lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c4643bb6-882a-4229-b938-e94398294905@kernel.org>
Date: Thu, 9 Oct 2025 11:33:56 +0800
From: Chao Yu <chao@...nel.org>
To: Jan Prusakowski <jprusakowski@...gle.com>, jaegeuk@...nel.org
Cc: chao@...nel.org, linux-kernel@...r.kernel.org,
 linux-f2fs-devel@...ts.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH] f2fs: ensure node page reads complete before
 f2fs_put_super() finishes

On 10/6/2025 4:46 PM, Jan Prusakowski via Linux-f2fs-devel wrote:
> Xfstests generic/335, generic/336 sometimes crash with the following message:
> 
> F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
> ------------[ cut here ]------------
> kernel BUG at fs/f2fs/super.c:1939!
> Oops: invalid opcode: 0000 [#1] SMP NOPTI
> CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G        W           6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
> Tainted: [W]=WARN
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> RIP: 0010:f2fs_put_super+0x3b3/0x3c0
> Call Trace:
>   <TASK>
>   generic_shutdown_super+0x7e/0x190
>   kill_block_super+0x1a/0x40
>   kill_f2fs_super+0x9d/0x190
>   deactivate_locked_super+0x30/0xb0
>   cleanup_mnt+0xba/0x150
>   task_work_run+0x5c/0xa0
>   exit_to_user_mode_loop+0xb7/0xc0
>   do_syscall_64+0x1ae/0x1c0
>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>   </TASK>
> ---[ end trace 0000000000000000 ]---
> 
> It appears that sometimes it is possible that f2fs_put_super() is called before
> all node page reads are completed.
> Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
> 
> Fixes: bf22c3cc8ce7 ("f2fs: fix the panic in do_checkpoint()")
> 
> Signed-off-by: Jan Prusakowski <jprusakowski@...gle.com>
> ---
>   fs/f2fs/super.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
> index 1e0678e37a30..5c94bc42b8a1 100644
> --- a/fs/f2fs/super.c
> +++ b/fs/f2fs/super.c
> @@ -1976,6 +1976,7 @@ static void f2fs_put_super(struct super_block *sb)
>   	f2fs_flush_merged_writes(sbi);
>   
>   	f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA);
> +	f2fs_wait_on_all_pages(sbi, F2FS_RD_NODE);

Jan,

At this stage, GC and checkpoint are both stopped, why there is still read
IOs on node page? Who is reading node page? Can you please dig more details
for this issue?

Thanks,

>   
>   	if (err || f2fs_cp_error(sbi)) {
>   		truncate_inode_pages_final(NODE_MAPPING(sbi));


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ