Problem reports for b...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |252123 | fetch(3): Fix wrong usage of proxy when request i New |262764 | After DVD1 13.0-R install with ports tree, portsn New |262989 | sys/conf/files, sys/conf/options, sys/conf/NOTES: New |269994 | build options have different kernel and userland Open| 46441 | sh(1): Does not support PS1, PS2, PS4 parameter e Open|165059 | vtnet(4): Networking breaks with a router using v Open|177821 | sysctl: Some security.jail nodes are funky, dupli Open|220246 | syslogd does not send RFC3164-conformant messages Open|232914 | kern/kern_resource: Integer overflow in function Open|250309 | devmatch: panic: general protection fault: sysctl Open|255130 | Issue with rtsx driver Open|256952 | kqueue(2): Improve epoll Linux compatibility (com Open|257149 | CFLAGS not passed to whole build Open|257646 | opensm: rc service is installed by default, but o Open|258665 | lib/libfetch: Add Happy Eyeballs (RFC8305) suppor Open|259292 | vmware/pvscsi: UNMAP fails on VMWare 6.7 thinly p Open|259636 | multiple components: Change "Take Affect" to "Tak Open|259655 | periodic: security/security.functions does not re Open|259703 | In sys/dev/pci/pci.c, error in do_power_nodriver Open|259808 | etc/periodic/daily/100.clean-disks: Fix error (Di Open|260214 | acpi_battery: Should provide current/max battery Open|260245 | swap/vm: Apparent memory leak: 100% swap usage Open|261640 | sysctl: Add -F option to display sysctl format st Open|261641 | drm-kmod: Launch message is written into (possibl Open|261771 | nvme(4): Reports errors every 5 minutes: PRP OFFS Open|261971 | kernel crash launching bhyve guest on ZFS: #15 bu Open|262157 | su+j: Crashes during mmc(4) fsck after timeout: E Open|262192 | Crashes at boot with kern.random.initial_seeding. Open|264028 | loader: Incorrect (32gb) memory reported by BTX l Open|264075 | freebsd-update in 13.1-RELEASE detects an install Open|264188 | kinit(1): Ignores KRB5CCNAME environment variable Open|264226 | setting kern.vty=sc causes hang during UEFI boot Open|264757 | fetch: Show correct port number in -vv output Open|264833 | 12.3-STABLE panic on sync and reboot: panic: slee Open|266419 | mrsas: Corrupts memory (crashes) when reading dat 35 problems total for which you should take action.
[Bug 277616] ldd uses elf phdr.p_offset without checking
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277616 Konstantin Belousov changed: What|Removed |Added CC||ema...@freebsd.org, ||k...@freebsd.org --- Comment #1 from Konstantin Belousov --- I think this is more libelf(3) issue than ldd deficiency. _libelf_xlate() should validate that the regions are valid. BTW, nearby the malloc(3) calls are without result checks. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277616] ldd uses elf phdr.p_offset without checking
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277616 Bug ID: 277616 Summary: ldd uses elf phdr.p_offset without checking Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: r...@lcs.mit.edu Created attachment 249076 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249076=edit an elf file with a huge phdr.p_offset The attached corrupt elf file contains a program header with a huge offset, which causes ldd to dereference a bad pointer. ldd's is_executable() says: case PT_DYNAMIC: dynamic = true; if (ehdr.e_type == ET_DYN) pie = is_pie(fname, elf, , phdr.p_offset, phdr.p_filesz); and is_pie() says: src.d_buf = buf + offset; and calls gelf_xlatetom() with src. There's a similar problem in has_freebsd_abi_tag(), and both functions use len (phdr.p_filesz) without a check. # uname -a FreeBSD stock14 15.0-CURRENT FreeBSD 15.0-CURRENT #19 main-n268743-a58813fd701e: Sat Mar 9 07:18:21 AST 2024 root@stock14:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 # ldd ldd1b.exe Bus error (core dumped) Program received signal SIGBUS, Bus error. Object-specific hardware error. _libelf_cvt_DYN64_tom (dst=, dsz=, src=, count=, byteswap=0) at libelf_convert.c:529 529 READ_SXWORD(s,t.d_tag); (gdb) where #0 _libelf_cvt_DYN64_tom (dst=, dsz=, src=, count=, byteswap=0) at libelf_convert.c:529 #1 0x0008010782ac in _libelf_xlate (dst=0x7fffe8a0, src=0x7fffe870, encoding=, elfclass=2, elfmachine=243, direction=direction@entry=1) at /usr/src/contrib/elftoolchain/libelf/libelf_xlate.c:143 #2 0x0008010757a2 in gelf_xlatetom (e=e@entry=0x801809000, dst=0x80106bef0, dst@entry=0x7fffe8a0, src=0x2, src@entry=0x7fffe870, encoding=384) at /usr/src/contrib/elftoolchain/libelf/gelf_xlate.c:68 #3 0x01023a7c in is_pie (fname=0x7fffed4a "ldd1b.exe", elf=0x801809000, ehdr=0x7fffe8d0, offset=, len=400) at /usr/src/usr.bin/ldd/ldd.c:369 #4 is_executable (fname=0x7fffed4a "ldd1b.exe", fd=3, is_shlib=, type=) at /usr/src/usr.bin/ldd/ldd.c:447 #5 main (argc=1, argv=0x7fffe9d8) at /usr/src/usr.bin/ldd/ldd.c:174 (gdb) print/x phdr $1 = {p_type = 0x2, p_flags = 0x6, p_offset = 0x7fffbfa9ae7f, p_vaddr = 0x28e0, p_paddr = 0x28e0, p_filesz = 0x190, p_memsz = 0x190, p_align = 0x8} -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277615] /usr/sbin/mixer -a does not display all mixer devices if /dev/mixer0 happens to not exist.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277615 Bug ID: 277615 Summary: /usr/sbin/mixer -a does not display all mixer devices if /dev/mixer0 happens to not exist. Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: khell...@mcprogramming.com $ freebsd-version 14.0-RELEASE-p4 $ echo /dev/mixer[0-9]* /dev/mixer3 /dev/mixer4 /dev/mixer5 /dev/mixer6 /dev/mixer7 $ /usr/sbin/mixer -a mixer: mixer_open: /dev/mixer0: Bad file descriptor -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612 --- Comment #2 from Paul Floyd --- The C standard clearly states that it is implementation defined. This is about compatibility with glibc. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612 Benjamin Takacs changed: What|Removed |Added CC||nimaje+...@bureaucracy.de --- Comment #1 from Benjamin Takacs --- There is no such thing as a "negative nan", just some nan representation where the signbit is set and some where it is not, but that should be just a nan for every purpose. I would say not printing a sign there is clearer, as nobody can be confused that something like a "negative nan" exists. And that sign = '\0'; in line 788 seems to be an explicite design desicion to do that to me. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 207625] mount_smbfs(8): missing description of option "-n opt"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207625 Chris Davidson changed: What|Removed |Added CC||Christopher.davidson@gmail. ||com --- Comment #3 from Chris Davidson --- The -n option is also not documented in the latest -CURRENT (FreeBSD current.home 15.0-CURRENT FreeBSD 15.0-CURRENT #6 main-n268726-32c7350beb82: Thu Mar 7 21:25:02 EST 2024 chrisdavid...@current.home:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64) I did take a look at the source code dig a little deeper and checked out the soruce code (contrib/smbfs/mount_smbfs/mount_smbfs.c). This option does exist in the source code but it has comments around it, that it is never reached. Evidence: The case option for 'n' exists on line 180 but on line 179 it has a comment: /*NOTREACHED*/. Looking through other distribution manual pages they are NOT mentioning this option at all, example: https://www.illumos.org/man/8/mount_smbfs I can not find a reference to it online but the mac os ventura manual pages also do NOT reference this option. My conclusion is two options: 1. Remove the reference in the manual page 2. Update the source code for mount_smbfs.c to make the case reachable. Option 2 "looks" to be resolved by adding a break line to the case above and then testing it out a little. Hope this information is helpful for resolution of this manual page discrepancy. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612 Bug ID: 277612 Summary: libc printf not compatible with glibc with negative nan Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: b...@freebsd.org Reporter: pjfl...@wanadoo.fr I think that it would be better for compatibility for printf of negative nans to include the minus sign. The C standard does say A double argument representing an infinity is converted in one of the styles [-]inf or [-]infinity — which style is implementation-defined. A double argument representing a NaN is converted in one of the styles [-]nan or [-]nan(n-char-sequence) — which style and the meaning of any n-char-sequence, is implementation-defined. The F conversion specifier produces INF, INFINITY, or NAN instead of inf, infinity, or nan, respectively.337) >From what I see the cod that controls this is │ > 785 if (expt == INT_MAX) { /* inf or nan */ │ 786 if (*cp == 'N') { │ 787 cp = (ch >= 'a') ? "nan" : "NAN"; │ 788 sign = '\0'; in vfprintf.c -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277609] Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277609 Mark Linimon changed: What|Removed |Added Keywords||crash -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277605] FreeBSD 14-Release crashes on the RPI CM4 with PCIE to PCI bridge
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277605 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|freebsd-...@freebsd.org Keywords||crash -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277609] Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277609 Bug ID: 277609 Summary: Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly. Product: Base System Version: 14.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: ni...@protonmail.com When i run benchmarks/stress-ng as a normal user with "stress-ng -c 32 --aggressive" the system crashes instantly. FreeBSD 14.0-RELEASE-p5 Ryzen 9 7950X /boot/loader.conf: hw.vmm.amdvi.enable=1 amdtemp_load="YES" /etc/sysctl.conf: security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 security.bsd.see_jail_proc=0 security.bsd.unprivileged_read_msgbuf=0 security.bsd.unprivileged_proc_debug=0 kern.randompid=1 vfs.zfs.min_auto_ashift=12 hw.snd.feeder_rate_quality=4 kern.coredump=0 hw.syscons.bell=0 kern.vt.enable_bell=0 net.inet6.ip6.use_tempaddr=1 net.inet6.ip6.prefer_tempaddr=1 vfs.aio.max_buf_aio=8192 vfs.aio.max_aio_queue_per_proc=65536 vfs.aio.max_aio_per_proc=8192 vfs.aio.max_aio_queue=65536 -- You are receiving this mail because: You are the assignee for the bug.