From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ot1-f71.google.com (mail-ot1-f71.google.com [209.85.210.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACA2E3B1B3 for ; Sat, 9 May 2026 01:05:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.71 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778288726; cv=none; b=FyabHD7U8MO7ezXsjo/Eu21w2GfhRFCBnBWvSGpE3z64jxGFvxkmdZg00FccBIlzI58m6jA2OkVETRZJ36GRXc+xBVkYrwC6hccNNt82mW28VJRf1C/ToxsnIgLtIZElpCbDa3V9gIC9WMxc2CscuQfdEEmukhwcYtkz2GF+D3Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778288726; c=relaxed/simple; bh=AmMLf72HtmRWAelVKyXiSViXGAlwCYXjWcYlKHDjS34=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=UbGo/zkauXYLuqDWF/lBxBIKkRX5Vdmq2kZC86wyx2cUL9INjCoX7T0PhI5mBIN9XfqLk7wmmJAD/9deqAHDj35OWFTb58AE/hAtkU0dMlhktNADejydFL3DZv4FSgflp6u2E3E/J9o1cIFioglSWTMwqhBP4qsTTbMWEdzq7j8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f71.google.com with SMTP id 46e09a7af769-7dcc5fa38faso4373646a34.1 for ; Fri, 08 May 2026 18:05:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778288723; x=1778893523; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6Pp5gYoAkBKaQHshpI9Z7nvkKHakhiDcdQXRXX6egS0=; b=LADj+uzTd9Gs+lZj+vvV1ooSQ3clcxa2eKSLmlsYcMDN01iRv7DRrlbO5SChJE3TOX 7RYV1p2I0AEb2w+BcxSRxAGNbNHXR87VOX/KmVT3qX8wevgS2IWwWYtAUflEHRZfHcjf 2lZjzjolJStjj9gwr5NxY0ZRvdzyST4w0wISBlpE2S0A9PTFqvM86VMc/Jv5KfhVKuqC rwwwuyeq4XNRtWmTSU16GwNtUUWH6pdtincKUJAxPtbDRRcljAJu/iCawzht+9O4yVqt xOMnuq62fAAQyed08Ru4OaKqSDgOKWt7ejk8VPZw1BtzdUE03MHA96pDHt2CGAhbg69O wfPQ== X-Gm-Message-State: AOJu0Ywk2uWAJay/0gkoJq8ELtH4eDvt40UTs+hIsmMzZEn9gVJkUR1M 7jc9+Ioc3nwHwXI0mUI/9e3f8hKpcWNY2sqShZAOgZtwrUVmDhImyESvEin3Ofo2gmhYpMbkNuN aznJelWK6BQs7ovbMSiqPWsfdNgGknQzEtcYCOI4Invo/xKr9N7CpE0hvXm4= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:1606:b0:696:3441:9fca with SMTP id 006d021491bc7-69998d54f1dmr8456151eaf.51.1778288723646; Fri, 08 May 2026 18:05:23 -0700 (PDT) Date: Fri, 08 May 2026 18:05:23 -0700 In-Reply-To: <69fe6bba.050a0220.1036b8.0004.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69fe8853.050a0220.1036b8.0007.GAE@google.com> Subject: Forwarded: [PATCH] f2fs: initialize ino_entry_info before checkpoint load From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] f2fs: initialize ino_entry_info before checkpoint load Author: kartikey406@gmail.com #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master When f2fs_get_valid_checkpoint() fails during mount (e.g. due to an invalid checkpoint CRC on a malformed image), f2fs_fill_super() takes an error path that eventually calls iput() on the root inode. This invokes f2fs_drop_inode() -> f2fs_exist_written_data(), which acquires sbi->im[]->ino_lock. However, f2fs_init_ino_entry_info() has not run yet at this point, so the spinlock is uninitialized and lockdep complains: F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Failed to get valid F2FS checkpoint INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? ... f2fs_exist_written_data+0x53/0x90 fs/f2fs/checkpoint.c:787 f2fs_drop_inode+0xda/0xbf0 fs/f2fs/super.c:1852 iput+0x651/0xe80 fs/inode.c:2009 f2fs_fill_super+0x6047/0x7850 fs/f2fs/super.c:5461 Move f2fs_init_ino_entry_info() to before f2fs_get_valid_checkpoint() so that sbi->im[] is always fully initialized before any error path can trigger iput() -> f2fs_drop_inode(). The init function only depends on raw superblock fields (BLKS_PER_SEG, F2FS_CP_PACKS, NR_CURSEG_PERSIST_TYPE, __cp_payload), which are populated well before checkpoint load, so the move is safe. Reported-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=eec8f2693d71386bd600 Signed-off-by: Deepanshu Kartikey --- fs/f2fs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c6afdbd6e1cd..6a231a5b0d62 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -5140,6 +5140,13 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) goto free_page_array_cache; } + /* + * Initialize ino entry info early so f2fs_drop_inode -> + * f2fs_exist_written_data can safely take im->ino_lock if mount + * fails after this point and triggers iput on cleanup. + */ + f2fs_init_ino_entry_info(sbi); + err = f2fs_get_valid_checkpoint(sbi); if (err) { f2fs_err(sbi, "Failed to get valid F2FS checkpoint"); @@ -5184,8 +5191,6 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) f2fs_init_extent_cache_info(sbi); - f2fs_init_ino_entry_info(sbi); - f2fs_init_fsync_node_info(sbi); /* setup checkpoint request control and start checkpoint issue thread */ -- 2.43.0