From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 662572836F for ; Sun, 10 May 2026 04:23:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778387026; cv=none; b=Wq5fjWdRtkgs0RbOe8GTQB+xUCxo1pfHItcCRyeMAhUxrIahON/PL2JOKlDeMG5bHXIUn0m/oW5qt+18G3WCKNOV6GahK1T3exi1a3c+oPXbFajTz+WvOH2+MBRfCp1A6PxRV9QNoq2HypjU9JU7FGYCNA9+DR0WUgcpqmLo1Ss= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778387026; c=relaxed/simple; bh=yJvHNEBjWtQMhBzjmGsZ/xY2P6qrmZlldVKn0/Ks0kg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=hf8/BTgK0xY1261wefr5OqUVyArPxKttitTrcPdZUeQaLEO7uatUl6UtKgPdsh4lFDevazXtKyHUsbtI1bYztnGD7/9Zlu1twIQsiOrEculb14Dl1Aop6hdnZH+jeqWQqvmYbWV3ORhFDUVJFGTKJLnxLjarnzIjKsxXJcoJQ+E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=b4xfbYyB; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="b4xfbYyB" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2ba3e3c4f87so29899205ad.3 for ; Sat, 09 May 2026 21:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778387025; x=1778991825; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=mV54JMHYJV5YWN9iMTCDdA1Mk9u+5RjYC0kj8awMIeg=; b=b4xfbYyBvVhGWotfeNnN0XGWckESMqXBnpwbegyegjxqSyRJB/SU4idalbV4TQXNY6 B4jzI3eq6oHAAnUUMG9hRgjnQHtNjgd3zOzkIL1PBgtTzVSqpP8ILrec28ACH64wtwFD SHS5b4HTBqvCN7k9ShHJqte9BlmxIf2fphigpDwrOnRNtN69KWbwSe/jKWOsaeXJEgtz 1OHbRDxCa5W8UYCg+3AkJxu1qsUyabvniJRaK1enGaPwIpfYFZEJ2Okz3XY31QM5YMhO bchuu5cU5j8c2fA9d+MAd/3Kq53KzPWnA/qpnyTAVlK5XuhwZ3ckTIdBH/l+DJLPnWDG sZRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778387025; x=1778991825; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=mV54JMHYJV5YWN9iMTCDdA1Mk9u+5RjYC0kj8awMIeg=; b=h8B0ymqU0I/Odh3lwRH07qV7moybaIETzCfvNA+MiJbVOWgq2tzY3UsJsJTB0M2hfC ou+/EHMINW4uHX8tgY30vs+60MZTP4nTGA8ue1LwMC2Xn9UkdmugOFq6ztUFWB6foVp0 ra91ZjUnZh1OGY71nKOw1oTLnnrZHW3KlOWjpCjtcJfejEphzMcmnn2MI8E6xlAx3/r+ fBt+WRQO8ai3HuNstBPXoNWuq4nG/xkMcwsC6nihOiZ8KM7HBL5VL8806ID9ipcSZwUd 3d23cIuPBZlhzpOpmuamxa79m9VNm83UPSYDmMnQCOmku4T2UDV4jJk/P8biB5Ya+vWE Zu1g== X-Forwarded-Encrypted: i=1; AFNElJ9B8i3WRivBO4Ok5cbx/pElnzhvW+aRoWwhBZMGZ77/SXNv9XgUJ9T0bNP5oeTS+QoQAbo6JA1m1Hzj2Ag=@vger.kernel.org X-Gm-Message-State: AOJu0YwmjrZP2HeCq4yRFiH94g8arK78s5tSeUAETaIrC8w188yfXI2u y4wS0erOoYBp3n9/IDEZIGD1vr0Vlwr4YwXyjpWKPdyS0JNbQtMYBqgp X-Gm-Gg: Acq92OEYXhsf5PU+9PABblo3sDEusqS4/bfaYjomD2OvU7VkOx20wou9vaql4uvsYfW znBiqfW7rFsY+9hTZIIf3srV2EKHbeSrMFmsmGwaD+8AX5cWJlaUcofj8vFNq/9tecJ1UeXNwvd tHiDQRdlnMIkkc4bnl46QrkX8rNAy0TlXyygIJKHSxCmpvAN6JYjyf7iaVeV6pPFDNMreoI2otV aRPdDL2jMwVk+G1K715VtVGUyxgvFS/eA0FQ4iEITEWCq0DdqCVEEE63fPoMX4VJw+d/xs/cynW oKkyqpFIv2DjtGFJ05sINjWG2U0W4I1hDFs8crEB1WuPKh30sfYr4PatQgbx9gzefVC2PX/MRrs pEeqLjHN1slFxw+CXJWcF68AoWCmYauRSejR7fcBQPP7h/fktFuG2HJcBb567F73GKpQ4hxNtRn Ck26Dh5giz94ZFsXvezgLLMadzN6YhLhRo3S6AmpYPtP9/E4lNmgzeXU6KjQljBDGGu43w11nrv yAqhyE= X-Received: by 2002:a17:902:c412:b0:2bc:90b6:3e6f with SMTP id d9443c01a7336-2bc90b64100mr31890385ad.4.1778387024685; Sat, 09 May 2026 21:23:44 -0700 (PDT) Received: from deepanshu-kernel-hacker.. ([2405:201:682f:383f:5d23:3a35:10d1:5ed6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2baf1e8df57sm65976135ad.64.2026.05.09.21.23.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 09 May 2026 21:23:44 -0700 (PDT) From: Deepanshu Kartikey To: jaegeuk@kernel.org, chao@kernel.org Cc: linux-f2fs-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org, Deepanshu Kartikey , stable@kernel.org, syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Subject: [PATCH v2] f2fs: initialize ino_entry_info before checkpoint load Date: Sun, 10 May 2026 09:53:36 +0530 Message-ID: <20260510042336.94751-1-kartikey406@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When f2fs_get_valid_checkpoint() fails during mount (e.g. due to an invalid checkpoint CRC on a malformed image), f2fs_fill_super() takes an error path that eventually calls iput() on the root inode. This invokes f2fs_drop_inode() -> f2fs_exist_written_data(), which acquires sbi->im[]->ino_lock. However, f2fs_init_ino_entry_info() has not run yet at this point, so the spinlock is uninitialized and lockdep complains: F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Failed to get valid F2FS checkpoint INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? ... f2fs_exist_written_data+0x53/0x90 fs/f2fs/checkpoint.c:787 f2fs_drop_inode+0xda/0xbf0 fs/f2fs/super.c:1852 iput+0x651/0xe80 fs/inode.c:2009 f2fs_fill_super+0x6047/0x7850 fs/f2fs/super.c:5461 Move f2fs_init_ino_entry_info() to before f2fs_get_valid_checkpoint() so that sbi->im[] is always fully initialized before any error path can trigger iput() -> f2fs_drop_inode(). The init function only depends on raw superblock fields (BLKS_PER_SEG, F2FS_CP_PACKS, NR_CURSEG_PERSIST_TYPE, __cp_payload), which are populated well before checkpoint load, so the move is safe. Fixes: 3063c80776e3 ("f2fs: another way to set large folio by remembering inode number") Cc: stable@kernel.org Reported-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=eec8f2693d71386bd600 Tested-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Signed-off-by: Deepanshu Kartikey --- Changes in v2: - Add Fixes: tag (suggested by Chao Yu) - Add Cc: stable@kernel.org --- fs/f2fs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c6afdbd6e1cd..6a231a5b0d62 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -5140,6 +5140,13 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) goto free_page_array_cache; } + /* + * Initialize ino entry info early so f2fs_drop_inode -> + * f2fs_exist_written_data can safely take im->ino_lock if mount + * fails after this point and triggers iput on cleanup. + */ + f2fs_init_ino_entry_info(sbi); + err = f2fs_get_valid_checkpoint(sbi); if (err) { f2fs_err(sbi, "Failed to get valid F2FS checkpoint"); @@ -5184,8 +5191,6 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) f2fs_init_extent_cache_info(sbi); - f2fs_init_ino_entry_info(sbi); - f2fs_init_fsync_node_info(sbi); /* setup checkpoint request control and start checkpoint issue thread */ -- 2.43.0