[PATCH] erofs-utils: lib: fix xattr crash in rebuild path when source has xattr

Gao Xiang hsiangkao at linux.alibaba.com
Tue Mar 3 02:28:07 AEDT 2026 

Hi Lucas,

On 2026/3/2 23:22, Lucas Karpinski wrote:
> On 2026-03-02 8:03 a.m., lishixian wrote:
>> When rebuilding from source EROFS images, erofs_read_xattrs_from_disk()
>> is called for inodes that have xattr. At that point inode->sbi points to
>> the source image's sbi, which is opened read-only and never gets
>> erofs_xattr_init(), so sbi->xamgr is NULL. get_xattritem(sbi) then
>> dereferences xamgr and crashes with SIGSEGV.
>>
>> Fix by using the build target's xamgr when initializing src's sbi.
>>
>> Reported-by: Yixiao Chen <489679970 at qq.com>
>> Fixes: https://github.com/erofs/erofs-utils/issues/42
>> Signed-off-by: lishixian <lishixian8 at huawei.com>
>> Reviewed-by: Yifan Zhao <zhaoyifan28 at huawei.com>
>> ---
>>   lib/rebuild.c | 1 +
>>   mkfs/main.c   | 1 +
>>   2 files changed, 2 insertions(+)
>>
>> diff --git a/lib/rebuild.c b/lib/rebuild.c
>> index f89a17c..f1e79c1 100644
>> --- a/lib/rebuild.c
>> +++ b/lib/rebuild.c
>> @@ -437,6 +437,7 @@ int erofs_rebuild_load_tree(struct erofs_inode *root, struct erofs_sb_info *sbi,
>>   		erofs_err("failed to read superblock of %s", fsid);
>>   		return ret;
>>   	}
>> +	sbi->xamgr = g_sbi.xamgr;
>>   
>>   	inode.nid = sbi->root_nid;
>>   	inode.sbi = sbi;
>> diff --git a/mkfs/main.c b/mkfs/main.c
>> index b84d1b4..cb0f0cc 100644
>> --- a/mkfs/main.c
>> +++ b/mkfs/main.c
>> @@ -1011,6 +1011,7 @@ static void erofs_rebuild_cleanup(void)
>>   
>>   	list_for_each_entry_safe(src, n, &rebuild_src_list, list) {
>>   		list_del(&src->list);
>> +		src->xamgr = NULL; /* borrowed from g_sbi, do not free */
>>   		erofs_put_super(src);
>>   		erofs_dev_close(src);
>>   		free(src);
> 
> I was similarly looking at this issue in my patchset so I can confirm it
> fixes the seg fault.
> 
> Tested-by: Lucas Karpinski <lkarpinski at nvidia.com>

Thanks for this, but as I said to lishixian we shouldn't use
global g_sbi in the liberofs anymore.

Could we try to assign sbi->xamgr in the caller instead?

And

> in my patchset

Do you have more urgent fixes? I'm about to release
erofs-utils 1.9.1 since there are some urgent fixes
so fixes would be better to be sent out now.

Also I think we should have a basic testcase to cover
this, I will try to add one this week.

Thanks,
Gao Xiang

More information about the Linux-erofs mailing list