infinite loop in z_erofs_zstd_decompress()

rtm at csail.mit.edu rtm at csail.mit.edu
Tue Oct 28 09:50:13 AEDT 2025 

# uname -r
6.18.0-rc3-00011-g31772dcc6abc
# wget http://www.rtmrtm.org/rtm/erofs22a.img
# mount -t erofs -o loop erofs22a.img /mnt
# ls -l /mnt/x
...
BUG: soft lockup - CPU#8 stuck for 26s! [ls:1309]

The "do" loop in z_erofs_zstd_decompress() never quits; some
guesses about why:

 * in_buf.size and .pos indicate there is no more input available.

 * zstd_decompress_stream() returns 9 indicating that it would like
   more input.

 * z_erofs_stream_switch_bufs() does nothing, perhaps because
   rq->inputsize and rq->outputsize are both zero, but also
   returns err=0.

#0  0xffffffff806ddbd6 in z_erofs_zstd_decompress (rq=0xffffffc6002f3308, 
    pgpl=0xffffffc6002f3750) at fs/erofs/decompressor_zstd.c:178
#1  0xffffffff806dab54 in z_erofs_decompress_pcluster (err=0, 
    be=0xffffffc6002f3340) at fs/erofs/zdata.c:1308
#2  z_erofs_decompress_queue (io=io at entry=0xffffffc6002f35c8, 
    pagepool=pagepool at entry=0xffffffc6002f3750) at fs/erofs/zdata.c:1408
#3  0xffffffff806dba48 in z_erofs_runqueue (f=f at entry=0xffffffc6002f36e0, 
    rapages=rapages at entry=0) at fs/erofs/zdata.c:1804
#4  0xffffffff806dbf00 in z_erofs_read_folio (file=file at entry=0x0, 
    folio=folio at entry=0xffffffc500145140) at fs/erofs/zdata.c:1884
#5  0xffffffff8020adaa in filemap_read_folio (file=file at entry=0x0, 
    filler=filler at entry=0xffffffff806dbe6e <z_erofs_read_folio>, 
    folio=folio at entry=0xffffffc500145140) at mm/filemap.c:2444
#6  0xffffffff8020d66a in do_read_cache_folio (mapping=0xffffffd602488588, 
    index=index at entry=0, filler=0xffffffff806dbe6e <z_erofs_read_folio>, 
    filler at entry=0x0, file=0x0, gfp=1051840) at mm/filemap.c:4024
#7  0xffffffff8020d714 in read_cache_folio (mapping=<optimized out>, 
    index=index at entry=0, filler=filler at entry=0x0, file=<optimized out>)
    at mm/filemap.c:4056
#8  0xffffffff806d37ea in read_mapping_folio (file=<optimized out>, index=0, 
    mapping=<optimized out>) at ./include/linux/pagemap.h:999
#9  erofs_bread (buf=buf at entry=0xffffffc6002f3910, offset=0, 
    need_kmap=need_kmap at entry=true) at fs/erofs/data.c:40
#10 0xffffffff806d41a8 in erofs_find_target_block (
    target=target at entry=0xffffffc6002f3a00, dir=dir at entry=0xffffffd6024883f0, 
    name=name at entry=0xffffffc6002f39f0, 
    _ndirents=_ndirents at entry=0xffffffc6002f39ec) at fs/erofs/namei.c:103
#11 0xffffffff806d4440 in erofs_namei (dir=dir at entry=0xffffffd6024883f0, 
    name=name at entry=0xffffffd6025b88b0, nid=nid at entry=0xffffffc6002f3ab0, 
    d_type=d_type at entry=0xffffffc6002f3aac) at fs/erofs/namei.c:177
#12 0xffffffff806d4710 in erofs_lookup (flags=<optimized out>, 
    dentry=0xffffffd6025b8890, dir=0xffffffd6024883f0) at fs/erofs/namei.c:206
#13 erofs_lookup (dir=0xffffffd6024883f0, dentry=0xffffffd6025b8890, 
    flags=<optimized out>) at fs/erofs/namei.c:193
#14 0xffffffff802c575e in __lookup_slow (name=name at entry=0xffffffc6002f3bf8, 
    dir=dir at entry=0xffffffd6025b8620, flags=flags at entry=0) at fs/namei.c:1816
#15 0xffffffff802c8a10 in lookup_slow (flags=0, dir=0xffffffd6025b8620, 
    name=0xffffffc6002f3bf8) at fs/namei.c:1833
#16 walk_component (nd=0xffffffc6002f3be8, flags=1) at fs/namei.c:2151
#17 0xffffffff802c93c2 in lookup_last (nd=0xffffffc6002f3be8)
    at fs/namei.c:2660
#18 path_lookupat (nd=nd at entry=0xffffffc6002f3be8, flags=flags at entry=256, 
    path=path at entry=0xffffffc6002f3d28) at fs/namei.c:2684

Robert Morris
rtm at mit.edu

More information about the Linux-erofs mailing list