#29 squashfs 3.3 crashes in 2.6.24/2.6.25


I seems to have an anoying issue with 3.3 fs driver (while 3.2 seems to work fine for me). If I compile 3.2 manually and load the module the kernel is not crashing

# uname -a;dmesg|grep -i squ
Linux silver.00ff.net 2.6.25-gentoo-r2 #1 SMP Sun May 4 19:30:41 EEST 2008 i686 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux

squashfs: version 3.2-r2 (2007/01/15) Phillip Lougher

So I have this issue since I am using kernel 2.6.24(gentoo version which includes squashfs 3.3 ). Back then this is a crash log:

squashfs: version 3.3 (2007/10/31) Phillip Lougher
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000002d
printing eip: 781561c8 *pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in: squashfs zlib_inflate zlib_deflate xt_tcpudp nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables usbhid hid vfat fat ehci_hcd uhci_hcd psmouse evdev tun cpufreq_ondemand cpufreq_powersave cpufreq_conservative acpi_cpufreq freq_table loop nvidia(P) rtc intel_agp agpgart sdhci i2c_i801

Pid: 7793, comm: grep Tainted: P (2.6.24-gentoo #8)
EIP: 0060:[<781561c8>] EFLAGS: 00010202 CPU: 0
EIP is at __get_vm_area_node+0xc8/0x1d0
EAX: 64c371d4 EBX: f89c1000 ECX: 79f83dc0 EDX: 00000029
ESI: 00003000 EDI: eacb3afc EBP: f65059c0 ESP: f7319bb8
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process grep (pid: 7793, ti=f7318000 task=f52cfa90 task.ti=f7318000)
Stack: f7319c38 00000002 00000001 ffffffff fffb3000 ffffffff 00000163 000000d2
7815630f fffb3000 ffffffff 000000d2 00002000 ffffffff 781569be 000000d2
f527e620 f527e5c0 00000008 00000060 78156a1f ffffffff f89e13d1 00000000
Call Trace:
[<7815630f>] get_vm_area_node+0x3f/0x50
[<781569be>] __vmalloc_node+0x5e/0x90
[<78156a1f>] __vmalloc+0xf/0x20
[<f89e13d1>] squashfs_get_cached_block+0x391/0x510 [squashfs]
[<f89e00df>] squashfs_alloc_inode+0xf/0x20 [squashfs]
[<78189d58>] inotify_d_instantiate+0x18/0x80
[<7817152c>] d_rehash+0x1c/0x30
[<f89e3f43>] squashfs_lookup+0x753/0x890 [squashfs]
[<78168638>] do_lookup+0x148/0x190
[<78169927>] __link_path_walk+0x127/0xc20
[<7816a465>] link_path_walk+0x45/0xc0
[<7812e190>] autoremove_wake_function+0x0/0x50
[<7816a2b2>] __link_path_walk+0xab2/0xc20
[<7814272d>] do_generic_mapping_read+0x36d/0x460
[<7816a465>] link_path_walk+0x45/0xc0
[<7812e190>] autoremove_wake_function+0x0/0x50
[<7816a703>] do_path_lookup+0x73/0x1b0
[<78169603>] getname+0xb3/0xe0
[<7816b10b>] __user_walk_fd+0x3b/0x60
[<78164402>] vfs_stat_fd+0x22/0x60
[<7812e190>] autoremove_wake_function+0x0/0x50
[<781644ef>] sys_stat64+0xf/0x30
[<781620ea>] __fput+0x12a/0x190
[<7817636b>] mntput_no_expire+0x1b/0x70
[<7815f3e7>] filp_close+0x47/0x80
[<781608c6>] sys_close+0x66/0xc0
[<78102b8e>] sysenter_past_esp+0x5f/0x85
Code: 75 29 e9 7e 00 00 00 8b 4a 08 01 c8 39 c3 77 13 8b 4c 24 08 8b 7c 24 0c 8d 5c 01 ff 21 fb 90 8d 74 26 00 89 d7 8b 12 85 d2 74 5a <8b> 42 04 39 d8 72 d5 8d 0c 1e 39 d9 72 21 39 c8 73 48 8b 4a 08
EIP: [<781561c8>] __get_vm_area_node+0xc8/0x1d0 SS:ESP 0068:f7319bb8
---[ end trace 55bc5afafdf0604d ]---

and a crash log for 2.6.25
sysfs group 7843df24 not found for kobject 'ppp0'
------------[ cut here ]------------
WARNING: at fs/sysfs/group.c:83 device_remove_groups+0x27/0x40()
Modules linked in: ppp_async crc_ccitt ppp_generic slhc cdc_acm nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables squashfs zlib_inflate vfat fat tun cpufreq_ondemand cpufreq_powersave cpufreq_conservative acpi_cpufreq freq_table loop nvidia(P) intel_agp ehci_hcd i2c_i801 uhci_hcd sdhci rtc evdev agpgart psmouse
Pid: 5991, comm: pppd Tainted: P 2.6.25-gentoo-r2 #1
[warn_on_slowpath+95/144] warn_on_slowpath+0x5f/0x90
[<7811de6f>] warn_on_slowpath+0x5f/0x90
[ptype_seq_show+291/336] ptype_seq_show+0x123/0x150
[<78302b73>] ptype_seq_show+0x123/0x150
[__wake_up+62/96] __wake_up+0x3e/0x60
[<7811858e>] __wake_up+0x3e/0x60
[wake_up_klogd+59/64] wake_up_klogd+0x3b/0x40
[<7811e68b>] wake_up_klogd+0x3b/0x40
[handle_edge_irq+103/288] handle_edge_irq+0x67/0x120
[<78142c87>] handle_edge_irq+0x67/0x120
[find_inode+62/112] find_inode+0x3e/0x70
[<78176e5e>] find_inode+0x3e/0x70
[printk+27/32] printk+0x1b/0x20
[<7811ed7b>] printk+0x1b/0x20
[sysfs_remove_group+171/224] sysfs_remove_group+0xab/0xe0
[<781a0f4b>] sysfs_remove_group+0xab/0xe0
[device_remove_groups+39/64] device_remove_groups+0x27/0x40
[<7824ce47>] device_remove_groups+0x27/0x40
[device_remove_attrs+39/112] device_remove_attrs+0x27/0x70
[<7824d117>] device_remove_attrs+0x27/0x70
[device_del+220/336] device_del+0xdc/0x150
[<7824d23c>] device_del+0xdc/0x150
[rollback_registered+175/288] rollback_registered+0xaf/0x120
[<7830488f>] rollback_registered+0xaf/0x120
[unregister_netdevice+22/128] unregister_netdevice+0x16/0x80
[<78304916>] unregister_netdevice+0x16/0x80
[mutex_lock+11/32] mutex_lock+0xb/0x20
[<78376e9b>] mutex_lock+0xb/0x20
[skb_dequeue+64/96] skb_dequeue+0x40/0x60
[<782fe2f0>] skb_dequeue+0x40/0x60
[unregister_netdev+15/32] unregister_netdev+0xf/0x20
[<7830498f>] unregister_netdev+0xf/0x20
[<f89ed2fa>] ppp_shutdown_interface+0x5a/0xc0 [ppp_generic]
[<f89ed62d>] ppp_release+0x3d/0x60 [ppp_generic]
[__fput+166/400] __fput+0xa6/0x190
[<78165706>] __fput+0xa6/0x190
[filp_close+71/128] filp_close+0x47/0x80
[<781629b7>] filp_close+0x47/0x80
[sys_close+96/192] sys_close+0x60/0xc0
[<78163ec0>] sys_close+0x60/0xc0
[sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
[<78102e2e>] sysenter_past_esp+0x5f/0x85
---[ end trace 319c2fae8a95d215 ]---

VFS: Close: file count is 0
May 5 12:19:05 silver last message repeated 9 times
BUG: unable to handle kernel paging request at 73cab079
IP: [filp_close+19/128] filp_close+0x13/0x80
IP: [<78162983>] filp_close+0x13/0x80
*pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in: cdc_acm nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables squashfs zlib_inflate vfat fat tun cpufreq_ondemand cpufreq_powersave cpufreq_conservative acpi_cpufreq freq_table loop nvidia(P) intel_agp agpgart ehci_hcd psmouse rtc uhci_hcd i2c_i801 sdhci evdev

Pid: 5122, comm: sleep Tainted: P (2.6.25-gentoo-r2 #1)
EIP: 0060:[filp_close+19/128] EFLAGS: 00010286 CPU: 0
EIP: 0060:[<78162983>] EFLAGS: 00010286 CPU: 0
EIP is at filp_close+0x13/0x80
EAX: 73cab065 EBX: 73cab065 ECX: 73cab065 EDX: f70dec80
ESI: f70dec80 EDI: f70dec80 EBP: f5456900 ESP: f4ac1f3c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process sleep (pid: 5122, ti=f4ac0000 task=f5476590 task.ti=f4ac0000)
Stack: 783db2c4 0000000d 0000005a f70dec80 781201e0 00002d6c 00000000 f5476590
6ff93268 00001402 781213ef f54b8a58 f4bff580 78113e76 00000000 7a009e18
00000000 f7271ac0 00000001 f7271ac0 f70dec80 781629b7 f4b46040 00000000
Call Trace:
[put_files_struct+160/176] put_files_struct+0xa0/0xb0
[<781201e0>] put_files_struct+0xa0/0xb0
[do_exit+335/1680] do_exit+0x14f/0x690
[<781213ef>] do_exit+0x14f/0x690
[do_page_fault+230/1632] do_page_fault+0xe6/0x660
[<78113e76>] do_page_fault+0xe6/0x660
[filp_close+71/128] filp_close+0x47/0x80
[<781629b7>] filp_close+0x47/0x80
[do_group_exit+38/128] do_group_exit+0x26/0x80
[<78121956>] do_group_exit+0x26/0x80
[sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
[<78102e2e>] sysenter_past_esp+0x5f/0x85
Code: 46 40 5b 5e 5f c3 0f 0b eb fe 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 83 ec 10 89 5c 24 04 89 c3 89 74 24 08 89 d6 89 7c 24 0c <8b> 78 14 85 ff 74 4a 8b 40 10 85 c0 74 3f 8b 48 34 85 c9 74 38
EIP: [filp_close+19/128] filp_close+0x13/0x80 SS:ESP 0068:f4ac1f3c
EIP: [<78162983>] filp_close+0x13/0x80 SS:ESP 0068:f4ac1f3c
---[ end trace dec89e158a0245bc ]---
Fixing recursive fault but reboot is needed!

What other details I can provide to help ?:)

catam ( catam9 / gmail com )


    • status: open --> closed-invalid
  • Logged In: YES
    Originator: NO

    >What other details I can provide to help ?:)

    You can provide details to show it is Squashfs that is causing the oops :)

    In the bug report you show three random kernel oopses, none of which have crashed in Squashfs, and only one which has Squashfs in the stack trace. This doesn't look like a Squashfs bug to me. The randomness of the oopses makes me suspect kernel memory corruption caused by either memory problems, or a faulty driver randomly corrupting memory.

    There a couple of other problems with your bug report. You state Squashfs 3.2 works OK with 2.6.25, but Squashfs 3.3 crashes with 2.6.24. This is hardly an indication there's a problem with Squashfs, there is likely any number of reasons why 2.6.25 works, different kernel, different kernel configuration. Additionally due to VFS changes Squashfs 3.2 will not compile and run under 2.6.25 and so I don't know how you did this unless you manually patched it.

    In general when reporting bugs you have to give reasonable cause to suspect Squashfs is the problem. For instance if you had an identical kernel (i.e. 2.6.24) and identical kernel configuration and one oopses with Squashfs 3.3, and the other (identical in all other ways) with Squashfs 3.2 doesn't oops, I might suspect Squashfs. Unfortunately you have not shown this.

  • Logged In: NO

    OK, I have to admit the report is somehow confusing.
    So yes I manually patched 3.2-r2 for 2.6.24 and 2.6.25, as I need squashfs to mount portage image:) So
    3.3 crashes on both, and yes not when using the mounted dir..
    Anyway, do you have any tests that I could run ?
    One particular thing I have is vmsplit 2g/2g


  • Logged In: NO

    Also, you can try the squashfs image from
    The image was generated with
    mksquashfs /usr/portage /dir/portage-squashfs -b 4096 -noI -noD -noF
    mksquashfs compiled from squashfs3.1-r2 ( I also tried mksquashfs from squashfs3.3 ,same result.. is crashing )

    Looks like sysresq (http://www.sysresccd.org/Main_Page)ver 1.0.0 is also crashing if you try to download the squashfs image to /root and mount it to /mnt/windows, then du -sh /mnt/windows (you will need prob >512MB )


  • Logged In: YES
    Originator: NO

    Your further comments strengthens my belief you're seeing kernel memory corruption (you should have given this information first). The only difference between Squashfs 3.2-r2 and 3.3 regarding kernel code is that 3.3 uses vmalloc whereas 3.2-r2 used kmalloc to allocate memory. Such a change will only have an effect if kernel memory corruption is occurring which corrupts the vmalloc tables/memory,

    All of your oopses and this further information point to memory corruption, and not a Squashfs bug. I'm keeping this bug as closed.