3cccefaa48nvd
News mentions
0No linked articles in our index yet.