infinite loop in z_erofs_zstd_decompress()

Gao Xiang hsiangkao at linux.alibaba.com
Tue Oct 28 12:41:51 AEDT 2025 


On 2025/10/28 06:50, rtm at csail.mit.edu wrote:
> # uname -r
> 6.18.0-rc3-00011-g31772dcc6abc
> # wget http://www.rtmrtm.org/rtm/erofs22a.img
> # mount -t erofs -o loop erofs22a.img /mnt
> # ls -l /mnt/x
> ...
> BUG: soft lockup - CPU#8 stuck for 26s! [ls:1309]
> 
> The "do" loop in z_erofs_zstd_decompress() never quits; some
> guesses about why:
> 
>   * in_buf.size and .pos indicate there is no more input available.
> 
>   * zstd_decompress_stream() returns 9 indicating that it would like
>     more input.
> 
>   * z_erofs_stream_switch_bufs() does nothing, perhaps because
>     rq->inputsize and rq->outputsize are both zero, but also
>     returns err=0.
> 
> #0  0xffffffff806ddbd6 in z_erofs_zstd_decompress (rq=0xffffffc6002f3308,
>      pgpl=0xffffffc6002f3750) at fs/erofs/decompressor_zstd.c:178
> #1  0xffffffff806dab54 in z_erofs_decompress_pcluster (err=0,
>      be=0xffffffc6002f3340) at fs/erofs/zdata.c:1308
> #2  z_erofs_decompress_queue (io=io at entry=0xffffffc6002f35c8,
>      pagepool=pagepool at entry=0xffffffc6002f3750) at fs/erofs/zdata.c:1408
> #3  0xffffffff806dba48 in z_erofs_runqueue (f=f at entry=0xffffffc6002f36e0,
>      rapages=rapages at entry=0) at fs/erofs/zdata.c:1804
> #4  0xffffffff806dbf00 in z_erofs_read_folio (file=file at entry=0x0,
>      folio=folio at entry=0xffffffc500145140) at fs/erofs/zdata.c:1884
> #5  0xffffffff8020adaa in filemap_read_folio (file=file at entry=0x0,
>      filler=filler at entry=0xffffffff806dbe6e <z_erofs_read_folio>,
>      folio=folio at entry=0xffffffc500145140) at mm/filemap.c:2444
> #6  0xffffffff8020d66a in do_read_cache_folio (mapping=0xffffffd602488588,
>      index=index at entry=0, filler=0xffffffff806dbe6e <z_erofs_read_folio>,
>      filler at entry=0x0, file=0x0, gfp=1051840) at mm/filemap.c:4024
> #7  0xffffffff8020d714 in read_cache_folio (mapping=<optimized out>,
>      index=index at entry=0, filler=filler at entry=0x0, file=<optimized out>)
>      at mm/filemap.c:4056
> #8  0xffffffff806d37ea in read_mapping_folio (file=<optimized out>, index=0,
>      mapping=<optimized out>) at ./include/linux/pagemap.h:999
> #9  erofs_bread (buf=buf at entry=0xffffffc6002f3910, offset=0,
>      need_kmap=need_kmap at entry=true) at fs/erofs/data.c:40
> #10 0xffffffff806d41a8 in erofs_find_target_block (
>      target=target at entry=0xffffffc6002f3a00, dir=dir at entry=0xffffffd6024883f0,
>      name=name at entry=0xffffffc6002f39f0,
>      _ndirents=_ndirents at entry=0xffffffc6002f39ec) at fs/erofs/namei.c:103
> #11 0xffffffff806d4440 in erofs_namei (dir=dir at entry=0xffffffd6024883f0,
>      name=name at entry=0xffffffd6025b88b0, nid=nid at entry=0xffffffc6002f3ab0,
>      d_type=d_type at entry=0xffffffc6002f3aac) at fs/erofs/namei.c:177
> #12 0xffffffff806d4710 in erofs_lookup (flags=<optimized out>,
>      dentry=0xffffffd6025b8890, dir=0xffffffd6024883f0) at fs/erofs/namei.c:206
> #13 erofs_lookup (dir=0xffffffd6024883f0, dentry=0xffffffd6025b8890,
>      flags=<optimized out>) at fs/erofs/namei.c:193
> #14 0xffffffff802c575e in __lookup_slow (name=name at entry=0xffffffc6002f3bf8,
>      dir=dir at entry=0xffffffd6025b8620, flags=flags at entry=0) at fs/namei.c:1816
> #15 0xffffffff802c8a10 in lookup_slow (flags=0, dir=0xffffffd6025b8620,
>      name=0xffffffc6002f3bf8) at fs/namei.c:1833
> #16 walk_component (nd=0xffffffc6002f3be8, flags=1) at fs/namei.c:2151
> #17 0xffffffff802c93c2 in lookup_last (nd=0xffffffc6002f3be8)
>      at fs/namei.c:2660
> #18 path_lookupat (nd=nd at entry=0xffffffc6002f3be8, flags=flags at entry=256,
>      path=path at entry=0xffffffc6002f3d28) at fs/namei.c:2684

Thanks! Let me try to look into this today.

Thanks,
Gao Xiang

> 
> Robert Morris
> rtm at mit.edu

More information about the Linux-erofs mailing list