* [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes
@ 2025-10-06 8:46 Jan Prusakowski
2025-10-09 3:33 ` [f2fs-dev] " Chao Yu
0 siblings, 1 reply; 8+ messages in thread
From: Jan Prusakowski @ 2025-10-06 8:46 UTC (permalink / raw)
To: jaegeuk; +Cc: linux-f2fs-devel, linux-kernel, Jan Prusakowski
Xfstests generic/335, generic/336 sometimes crash with the following message:
F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:f2fs_put_super+0x3b3/0x3c0
Call Trace:
<TASK>
generic_shutdown_super+0x7e/0x190
kill_block_super+0x1a/0x40
kill_f2fs_super+0x9d/0x190
deactivate_locked_super+0x30/0xb0
cleanup_mnt+0xba/0x150
task_work_run+0x5c/0xa0
exit_to_user_mode_loop+0xb7/0xc0
do_syscall_64+0x1ae/0x1c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
</TASK>
---[ end trace 0000000000000000 ]---
It appears that sometimes it is possible that f2fs_put_super() is called before
all node page reads are completed.
Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
Signed-off-by: Jan Prusakowski <jprusakowski@google.com>
---
fs/f2fs/super.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 1e0678e37a30..5c94bc42b8a1 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
f2fs_flush_merged_writes(sbi);
f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
+ f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);
if (err || f2fs_cp_error(sbi)) {
truncate_inode_pages_final(NODE_MAPPING(sbi));
--
2.51.0.618.g983fd99d29-goog
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-06 8:46 [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes Jan Prusakowski @ 2025-10-09 3:33 ` Chao Yu 2025-10-10 16:02 ` Jaegeuk Kim 0 siblings, 1 reply; 8+ messages in thread From: Chao Yu @ 2025-10-09 3:33 UTC (permalink / raw) To: Jan Prusakowski, jaegeuk; +Cc: chao, linux-kernel, linux-f2fs-devel On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote: > Xfstests generic/335, generic/336 sometimes crash with the following message: > > F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 > ------------[ cut here ]------------ > kernel BUG at fs/f2fs/super.c:1939! > Oops: invalid opcode: 0000 [#1] SMP NOPTI > CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) > Tainted: [W]=WARN > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 > RIP: 0010:f2fs_put_super+0x3b3/0x3c0 > Call Trace: > <TASK> > generic_shutdown_super+0x7e/0x190 > kill_block_super+0x1a/0x40 > kill_f2fs_super+0x9d/0x190 > deactivate_locked_super+0x30/0xb0 > cleanup_mnt+0xba/0x150 > task_work_run+0x5c/0xa0 > exit_to_user_mode_loop+0xb7/0xc0 > do_syscall_64+0x1ae/0x1c0 > entry_SYSCALL_64_after_hwframe+0x76/0x7e > </TASK> > ---[ end trace 0000000000000000 ]--- > > It appears that sometimes it is possible that f2fs_put_super() is called before > all node page reads are completed. > Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. > > Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()") > > Signed-off-by: Jan Prusakowski <jprusakowski@google.com> > --- > fs/f2fs/super.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > index 1e0678e37a30..5c94bc42b8a1 100644 > --- a/fs/f2fs/super.c > +++ b/fs/f2fs/super.c > @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb) > f2fs_flush_merged_writes(sbi); > > f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); > + f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE); Jan, At this stage, GC and checkpoint are both stopped, why there is still read IOs on node page? Who is reading node page? Can you please dig more details for this issue? Thanks, > > if (err || f2fs_cp_error(sbi)) { > truncate_inode_pages_final(NODE_MAPPING(sbi)); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-09 3:33 ` [f2fs-dev] " Chao Yu @ 2025-10-10 16:02 ` Jaegeuk Kim 2025-10-11 3:52 ` Chao Yu 0 siblings, 1 reply; 8+ messages in thread From: Jaegeuk Kim @ 2025-10-10 16:02 UTC (permalink / raw) To: Chao Yu; +Cc: Jan Prusakowski, linux-kernel, linux-f2fs-devel On 10/09, Chao Yu wrote: > On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote: > > Xfstests generic/335, generic/336 sometimes crash with the following message: > > > > F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 > > ------------[ cut here ]------------ > > kernel BUG at fs/f2fs/super.c:1939! > > Oops: invalid opcode: 0000 [#1] SMP NOPTI > > CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) > > Tainted: [W]=WARN > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 > > RIP: 0010:f2fs_put_super+0x3b3/0x3c0 > > Call Trace: > > <TASK> > > generic_shutdown_super+0x7e/0x190 > > kill_block_super+0x1a/0x40 > > kill_f2fs_super+0x9d/0x190 > > deactivate_locked_super+0x30/0xb0 > > cleanup_mnt+0xba/0x150 > > task_work_run+0x5c/0xa0 > > exit_to_user_mode_loop+0xb7/0xc0 > > do_syscall_64+0x1ae/0x1c0 > > entry_SYSCALL_64_after_hwframe+0x76/0x7e > > </TASK> > > ---[ end trace 0000000000000000 ]--- > > > > It appears that sometimes it is possible that f2fs_put_super() is called before > > all node page reads are completed. > > Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. > > > > Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()") > > > > Signed-off-by: Jan Prusakowski <jprusakowski@google.com> > > --- > > fs/f2fs/super.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > > index 1e0678e37a30..5c94bc42b8a1 100644 > > --- a/fs/f2fs/super.c > > +++ b/fs/f2fs/super.c > > @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb) > > f2fs_flush_merged_writes(sbi); > > f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); > > + f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE); > > Jan, > > At this stage, GC and checkpoint are both stopped, why there is still read > IOs on node page? Who is reading node page? Can you please dig more details > for this issue? We don't actually wait for completing read IOs. So, I think it doesn't matter the threads are stopped? > > Thanks, > > > if (err || f2fs_cp_error(sbi)) { > > truncate_inode_pages_final(NODE_MAPPING(sbi)); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-10 16:02 ` Jaegeuk Kim @ 2025-10-11 3:52 ` Chao Yu 2025-10-16 17:47 ` Jaegeuk Kim 0 siblings, 1 reply; 8+ messages in thread From: Chao Yu @ 2025-10-11 3:52 UTC (permalink / raw) To: Jaegeuk Kim; +Cc: chao, Jan Prusakowski, linux-kernel, linux-f2fs-devel On 10/11/25 00:02, Jaegeuk Kim wrote: > On 10/09, Chao Yu wrote: >> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote: >>> Xfstests generic/335, generic/336 sometimes crash with the following message: >>> >>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 >>> ------------[ cut here ]------------ >>> kernel BUG at fs/f2fs/super.c:1939! >>> Oops: invalid opcode: 0000 [#1] SMP NOPTI >>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) >>> Tainted: [W]=WARN >>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 >>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0 >>> Call Trace: >>> <TASK> >>> generic_shutdown_super+0x7e/0x190 >>> kill_block_super+0x1a/0x40 >>> kill_f2fs_super+0x9d/0x190 >>> deactivate_locked_super+0x30/0xb0 >>> cleanup_mnt+0xba/0x150 >>> task_work_run+0x5c/0xa0 >>> exit_to_user_mode_loop+0xb7/0xc0 >>> do_syscall_64+0x1ae/0x1c0 >>> entry_SYSCALL_64_after_hwframe+0x76/0x7e >>> </TASK> >>> ---[ end trace 0000000000000000 ]--- >>> >>> It appears that sometimes it is possible that f2fs_put_super() is called before >>> all node page reads are completed. >>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. >>> >>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()") >>> >>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com> >>> --- >>> fs/f2fs/super.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c >>> index 1e0678e37a30..5c94bc42b8a1 100644 >>> --- a/fs/f2fs/super.c >>> +++ b/fs/f2fs/super.c >>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb) >>> f2fs_flush_merged_writes(sbi); >>> f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); >>> + f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE); >> >> Jan, >> >> At this stage, GC and checkpoint are both stopped, why there is still read >> IOs on node page? Who is reading node page? Can you please dig more details >> for this issue? > > We don't actually wait for completing read IOs. So, I think it doesn't matter > the threads are stopped? Read on node page should be synchronous? so if the threads are stopped, there should be no node IOs? Oh, Or there is still pending asynchronous readahead IO on node page after all threads are stopped? Thanks, > >> >> Thanks, >> >>> if (err || f2fs_cp_error(sbi)) { >>> truncate_inode_pages_final(NODE_MAPPING(sbi)); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-11 3:52 ` Chao Yu @ 2025-10-16 17:47 ` Jaegeuk Kim 2025-10-17 9:47 ` Chao Yu 0 siblings, 1 reply; 8+ messages in thread From: Jaegeuk Kim @ 2025-10-16 17:47 UTC (permalink / raw) To: Chao Yu; +Cc: Jan Prusakowski, linux-kernel, linux-f2fs-devel On 10/11, Chao Yu wrote: > On 10/11/25 00:02, Jaegeuk Kim wrote: > > On 10/09, Chao Yu wrote: > >> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote: > >>> Xfstests generic/335, generic/336 sometimes crash with the following message: > >>> > >>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 > >>> ------------[ cut here ]------------ > >>> kernel BUG at fs/f2fs/super.c:1939! > >>> Oops: invalid opcode: 0000 [#1] SMP NOPTI > >>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) > >>> Tainted: [W]=WARN > >>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 > >>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0 > >>> Call Trace: > >>> <TASK> > >>> generic_shutdown_super+0x7e/0x190 > >>> kill_block_super+0x1a/0x40 > >>> kill_f2fs_super+0x9d/0x190 > >>> deactivate_locked_super+0x30/0xb0 > >>> cleanup_mnt+0xba/0x150 > >>> task_work_run+0x5c/0xa0 > >>> exit_to_user_mode_loop+0xb7/0xc0 > >>> do_syscall_64+0x1ae/0x1c0 > >>> entry_SYSCALL_64_after_hwframe+0x76/0x7e > >>> </TASK> > >>> ---[ end trace 0000000000000000 ]--- > >>> > >>> It appears that sometimes it is possible that f2fs_put_super() is called before > >>> all node page reads are completed. > >>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. > >>> > >>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()") > >>> > >>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com> > >>> --- > >>> fs/f2fs/super.c | 1 + > >>> 1 file changed, 1 insertion(+) > >>> > >>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > >>> index 1e0678e37a30..5c94bc42b8a1 100644 > >>> --- a/fs/f2fs/super.c > >>> +++ b/fs/f2fs/super.c > >>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb) > >>> f2fs_flush_merged_writes(sbi); > >>> f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); > >>> + f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE); > >> > >> Jan, > >> > >> At this stage, GC and checkpoint are both stopped, why there is still read > >> IOs on node page? Who is reading node page? Can you please dig more details > >> for this issue? > > > > We don't actually wait for completing read IOs. So, I think it doesn't matter > > the threads are stopped? > > Read on node page should be synchronous? so if the threads are stopped, there > should be no node IOs? Oh, Or there is still pending asynchronous readahead IO > on node page after all threads are stopped? I remember we submit IOs and wait for its completion when we need by lock_page. > > Thanks, > > > > >> > >> Thanks, > >> > >>> if (err || f2fs_cp_error(sbi)) { > >>> truncate_inode_pages_final(NODE_MAPPING(sbi)); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-16 17:47 ` Jaegeuk Kim @ 2025-10-17 9:47 ` Chao Yu 2025-10-28 18:06 ` Jaegeuk Kim 0 siblings, 1 reply; 8+ messages in thread From: Chao Yu @ 2025-10-17 9:47 UTC (permalink / raw) To: Jaegeuk Kim, Jan Prusakowski; +Cc: chao, linux-kernel, linux-f2fs-devel On 10/17/2025 1:47 AM, Jaegeuk Kim wrote: > On 10/11, Chao Yu wrote: >> On 10/11/25 00:02, Jaegeuk Kim wrote: >>> On 10/09, Chao Yu wrote: >>>> On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote: >>>>> Xfstests generic/335, generic/336 sometimes crash with the following message: >>>>> >>>>> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 >>>>> ------------[ cut here ]------------ >>>>> kernel BUG at fs/f2fs/super.c:1939! >>>>> Oops: invalid opcode: 0000 [#1] SMP NOPTI >>>>> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) >>>>> Tainted: [W]=WARN >>>>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 >>>>> RIP: 0010:f2fs_put_super+0x3b3/0x3c0 >>>>> Call Trace: >>>>> <TASK> >>>>> generic_shutdown_super+0x7e/0x190 >>>>> kill_block_super+0x1a/0x40 >>>>> kill_f2fs_super+0x9d/0x190 >>>>> deactivate_locked_super+0x30/0xb0 >>>>> cleanup_mnt+0xba/0x150 >>>>> task_work_run+0x5c/0xa0 >>>>> exit_to_user_mode_loop+0xb7/0xc0 >>>>> do_syscall_64+0x1ae/0x1c0 >>>>> entry_SYSCALL_64_after_hwframe+0x76/0x7e >>>>> </TASK> >>>>> ---[ end trace 0000000000000000 ]--- >>>>> >>>>> It appears that sometimes it is possible that f2fs_put_super() is called before >>>>> all node page reads are completed. >>>>> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. >>>>> >>>>> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()") >>>>> >>>>> Signed-off-by: Jan Prusakowski <jprusakowski@google.com> >>>>> --- >>>>> fs/f2fs/super.c | 1 + >>>>> 1 file changed, 1 insertion(+) >>>>> >>>>> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c >>>>> index 1e0678e37a30..5c94bc42b8a1 100644 >>>>> --- a/fs/f2fs/super.c >>>>> +++ b/fs/f2fs/super.c >>>>> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb) >>>>> f2fs_flush_merged_writes(sbi); >>>>> f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); >>>>> + f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE); >>>> >>>> Jan, >>>> >>>> At this stage, GC and checkpoint are both stopped, why there is still read >>>> IOs on node page? Who is reading node page? Can you please dig more details >>>> for this issue? >>> >>> We don't actually wait for completing read IOs. So, I think it doesn't matter >>> the threads are stopped? >> >> Read on node page should be synchronous? so if the threads are stopped, there >> should be no node IOs? Oh, Or there is still pending asynchronous readahead IO >> on node page after all threads are stopped? > > I remember we submit IOs and wait for its completion when we need by lock_page. We also support readahead on page from meta_inode and common inode, so how about waiting for all potential inflight read IOs? In addtion, f2fs_wait_on_all_pages() is used for write path, how about simplifying as below? diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 4c7da160ca27..ea731f8bf19c 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1983,6 +1983,12 @@ static void f2fs_put_super(struct super_block *sb) f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA); + /* wait for potential inflight readahead IOs */ + for (i = F2FS_RD_DATA; i <= F2FS_RD_META; i++) { + while (get_pages(sbi, i)) + io_schedule_timeout(DEFAULT_IO_TIMEOUT); + } + if (err || f2fs_cp_error(sbi)) { truncate_inode_pages_final(NODE_MAPPING(sbi)); truncate_inode_pages_final(META_MAPPING(sbi)); -- 2.40.1 Thanks, > >> >> Thanks, >> >>> >>>> >>>> Thanks, >>>> >>>>> if (err || f2fs_cp_error(sbi)) { >>>>> truncate_inode_pages_final(NODE_MAPPING(sbi)); ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-17 9:47 ` Chao Yu @ 2025-10-28 18:06 ` Jaegeuk Kim 2025-10-29 1:59 ` Chao Yu 0 siblings, 1 reply; 8+ messages in thread From: Jaegeuk Kim @ 2025-10-28 18:06 UTC (permalink / raw) To: Chao Yu; +Cc: Jan Prusakowski, linux-kernel, linux-f2fs-devel Testing this patch: Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_put_super+0x3b3/0x3c0 Call Trace: <TASK> generic_shutdown_super+0x7e/0x190 kill_block_super+0x1a/0x40 kill_f2fs_super+0x9d/0x190 deactivate_locked_super+0x30/0xb0 cleanup_mnt+0xba/0x150 task_work_run+0x5c/0xa0 exit_to_user_mode_loop+0xb7/0xc0 do_syscall_64+0x1ae/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]--- It appears that sometimes it is possible that f2fs_put_super() is called before all node page reads are completed. Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. Fixes: 20872584b8c0b ("f2fs: fix to drop all dirty meta/node pages during umount()") Signed-off-by: Jan Prusakowski <jprusakowski@google.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> --- fs/f2fs/super.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index bdb5ddb4f966..0b0ef8ba243b 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1989,14 +1989,6 @@ static void f2fs_put_super(struct super_block *sb) truncate_inode_pages_final(META_MAPPING(sbi)); } - for (i = 0; i < NR_COUNT_TYPE; i++) { - if (!get_pages(sbi, i)) - continue; - f2fs_err(sbi, "detect filesystem reference count leak during " - "umount, type: %d, count: %lld", i, get_pages(sbi, i)); - f2fs_bug_on(sbi, 1); - } - f2fs_bug_on(sbi, sbi->fsync_node_num); f2fs_destroy_compress_inode(sbi); @@ -2007,6 +1999,15 @@ static void f2fs_put_super(struct super_block *sb) iput(sbi->meta_inode); sbi->meta_inode = NULL; + /* Should check the page counts after dropping all node/meta pages */ + for (i = 0; i < NR_COUNT_TYPE; i++) { + if (!get_pages(sbi, i)) + continue; + f2fs_err(sbi, "detect filesystem reference count leak during " + "umount, type: %d, count: %lld", i, get_pages(sbi, i)); + f2fs_bug_on(sbi, 1); + } + /* * iput() can update stat information, if f2fs_write_checkpoint() * above failed with error. -- 2.51.1.851.g4ebd6896fd-goog ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes 2025-10-28 18:06 ` Jaegeuk Kim @ 2025-10-29 1:59 ` Chao Yu 0 siblings, 0 replies; 8+ messages in thread From: Chao Yu @ 2025-10-29 1:59 UTC (permalink / raw) To: Jaegeuk Kim; +Cc: chao, Jan Prusakowski, linux-kernel, linux-f2fs-devel On 10/29/25 02:06, Jaegeuk Kim wrote: > Testing this patch: > > Xfstests generic/335, generic/336 sometimes crash with the following message: > > F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 > ------------[ cut here ]------------ > kernel BUG at fs/f2fs/super.c:1939! > Oops: invalid opcode: 0000 [#1] SMP NOPTI > CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) > Tainted: [W]=WARN > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 > RIP: 0010:f2fs_put_super+0x3b3/0x3c0 > Call Trace: > <TASK> > generic_shutdown_super+0x7e/0x190 > kill_block_super+0x1a/0x40 > kill_f2fs_super+0x9d/0x190 > deactivate_locked_super+0x30/0xb0 > cleanup_mnt+0xba/0x150 > task_work_run+0x5c/0xa0 > exit_to_user_mode_loop+0xb7/0xc0 > do_syscall_64+0x1ae/0x1c0 > entry_SYSCALL_64_after_hwframe+0x76/0x7e > </TASK> > ---[ end trace 0000000000000000 ]--- > > It appears that sometimes it is possible that f2fs_put_super() is called before > all node page reads are completed. > Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem. > > Fixes: 20872584b8c0b ("f2fs: fix to drop all dirty meta/node pages during umount()") Cc: stable@kernel.org Otherwise it looks good to me. > Signed-off-by: Jan Prusakowski <jprusakowski@google.com> > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Reviewed-by: Chao Yu <chao@kernel.org> Thanks, > --- > fs/f2fs/super.c | 17 +++++++++-------- > 1 file changed, 9 insertions(+), 8 deletions(-) > > diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c > index bdb5ddb4f966..0b0ef8ba243b 100644 > --- a/fs/f2fs/super.c > +++ b/fs/f2fs/super.c > @@ -1989,14 +1989,6 @@ static void f2fs_put_super(struct super_block *sb) > truncate_inode_pages_final(META_MAPPING(sbi)); > } > > - for (i = 0; i < NR_COUNT_TYPE; i++) { > - if (!get_pages(sbi, i)) > - continue; > - f2fs_err(sbi, "detect filesystem reference count leak during " > - "umount, type: %d, count: %lld", i, get_pages(sbi, i)); > - f2fs_bug_on(sbi, 1); > - } > - > f2fs_bug_on(sbi, sbi->fsync_node_num); > > f2fs_destroy_compress_inode(sbi); > @@ -2007,6 +1999,15 @@ static void f2fs_put_super(struct super_block *sb) > iput(sbi->meta_inode); > sbi->meta_inode = NULL; > > + /* Should check the page counts after dropping all node/meta pages */ > + for (i = 0; i < NR_COUNT_TYPE; i++) { > + if (!get_pages(sbi, i)) > + continue; > + f2fs_err(sbi, "detect filesystem reference count leak during " > + "umount, type: %d, count: %lld", i, get_pages(sbi, i)); > + f2fs_bug_on(sbi, 1); > + } > + > /* > * iput() can update stat information, if f2fs_write_checkpoint() > * above failed with error. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-10-29 1:59 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-10-06 8:46 [PATCH] f2fs: ensure node page reads complete before f2fs_put_super() finishes Jan Prusakowski 2025-10-09 3:33 ` [f2fs-dev] " Chao Yu 2025-10-10 16:02 ` Jaegeuk Kim 2025-10-11 3:52 ` Chao Yu 2025-10-16 17:47 ` Jaegeuk Kim 2025-10-17 9:47 ` Chao Yu 2025-10-28 18:06 ` Jaegeuk Kim 2025-10-29 1:59 ` Chao Yu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).