fs/ntfs3/file.c | 6 ------ 1 file changed, 6 deletions(-)
ntfs_force_shutdown() calls bdev_freeze() which internally calls
freeze_super(). freeze_super() calls sb_wait_write() which waits
for all active sb_writers holders to finish.
However active writers (ntfs_compress_write) can be stuck waiting
for ni->file.run_lock while holding the sb_writers read lock
acquired via file_start_write() in the VFS layer. This creates
a deadlock where freeze_super() waits for writers that can never
complete because they are blocked on run_lock contention.
Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
super.c, xattr.c) and causes them to return errors immediately,
making further writes impossible without risking a deadlock.
Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
Tested-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
fs/ntfs3/file.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index 7eecf1e01f74..cbbc7d81875f 100644
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
*/
static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
{
- int err;
struct ntfs_sb_info *sbi = sb->s_fs_info;
if (unlikely(ntfs3_forced_shutdown(sb)))
return 0;
- /* No additional options yet (flags). */
- err = bdev_freeze(sb->s_bdev);
- if (err)
- return err;
set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
- bdev_thaw(sb->s_bdev);
return 0;
}
--
2.43.0On 4/4/26 17:32, Deepanshu Kartikey wrote:
> ntfs_force_shutdown() calls bdev_freeze() which internally calls
> freeze_super(). freeze_super() calls sb_wait_write() which waits
> for all active sb_writers holders to finish.
>
> However active writers (ntfs_compress_write) can be stuck waiting
> for ni->file.run_lock while holding the sb_writers read lock
> acquired via file_start_write() in the VFS layer. This creates
> a deadlock where freeze_super() waits for writers that can never
> complete because they are blocked on run_lock contention.
>
> Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
> NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
> write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
> super.c, xattr.c) and causes them to return errors immediately,
> making further writes impossible without risking a deadlock.
>
> Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
> Tested-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
> Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
> ---
> fs/ntfs3/file.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
> index 7eecf1e01f74..cbbc7d81875f 100644
> --- a/fs/ntfs3/file.c
> +++ b/fs/ntfs3/file.c
> @@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
> */
> static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
> {
> - int err;
> struct ntfs_sb_info *sbi = sb->s_fs_info;
>
> if (unlikely(ntfs3_forced_shutdown(sb)))
> return 0;
>
> - /* No additional options yet (flags). */
> - err = bdev_freeze(sb->s_bdev);
> - if (err)
> - return err;
> set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
> - bdev_thaw(sb->s_bdev);
> return 0;
> }
>
Hello, I missed this before, but internal testing shows that this patch
causes several failures. I will not include it in the pull request for
now. I am looking into the root cause and will reply with details once I
have them. If the fix turns out to be straightforward, I will send an
updated patch as soon as possible. Regards, Konstantin
On 4/4/26 17:32, Deepanshu Kartikey wrote:
> ntfs_force_shutdown() calls bdev_freeze() which internally calls
> freeze_super(). freeze_super() calls sb_wait_write() which waits
> for all active sb_writers holders to finish.
>
> However active writers (ntfs_compress_write) can be stuck waiting
> for ni->file.run_lock while holding the sb_writers read lock
> acquired via file_start_write() in the VFS layer. This creates
> a deadlock where freeze_super() waits for writers that can never
> complete because they are blocked on run_lock contention.
>
> Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
> NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
> write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
> super.c, xattr.c) and causes them to return errors immediately,
> making further writes impossible without risking a deadlock.
>
> Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
> Tested-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
> Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
> ---
> fs/ntfs3/file.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
> index 7eecf1e01f74..cbbc7d81875f 100644
> --- a/fs/ntfs3/file.c
> +++ b/fs/ntfs3/file.c
> @@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
> */
> static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
> {
> - int err;
> struct ntfs_sb_info *sbi = sb->s_fs_info;
>
> if (unlikely(ntfs3_forced_shutdown(sb)))
> return 0;
>
> - /* No additional options yet (flags). */
> - err = bdev_freeze(sb->s_bdev);
> - if (err)
> - return err;
> set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
> - bdev_thaw(sb->s_bdev);
> return 0;
> }
>
Hello,
Your patch is applied. Thank you.
Regards,
Konstantin
On Sat, Apr 4, 2026 at 9:02 PM Deepanshu Kartikey <kartikey406@gmail.com> wrote:
>
> ntfs_force_shutdown() calls bdev_freeze() which internally calls
> freeze_super(). freeze_super() calls sb_wait_write() which waits
> for all active sb_writers holders to finish.
>
> However active writers (ntfs_compress_write) can be stuck waiting
> for ni->file.run_lock while holding the sb_writers read lock
> acquired via file_start_write() in the VFS layer. This creates
> a deadlock where freeze_super() waits for writers that can never
> complete because they are blocked on run_lock contention.
>
> Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit
> NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3
> write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c,
> super.c, xattr.c) and causes them to return errors immediately,
> making further writes impossible without risking a deadlock.
>
> Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=5f6ca38579a76e303c1c
> Tested-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com
> Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl")
> Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
> ---
> fs/ntfs3/file.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
> index 7eecf1e01f74..cbbc7d81875f 100644
> --- a/fs/ntfs3/file.c
> +++ b/fs/ntfs3/file.c
> @@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb_info *sbi, u8 __user *buf)
> */
> static int ntfs_force_shutdown(struct super_block *sb, u32 flags)
> {
> - int err;
> struct ntfs_sb_info *sbi = sb->s_fs_info;
>
> if (unlikely(ntfs3_forced_shutdown(sb)))
> return 0;
>
> - /* No additional options yet (flags). */
> - err = bdev_freeze(sb->s_bdev);
> - if (err)
> - return err;
> set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags);
> - bdev_thaw(sb->s_bdev);
> return 0;
> }
>
> --
> 2.43.0
>
Gentle ping on this patch. Please let me know the status of this patch.
Thanks
Deepanshu
© 2016 - 2026 Red Hat, Inc.