[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1121013: marked as done (linux: mksquashfs segfaults ~20% of the times with kernel 6.18)

Your message dated Mon, 24 Nov 2025 18:00:12 +0000
with message-id <E1vNarE-008NgN-1l@fasolo.debian.org>
and subject line Bug#1121013: fixed in linux 6.18~rc7-1~exp1
has caused the Debian Bug report #1121013,
regarding linux: mksquashfs segfaults ~20% of the times with kernel 6.18
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1121013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121013
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: linux
Version: 6.18~rc6-1~exp1
Severity: serious
Justification: breaks other package's autopkgtest

With kernel 6.18 from experimental mksquashfs segfaults roughly 1 in 4
invocations. This does not happen with the kernel in unstable/testing,
so it looks like a kernel regression.

Filing at serious as it breaks systemd's autopkgtest:
https://ci.debian.net/packages/s/systemd/unstable/amd64/66358275/#S67

Trivial to reproduce:

mkdir -p bar
while mksquashfs bar bar.raw -noappend &>/dev/null; do true; done

Decoded backtrace is strange, it looks like a pointer is corrupted.
Different invocations result in slightly different crashes, although
all seem to be in the xattr code handling, so that looks like a strong
hint as to where things might have regressed.

https://sources.debian.org/src/squashfs-tools/1%3A4.7.4-1/squashfs-tools/xattr.c#L631

#0  0x000055e3c9fddcd9 in read_xattrs (d=d@entry=0x55e3d1388be0,
type=type@entry=1) at ./squashfs-tools/xattr.c:631
        entry = 0x40e33
        dir_ent = <optimized out>
        inode = <optimized out>
        filename = 0x7ffeb945bdbb "bar"
        xattr_list = 0x0
        head = 0x0
        count = 0
        i = <optimized out>
        j = <optimized out>
        l1 = <error reading variable l1 (Cannot access memory at
address 0x40e4b)>
        l2 = <optimized out>
        l3 = <optimized out>
        action_add_list = 0x0
        __func__ = "read_xattrs"
#1  0x000055e3c9fb571f in create_inode
(dir_info=dir_info@entry=0x55e3d1388b70, dir_ent=0x55e3d1388be0,
    type=type@entry=1, byte_size=byte_size@entry=3,
start_block=start_block@entry=0, offset=offset@entry=0,
    block_list=0x0, fragment=0x0, dir_in=0x7ffeb9459840, sparse=0) at
./squashfs-tools/mksquashfs.c:1112
        buf = 0x55e3d1388c30
        inode_header = {base = {inode_type = 0, mode = 0, uid = 0,
guid = 0, mtime = 3599334970,
            inode_number = 32632}, dev = {inode_type = 0, mode = 0,
uid = 0, guid = 0, mtime = 3599334970,
            inode_number = 32632, nlink = 0, rdev = 0}, ldev =
{inode_type = 0, mode = 0, uid = 0, guid = 0,
            mtime = 3599334970, inode_number = 32632, nlink = 0, rdev
= 0, xattr = 24080}, symlink = {
            inode_type = 0, mode = 0, uid = 0, guid = 0, mtime =
3599334970, inode_number = 32632, nlink = 0,
            symlink_size = 0, symlink = 0x7ffeb9459748 "\020^"}, reg =
{inode_type = 0, mode = 0, uid = 0, guid = 0,
            mtime = 3599334970, inode_number = 32632, start_block = 0,
fragment = 0, offset = 24080, file_size = 0,
            block_list = 0x7ffeb9459750}, lreg = {inode_type = 0, mode
= 0, uid = 0, guid = 0, mtime = 3599334970,
            inode_number = 32632, start_block = 0, file_size = 24080,
sparse = 0, nlink = 0, fragment = 0,
            offset = 0, xattr = 0, block_list = 0x7ffeb9459768}, dir =
{inode_type = 0, mode = 0, uid = 0, guid = 0,
            mtime = 3599334970, inode_number = 32632, start_block = 0,
nlink = 0, file_size = 24080, offset = 0,
            parent_inode = 0}, ldir = {inode_type = 0, mode = 0, uid =
0, guid = 0, mtime = 3599334970,
            inode_number = 32632, nlink = 0, file_size = 0,
start_block = 24080, parent_inode = 0, i_count = 0,
            offset = 0, xattr = 0, index = 0x7ffeb9459758}, ipc =
{inode_type = 0, mode = 0, uid = 0, guid = 0,
            mtime = 3599334970, inode_number = 32632, nlink = 0}, lipc
= {inode_type = 0, mode = 0, uid = 0,
            guid = 0, mtime = 3599334970, inode_number = 32632, nlink
= 0, xattr = 0}}
        base = 0x7ffeb9459730
        inode = <optimized out>
        filename = 0x7ffeb945bdbb "bar"
        nlink = 1
        xattr = <optimized out>
        uid = <optimized out>
        gid = <optimized out>
        mode = <optimized out>
#2  0x000055e3c9fb68a0 in write_dir (dir_info=<optimized out>,
dir=0x7ffeb9459840)
    at ./squashfs-tools/mksquashfs.c:1522
        dir_size = <optimized out>
        data_space = <optimized out>
        directory_block = <optimized out>
        directory_offset = <optimized out>
        i_count = 0
        index = 16384
        c_byte = <optimized out>
        cache = <optimized out>
        __func__ = "write_dir"
#3  dir_scan8 (inode=<optimized out>, dir_info=<optimized out>) at
./squashfs-tools/mksquashfs.c:4647
        squashfs_type = <optimized out>
        dir = <optimized out>
        dir_ent = <optimized out>
        file = <optimized out>
#4  0x000055e3c9fbaa85 in do_directory_scans
(dir_ent=dir_ent@entry=0x55e3d1388be0, progress=progress@entry=1)
    at ./squashfs-tools/mksquashfs.c:3620
        inode = 208
        pseudo = <optimized out>
#5  0x000055e3c9fbc041 in scan_single (pathname=0x7ffeb945bdbb "bar",
progress=progress@entry=1)
    at ./squashfs-tools/mksquashfs.c:3675
        buf = {st_dev = 32, st_ino = 21, st_nlink = 2, st_mode =
16877, st_uid = 0, st_gid = 0, __pad0 = 0,
          st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0,
st_atim = {tv_sec = 1763563405,
            tv_nsec = 364000000}, st_mtim = {tv_sec = 1763562938,
tv_nsec = 96000000}, st_ctim = {
            tv_sec = 1763562938, tv_nsec = 96000000}, __glibc_reserved
= {0, 0, 0}}
        dir_ent = 0x55e3d1388be0
#6  0x000055e3c9fac6b7 in dir_scan (directory=<optimized out>,
progress=1) at ./squashfs-tools/mksquashfs.c:3735
        single = <optimized out>
#7  main (argc=<optimized out>, argv=<optimized out>) at
./squashfs-tools/mksquashfs.c:8769
        buf = {st_dev = 32, st_ino = 22, st_nlink = 1, st_mode =
33188, st_uid = 0, st_gid = 0, __pad0 = 0,
          st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks =
8, st_atim = {tv_sec = 1763562951,
            tv_nsec = 448000000}, st_mtim = {tv_sec = 1763563405,
tv_nsec = 360000000}, st_ctim = {
            tv_sec = 1763563405, tv_nsec = 360000000},
__glibc_reserved = {0, 0, 0}}
        source_buf = {st_dev = 32, st_ino = 21, st_nlink = 2, st_mode
= 16877, st_uid = 0, st_gid = 0, __pad0 = 0,
          st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0,
st_atim = {tv_sec = 1763563405,
            tv_nsec = 360000000}, st_mtim = {tv_sec = 1763562938,
tv_nsec = 96000000}, st_ctim = {
            tv_sec = 1763562938, tv_nsec = 96000000}, __glibc_reserved
= {0, 0, 0}}
        res = 0
        i = <optimized out>
        j = <optimized out>
        root_name = <optimized out>
        inode = <optimized out>
        readq = 496
        fragq = 498
        bwriteq = 496
        fwriteq = <optimized out>
        total_mem = <optimized out>
        progress = 1
        force_progress = <optimized out>
        percentage = <optimized out>
        exclude_option = 0
        Xhelp = <optimized out>
        fragment = 0x0
        command = <optimized out>
        single_threaded = <optimized out>
        overcommit = 0
        repro_opt = <optimized out>
        repro_time_opt = <optimized out>
        repro_time = 4
        __func__ = "main"
(gdb) p l1
Cannot access memory at address 0x40e4b
(gdb) p xattr_add_list
$1 = (struct xattr_add *) 0x0

https://sources.debian.org/src/squashfs-tools/1%3A4.7.4-1/squashfs-tools/xattr.c#L534

#0  0x000055a5314fb9e0 in sort_list (head=head@entry=0x55a531fcfa50
<xattr_add_list>, count=54720)
    at ./squashfs-tools/xattr.c:534
        cur = <optimized out>
        l1 = <optimized out>
        l2 = 0x83500e000000005d
        next = <optimized out>
        len1 = 0
        len2 = <optimized out>
        stride = 1
#1  0x000055a5314fda75 in sort_list (head=0x55a531fcfa50
<xattr_add_list>, count=<optimized out>)
    at ./squashfs-tools/xattr.c:534
        cur = <optimized out>
        l1 = <optimized out>
        l2 = <optimized out>
        next = <optimized out>
        len1 = <optimized out>
        len2 = <optimized out>
        stride = 1
#2  0x000055a5314ca2cf in main (argc=<optimized out>,
argv=0x7fff771b2b58) at ./squashfs-tools/mksquashfs.c:8381
        buf = {st_dev = 60405, st_ino = 4096, st_nlink = 8192, st_mode
= 5, st_uid = 0, st_gid = 61440, __pad0 = 0,
          st_rdev = 69632, st_size = 67156, st_blksize = 67156,
st_blocks = 4096, st_atim = {tv_sec = 61440,
            tv_nsec = 1}, st_mtim = {tv_sec = 69632, tv_nsec = 77824},
st_ctim = {tv_sec = 73736, tv_nsec = 73856},
          __glibc_reserved = {4096, 65536, 3}}
        source_buf = {st_dev = 4, st_ino = 17179869188, st_nlink =
1975252, st_mode = 1975252, st_uid = 0,
          st_gid = 1975252, __pad0 = 0, st_rdev = 32, st_size = 32,
st_blksize = 4, st_blocks = 17179869191,
          st_atim = {tv_sec = 1977176, tv_nsec = 1981272}, st_mtim =
{tv_sec = 1981272, tv_nsec = 16}, st_ctim = {
            tv_sec = 136, tv_nsec = 8}, __glibc_reserved =
{18865251667, 904, 904}}
        res = 0
        i = 4
        j = <optimized out>
        root_name = <optimized out>
        inode = <optimized out>
        readq = 496
        fragq = 498
        bwriteq = 496
        fwriteq = <optimized out>
        total_mem = <optimized out>
        progress = 1
        force_progress = <optimized out>
        percentage = <optimized out>
        exclude_option = 0
        Xhelp = <optimized out>
        fragment = 0x0
        command = <optimized out>
        single_threaded = <optimized out>
        overcommit = 0
        repro_opt = <optimized out>
        repro_time_opt = <optimized out>
        repro_time = 4
        __func__ = "main"

--- End Message ---
--- Begin Message --- 
Source: linux
Source-Version: 6.18~rc7-1~exp1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1121013@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Nov 2025 17:51:01 +0100
Source: linux
Architecture: source
Version: 6.18~rc7-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1121013
Changes:
 linux (6.18~rc7-1~exp1) experimental; urgency=medium
 .
   * New upstream release candidate.
     - mm/huge_memory: Fix initialization of huge zero folio (Closes: #1121013)
 .
   [ Bastian Blank ]
   * Introduce a base package for version sync.
 .
   [Anatoliy Gunya]
   * [arm64] Add initial Raspberry Pi 5 support
     - enable MMC_SDHCI_BRCMSTB, GPIO_BRCMSTB, PINCTRL_BRCMSTB
       and PINCTRL_BCM2712 as modules
     - enable OF_OVERLAY
     - enable MISC_RP1 as a module
Checksums-Sha1:
 d2e8a6306bf073c53953d01e8dd3c633dcb9fb9d 133262 linux_6.18~rc7-1~exp1.dsc
 f49fbbfd4f1fe131b07b9634682f0743589310d5 157348648 linux_6.18~rc7.orig.tar.xz
 60723a3f48716ae31f3e0c8e38dfc9dcd8a75f46 1442776 linux_6.18~rc7-1~exp1.debian.tar.xz
 113612f57b75177a61d2a8f52162a9f07abf9fb6 6792 linux_6.18~rc7-1~exp1_source.buildinfo
Checksums-Sha256:
 764bca9969ff490c510f4071b3294878a383c6c61669e9b049ef8a8a1a280025 133262 linux_6.18~rc7-1~exp1.dsc
 4240a75ed0f4ffc1c027a6193140b064df3b2e840e1755ed10ad499c1cbf92ae 157348648 linux_6.18~rc7.orig.tar.xz
 3bf7a053e0507ba2f8ed8272a76bdf6eacd9874aa4aaa824f7e32dfb8e47d19a 1442776 linux_6.18~rc7-1~exp1.debian.tar.xz
 0e4fed292d24c37392bc6f61f9377ba37dbfb584cd3529a626c66c0117b438b6 6792 linux_6.18~rc7-1~exp1_source.buildinfo
Files:
 74ba6dc2792eadcc05207e2c1cf88d03 133262 kernel optional linux_6.18~rc7-1~exp1.dsc
 33ddde97412ec6ee2dba2c5aa27939ac 157348648 kernel optional linux_6.18~rc7.orig.tar.xz
 677ee2c531274957e5d6bc670b96f13f 1442776 kernel optional linux_6.18~rc7-1~exp1.debian.tar.xz
 f778d3731af3b34eba46ef534d08d411 6792 kernel optional linux_6.18~rc7-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkkjUtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E5DEP/3MZpm6rAl0ysrqM2GU+0Mno4LeR5Ti7
CGCY3vh8brjlBhleW3VNlJLpO98xRf3ne0lej4qXrwzo9AM4pghpHt3MjFHGHM+J
s+YinxhvGgwgchgg+hFJl2xG8Bas4E+G5Vr0uhMDPxUGnAnD4yn/Y3t5WPitYmKE
7XKxWiroU52+vqJBlw37k3vNq3gFLOSlt9vlyWMpbvvLajfEyGXBhaLa9/mxWjTA
rireygULl2zambUwMhAxZqEcb8a/eJnDvFkobdBiwKHHD04zcYFWzP+fAlEfrSbr
bggKQ7jOo4E0xl2VoiB6vqwwy20ezkWsuQ8g/GlOUV9dJEttxOQHZ1ENN/TenFAY
rFahzpAieXZf2Wy25pgb5Bqy+igGlOROqepZarkJfcsco8V6nYFkZYrLeVeu+pTe
ReZFgtgiCZ9eNbYjk3quOfuwj/cMyx110J/PrRb9Ad1llGZlnUW5FEHTTGZn5Hpt
Kt+wBqAj2WXAC53I3OYHbuhvhb/hEfv39ifl+2DIp8Clgi0Xf2ugXA7oU0dWoFFz
89e2DaNLVo5aNDW340WZqQuTCT8aRR52nB0jtW2z1Bre8OE2tdtdvpJiFtQWOPBx
pITOv5xq10dllcg/0O9Zwk4Ijxm56t6MgO9qqDphqkm6bzmGW95Yws+6HYZvQQnR
Ad8Zr6BkgZqt
=fioI
-----END PGP SIGNATURE-----

Attachment: pgpllMx8ThYc3.pgp
Description: PGP signature


--- End Message ---
Reply to: