Peter Mann

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-rc5 **Description** The issue arises when io uring starts a write, calling `kiocb start write()` to bump the super block rwsem, which can cause a deadlock if someone is attempting to freeze the mount point. This results in a stuck trace, showing the dependency with the write blocked from starting a new write. The freeze side grabs the rwsem for writing, excluding new writers and waiting for existing writes to finish. However, io uring unconditionally uses `kiocb start write()`, which will block if someone is currently attempting to freeze the mount point. This can be triggered when `IOCB NOWAIT` is not set, causing io uring to attempt a blocking grab of the super block rwsem. The fix involves having the io uring side honor `IOCB NOWAIT`, returning `-EAGAIN` and allowing io uring core to issue a blocking attempt of the write, ensuring forward progress. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the missing `NOWAIT` check for `O DIRECT` start write. As a temporary workaround, consider restricting the use of io uring to minimize the risk of exploitation. Additionally, ensure that only authorized users with `CAP SYS ADMIN` privileges can trigger the freezing mechanism, as regular users cannot exploit this issue.