From: syzbot <syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Forwarded: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown
Date: Sat, 04 Apr 2026 08:07:37 -0700 [thread overview]
Message-ID: <69d12939.a70a0220.a26f2.000b.GAE@google.com> (raw)
In-Reply-To: <69cffde1.050a0220.182279.0017.GAE@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown
Author: kartikey406@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
ntfs_force_shutdown() calls bdev_freeze() which internally calls
freeze_super(). freeze_super() calls sb_wait_write() which waits
for all active sb_writers holders to finish.
However active writers (ntfs_compress_write) can be stuck waiting
for ni->file.run_lock while holding the sb_writers read lock
acquired via file_start_write() in the VFS layer. This creates
a deadlock where freeze_super() waits for writers that can never
complete because they are blocked on run_lock contention.
Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
super.c, xattr.c) and causes them to return errors immediately,
making further writes impossible without risking a deadlock.
Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
fs/ntfs3/file.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 7eecf1e01f74..cbbc7d81875f 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
*/
static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
{
- int err;
struct ntfs_sb_info *sbi = sb->s_fs_info;
if (unlikely(ntfs3_forced_shutdown(sb)))
return 0;
- /* No additional options yet (flags). */
- err = bdev_freeze(sb->s_bdev);
- if (err)
- return err;
set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
- bdev_thaw(sb->s_bdev);
return 0;
}
--
2.43.0
prev parent reply other threads:[~2026-04-04 15:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 17:50 [syzbot] [ntfs3?] INFO: task hung in freeze_super (7) syzbot
2026-04-04 15:07 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69d12939.a70a0220.a26f2.000b.GAE@google.com \
--to=syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox