fsck.f2fs: add a sanity check in update_data_blkaddr()

chaseyu · Jaegeuk Kim · commit 37f5fddd1f44 · 2026-04-15T16:45:27.000Z
[ 16.609296][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.609300][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.609318][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.609323][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.609329][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.609332][ T423] fsck.f2fs: [ASSERT] (get_sum_block:2422) --> segno [0x222c] indicates a data segment, but should be node [ 16.706176][ T574] DEBUG: Executable: /system/bin/fsck.f2fs [ 16.706347][ T574] DEBUG: Cmdline: /system/bin/fsck.f2fs -a -c 10000 --debug-cache --nolinear-lookup=1 /dev/block/mapper/userdata [ 16.706519][ T574] DEBUG: pid: 531, ppid: 423, tid: 531, name: fsck.f2fs >>> /system/bin/fsck.f2fs <<< [ 16.706687][ T574] DEBUG: uid: 0 [ 16.706861][ T574] DEBUG: tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE) [ 16.707035][ T574] DEBUG: pac_enabled_keys: 000000000000000f (PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY) [ 16.707360][ T574] DEBUG: esr: 0000000092000007 (Data Abort Exception 0x24) [ 16.707520][ T574] DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000007fe0d0afd0 (read) [ 16.707674][ T574] DEBUG: Cause: stack pointer is in a non-existent map; likely due to stack overflow. [ 16.707832][ T574] DEBUG: x0 00000056d9adcc08 x1 0000007fe0d0c0b8 x2 0000000000000000 x3 0000000000000001 [ 16.707987][ T574] DEBUG: x4 0000000000000000 x5 00000056d9ad4000 x6 00000056d9adc000 x7 00000056d9adc000 [ 16.708141][ T574] DEBUG: x8 0000000000000040 x9 0000000000000001 x10 0000000000001000 x11 0000007fe0d0afd0 [ 16.708296][ T574] DEBUG: x12 0000000000001000 x13 0000000000000009 x14 000000000008c015 x15 00000000000004bc [ 16.708564][ T574] DEBUG: x16 b400007b0e7ea780 x17 b4000078fa60e870 x18 0000007b0ea08000 x19 00000000004d184c [ 16.708741][ T574] DEBUG: x20 00000056d9adcc08 x21 0000007fe0d0bfd0 x22 0000007fe0d0afd0 x23 00000056d9ad4954 [ 16.708914][ T574] DEBUG: x24 0000000000000001 x25 b400007a6a60b9d0 x26 0000000000000037 x27 0000000000000001 [ 16.709108][ T574] DEBUG: x28 0000000000000000 x29 0000007fe0d0c050 [ 16.709262][ T574] DEBUG: lr 005b0fd6d9aba138 sp 0000007fe0d0afd0 pc 00000056d9aaf8a0 pst 0000000060001000 [ 16.709416][ T574] DEBUG: esr 0000000092000007 vg 0000000000000002 [ 16.709571][ T574] DEBUG: 512 total frames [ 16.709723][ T574] DEBUG: backtrace: [ 16.710133][ T574] DEBUG: #00 pc 000000000002f8a0 /system/bin/fsck.f2fs (find_next_free_block+192) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.710482][ T574] DEBUG: #1 pc 000000000003a134 /system/bin/fsck.f2fs (update_block+276) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.710695][ T574] DEBUG: #2 pc 000000000002e5e8 /system/bin/fsck.f2fs (update_data_blkaddr+296) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.710875][ T574] DEBUG: #3 pc 000000000003a250 /system/bin/fsck.f2fs (update_block+560) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) ... (loop) [ 16.806359][ T574] DEBUG: #505 pc 000000000003a250 /system/bin/fsck.f2fs (update_block+560) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.806544][ T574] DEBUG: #506 pc 000000000002e5e8 /system/bin/fsck.f2fs (update_data_blkaddr+296) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.806730][ T574] DEBUG: #507 pc 000000000003a250 /system/bin/fsck.f2fs (update_block+560) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.806915][ T574] DEBUG: #508 pc 000000000002e5e8 /system/bin/fsck.f2fs (update_data_blkaddr+296) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.807101][ T574] DEBUG: #509 pc 000000000003a250 /system/bin/fsck.f2fs (update_block+560) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.807293][ T574] DEBUG: #510 pc 000000000002e5e8 /system/bin/fsck.f2fs (update_data_blkaddr+296) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.807478][ T574] DEBUG: #511 pc 000000000003a250 /system/bin/fsck.f2fs (update_block+560) (BuildId: e2a4d8d81fcb93e518e8bc64f8df050d) [ 16.807665][ T574] DEBUG: Note: To display stack pointer information, use the pbtombstone tool: If there is inconsistent status in between SIT and node segment: 1. SIT indicate the segment is data type 2. a node block locates in the segment It will cause deadloop w/ below patern: a) fsck call update_block() to update the node block to a newly allocated blkaddr, however it finds the node is in data segment, so it treat the node block as data block, then calling update_data_blkaddr() to update it to a new blkaddr. b) in update_data_blkaddr(), because node_blk is NULL, so it treats the newaddr as block address of data block, then calling update_block() to update metadata of target data block. This patch adds a sanity check in update_data_blkaddr() to detect such inconsistency and end up w/ log and ASSERT(). Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
diff --git a/fsck/mount.c b/fsck/mount.c
@@ -2515,6 +2515,8 @@ void update_data_blkaddr(struct f2fs_sb_info *sbi, nid_t nid,
 	int ret;
 
 	if (node_blk == NULL) {
+		struct seg_entry *se;
+
 		node_blk = (struct f2fs_node *)calloc(F2FS_BLKSIZE, 1);
 		ASSERT(node_blk);
 
@@ -2524,6 +2526,13 @@ void update_data_blkaddr(struct f2fs_sb_info *sbi, nid_t nid,
 		ret = dev_read_block(node_blk, ni.blk_addr);
 		ASSERT(ret >= 0);
 		node_blk_alloced = true;
+
+		se = get_seg_entry(sbi, GET_SEGNO(sbi, ni.blk_addr));
+		if (IS_DATASEG(se->type)) {
+			ERR_MSG("NAT and SIT is inconsistent: ino: %u, nid: %u, blkaddr: %u, segtype: %d",
+				ni.ino, ni.nid, ni.blk_addr, se->type);
+			ASSERT(0);
+		}
 	}
 
 	/* check its block address */
