XPost: linux.debian.bugs.dist
From: carnil@debian.org
Hi,
On Wed, Nov 19, 2025 at 03:03:51PM +0000, Luca Boccassi wrote:
> Source: linux
> Version: 6.18~rc6-1~exp1
> Severity: serious
> Justification: breaks other package's autopkgtest
>
> With kernel 6.18 from experimental mksquashfs segfaults roughly 1 in 4
> invocations. This does not happen with the kernel in unstable/testing,
> so it looks like a kernel regression.
>
> Filing at serious as it breaks systemd's autopkgtest:
> https://ci.debian.net/packages/s/systemd/unstable/amd64/66358275/#S67
>
> Trivial to reproduce:
>
> mkdir -p bar
> while mksquashfs bar bar.raw -noappend &>/dev/null; do true; done
>
> Decoded backtrace is strange, it looks like a pointer is corrupted.
> Different invocations result in slightly different crashes, although
> all seem to be in the xattr code handling, so that looks like a strong
> hint as to where things might have regressed.
>
> https://sources.debian.org/src/squashfs-tools/1%3A4.7.4-1/squa
hfs-tools/xattr.c#L631
>
> #0 0x000055e3c9fddcd9 in read_xattrs (d=d@entry=0x55e3d1388be0,
> type=type@entry=1) at ./squashfs-tools/xattr.c:631
> entry = 0x40e33
> dir_ent =
> inode =
> filename = 0x7ffeb945bdbb "bar"
> xattr_list = 0x0
> head = 0x0
> count = 0
> i =
> j =
> l1 = address 0x40e4b)>
> l2 =
> l3 =
> action_add_list = 0x0
> __func__ = "read_xattrs"
> #1 0x000055e3c9fb571f in create_inode
> (dir_info=dir_info@entry=0x55e3d1388b70, dir_ent=0x55e3d1388be0,
> type=type@entry=1, byte_size=byte_size@entry=3,
> start_block=start_block@entry=0, offset=offset@entry=0,
> block_list=0x0, fragment=0x0, dir_in=0x7ffeb9459840, sparse=0) at
> ./squashfs-tools/mksquashfs.c:1112
> buf = 0x55e3d1388c30
> inode_header = {base = {inode_type = 0, mode = 0, uid = 0,
> guid = 0, mtime = 3599334970,
> inode_number = 32632}, dev = {inode_type = 0, mode = 0,
> uid = 0, guid = 0, mtime = 3599334970,
> inode_number = 32632, nlink = 0, rdev = 0}, ldev =
> {inode_type = 0, mode = 0, uid = 0, guid = 0,
> mtime = 3599334970, inode_number = 32632, nlink = 0, rdev
> = 0, xattr = 24080}, symlink = {
> inode_type = 0, mode = 0, uid = 0, guid = 0, mtime =
> 3599334970, inode_number = 32632, nlink = 0,
> symlink_size = 0, symlink = 0x7ffeb9459748 "\020^"}, reg =
> {inode_type = 0, mode = 0, uid = 0, guid = 0,
> mtime = 3599334970, inode_number = 32632, start_block = 0,
> fragment = 0, offset = 24080, file_size = 0,
> block_list = 0x7ffeb9459750}, lreg = {inode_type = 0, mode
> = 0, uid = 0, guid = 0, mtime = 3599334970,
> inode_number = 32632, start_block = 0, file_size = 24080,
> sparse = 0, nlink = 0, fragment = 0,
> offset = 0, xattr = 0, block_list = 0x7ffeb9459768}, dir =
> {inode_type = 0, mode = 0, uid = 0, guid = 0,
> mtime = 3599334970, inode_number = 32632, start_block = 0,
> nlink = 0, file_size = 24080, offset = 0,
> parent_inode = 0}, ldir = {inode_type = 0, mode = 0, uid =
> 0, guid = 0, mtime = 3599334970,
> inode_number = 32632, nlink = 0, file_size = 0,
> start_block = 24080, parent_inode = 0, i_count = 0,
> offset = 0, xattr = 0, index = 0x7ffeb9459758}, ipc =
> {inode_type = 0, mode = 0, uid = 0, guid = 0,
> mtime = 3599334970, inode_number = 32632, nlink = 0}, lipc
> = {inode_type = 0, mode = 0, uid = 0,
> guid = 0, mtime = 3599334970, inode_number = 32632, nlink
> = 0, xattr = 0}}
> base = 0x7ffeb9459730
> inode =
> filename = 0x7ffeb945bdbb "bar"
> nlink = 1
> xattr =
> uid =
> gid =
> mode =
> #2 0x000055e3c9fb68a0 in write_dir (dir_info=,
> dir=0x7ffeb9459840)
> at ./squashfs-tools/mksquashfs.c:1522
> dir_size =
> data_space =
> directory_block =
> directory_offset =
> i_count = 0
> index = 16384
> c_byte =
> cache =
> __func__ = "write_dir"
> #3 dir_scan8 (inode=, dir_info=) at
> ./squashfs-tools/mksquashfs.c:4647
> squashfs_type =
> dir =
> dir_ent =
> file =
> #4 0x000055e3c9fbaa85 in do_directory_scans
> (dir_ent=dir_ent@entry=0x55e3d1388be0, progress=progress@entry=1)
> at ./squashfs-tools/mksquashfs.c:3620
> inode = 208
> pseudo =
> #5 0x000055e3c9fbc041 in scan_single (pathname=0x7ffeb945bdbb "bar",
> progress=progress@entry=1)
> at ./squashfs-tools/mksquashfs.c:3675
> buf = {st_dev = 32, st_ino = 21, st_nlink = 2, st_mode =
> 16877, st_uid = 0, st_gid = 0, __pad0 = 0,
> st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0,
> st_atim = {tv_sec = 1763563405,
> tv_nsec = 364000000}, st_mtim = {tv_sec = 1763562938,
> tv_nsec = 96000000}, st_ctim = {
> tv_sec = 1763562938, tv_nsec = 96000000}, __glibc_reserved
> = {0, 0, 0}}
> dir_ent = 0x55e3d1388be0
> #6 0x000055e3c9fac6b7 in dir_scan (directory=,
> progress=1) at ./squashfs-tools/mksquashfs.c:3735
> single =
> #7 main (argc=, argv=) at
> ./squashfs-tools/mksquashfs.c:8769
> buf = {st_dev = 32, st_ino = 22, st_nlink = 1, st_mode =
> 33188, st_uid = 0, st_gid = 0, __pad0 = 0,
> st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks =
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
