erofs image that can put z_erofs_scan_folio() into an infinite loop
rtm at csail.mit.edu
rtm at csail.mit.edu
Fri Oct 17 07:18:06 AEDT 2025
This produces an infinite loop in z_erofs_scan_folio():
# uname -r
6.17.0-12747-g859be217ee9e
# wget http://www.rtmrtm.org/rtm/erofs6a.img
# mount -t erofs -o loop erofs6a.img /mnt
# cp /mnt/x /tmp/y
I'm afraid I have not been able to track down what is going on. But
one factor is that erofs_inode_extended->i_size is 0x80000000000fff;
changing it to e.g. 3 makes the infinite loop go away.
On the other hand, here's another image can also loop forever in
z_erofs_scan_folio(), but has a more ordinary i_size:
# wget http://www.rtmrtm.org/rtm/erofs23a.img
# mount -t erofs -o loop erofs23a.img /mnt
# cp /mnt/x /tmp/y
Robert Morris
rtm at mit.edu
More information about the Linux-erofs
mailing list