Created attachment 242053 [details] broken file system image that causes fsck to crash due to off-by-one maxino check fsck_ffs has some checks for an out-of-range i-number that say "... > maxino" which I think should be >=. One consequence is that inoinfo() in fsutil.c can index beyond the end of inostathead[]: if (inum > maxino) errx(EEXIT, "inoinfo: inumber %ju out of range", (uintmax_t)inum); ilp = &inostathead[inum / sblock.fs_ipg]; A backtrace from fsck_ffs -y on the attached file-system image: Program received signal SIGBUS, Bus error. Object-specific hardware error. 0x000000000021f051 in pass2check (idesc=0x7fffffffe7b8) at pass2.c:486 486 switch (inoinfo(dirp->d_ino)->ino_state) { (gdb) where #0 0x000000000021f051 in pass2check (idesc=0x7fffffffe7b8) at pass2.c:486 #1 0x00000000002093e7 in dirscan (idesc=0x7fffffffe7b8) at dir.c:211 #2 0x000000000021318b in ckinode (dp=0x7fffffffe6b8, idesc=0x7fffffffe7b8) at inode.c:126 #3 0x000000000021e130 in pass2 () at pass2.c:202 #4 0x0000000000219a7d in checkfilesys (filesys=0x7fffffffed79 "junk") at main.c:468 #5 0x0000000000218f42 in main (argc=1, argv=0x7fffffffea28) at main.c:210
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=11ce203e0535c1c8f520c9bda81ab9326cf5db80 commit 11ce203e0535c1c8f520c9bda81ab9326cf5db80 Author: Kirk McKusick <mckusick@FreeBSD.org> AuthorDate: 2023-05-27 23:07:09 +0000 Commit: Kirk McKusick <mckusick@FreeBSD.org> CommitDate: 2023-05-27 23:07:09 +0000 Fix a bug in fsck_ffs(8) triggered by corrupted filesystems. The last valid inode in the filesystem is maxino - 1, not maxino. Thus validity checks should ino < maxino, not ino <= maxino. Reported-by: Robert Morris PR: 271312 MFC-after: 1 week Sponsored-by: The FreeBSD Foundation sbin/fsck_ffs/dir.c | 4 ++-- sbin/fsck_ffs/fsutil.c | 2 +- sbin/fsck_ffs/inode.c | 14 ++++++++------ sbin/fsck_ffs/pass2.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-)
Fix checked in. Will close when MFC'ed to 13.
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=fbfbd0638a5a3dd4f76eaf17f81450cc09d48e5b commit fbfbd0638a5a3dd4f76eaf17f81450cc09d48e5b Author: Kirk McKusick <mckusick@FreeBSD.org> AuthorDate: 2023-05-27 23:07:09 +0000 Commit: Kirk McKusick <mckusick@FreeBSD.org> CommitDate: 2023-06-07 22:44:12 +0000 Fix a bug in fsck_ffs(8) triggered by corrupted filesystems. The last valid inode in the filesystem is maxino - 1, not maxino. Thus validity checks should ino < maxino, not ino <= maxino. Reported-by: Robert Morris PR: 271312 Sponsored-by: The FreeBSD Foundation (cherry picked from commit 11ce203e0535c1c8f520c9bda81ab9326cf5db80) sbin/fsck_ffs/dir.c | 4 ++-- sbin/fsck_ffs/fsutil.c | 2 +- sbin/fsck_ffs/inode.c | 14 ++++++++------ sbin/fsck_ffs/pass2.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-)
MFC'ed to 13.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ccaa547b4d247622e67c5c72fbc629458284a3f7 commit ccaa547b4d247622e67c5c72fbc629458284a3f7 Author: Marius Halden <marius.halden@modirum.com> AuthorDate: 2023-09-02 10:59:31 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2023-09-02 11:01:35 +0000 net-mgmt/nagios-plugins: Update to 2.4.4 Changelog: https://nagios-plugins.org/nagios-plugins-2-4-4-released/ PR: 271312 Sponsored by: Netzkommune GmbH net-mgmt/nagios-plugins/Makefile | 2 +- net-mgmt/nagios-plugins/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
wrong PR in the commit, sorry. i mean 271313