CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid migrating empty section

It reports a bug from device w/ zufs:

F2FS-fs (dm-64): Inconsistent segment (173822) type [1, 0] in SSA and SIT F2FS-fs (dm-64): Stopped filesystem due to reason: 4

Thread A Thread B - f2fsexpandinodedata - f2fsallocatepinningsection - f2fsgcrange - dogarbagecollect w/ segno #x - writepage - f2fsallocatedatablock - newcurseg - allocate segno #x

The root cause is: fallocate on pinning file may race w/ block allocation as above, result in dogarbagecollect() from fallocate() may migrate segment which is just allocated by a log, the log will update segment type in its in-memory structure, however GC will get segment type from on-disk SSA block, once segment type changes by log, we can detect such inconsistency, then shutdown filesystem.

In this case, on-disk SSA shows type of segno #173822 is 1 (SUMTYPENODE), however segno #173822 was just allocated as data type segment, so in-memory SIT shows type of segno #173822 is 0 (SUMTYPEDATA).

Change as below to fix this issue: - check whether current section is empty before gc - add sanity checks on dogarbagecollect() to avoid any race case, result in migrating segment used by log. - btw, it fixes misc issue in printed logs: "SSA and SIT" -> "SIT and SSA".