XPost: linux.debian.bugs.dist
From: carnil@debian.org
Hi,
On Wed, Nov 19, 2025 at 07:04:57PM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Nov 19, 2025 at 03:03:51PM +0000, Luca Boccassi wrote:
> > Source: linux
> > Version: 6.18~rc6-1~exp1
> > Severity: serious
> > Justification: breaks other package's autopkgtest
> >
> > With kernel 6.18 from experimental mksquashfs segfaults roughly 1 in 4
> > invocations. This does not happen with the kernel in unstable/testing,
> > so it looks like a kernel regression.
> >
> > Filing at serious as it breaks systemd's autopkgtest:
> > https://ci.debian.net/packages/s/systemd/unstable/amd64/66358275/#S67
> >
> > Trivial to reproduce:
> >
> > mkdir -p bar
> > while mksquashfs bar bar.raw -noappend &>/dev/null; do true; done
> >
> > Decoded backtrace is strange, it looks like a pointer is corrupted.
> > Different invocations result in slightly different crashes, although
> > all seem to be in the xattr code handling, so that looks like a strong
> > hint as to where things might have regressed.
> >
> > https://sources.debian.org/src/squashfs-tools/1%3A4.7.4-1/sq
ashfs-tools/xattr.c#L631
> >
> > #0 0x000055e3c9fddcd9 in read_xattrs (d=d@entry=0x55e3d1388be0,
> > type=type@entry=1) at ./squashfs-tools/xattr.c:631
> > entry = 0x40e33
> > dir_ent =
> > inode =
> > filename = 0x7ffeb945bdbb "bar"
> > xattr_list = 0x0
> > head = 0x0
> > count = 0
> > i =
> > j =
> > l1 = > address 0x40e4b)>
> > l2 =
> > l3 =
> > action_add_list = 0x0
> > __func__ = "read_xattrs"
> > #1 0x000055e3c9fb571f in create_inode
> > (dir_info=dir_info@entry=0x55e3d1388b70, dir_ent=0x55e3d1388be0,
> > type=type@entry=1, byte_size=byte_size@entry=3,
> > start_block=start_block@entry=0, offset=offset@entry=0,
> > block_list=0x0, fragment=0x0, dir_in=0x7ffeb9459840, sparse=0) at
> > ./squashfs-tools/mksquashfs.c:1112
> > buf = 0x55e3d1388c30
> > inode_header = {base = {inode_type = 0, mode = 0, uid = 0,
> > guid = 0, mtime = 3599334970,
> > inode_number = 32632}, dev = {inode_type = 0, mode = 0,
> > uid = 0, guid = 0, mtime = 3599334970,
> > inode_number = 32632, nlink = 0, rdev = 0}, ldev =
> > {inode_type = 0, mode = 0, uid = 0, guid = 0,
> > mtime = 3599334970, inode_number = 32632, nlink = 0, rdev
> > = 0, xattr = 24080}, symlink = {
> > inode_type = 0, mode = 0, uid = 0, guid = 0, mtime =
> > 3599334970, inode_number = 32632, nlink = 0,
> > symlink_size = 0, symlink = 0x7ffeb9459748 "\020^"}, reg =
> > {inode_type = 0, mode = 0, uid = 0, guid = 0,
> > mtime = 3599334970, inode_number = 32632, start_block = 0,
> > fragment = 0, offset = 24080, file_size = 0,
> > block_list = 0x7ffeb9459750}, lreg = {inode_type = 0, mode
> > = 0, uid = 0, guid = 0, mtime = 3599334970,
> > inode_number = 32632, start_block = 0, file_size = 24080,
> > sparse = 0, nlink = 0, fragment = 0,
> > offset = 0, xattr = 0, block_list = 0x7ffeb9459768}, dir =
> > {inode_type = 0, mode = 0, uid = 0, guid = 0,
> > mtime = 3599334970, inode_number = 32632, start_block = 0,
> > nlink = 0, file_size = 24080, offset = 0,
> > parent_inode = 0}, ldir = {inode_type = 0, mode = 0, uid =
> > 0, guid = 0, mtime = 3599334970,
> > inode_number = 32632, nlink = 0, file_size = 0,
> > start_block = 24080, parent_inode = 0, i_count = 0,
> > offset = 0, xattr = 0, index = 0x7ffeb9459758}, ipc =
> > {inode_type = 0, mode = 0, uid = 0, guid = 0,
> > mtime = 3599334970, inode_number = 32632, nlink = 0}, lipc
> > = {inode_type = 0, mode = 0, uid = 0,
> > guid = 0, mtime = 3599334970, inode_number = 32632, nlink
> > = 0, xattr = 0}}
> > base = 0x7ffeb9459730
> > inode =
> > filename = 0x7ffeb945bdbb "bar"
> > nlink = 1
> > xattr =
> > uid =
> > gid =
> > mode =
> > #2 0x000055e3c9fb68a0 in write_dir (dir_info=,
> > dir=0x7ffeb9459840)
> > at ./squashfs-tools/mksquashfs.c:1522
> > dir_size =
> > data_space =
> > directory_block =
> > directory_offset =
> > i_count = 0
> > index = 16384
> > c_byte =
> > cache =
> > __func__ = "write_dir"
> > #3 dir_scan8 (inode=, dir_info=) at
> > ./squashfs-tools/mksquashfs.c:4647
> > squashfs_type =
> > dir =
> > dir_ent =
> > file =
> > #4 0x000055e3c9fbaa85 in do_directory_scans
> > (dir_ent=dir_ent@entry=0x55e3d1388be0, progress=progress@entry=1)
> > at ./squashfs-tools/mksquashfs.c:3620
> > inode = 208
> > pseudo =
> > #5 0x000055e3c9fbc041 in scan_single (pathname=0x7ffeb945bdbb "bar",
> > progress=progress@entry=1)
> > at ./squashfs-tools/mksquashfs.c:3675
> > buf = {st_dev = 32, st_ino = 21, st_nlink = 2, st_mode =
> > 16877, st_uid = 0, st_gid = 0, __pad0 = 0,
> > st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0,
> > st_atim = {tv_sec = 1763563405,
> > tv_nsec = 364000000}, st_mtim = {tv_sec = 1763562938,
> > tv_nsec = 96000000}, st_ctim = {
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
