Broken f2fs after sysupgrade on Rpi, config not restored

I've been using OpenWrt for quite some time and dozens of upgrade cycles on RPi with squashfs/f2fs.

Now, apparently only out of bad luck, the following happened:

  • the new image was only one erase block (64k) longer than the previous one
  • the overlay backup (creation of sysupgrade.tgz) worked ok
  • the new squashfs rootfs was written ok
  • the /boot FAT partition (RPi speciality) was written ok and sysupgrade.tgz moved there ok
  • the device did reboot into the new kernel/rootfs
  • in preinit_main, do_mount_root, mount_root failed to mount the f2fs in a way that it could neither be mounted, nor triggered creating a new f2fs (see below), breaking the device's further operation.
  • This apparently happened just out of bad luck, because what was on the SDcard following the squashfs (the previous f2fs data) was enough to make mount_root think seeing a f2fs, probably because it found a secondary copy of the f2fs superblock and took it to be the first, but then failed because further data and offsets were wrong.
  • Once I zeroed out a few dozen disk blocks on the SD card immediately following the squashfs (from a desktop machine, having fun with unsquashfs to find offsets...), cleaning away the remainders of the previous f2fs, but without modifying anything else, the RPi booted from the card again and did complete the config restore successfully.
  • So the problem is clearly the random data following the squashfs. This seems to be a peculiarity of the way the Rpi (bcm27xx) sysupgrade works, with the options for updating multiple partitions and support for ext4-only layout.

I wonder if there's something that could be added to target/linux/bcm27xx/base-files/upgrade/ platform_do_upgrade() to clean the remainders of the previous f2fs after writing a new squashfs?

Here's the error in the reboot after sysupgrade:

Press the [fl key and hit lenter] to enter failsafe mode
Press the [11, [21, [31 or [41 key and hit [enter] to select the debug level
[    9.5984921] F2FS-fs (loop0) : inconsistent node e block, nid:3, node footer[nid:0,ino:0,ofs:0,cpver:0,blkaddr:0]
[    9.6144351] F2FS-fs (loop0): Failed to read root inode
[    9.6302011] mount root: failed to mount -t. f2fs /dev/loop0 /tmp/overlay: Invalid argument
mkdir: can't create directory '/boot' : Read-only file system
mount: mounting /dev/mmcbIk0p1 on /boot failed: No such file or directory

For an end user, getting into this situation is a near-bricking event, so I really would like to make sure that can't happen again. It did happen on 2 identically set up RPi's (same f2fs leftovers situation on both).

I'm far from having understood all of sysupgrade/preinit well enough to actually propose a fix, but I hope someone with more insight could give a hint :wink:

Thanks in advance!