Re: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown
From: Deepanshu Kartikey
Date: Sat Apr 11 2026 - 01:26:32 EST
On Sat, Apr 4, 2026 at 9:02 PM Deepanshu Kartikey <kartikey406@xxxxxxxxx> wrote:
>
> ntfs_force_shutdown() calls bdev_freeze() which internally calls
> freeze_super(). freeze_super() calls sb_wait_write() which waits
> for all active sb_writers holders to finish.
>
> However active writers (ntfs_compress_write) can be stuck waiting
> for ni->file.run_lock while holding the sb_writers read lock
> acquired via file_start_write() in the VFS layer. This creates
> a deadlock where freeze_super() waits for writers that can never
> complete because they are blocked on run_lock contention.
>
> Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
> NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
> write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
> super.c, xattr.c) and causes them to return errors immediately,
> making further writes impossible without risking a deadlock.
>
> Reported-by: syzbot+5f6ca38579a76e303c1c@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
> Tested-by: syzbot+5f6ca38579a76e303c1c@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
> Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>
> ---
> fs/ntfs3/file.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
> index 7eecf1e01f74..cbbc7d81875f 100644
> --- a/fs/ntfs3/file.c
> +++ b/fs/ntfs3/file.c
> @@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
> */
> static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
> {
> - int err;
> struct ntfs_sb_info *sbi = sb->s_fs_info;
>
> if (unlikely(ntfs3_forced_shutdown(sb)))
> return 0;
>
> - /* No additional options yet (flags). */
> - err = bdev_freeze(sb->s_bdev);
> - if (err)
> - return err;
> set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
> - bdev_thaw(sb->s_bdev);
> return 0;
> }
>
> --
> 2.43.0
>
Gentle ping on this patch. Please let me know the status of this patch.
Thanks
Deepanshu