[f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Jan Prusakowski via Linux-f2fs-devel]

Xfstests generic/335, generic/336 sometimes crash with the following message:

F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:f2fs_put_super+0x3b3/0x3c0
Call Trace:
 <TASK>
 generic_shutdown_super+0x7e/0x190
 kill_block_super+0x1a/0x40
 kill_f2fs_super+0x9d/0x190
 deactivate_locked_super+0x30/0xb0
 cleanup_mnt+0xba/0x150
 task_work_run+0x5c/0xa0
 exit_to_user_mode_loop+0xb7/0xc0
 do_syscall_64+0x1ae/0x1c0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
 </TASK>
---[ end trace 0000000000000000 ]---

It appears that sometimes it is possible that f2fs_put_super() is called before
all node page reads are completed.
Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.

Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")

Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
---
 fs/f2fs/super.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 1e0678e37a30..5c94bc42b8a1 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
 	f2fs_flush_merged_writes(sbi);
 
 	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
+	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
 
 	if (err || f2fs_cp_error(sbi)) {
 		truncate_inode_pages_final(NODE_MAPPING(sbi));
-- 
2.51.0.618.g983fd99d29-goog



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Chao Yu via Linux-f2fs-devel]

On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
> Xfstests generic/335, generic/336 sometimes crash with the following message:
> 
> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
> ------------[ cut here ]------------
> kernel BUG at fs/f2fs/super.c:1939!
> Oops: invalid opcode: 0000 [#1] SMP NOPTI
> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
> Tainted: [W]=WARN
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
> Call Trace:
>   <TASK>
>   generic_shutdown_super+0x7e/0x190
>   kill_block_super+0x1a/0x40
>   kill_f2fs_super+0x9d/0x190
>   deactivate_locked_super+0x30/0xb0
>   cleanup_mnt+0xba/0x150
>   task_work_run+0x5c/0xa0
>   exit_to_user_mode_loop+0xb7/0xc0
>   do_syscall_64+0x1ae/0x1c0
>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>   </TASK>
> ---[ end trace 0000000000000000 ]---
> 
> It appears that sometimes it is possible that f2fs_put_super() is called before
> all node page reads are completed.
> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
> 
> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
> 
> Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
> ---
>   fs/f2fs/super.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index 1e0678e37a30..5c94bc42b8a1 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
>   	f2fs_flush_merged_writes(sbi);
>   
>   	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
> +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);

Jan,

At this stage, GC and checkpoint are both stopped, why there is still read
IOs on node page? Who is reading node page? Can you please dig more details
for this issue?

Thanks,

>   
>   	if (err || f2fs_cp_error(sbi)) {
>   		truncate_inode_pages_final(NODE_MAPPING(sbi));



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Jaegeuk Kim via Linux-f2fs-devel]

On 10/09, Chao Yu wrote:
> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
> > Xfstests generic/335, generic/336 sometimes crash with the following message:
> > 
> > F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
> > ------------[ cut here ]------------
> > kernel BUG at fs/f2fs/super.c:1939!
> > Oops: invalid opcode: 0000 [#1] SMP NOPTI
> > CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
> > Tainted: [W]=WARN
> > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> > RIP: 0010:f2fs_put_super+0x3b3/0x3c0
> > Call Trace:
> >   <TASK>
> >   generic_shutdown_super+0x7e/0x190
> >   kill_block_super+0x1a/0x40
> >   kill_f2fs_super+0x9d/0x190
> >   deactivate_locked_super+0x30/0xb0
> >   cleanup_mnt+0xba/0x150
> >   task_work_run+0x5c/0xa0
> >   exit_to_user_mode_loop+0xb7/0xc0
> >   do_syscall_64+0x1ae/0x1c0
> >   entry_SYSCALL_64_after_hwframe+0x76/0x7e
> >   </TASK>
> > ---[ end trace 0000000000000000 ]---
> > 
> > It appears that sometimes it is possible that f2fs_put_super() is called before
> > all node page reads are completed.
> > Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
> > 
> > Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
> > 
> > Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
> > ---
> >   fs/f2fs/super.c | 1 +
> >   1 file changed, 1 insertion(+)
> > 
> > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> > index 1e0678e37a30..5c94bc42b8a1 100644
> > --- a/fs/f2fs/super.c
> > +++ b/fs/f2fs/super.c
> > @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
> >   	f2fs_flush_merged_writes(sbi);
> >   	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
> > +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
> 
> Jan,
> 
> At this stage, GC and checkpoint are both stopped, why there is still read
> IOs on node page? Who is reading node page? Can you please dig more details
> for this issue?

We don't actually wait for completing read IOs. So, I think it doesn't matter
the threads are stopped?

> 
> Thanks,
> 
> >   	if (err || f2fs_cp_error(sbi)) {
> >   		truncate_inode_pages_final(NODE_MAPPING(sbi));


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Chao Yu via Linux-f2fs-devel]

On 10/11/25 00:02, Jaegeuk Kim wrote:
> On 10/09, Chao Yu wrote:
>> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
>>> Xfstests generic/335, generic/336 sometimes crash with the following message:
>>>
>>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
>>> ------------[ cut here ]------------
>>> kernel BUG at fs/f2fs/super.c:1939!
>>> Oops: invalid opcode: 0000 [#1] SMP NOPTI
>>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
>>> Tainted: [W]=WARN
>>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
>>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
>>> Call Trace:
>>>   <TASK>
>>>   generic_shutdown_super+0x7e/0x190
>>>   kill_block_super+0x1a/0x40
>>>   kill_f2fs_super+0x9d/0x190
>>>   deactivate_locked_super+0x30/0xb0
>>>   cleanup_mnt+0xba/0x150
>>>   task_work_run+0x5c/0xa0
>>>   exit_to_user_mode_loop+0xb7/0xc0
>>>   do_syscall_64+0x1ae/0x1c0
>>>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>>   </TASK>
>>> ---[ end trace 0000000000000000 ]---
>>>
>>> It appears that sometimes it is possible that f2fs_put_super() is called before
>>> all node page reads are completed.
>>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
>>>
>>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
>>>
>>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
>>> ---
>>>   fs/f2fs/super.c | 1 +
>>>   1 file changed, 1 insertion(+)
>>>
>>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
>>> index 1e0678e37a30..5c94bc42b8a1 100644
>>> --- a/fs/f2fs/super.c
>>> +++ b/fs/f2fs/super.c
>>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
>>>   	f2fs_flush_merged_writes(sbi);
>>>   	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
>>> +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
>>
>> Jan,
>>
>> At this stage, GC and checkpoint are both stopped, why there is still read
>> IOs on node page? Who is reading node page? Can you please dig more details
>> for this issue?
> 
> We don't actually wait for completing read IOs. So, I think it doesn't matter
> the threads are stopped?

Read on node page should be synchronous? so if the threads are stopped, there
should be no node IOs? Oh, Or there is still pending asynchronous readahead IO
on node page after all threads are stopped?

Thanks,

> 
>>
>> Thanks,
>>
>>>   	if (err || f2fs_cp_error(sbi)) {
>>>   		truncate_inode_pages_final(NODE_MAPPING(sbi));



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Jaegeuk Kim via Linux-f2fs-devel]

On 10/11, Chao Yu wrote:
> On 10/11/25 00:02, Jaegeuk Kim wrote:
> > On 10/09, Chao Yu wrote:
> >> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
> >>> Xfstests generic/335, generic/336 sometimes crash with the following message:
> >>>
> >>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
> >>> ------------[ cut here ]------------
> >>> kernel BUG at fs/f2fs/super.c:1939!
> >>> Oops: invalid opcode: 0000 [#1] SMP NOPTI
> >>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
> >>> Tainted: [W]=WARN
> >>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> >>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
> >>> Call Trace:
> >>>   <TASK>
> >>>   generic_shutdown_super+0x7e/0x190
> >>>   kill_block_super+0x1a/0x40
> >>>   kill_f2fs_super+0x9d/0x190
> >>>   deactivate_locked_super+0x30/0xb0
> >>>   cleanup_mnt+0xba/0x150
> >>>   task_work_run+0x5c/0xa0
> >>>   exit_to_user_mode_loop+0xb7/0xc0
> >>>   do_syscall_64+0x1ae/0x1c0
> >>>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
> >>>   </TASK>
> >>> ---[ end trace 0000000000000000 ]---
> >>>
> >>> It appears that sometimes it is possible that f2fs_put_super() is called before
> >>> all node page reads are completed.
> >>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
> >>>
> >>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
> >>>
> >>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
> >>> ---
> >>>   fs/f2fs/super.c | 1 +
> >>>   1 file changed, 1 insertion(+)
> >>>
> >>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> >>> index 1e0678e37a30..5c94bc42b8a1 100644
> >>> --- a/fs/f2fs/super.c
> >>> +++ b/fs/f2fs/super.c
> >>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
> >>>   	f2fs_flush_merged_writes(sbi);
> >>>   	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
> >>> +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
> >>
> >> Jan,
> >>
> >> At this stage, GC and checkpoint are both stopped, why there is still read
> >> IOs on node page? Who is reading node page? Can you please dig more details
> >> for this issue?
> > 
> > We don't actually wait for completing read IOs. So, I think it doesn't matter
> > the threads are stopped?
> 
> Read on node page should be synchronous? so if the threads are stopped, there
> should be no node IOs? Oh, Or there is still pending asynchronous readahead IO
> on node page after all threads are stopped?

I remember we submit IOs and wait for its completion when we need by lock_page.

> 
> Thanks,
> 
> > 
> >>
> >> Thanks,
> >>
> >>>   	if (err || f2fs_cp_error(sbi)) {
> >>>   		truncate_inode_pages_final(NODE_MAPPING(sbi));


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Chao Yu via Linux-f2fs-devel]

On 10/17/2025 1:47 AM, Jaegeuk Kim wrote:
> On 10/11, Chao Yu wrote:
>> On 10/11/25 00:02, Jaegeuk Kim wrote:
>>> On 10/09, Chao Yu wrote:
>>>> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
>>>>> Xfstests generic/335, generic/336 sometimes crash with the following message:
>>>>>
>>>>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
>>>>> ------------[ cut here ]------------
>>>>> kernel BUG at fs/f2fs/super.c:1939!
>>>>> Oops: invalid opcode: 0000 [#1] SMP NOPTI
>>>>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
>>>>> Tainted: [W]=WARN
>>>>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
>>>>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
>>>>> Call Trace:
>>>>>    <TASK>
>>>>>    generic_shutdown_super+0x7e/0x190
>>>>>    kill_block_super+0x1a/0x40
>>>>>    kill_f2fs_super+0x9d/0x190
>>>>>    deactivate_locked_super+0x30/0xb0
>>>>>    cleanup_mnt+0xba/0x150
>>>>>    task_work_run+0x5c/0xa0
>>>>>    exit_to_user_mode_loop+0xb7/0xc0
>>>>>    do_syscall_64+0x1ae/0x1c0
>>>>>    entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>>>>    </TASK>
>>>>> ---[ end trace 0000000000000000 ]---
>>>>>
>>>>> It appears that sometimes it is possible that f2fs_put_super() is called before
>>>>> all node page reads are completed.
>>>>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
>>>>>
>>>>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
>>>>>
>>>>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
>>>>> ---
>>>>>    fs/f2fs/super.c | 1 +
>>>>>    1 file changed, 1 insertion(+)
>>>>>
>>>>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
>>>>> index 1e0678e37a30..5c94bc42b8a1 100644
>>>>> --- a/fs/f2fs/super.c
>>>>> +++ b/fs/f2fs/super.c
>>>>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
>>>>>    	f2fs_flush_merged_writes(sbi);
>>>>>    	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
>>>>> +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
>>>>
>>>> Jan,
>>>>
>>>> At this stage, GC and checkpoint are both stopped, why there is still read
>>>> IOs on node page? Who is reading node page? Can you please dig more details
>>>> for this issue?
>>>
>>> We don't actually wait for completing read IOs. So, I think it doesn't matter
>>> the threads are stopped?
>>
>> Read on node page should be synchronous? so if the threads are stopped, there
>> should be no node IOs? Oh, Or there is still pending asynchronous readahead IO
>> on node page after all threads are stopped?
> 
> I remember we submit IOs and wait for its completion when we need by lock_page.

We also support readahead on page from meta_inode and common inode, so how about
waiting for all potential inflight read IOs?

In addtion, f2fs_wait_on_all_pages() is used for write path, how about simplifying
as below?

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 4c7da160ca27..ea731f8bf19c 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1983,6 +1983,12 @@ static void f2fs_put_super(struct super_block *sb)

  	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);

+	/* wait for potential inflight readahead IOs */
+	for (i = F2FS_RD_DATA; i <= F2FS_RD_META; i++) {
+		while (get_pages(sbi, i))
+			io_schedule_timeout(DEFAULT_IO_TIMEOUT);
+	}
+
  	if (err || f2fs_cp_error(sbi)) {
  		truncate_inode_pages_final(NODE_MAPPING(sbi));
  		truncate_inode_pages_final(META_MAPPING(sbi));
-- 
2.40.1

Thanks,

> 
>>
>> Thanks,
>>
>>>
>>>>
>>>> Thanks,
>>>>
>>>>>    	if (err || f2fs_cp_error(sbi)) {
>>>>>    		truncate_inode_pages_final(NODE_MAPPING(sbi));



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Jaegeuk Kim via Linux-f2fs-devel]

Testing this patch:

Xfstests generic/335, generic/336 sometimes crash with the following message:

F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:f2fs_put_super+0x3b3/0x3c0
Call Trace:
 <TASK>
 generic_shutdown_super+0x7e/0x190
 kill_block_super+0x1a/0x40
 kill_f2fs_super+0x9d/0x190
 deactivate_locked_super+0x30/0xb0
 cleanup_mnt+0xba/0x150
 task_work_run+0x5c/0xa0
 exit_to_user_mode_loop+0xb7/0xc0
 do_syscall_64+0x1ae/0x1c0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
 </TASK>
---[ end trace 0000000000000000 ]---

It appears that sometimes it is possible that f2fs_put_super() is called before
all node page reads are completed.
Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.

Fixes: 20872584b8c0b ("f2fs: fix to drop all dirty meta/node pages during umount()")
Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---
 fs/f2fs/super.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index bdb5ddb4f966..0b0ef8ba243b 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1989,14 +1989,6 @@ static void f2fs_put_super(struct super_block *sb)
 		truncate_inode_pages_final(META_MAPPING(sbi));
 	}
 
-	for (i = 0; i < NR_COUNT_TYPE; i++) {
-		if (!get_pages(sbi, i))
-			continue;
-		f2fs_err(sbi, "detect filesystem reference count leak during "
-			"umount, type: %d, count: %lld", i, get_pages(sbi, i));
-		f2fs_bug_on(sbi, 1);
-	}
-
 	f2fs_bug_on(sbi, sbi->fsync_node_num);
 
 	f2fs_destroy_compress_inode(sbi);
@@ -2007,6 +1999,15 @@ static void f2fs_put_super(struct super_block *sb)
 	iput(sbi->meta_inode);
 	sbi->meta_inode = NULL;
 
+	/* Should check the page counts after dropping all node/meta pages */
+	for (i = 0; i < NR_COUNT_TYPE; i++) {
+		if (!get_pages(sbi, i))
+			continue;
+		f2fs_err(sbi, "detect filesystem reference count leak during "
+			"umount, type: %d, count: %lld", i, get_pages(sbi, i));
+		f2fs_bug_on(sbi, 1);
+	}
+
 	/*
 	 * iput() can update stat information, if f2fs_write_checkpoint()
 	 * above failed with error.
-- 
2.51.1.851.g4ebd6896fd-goog



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes

[Chao Yu via Linux-f2fs-devel]

On 10/29/25 02:06, Jaegeuk Kim wrote:
> Testing this patch:
> 
> Xfstests generic/335, generic/336 sometimes crash with the following message:
> 
> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
> ------------[ cut here ]------------
> kernel BUG at fs/f2fs/super.c:1939!
> Oops: invalid opcode: 0000 [#1] SMP NOPTI
> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
> Tainted: [W]=WARN
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
> Call Trace:
>  <TASK>
>  generic_shutdown_super+0x7e/0x190
>  kill_block_super+0x1a/0x40
>  kill_f2fs_super+0x9d/0x190
>  deactivate_locked_super+0x30/0xb0
>  cleanup_mnt+0xba/0x150
>  task_work_run+0x5c/0xa0
>  exit_to_user_mode_loop+0xb7/0xc0
>  do_syscall_64+0x1ae/0x1c0
>  entry_SYSCALL_64_after_hwframe+0x76/0x7e
>  </TASK>
> ---[ end trace 0000000000000000 ]---
> 
> It appears that sometimes it is possible that f2fs_put_super() is called before
> all node page reads are completed.
> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
> 
> Fixes: 20872584b8c0b ("f2fs: fix to drop all dirty meta/node pages during umount()")

Cc: stable@kernel.org

Otherwise it looks good to me.

> Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

Reviewed-by: Chao Yu <chao@kernel.org>

Thanks,

> ---
>  fs/f2fs/super.c | 17 +++++++++--------
>  1 file changed, 9 insertions(+), 8 deletions(-)
> 
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index bdb5ddb4f966..0b0ef8ba243b 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1989,14 +1989,6 @@ static void f2fs_put_super(struct super_block *sb)
>  		truncate_inode_pages_final(META_MAPPING(sbi));
>  	}
>  
> -	for (i = 0; i < NR_COUNT_TYPE; i++) {
> -		if (!get_pages(sbi, i))
> -			continue;
> -		f2fs_err(sbi, "detect filesystem reference count leak during "
> -			"umount, type: %d, count: %lld", i, get_pages(sbi, i));
> -		f2fs_bug_on(sbi, 1);
> -	}
> -
>  	f2fs_bug_on(sbi, sbi->fsync_node_num);
>  
>  	f2fs_destroy_compress_inode(sbi);
> @@ -2007,6 +1999,15 @@ static void f2fs_put_super(struct super_block *sb)
>  	iput(sbi->meta_inode);
>  	sbi->meta_inode = NULL;
>  
> +	/* Should check the page counts after dropping all node/meta pages */
> +	for (i = 0; i < NR_COUNT_TYPE; i++) {
> +		if (!get_pages(sbi, i))
> +			continue;
> +		f2fs_err(sbi, "detect filesystem reference count leak during "
> +			"umount, type: %d, count: %lld", i, get_pages(sbi, i));
> +		f2fs_bug_on(sbi, 1);
> +	}
> +
>  	/*
>  	 * iput() can update stat information, if f2fs_write_checkpoint()
>  	 * above failed with error.



_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel