Comment 2 for bug 1507443

The gzipped CPIO archive at file position 0x2c00 is valid:

$ dd if=/tmp/initrd.img-4.2.0-16-generic.bak of=/tmp/initramfs.bin.gz bs=256 skip=44
$ zcat /tmp/initramfs.bin.gz | cpio -t -i >/dev/null
176985 blocks

And the first uncompressed CPIO archive at file position 0 is also valid:

$ cat /tmp/initrd.img-4.2.0-16-generic.bak | cpio -t -i
kernel
kernel/x86
kernel/x86/microcode
kernel/x86/microcode/GenuineIntel.bin
22 blocks

The padding between the two initramfs is a sequence of zeros, and it is aligned to a block/record size of 1024, which is one of the typical block sizes for CPIO archives (cpio block size only affects padding).

The heuristics initramfs-tools "lsinitramfs" uses to locate the next initramfs are incomplete (it does not skip over the padding at the end of each initramfs) and causes zcat to crash (which is likely a bug in zcat itself):

$ lsinitramfs /tmp/initrd.img-4.2.0-16-generic.bak
/tmp/initrd.img-4.2.0-16-generic.bak
kernel
kernel/x86
kernel/x86/microcode
kernel/x86/microcode/GenuineIntel.bin
*** Error in `zcat': double free or corruption (!prev): 0x00000000021efdb0 ***

I will check if something changed in the early initramfs loaders from kernel 4.1 to 4.2, but this is not likely to be the root cause of the problem.

Can you still reproduce this bug with up-to-date kernels (i.e. please test against 4.1.17 and 4.3.5 or 4.4.1) ?