Forwarded: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown
From: syzbot
Date: Sat Apr 04 2026 - 11:07:47 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.
***
Subject: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown
Author: kartikey406@xxxxxxxxx
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
ntfs_force_shutdown() calls bdev_freeze() which internally calls
freeze_super(). freeze_super() calls sb_wait_write() which waits
for all active sb_writers holders to finish.
However active writers (ntfs_compress_write) can be stuck waiting
for ni->file.run_lock while holding the sb_writers read lock
acquired via file_start_write() in the VFS layer. This creates
a deadlock where freeze_super() waits for writers that can never
complete because they are blocked on run_lock contention.
Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
super.c, xattr.c) and causes them to return errors immediately,
making further writes impossible without risking a deadlock.
Reported-by: syzbot+5f6ca38579a76e303c1c@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
Signed-off-by: Deepanshu Kartikey <kartikey406@xxxxxxxxx>
---
fs/ntfs3/file.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 7eecf1e01f74..cbbc7d81875f 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
*/
static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
{
- int err;
struct ntfs_sb_info *sbi = sb->s_fs_info;
if (unlikely(ntfs3_forced_shutdown(sb)))
return 0;
- /* No additional options yet (flags). */
- err = bdev_freeze(sb->s_bdev);
- if (err)
- return err;
set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
- bdev_thaw(sb->s_bdev);
return 0;
}
--
2.43.0