From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FDE735898 for ; Sat, 9 May 2026 04:22:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778300568; cv=none; b=IHCCEnn8v9V25HxWLSL3hdwplzLNRlq7kj56OAVBJa9XgaicxPbpW39Ew2y/yDt0JGpHgqSKzQ2Ki7L7E2GFFhNuYwgX6wSuLkbMKh9cLhH0Fq0pFmwUARGb03oVA41QZK4EFWfzT9CzsLyYsMnu4K0bbjskMH6L9ZTp1t0FucQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778300568; c=relaxed/simple; bh=MeZxs2gzQK3IEh2vaEJf6pOiG7rsQrzafBTswoSFQfs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=C+yi96/fP/Pbtwq7vhXhP5IprRbEBHBHvyf7Y88Yf4t8LCnrdklNahJZXKe3mzaudwPuzTs0gQ5x/LSDodydRBCmCL5VP3F9QC5uLJq1mf+afxbhXXLNkwImsTYd2pTTSN5QiyAbJH3y34eLH2HjB8KnCNMRWtmuaXAEdRzvkzM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=J1EasLbg; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="J1EasLbg" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-365d8e43759so1490117a91.0 for ; Fri, 08 May 2026 21:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778300567; x=1778905367; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=ohOtV8rB+CS/jFzAppee8CMCT1yPc+ITAAm7H1vRX4U=; b=J1EasLbg/4lYtdrzHQE0iJYvmeoQE+5hXjVg6ZxPNxRfSOZGqgnBQOhCDQUJntiYGd dqpDctpTSvgvQFtUkT0swKd09m947LnmntOQpIzTqpi4mk23IvStOj8CSynz0MHEqLTZ W1tmBIR2cKg+mfkYYzqpkZOme9U6b2ReoJCLC8fJsoJpz8VadfW9SPdy/e/h9VKm6gAf ZbRmcqqPE7gZMU1lnoQ42GwIH9DETieVSj5uABC4HRGobxMwCPqdjQeMYAVaEg3+Hu+C CcvjyEID20fynHmI68Fl2ngRolzg5BLqVnfxetJaDRodsgae//Ou+Xtsr+FvCWX2PQy8 x8jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778300567; x=1778905367; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ohOtV8rB+CS/jFzAppee8CMCT1yPc+ITAAm7H1vRX4U=; b=ijFYght0MMwueogZlPyTrYH4fsZo2nYLHkAX01jjX4etQGWr1rEfJouIRJF8MV1QXy Jt/oPQrXfPfhz2zqBg4aZ2SCvoe4qyMQEt7tKXMDaoxlRGK/XmiL4I+0vqAjm5PxExRo ESa/NWaoY7Yih5JOBn/gLgrqq8ttgNYQgdF+ndIKgAlvLbZwLHLGiawRLoqoqHCih1P4 veSSCnMmTjlo/JZz3bbJOuyhlVB7pRha3rVVsRu5pWFZ+Tnk7s0aWiGq1lV1tNM/n3AE c+vUdCC7KzyPEE/TxBC4PwCV+r/ful2EhE0CGRhMjW4Fr7QTGuOtUyMQK6gu8MohKhwR PEBQ== X-Forwarded-Encrypted: i=1; AFNElJ9w2YXs8EKVwnQBA5ElPZOoQCkXc0pW69ztO2tmHZrwgvqgNF7/i48/19b4gbfemVl7nsHUACVqL7SAEUI=@vger.kernel.org X-Gm-Message-State: AOJu0YwvtaPd83WbqO/BgEzV+JxICf8+LJcUIfnAGQFKY1KN69tapibQ H2KErq0AF8PqwFlI/PmtYwzRLgMmaqUIot7CfGv7t1EsB08X/ZkwoA67 X-Gm-Gg: Acq92OG/fp54ph10Zirm2jyOh0MkcVtt7obs4XzcC845xxAgzKlXG/FNtiZZb4n55OD 7a0A0rTldi4zXnV2/lKrJceLdTUO+3/FkdLvSkGng2zo06j93NHgDccOVhIUFmjBVe7AB4mwd30 DOjnud9EXVlW6HhZ2eBgFsBJGHtVWNZN1pQAKxlb4beX12wbXbn0QvrXdp1w9p5U0Z1VFWhzX9U DXu5P25y8HvX0wlQXGGpeZRlXPyOZeWr6G2vdcVWgJvhO7+qqRV4ZVrlzD72yL0gJX5MK8glXbW /MAR4pn3hXE8DC+vqo1ITjvtjW7Jk1DelY5Lda/dhdREEL2XauxrwFZrFNsI30aSnY9aUyj/LTf XWEeaZINj6z/fu5YSEaax6grffR4kEoVE4PKPjkEWqTDVZyrRoZPq827XOSBPe2B61yjuHukBy/ BzEHQSLaY121imBAqmn+FsmfDg6tZ/0whv4houG5bDVXVUAkiI3dirdW6D3/vEvwciZjC3+aH7U F2PeMk= X-Received: by 2002:a17:90a:d646:b0:356:21e9:73ff with SMTP id 98e67ed59e1d1-366055e69demr7918237a91.11.1778300566469; Fri, 08 May 2026 21:22:46 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:383f:1ef5:8ccc:13df:edc6]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-367d687a2a8sm676599a91.15.2026.05.08.21.22.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 May 2026 21:22:45 -0700 (PDT) From: Deepanshu Kartikey To: jaegeuk@kernel.org, chao@kernel.org Cc: linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, Deepanshu Kartikey , syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Subject: [PATCH] f2fs: initialize ino_entry_info before checkpoint load Date: Sat, 9 May 2026 09:52:39 +0530 Message-ID: <20260509042239.87763-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When f2fs_get_valid_checkpoint() fails during mount (e.g. due to an invalid checkpoint CRC on a malformed image), f2fs_fill_super() takes an error path that eventually calls iput() on the root inode. This invokes f2fs_drop_inode() -> f2fs_exist_written_data(), which acquires sbi->im[]->ino_lock. However, f2fs_init_ino_entry_info() has not run yet at this point, so the spinlock is uninitialized and lockdep complains: F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Failed to get valid F2FS checkpoint INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? ... f2fs_exist_written_data+0x53/0x90 fs/f2fs/checkpoint.c:787 f2fs_drop_inode+0xda/0xbf0 fs/f2fs/super.c:1852 iput+0x651/0xe80 fs/inode.c:2009 f2fs_fill_super+0x6047/0x7850 fs/f2fs/super.c:5461 Move f2fs_init_ino_entry_info() to before f2fs_get_valid_checkpoint() so that sbi->im[] is always fully initialized before any error path can trigger iput() -> f2fs_drop_inode(). The init function only depends on raw superblock fields (BLKS_PER_SEG, F2FS_CP_PACKS, NR_CURSEG_PERSIST_TYPE, __cp_payload), which are populated well before checkpoint load, so the move is safe. Reported-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=eec8f2693d71386bd600 Tested-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey --- fs/f2fs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c6afdbd6e1cd..6a231a5b0d62 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -5140,6 +5140,13 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) goto free_page_array_cache; } + /* + * Initialize ino entry info early so f2fs_drop_inode -> + * f2fs_exist_written_data can safely take im->ino_lock if mount + * fails after this point and triggers iput on cleanup. + */ + f2fs_init_ino_entry_info(sbi); + err = f2fs_get_valid_checkpoint(sbi); if (err) { f2fs_err(sbi, "Failed to get valid F2FS checkpoint"); @@ -5184,8 +5191,6 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) f2fs_init_extent_cache_info(sbi); - f2fs_init_ino_entry_info(sbi); - f2fs_init_fsync_node_info(sbi); /* setup checkpoint request control and start checkpoint issue thread */ -- 2.43.0