From nobody Fri May 12 19:29:08 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QHzN42hYcz4BNH6 for ; Fri, 12 May 2023 19:29:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QHzN41WYPz3GXK for ; Fri, 12 May 2023 19:29:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683919748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jQMv2y/QAeUlcwMWm7AxcTL9QypnQBUFkzCDsesOCyg=; b=IhoW/hIK8DqHdJZfT2MbZB2WI1XnM2Ej/NbAynB3TEELtfYYVnU0jgsr4RnSKsVBjosTo/ f0RIA/C0Ru332uZ1vt11lBuyi5QyMTr79bMhZD3Fh4nsXwGT1U2eOqqEPWo6LaJ0zGpISg sYNGofh/IeFxNt7jrrjsb6fZPIMqQ/kh24KgyFo5vOmGSEvSVXP9K5LhEdzFUd30T0yvQF fDG9MkdnPl/sox/YbEDYA5sQrstAk4t/fljukjMCB6QDxmXTMEIWDPsELydmxFLaXiFM3u CzA/ZnS9LpECu/GwiCAC3N7Udx9NSH4+yGxoTwHNCpQxHig2oAMp2O6iw9OFTw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683919748; a=rsa-sha256; cv=none; b=dcl9jOfaHDGAFVbgwg3IO4rW3wRJYUs7gqLR3QvBKRA5nqtsAqa0AQqeWLclRFLff0Cjmr CCmKdqj4amkN7ghc2pxeWUSjwiuuwBZ+wdNLeCV927BoNJY9WT7C5yVH/lSnroLkfSJeUI abUXkc44BINOfYnKMPYBipBkeLx7W/qK19q5vi3Rx+1pkhNQ/LDhg+ljRgXz4A+W6wxmcl Ne5X/A/x/34RQ2ir6kCmHJ5raMkxwp9LLSEC85/wVkdDsM6/+7g0o21eNaIFMuRWr9lPO9 zs2KSLSB6Yu+heN6xIP0y6GnIhfFlFF1Z+kg04uSZpxp4IERJOyFXzQmVzdRoA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QHzN40ZsNznYx for ; Fri, 12 May 2023 19:29:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 34CJT8Uh008532 for ; Fri, 12 May 2023 19:29:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 34CJT8lA008531 for bugs@FreeBSD.org; Fri, 12 May 2023 19:29:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 271383] negative jb_blk in a JOP_FREEBLK ffs journal record can cause fsck to crash Date: Fri, 12 May 2023 19:29:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: rtm@lcs.mit.edu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271383 Bug ID: 271383 Summary: negative jb_blk in a JOP_FREEBLK ffs journal record can cause fsck to crash Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: rtm@lcs.mit.edu Created attachment 242135 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D242135&action= =3Dedit broken ffs image with negative jb_blk that can cause fsck to crash I've attached a gzipped ffs image with a negative block number in a journal record which causes ffs_isblock() to index into its cp[] argument with a negative index. You may need valgrind to see the problem. A backtrace from fsck_ffs -y fsck24a.img: (gdb) where #0 ffs_isblock (fs=3D, cp=3D0x800a370d8 "", h=3D-240) at /usr/src/sys/ufs/ffs/ffs_subr.c:922 #1 0x0000000000227b10 in blk_isfree (bno=3D-9204789740589546200) at suj.c:= 523 #2 0x000000000022781c in blk_isindir (blk=3D-9204789740589546200, ino=3D3, lbn=3D-4611686018427387913) at suj.c:377 #3 0x00000000002273eb in indir_visit (ino=3D3, lbn=3D-4611686018427387913, blk=3D-9204789740589546200, frags=3D0x7fffffffe668, visitor=3D0x229180 , flags=3D1) at suj.c:728 #4 0x000000000022bb6e in blk_free_lbn (blk=3D-9204789740589546200, ino=3D3, lbn=3D-4611686018427387913, frags=3D8, follow=3D1) at suj.c:917 #5 0x000000000022b9c9 in blk_check (sblk=3D0x800a93030) at suj.c:1541 #6 0x0000000000227195 in cg_check_blk (sc=3D0x800a888c0) at suj.c:1612 #7 0x0000000000226dc5 in cg_apply (apply=3D0x227150 ) at suj.c:1638 #8 0x0000000000225571 in suj_check (filesys=3D0x7fffffffed71 "junk") at suj.c:2461 #9 0x00000000002195c6 in checkfilesys (filesys=3D0x7fffffffed71 "junk") at main.c:356 #10 0x0000000000218f72 in main (argc=3D1, argv=3D0x7fffffffea20) at main.c:= 210 --=20 You are receiving this mail because: You are the assignee for the bug.=