ZMS Data Loss — ATE ID 0x1A80 Overwritten

Hello,

I suspect that this is patched in this commit:

https://github.com/zephyrproject-rtos/zephyr/commit/15cbe9fd18e2a319811a3cd877f238543050da18

Which is included in NCS v3.1.0.

Do you have an application where I can reproduce the issue on an nRF54L15 DK? Alternatively, can you see if running your application in v3.1.0 fixes the issue, or if it is still present?

Best regards,

Edvin

Some more context. There was a bug where if a partition was mounted after it's initial mount, this could lead to a bug showing what you are seeing. But I am not 100% sure that is actually what you are seeing, which is why I would like to verify whether using NCS v3.1.0 has the same behavior or not.

BR,
Edvin

Hi,

My colleague and I are working on a data corruption issue in ZMS together, and we now have a 100% reproducible test case.

Setup: 3 sectors. Write ID=0x1A80 in the first sector, then keep writing other data entries. Manually monitor free space and trigger GC. After 2 GC cycles complete, power off and restart.

After reboot, ID=0x1A80 has been correctly migrated to the active sector by GC — reading it returns the correct data. However, if we then write ONE more entry (any new data), the data at 0x1A80 gets corrupted/overwritten.

We tested this specifically when the code path `gc_done_marker = true` is hit during recovery.

Looking at the zms code, I noticed something in zms_recover_last_ate() that I think might be related:

/* skip close and empty ATE */
*addr -= 2 * fs->ate_size;

The function is called during recovery with addr pointing to the close_ate position (sector_size - 2*ate_size). After subtracting 2*ate_size, the scan starts at sector_size - 4*ate_size. But this skips one valid ATE position at sector_size - 3*ate_size — right below the close_ate.

Could this cause data_wra to be reconstructed incorrectly during recovery after a GC + power loss, so that the next data write ends up overwriting existing data? Would the correct fix be to change "-= 2" to "-= 1"?

Would appreciate any insights.

Thanks

It could be related, but I can't say 100% whether this will fix the issue. Can you try to run it in NCS v3.1.0 or later?

BR,

Edvin

Hi ，

I haven’t tested this on NCS v3.1.0 yet. Adopting the change may involve additional evaluation and testing of some related interfaces.

However, I compared the ZMS-related code between the currently used NCS v3.0.0 (which consistently reproduces the issue) and v3.1.0, and I did not observe any changes in this part.

The test method described above can reproduce the problem 100% of the time, and after applying the proposed modification, the issue no longer occurs.

Could you please take a look and let me know if this fix looks reasonable?

Best regards,

Pang