CVE-2025-71107

In the Linux kernel, the following vulnerability has been resolved:

f2fs: ensure node page reads complete before f2fsputsuper() finishes

Xfstests generic/335, generic/336 sometimes crash with the following message:

F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fsputsuper+0x3b3/0x3c0 Call Trace: <TASK> genericshutdownsuper+0x7e/0x190 killblocksuper+0x1a/0x40 killf2fssuper+0x9d/0x190 deactivatelockedsuper+0x30/0xb0 cleanupmnt+0xba/0x150 taskworkrun+0x5c/0xa0 exittousermodeloop+0xb7/0xc0 dosyscall64+0x1ae/0x1c0 entrySYSCALL64after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]---

It appears that sometimes it is possible that f2fsputsuper() is called before all node page reads are completed. Adding a call to f2fswaitonallpages() for F2FSRDNODE fixes the problem.