From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ot1-f70.google.com (mail-ot1-f70.google.com [209.85.210.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 24ED42F8EB9 for ; Sat, 9 May 2026 01:07:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.70 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778288832; cv=none; b=Sg0dM9vs7zGpISfU7Xn/26Z6fhuJg5w99ufOCNL/4uxp0PPYj8o/Cv4TqOFT3a8VpJOTGvFCsWP4yYDksmzj++r6abIf4Lp5IllfZ9/yT/WzGtHfyy88Ov4A/j8jTTsCOAGCL6KlvfmAXESIfJzSVU0nScD+sEo8n7A28CnYBHA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778288832; c=relaxed/simple; bh=ATo1JzP3PNG0Bt+VonVaV4+/YDqabjztcfpggmfYryM=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=et6DxqZPR3Z/rQo1Pn//nQvzmeX0+4EjeWedhvjqpiuHbOJ1UVTS7o2SQLTXzgiBFjP1rRChvo6/WkKnKKesi+Ja9eQN8H1+PgVjVTOBQPqBINo7cm58E5d+ALDV7sEYwec5UgdAHE2iByWHNzxUosKAZQpy7egPNqT99s9yXYc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f70.google.com with SMTP id 46e09a7af769-7dbe0e914adso4210162a34.2 for ; Fri, 08 May 2026 18:07:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778288830; x=1778893630; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=h1iYL3xEAAfaHhJCL7pAiuS1k4ehlUiZjkXuRWTipMA=; b=P3+q8XZWCIMVPU9WbwcppUnfYkbvWk6J8hTIHN6KYC9PnY/xhBBtyVw6GQYQ5+akmM vxngOcU+zQm8oEK7JLOKJlauHbM/RBGkAJHpsjIMfnSgBBCKOnWROG0UYqhZLHhLmcsH 2ljjjW6MOts+6h95Lb4+Wh6LjpbgdELT9PXat1RfHbRGyLhNGTjzYjbQ6PIF+Vv38MlO r91oXUo3NArR5SUzXtZTsWfw4tS7pz4b3nPgrE30UMYMtZ7UxxApngipoS9xvqh+4X+6 fZXJdtyxizaDTn+JDpyoDIMZFnlLFXg6g2OsWt/TDyFdMCgPhkueNs1bzkuNfsEpsAU1 sgTg== X-Gm-Message-State: AOJu0YySHZZKTgfiUBXUgJoYWgnq3tesnwIewdY0zGa1S7lp0DJkuQq7 AKJ4SM2cGMoIZltw/KyqkX4kH0Jv3k6n38YPJcfZYanLPCQkW04ECGO5RUsdGZHE4SlsPBEs+ZY uhdj0ELhfAut6Jmm/J7Xu2YyYWvTmZRN3ATh9zKGBsBJVS/7r7qCBtt5YnQo= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:4c02:b0:694:a02f:759a with SMTP id 006d021491bc7-69998d62498mr8562175eaf.58.1778288830160; Fri, 08 May 2026 18:07:10 -0700 (PDT) Date: Fri, 08 May 2026 18:07:10 -0700 In-Reply-To: <69fe6bba.050a0220.1036b8.0004.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69fe88be.170a0220.39e8c4.0003.GAE@google.com> Subject: Forwarded: [PATCH] f2fs: initialize ino_entry_info before checkpoint load From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] f2fs: initialize ino_entry_info before checkpoint load Author: kartikey406@gmail.com #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master When f2fs_get_valid_checkpoint() fails during mount (e.g. due to an invalid checkpoint CRC on a malformed image), f2fs_fill_super() takes an error path that eventually calls iput() on the root inode. This invokes f2fs_drop_inode() -> f2fs_exist_written_data(), which acquires sbi->im[]->ino_lock. However, f2fs_init_ino_entry_info() has not run yet at this point, so the spinlock is uninitialized and lockdep complains: F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Failed to get valid F2FS checkpoint INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? ... f2fs_exist_written_data+0x53/0x90 fs/f2fs/checkpoint.c:787 f2fs_drop_inode+0xda/0xbf0 fs/f2fs/super.c:1852 iput+0x651/0xe80 fs/inode.c:2009 f2fs_fill_super+0x6047/0x7850 fs/f2fs/super.c:5461 Move f2fs_init_ino_entry_info() to before f2fs_get_valid_checkpoint() so that sbi->im[] is always fully initialized before any error path can trigger iput() -> f2fs_drop_inode(). The init function only depends on raw superblock fields (BLKS_PER_SEG, F2FS_CP_PACKS, NR_CURSEG_PERSIST_TYPE, __cp_payload), which are populated well before checkpoint load, so the move is safe. Reported-by: syzbot+eec8f2693d71386bd600@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=eec8f2693d71386bd600 Signed-off-by: Deepanshu Kartikey --- fs/f2fs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c6afdbd6e1cd..6a231a5b0d62 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -5140,6 +5140,13 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) goto free_page_array_cache; } + /* + * Initialize ino entry info early so f2fs_drop_inode -> + * f2fs_exist_written_data can safely take im->ino_lock if mount + * fails after this point and triggers iput on cleanup. + */ + f2fs_init_ino_entry_info(sbi); + err = f2fs_get_valid_checkpoint(sbi); if (err) { f2fs_err(sbi, "Failed to get valid F2FS checkpoint"); @@ -5184,8 +5191,6 @@ static int f2fs_fill_super(struct super_block *sb, struct fs_context *fc) f2fs_init_extent_cache_info(sbi); - f2fs_init_ino_entry_info(sbi); - f2fs_init_fsync_node_info(sbi); /* setup checkpoint request control and start checkpoint issue thread */ -- 2.43.0