From nobody Sun Jun 14 18:59:20 2026 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1576315D3E for ; Sat, 4 Apr 2026 15:32:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775316746; cv=none; b=ij7uNO9UhDQjDjAT0Y2osMEUkwXQDMtsUlbnGta935wiGxbAM/bQOmIqvct+B11mgYGvzZatgD+1BNX3CQYFRREhLULcK0E0NrbUDK+qXEWXoNrDCz1hhWij/L0PffufMVmiugusntdC0eZyQkVQcad0IFEXCUNXn7zbWBNzrJE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775316746; c=relaxed/simple; bh=K0Rv3do97vQH6+h73JJKlFvZhoa1z8XdurtnrxwcwQw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=rBSjL5zCXhwGCA3ge809nOO29wAs3aK/y83vx8wLnH0mbQV3BhNXrBqPHPALLpZsLA8tdWYugZNq8xMpgWwNheFj1gbJIPLRDD7pYOZ9L5gZOn6j7BX3+NN436tz9J0K5yVkWcaOEV3pWkJhRkv/VOQoW9kYm0udH/DKYA/WEsY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lX7/+snX; arc=none smtp.client-ip=209.85.216.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lX7/+snX" Received: by mail-pj1-f54.google.com with SMTP id 98e67ed59e1d1-35c124d2613so1507681a91.2 for ; Sat, 04 Apr 2026 08:32:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775316744; x=1775921544; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=zsgNYGTYCqhAsQQh/h4UshxxcYRAvETUXuPdpkNTJE4=; b=lX7/+snXFhQQJSu6rSo/2Ija0f+JVCCk+Jnwz7+LmjxbX2I/A3pCXgXQwwKWsXlfmc A4O7+hW4ts7UL9mUcZfhDtPqD4fFBQWx9jG1Wih8k6YulJ91TJF2DIOy5Ksti6daFjOj kGp4pLO6c/Q2VjxZ4fS/az0/58RAMr+YI9W1ur0LXFOKMVd0Q9Iju1aosMsYW56M5sGh uQ3rkdkDY9rvqEhC9JaO8QIP2QbCVI1gAHdbxnmunqHTLeGbaRY7oN3PyiVOARy8Toiq +ZRNZnQcfg9e7hgwK29f2wcUIs/yrqLWGpduJFVoXkq9knvxd+VfodZXU3laSbk9qVxI c6zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775316744; x=1775921544; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=zsgNYGTYCqhAsQQh/h4UshxxcYRAvETUXuPdpkNTJE4=; b=OlARX6HnH2mlxbyoV1MCjagpfkcje8EBr7AEoN81ni6G6oogRuVlmsOLrCghrQaG1S +PHAXDRTSLzbpJ8iCoojKftJBqsOUgchsl0uewRZQ6crbFC4AV33LsfvUJr4wtlIeoSL inPZWrxe/rcLIdE1UN1Isf1++zD45HuWfZE4tlrXpox7aTrn0v+NBeSx0Df3YND6YmHi j8dk3WcR5PFVhQ7n1uDKydWz9ZFfvlXtH0odUmnRyUr+Q+J/YxRub2scTwcZd2mCE3xU zafZfSrGBcfGUOuLsPgGv9gRaHKOSk8kl0hv1kR4/+e8yZh8mfQebT2hCZugfWguMpC8 owwQ== X-Forwarded-Encrypted: i=1; AJvYcCUHbDlm+aVcsylat4+eOKCAflebo9MWZCZaN4l7eR5wCM6jm8uF5hx4oDy1wxXk7eJDZkwf8eQTCHh7vj0=@vger.kernel.org X-Gm-Message-State: AOJu0YyVv67kK2CT/2z7TEOIegA9KzMMVE0QqvaMNsqNK7yPKdG/LdG8 Ej0xaiurV+FJagH02lFLGNhZzLCoLmkNaEx7cmPmYUCuwA9a/JFJzLB+ X-Gm-Gg: AeBDietev0kYoSjRKk60RngwjYAD+L6oxdkFKsyOJSYbFRzZNHeyXNHbwMQwsKK45l6 12ikxTPWS+t52e/8X4d/KjcfJxhvtNMFcBFtbRWEodOcU5ZrG1tKqlOnvJo8YZLrjJukPpJ7Hwd SL2Lt/9xdXCURJeTCBvMZgxyy1tlyCzW5Do4QgmRRBpK48c3xgWDVFVxkdHQSX7dn0T61lDY8pQ aaRcA47caXWiPjlD8+3Pq/e7CJJWL8PiqGzoVFkd+AskEBF2MZTn0+N0irzcldGyjCol9o2qYLU p13bXyGPS4euytfuGUw0QSIFXZVjs+k5d39k6JZt1Ns2fFsWiCDce4YaqF8LLv7HkCcZdDpjd+g wvC8SITz5HoImNgJ7IBy02bt0KxqbOb9o6L0zviJ0DVdJiqb1pXnW009EL4iDeTV96ww9tZt6N6 6xpqWEpLQukNFDXRgIcj8ZAopSdHHtVIudbmOnOBtWzcC65Z4EKxm9LZdfWn37oFbQEkfYKHbTU yQ8Hts= X-Received: by 2002:a17:90b:48c6:b0:35d:a22b:80cb with SMTP id 98e67ed59e1d1-35de68ec484mr5939194a91.16.1775316743944; Sat, 04 Apr 2026 08:32:23 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:389d:d481:74d0:f27a:b799]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-35dd35e360bsm8143603a91.3.2026.04.04.08.32.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 04 Apr 2026 08:32:23 -0700 (PDT) From: Deepanshu Kartikey To: almaz.alexandrovich@paragon-software.com Cc: ntfs3@lists.linux.dev, linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com Subject: [PATCH] ntfs3: fix deadlock in ntfs_force_shutdown Date: Sat, 4 Apr 2026 21:02:13 +0530 Message-ID: <20260404153213.365836-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" ntfs_force_shutdown() calls bdev_freeze() which internally calls freeze_super(). freeze_super() calls sb_wait_write() which waits for all active sb_writers holders to finish. However active writers (ntfs_compress_write) can be stuck waiting for ni->file.run_lock while holding the sb_writers read lock acquired via file_start_write() in the VFS layer. This creates a deadlock where freeze_super() waits for writers that can never complete because they are blocked on run_lock contention. Fix by removing bdev_freeze/bdev_thaw entirely. The shutdown bit NTFS_FLAGS_SHUTDOWN_BIT is already checked at entry of all ntfs3 write paths (file.c, inode.c, namei.c, frecord.c, fsntfs.c, super.c, xattr.c) and causes them to return errors immediately, making further writes impossible without risking a deadlock. Reported-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D5f6ca38579a76e303c1c Tested-by: syzbot+5f6ca38579a76e303c1c@syzkaller.appspotmail.com Fixes: ae91dfe38966 ("fs/ntfs3: implement NTFS3_IOC_SHUTDOWN ioctl") Signed-off-by: Deepanshu Kartikey --- fs/ntfs3/file.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c index 7eecf1e01f74..cbbc7d81875f 100644 --- a/fs/ntfs3/file.c +++ b/fs/ntfs3/file.c @@ -118,18 +118,12 @@ static int ntfs_ioctl_set_volume_label(struct ntfs_sb= _info *sbi, u8 __user *buf) */ static int ntfs_force_shutdown(struct super_block *sb, u32 flags) { - int err; struct ntfs_sb_info *sbi =3D sb->s_fs_info; =20 if (unlikely(ntfs3_forced_shutdown(sb))) return 0; =20 - /* No additional options yet (flags). */ - err =3D bdev_freeze(sb->s_bdev); - if (err) - return err; set_bit(NTFS_FLAGS_SHUTDOWN_BIT, &sbi->flags); - bdev_thaw(sb->s_bdev); return 0; } =20 --=20 2.43.0