Bug with corrupted squashfs image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi,

mounting the squashfs image at http://www.cccmz.de/~snakebyte/squashfs.9.img.bz2
results in the following oops:

[  113.485219] BUG: unable to handle kernel NULL pointer dereference at (null)
[  113.485615] IP: [<c032b94a>] zlib_inflate+0x85a/0x18d0
[  113.485883] Oops: 0002 [#1] DEBUG_PAGEALLOC
[  113.486123] last sysfs file: /sys/block/sda/size
[  113.486257] Modules linked in: nfsd exportfs nfs lockd nfs_acl auth_rpcgss sunrpc ipv6 fuse unix
[  113.487294] 
[  113.487464] Pid: 4461, comm: mount Not tainted (2.6.29-rc1 #90) 
[  113.487609] EIP: 0060:[<c032b94a>] EFLAGS: 00010246 CPU: 0
[  113.487752] EIP is at zlib_inflate+0x85a/0x18d0
[  113.487889] EAX: 00000000 EBX: 00000003 ECX: 00000001 EDX: 00000000
[  113.488049] ESI: 00000000 EDI: c7df452b EBP: c7d59c78 ESP: c7d59b6c
[  113.488049]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  113.488049] Process mount (pid: 4461, ti=c7d59000 task=c7dd3710 task.ti=c7d59000)
[  113.488049] Stack:
[  113.488049]  c7df0068 c7df0054 c7df02ec 00000036 00000002 00000000 c7d59c08 c014ee4c
[  113.488049]  00000083 00000031 00000003 00000138 0000011e 00000000 c7990f98 c7df0000
[  113.488049]  c7df052c c7df02ec c7df0050 c7df0068 c7df006c c7df052c 0000003f c7df0054
[  113.488049] Call Trace:
[  113.488049]  [<c014ee4c>] ? __lock_acquire+0x26c/0x1110
[  113.488049]  [<c0140001>] ? posix_cpu_clock_get+0x1/0x160
[  113.488049]  [<c062a421>] ? mutex_lock_nested+0x1f1/0x2c0
[  113.488049]  [<c062a42b>] ? mutex_lock_nested+0x1fb/0x2c0
[  113.488049]  [<c022277d>] ? squashfs_read_data+0x3fd/0x830
[  113.488049]  [<c02228b9>] ? squashfs_read_data+0x539/0x830
[  113.488049]  [<c022303c>] ? squashfs_cache_get+0x25c/0x330
[  113.488049]  [<c014e941>] ? trace_hardirqs_on_caller+0x151/0x1c0
[  113.488049]  [<c02231ff>] ? squashfs_read_metadata+0x6f/0x140
[  113.488049]  [<c0224f32>] ? squashfs_read_inode+0x82/0x7e0
[  113.488049]  [<c01ba039>] ? new_inode+0x79/0x80
[  113.488049]  [<c02262e2>] ? squashfs_fill_super+0x4c2/0x9a0
[  113.488049]  [<c01a9633>] ? get_sb_bdev+0x123/0x150
[  113.488049]  [<c01b0030>] ? do_lookup+0x130/0x1c0
[  113.488049]  [<c018ba01>] ? kstrdup+0x31/0x60
[  113.488049]  [<c0225c61>] ? squashfs_get_sb+0x21/0x30
[  113.488049]  [<c0225e20>] ? squashfs_fill_super+0x0/0x9a0
[  113.488049]  [<c01a8e69>] ? vfs_kern_mount+0x59/0x130
[  113.488049]  [<c01a8f99>] ? do_kern_mount+0x39/0xe0
[  113.488049]  [<c01be4b4>] ? do_mount+0x434/0x7b0
[  113.488049]  [<c01bc9ac>] ? copy_mount_options+0x3c/0x130
[  113.488049]  [<c01be8b4>] ? sys_mount+0x84/0xb0
[  113.488049]  [<c0103551>] ? sysenter_do_call+0x12/0x31
[  113.488049] Code: 70 ff ff ff 3b 85 70 ff ff ff 8b b5 30 ff ff ff 0f 46 c8 29 ca 29 8d 70 ff ff ff 89 56 3c 31 d2 90 0f b6 04 17 8b b5 6c ff ff ff <88> 04 16 83 c2 01 39 ca 75 ec 8b 85 30 ff ff ff 01 d6 89 b5 6c 
[  113.488049] EIP: [<c032b94a>] zlib_inflate+0x85a/0x18d0 SS:ESP 0068:c7d59b6c
[  113.502261] ---[ end trace 42a589fe0cbc2ff1 ]---


(gdb) l *(zlib_inflate+0x85a)
0xc032b94a is in zlib_inflate (lib/zlib_inflate/inflate.c:683).
678	            }
679	            if (copy > left) copy = left;
680	            left -= copy;
681	            state->length -= copy;
682	            do {
683	                *put++ = *from++;
684	            } while (--copy);
685	            if (state->length == 0) state->mode = LEN;
686	            break;
687	        case LIT:



I already reported a similar issue to Phillip but got no reply (lost in spam?),
so I duplicate it here:

[ 6053.337097] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 6053.337320] IP: [<c055118f>] zlib_inflate+0xfcc/0x15a9
[ 6053.337488] *pde = 00000000
[ 6053.337619] Oops: 0002 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 6053.337892] last sysfs file: /sys/block/ram9/range
[ 6053.337994] Modules linked in:
[ 6053.338020]
[ 6053.338020] Pid: 28143, comm: cat Tainted: G        W
(2.6.28-09185-g71dd273 #182) System Name
[ 6053.338020] EIP: 0060:[<c055118f>] EFLAGS: 00010206 CPU: 0
[ 6053.338020] EIP is at zlib_inflate+0xfcc/0x15a9
[ 6053.338020] EAX: 00000075 EBX: c1820000 ECX: 00001000 EDX: 00000000
[ 6053.338020] ESI: c182052c EDI: c18202ec EBP: cc37cc28 ESP: cc37cb10
[ 6053.338020]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 6053.338020] Process cat (pid: 28143, ti=cc37c000 task=cc328000
task.ti=cc37c000)
[ 6053.338020] Stack:
[ 6053.338020]  c07f0c15 c10ea164 c07f0c5e 00000001 c18202ec c182052c
000007ff 000001ff
[ 6053.338020]  c17477c0 cc37cbb0 00000000 cba5dd38 c182052c 66fee13b
00000581 c1820d74
[ 6053.338020]  cd050768 00000000 00000006 00001000 00000001 00000001
00000368 00000000
[ 6053.338020] Call Trace:
[ 6053.338020]  [<c07f0c15>] ? schedule+0x91d/0x943
[ 6053.338020]  [<c07f0c5e>] ? io_schedule+0x23/0x2d
[ 6053.338020]  [<c07f322c>] ? _spin_unlock_irqrestore+0x47/0x5d
[ 6053.338020]  [<c07f1021>] ? out_of_line_wait_on_bit+0x5d/0x65
[ 6053.338020]  [<c01ba5b8>] ? sync_buffer+0x0/0x3f
[ 6053.338020]  [<c013f715>] ? wake_bit_function+0x0/0x48
[ 6053.338020]  [<c02632e0>] ? squashfs_read_data+0x56c/0x770
[ 6053.338020]  [<c07f314e>] ? _spin_unlock+0x2c/0x41
[ 6053.338020]  [<c026383f>] ? squashfs_cache_get+0x155/0x29f
[ 6053.338020]  [<c02636e2>] ? squashfs_cache_put+0x53/0x5b
[ 6053.338020]  [<c02639a7>] ? squashfs_get_datablock+0x1e/0x23
[ 6053.338020]  [<c0264e5c>] ? squashfs_readpage+0x90d/0xb45
[ 6053.338020]  [<c017a6e7>] ? add_to_page_cache_locked+0x5e/0xbc
[ 6053.338020]  [<c014dd5d>] ? trace_hardirqs_on+0xb/0xd
[ 6053.338020]  [<c01814a0>] ? __do_page_cache_readahead+0x13a/0x16a
[ 6053.338020]  [<c01816c3>] ? ondemand_readahead+0x108/0x116
[ 6053.338020]  [<c0181752>] ? page_cache_sync_readahead+0x1b/0x20
[ 6053.338020]  [<c017ba12>] ? generic_file_aio_read+0x227/0x539
[ 6053.338020]  [<c019f702>] ? do_sync_read+0xc0/0xfe
[ 6053.338020]  [<c01a2541>] ? cp_new_stat64+0xed/0xff
[ 6053.338020]  [<c013f6e0>] ? autoremove_wake_function+0x0/0x35
[ 6053.338020]  [<c01a29aa>] ? sys_fstat64+0x27/0x2d
[ 6053.338020]  [<c019f642>] ? do_sync_read+0x0/0xfe
[ 6053.338020]  [<c019fe25>] ? vfs_read+0x8f/0x10b
[ 6053.338020]  [<c01a013d>] ? sys_read+0x40/0x65
[ 6053.338020]  [<c0102f21>] ? sysenter_do_call+0x12/0x31
[ 6053.338020] Code: ff 01 c7 89 bd 2c ff ff ff 83 7b 3c 00 0f 85 0c f1
ff ff eb 25 83 bd 34 ff ff ff 00 0f 84 b7 02 00 00 8b 43 3c 8b 95 2c ff
ff ff <88> 02 42 ff 8d 34 ff ff ff 89 95 2c ff ff ff c7 03 12 00 00 00
[ 6053.338020] EIP: [<c055118f>] zlib_inflate+0xfcc/0x15a9 SS:ESP
0068:cc37cb10
[ 6053.452067] ---[ end trace 4eaa2a86a8e2da24 ]---

(gdb) l *(zlib_inflate+0xfcc)
0xc055118f is in zlib_inflate (lib/zlib_inflate/inflate.c:689).
684                 } while (--copy);
685                 if (state->length == 0) state->mode = LEN;
686                 break;
687             case LIT:
688                 if (left == 0) goto inf_leave;
689                 *put++ = (unsigned char)(state->length);
690                 left--;
691                 state->mode = LEN;
692                 break;
693             case CHECK:


This image can be found at http://www.cccmz.de/~snakebyte/squashfs.4.img


Greetings, Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux