Re: [PATCH] xfs: drain inodegc before quota teardown on mount failure

[Christoph Hellwig]

On Fri, May 15, 2026 at 12:07:12AM +0800, Zhang Cen wrote:
> Sanitizer validation reported:

How did you run into this?  Normal xfstests under a new sanitizer?

> Fixes: ab23a7768739 ("xfs: per-cpu deferred inode inactivation queues")
> 
> Signed-off-by: Zhang Cen <rollkingzzc@xxxxxxxxx>

Nit: no empty line between the Fixes and the Signoff or other tags,
please.

> diff --git a/fs/xfs/xfs_mount.c b/fs/xfs/xfs_mount.c
> index b24195f570cd..e8a870482d1a 100644
> --- a/fs/xfs/xfs_mount.c
> +++ b/fs/xfs/xfs_mount.c
> @@ -1228,6 +1228,12 @@ xfs_mountfs(
>  	return 0;
>  
>   out_agresv:
> +	/*
> +	 * Drain ordinary inodegc before we drop per-AG reservations or tear
> +	 * down quota state.  Background inactivation can still attach dquots
> +	 * here, and dqget can still need the quota inodes.
> +	 */
> +	xfs_inodegc_flush(mp);

This looks good.

>   out_free_metadir:
>  	if (mp->m_metadirip)
>  		xfs_irele(mp->m_metadirip);
>  
>  	/*
> -	 * Inactivate all inodes that might still be in memory after a log
> -	 * intent recovery failure so that reclaim can free them.  Metadata
> -	 * inodes and the root directory shouldn't need inactivation, but the
> -	 * mount failed for some reason, so pull down all the state and flee.
> +	 * Flush inodegc before we destroy quotainfo.  This is the first drain
> +	 * for paths that bypass out_agresv, and it also catches any reclaim
> +	 * queued by the quota, realtime, root, or metadir teardown above.
>  	 */
>  	xfs_inodegc_flush(mp);
>  
> +	/* Clean out dquots that might be in memory after quotacheck. */
> +	xfs_qm_unmount(mp);

This is later in the teardown order than where I'd expect it. The
first thing that can bring in quotainodes is xfs_qm_newmount.  I'd
expect a new label placed above out_rtunmount to handle this.  Is
there a reason I'm missing why this won't work?