Problem reports for b...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |252123 | fetch(3): Fix wrong usage of proxy when request i New |262764 | After DVD1 13.0-R install with ports tree, portsn New |262989 | sys/conf/files, sys/conf/options, sys/conf/NOTES: New |269994 | build options have different kernel and userland Open| 46441 | sh(1): Does not support PS1, PS2, PS4 parameter e Open|165059 | vtnet(4): Networking breaks with a router using v Open|177821 | sysctl: Some security.jail nodes are funky, dupli Open|220246 | syslogd does not send RFC3164-conformant messages Open|232914 | kern/kern_resource: Integer overflow in function Open|250309 | devmatch: panic: general protection fault: sysctl Open|255130 | Issue with rtsx driver Open|256952 | kqueue(2): Improve epoll Linux compatibility (com Open|257149 | CFLAGS not passed to whole build Open|257646 | opensm: rc service is installed by default, but o Open|258665 | lib/libfetch: Add Happy Eyeballs (RFC8305) suppor Open|259292 | vmware/pvscsi: UNMAP fails on VMWare 6.7 thinly p Open|259636 | multiple components: Change "Take Affect" to "Tak Open|259655 | periodic: security/security.functions does not re Open|259703 | In sys/dev/pci/pci.c, error in do_power_nodriver Open|259808 | etc/periodic/daily/100.clean-disks: Fix error (Di Open|260214 | acpi_battery: Should provide current/max battery Open|260245 | swap/vm: Apparent memory leak: 100% swap usage Open|261640 | sysctl: Add -F option to display sysctl format st Open|261641 | drm-kmod: Launch message is written into (possibl Open|261771 | nvme(4): Reports errors every 5 minutes: PRP OFFS Open|261971 | kernel crash launching bhyve guest on ZFS: #15 bu Open|262157 | su+j: Crashes during mmc(4) fsck after timeout: E Open|262192 | Crashes at boot with kern.random.initial_seeding. Open|264028 | loader: Incorrect (32gb) memory reported by BTX l Open|264075 | freebsd-update in 13.1-RELEASE detects an install Open|264188 | kinit(1): Ignores KRB5CCNAME environment variable Open|264226 | setting kern.vty=sc causes hang during UEFI boot Open|264757 | fetch: Show correct port number in -vv output Open|264833 | 12.3-STABLE panic on sync and reboot: panic: slee Open|266419 | mrsas: Corrupts memory (crashes) when reading dat 35 problems total for which you should take action.
[Bug 277616] ldd uses elf phdr.p_offset without checking
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277616 Konstantin Belousov changed: What|Removed |Added CC||ema...@freebsd.org, ||k...@freebsd.org --- Comment #1 from Konstantin Belousov --- I think this is more libelf(3) issue than ldd deficiency. _libelf_xlate() should validate that the regions are valid. BTW, nearby the malloc(3) calls are without result checks. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277616] ldd uses elf phdr.p_offset without checking
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277616
Bug ID: 277616
Summary: ldd uses elf phdr.p_offset without checking
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: b...@freebsd.org
Reporter: r...@lcs.mit.edu
Created attachment 249076
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249076=edit
an elf file with a huge phdr.p_offset
The attached corrupt elf file contains a program header with a huge
offset, which causes ldd to dereference a bad pointer. ldd's
is_executable() says:
case PT_DYNAMIC:
dynamic = true;
if (ehdr.e_type == ET_DYN)
pie = is_pie(fname, elf, , phdr.p_offset,
phdr.p_filesz);
and is_pie() says:
src.d_buf = buf + offset;
and calls gelf_xlatetom() with src.
There's a similar problem in has_freebsd_abi_tag(), and both functions
use len (phdr.p_filesz) without a check.
# uname -a
FreeBSD stock14 15.0-CURRENT FreeBSD 15.0-CURRENT #19
main-n268743-a58813fd701e: Sat Mar 9 07:18:21 AST 2024
root@stock14:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
# ldd ldd1b.exe
Bus error (core dumped)
Program received signal SIGBUS, Bus error.
Object-specific hardware error.
_libelf_cvt_DYN64_tom (dst=, dsz=,
src=, count=, byteswap=0)
at libelf_convert.c:529
529 READ_SXWORD(s,t.d_tag);
(gdb) where
#0 _libelf_cvt_DYN64_tom (dst=, dsz=,
src=, count=, byteswap=0)
at libelf_convert.c:529
#1 0x0008010782ac in _libelf_xlate (dst=0x7fffe8a0,
src=0x7fffe870, encoding=, elfclass=2, elfmachine=243,
direction=direction@entry=1)
at /usr/src/contrib/elftoolchain/libelf/libelf_xlate.c:143
#2 0x0008010757a2 in gelf_xlatetom (e=e@entry=0x801809000,
dst=0x80106bef0, dst@entry=0x7fffe8a0, src=0x2,
src@entry=0x7fffe870, encoding=384)
at /usr/src/contrib/elftoolchain/libelf/gelf_xlate.c:68
#3 0x01023a7c in is_pie (fname=0x7fffed4a "ldd1b.exe",
elf=0x801809000, ehdr=0x7fffe8d0, offset=, len=400)
at /usr/src/usr.bin/ldd/ldd.c:369
#4 is_executable (fname=0x7fffed4a "ldd1b.exe", fd=3,
is_shlib=, type=)
at /usr/src/usr.bin/ldd/ldd.c:447
#5 main (argc=1, argv=0x7fffe9d8) at /usr/src/usr.bin/ldd/ldd.c:174
(gdb) print/x phdr
$1 = {p_type = 0x2, p_flags = 0x6, p_offset = 0x7fffbfa9ae7f,
p_vaddr = 0x28e0, p_paddr = 0x28e0, p_filesz = 0x190, p_memsz = 0x190,
p_align = 0x8}
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 277615] /usr/sbin/mixer -a does not display all mixer devices if /dev/mixer0 happens to not exist.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277615 Bug ID: 277615 Summary: /usr/sbin/mixer -a does not display all mixer devices if /dev/mixer0 happens to not exist. Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: khell...@mcprogramming.com $ freebsd-version 14.0-RELEASE-p4 $ echo /dev/mixer[0-9]* /dev/mixer3 /dev/mixer4 /dev/mixer5 /dev/mixer6 /dev/mixer7 $ /usr/sbin/mixer -a mixer: mixer_open: /dev/mixer0: Bad file descriptor -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612 --- Comment #2 from Paul Floyd --- The C standard clearly states that it is implementation defined. This is about compatibility with glibc. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612 Benjamin Takacs changed: What|Removed |Added CC||nimaje+...@bureaucracy.de --- Comment #1 from Benjamin Takacs --- There is no such thing as a "negative nan", just some nan representation where the signbit is set and some where it is not, but that should be just a nan for every purpose. I would say not printing a sign there is clearer, as nobody can be confused that something like a "negative nan" exists. And that sign = '\0'; in line 788 seems to be an explicite design desicion to do that to me. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 207625] mount_smbfs(8): missing description of option "-n opt"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207625 Chris Davidson changed: What|Removed |Added CC||Christopher.davidson@gmail. ||com --- Comment #3 from Chris Davidson --- The -n option is also not documented in the latest -CURRENT (FreeBSD current.home 15.0-CURRENT FreeBSD 15.0-CURRENT #6 main-n268726-32c7350beb82: Thu Mar 7 21:25:02 EST 2024 chrisdavid...@current.home:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64) I did take a look at the source code dig a little deeper and checked out the soruce code (contrib/smbfs/mount_smbfs/mount_smbfs.c). This option does exist in the source code but it has comments around it, that it is never reached. Evidence: The case option for 'n' exists on line 180 but on line 179 it has a comment: /*NOTREACHED*/. Looking through other distribution manual pages they are NOT mentioning this option at all, example: https://www.illumos.org/man/8/mount_smbfs I can not find a reference to it online but the mac os ventura manual pages also do NOT reference this option. My conclusion is two options: 1. Remove the reference in the manual page 2. Update the source code for mount_smbfs.c to make the case reachable. Option 2 "looks" to be resolved by adding a break line to the case above and then testing it out a little. Hope this information is helpful for resolution of this manual page discrepancy. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277612] libc printf not compatible with glibc with negative nan
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277612
Bug ID: 277612
Summary: libc printf not compatible with glibc with negative
nan
Product: Base System
Version: 14.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: b...@freebsd.org
Reporter: pjfl...@wanadoo.fr
I think that it would be better for compatibility for printf of negative nans
to include the minus sign.
The C standard does say
A double argument representing an infinity is converted in one of the styles
[-]inf or
[-]infinity — which style is implementation-defined. A double argument
representing a
NaN is converted in one of the styles [-]nan or [-]nan(n-char-sequence) — which
style and
the meaning of any n-char-sequence, is implementation-defined. The F conversion
specifier
produces INF, INFINITY, or NAN instead of inf, infinity, or nan,
respectively.337)
>From what I see the cod that controls this is
│ > 785 if (expt == INT_MAX) { /* inf or nan */
│ 786 if (*cp == 'N') {
│ 787 cp = (ch >= 'a') ? "nan" :
"NAN";
│ 788 sign = '\0';
in vfprintf.c
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 277609] Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277609 Mark Linimon changed: What|Removed |Added Keywords||crash -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277605] FreeBSD 14-Release crashes on the RPI CM4 with PCIE to PCI bridge
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277605 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|freebsd-...@freebsd.org Keywords||crash -- You are receiving this mail because: You are the assignee for the bug.
[Bug 277609] Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277609 Bug ID: 277609 Summary: Running benchmarks/stress-ng with stress-ng -c 32 --aggressive, crashes system instantly. Product: Base System Version: 14.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: ni...@protonmail.com When i run benchmarks/stress-ng as a normal user with "stress-ng -c 32 --aggressive" the system crashes instantly. FreeBSD 14.0-RELEASE-p5 Ryzen 9 7950X /boot/loader.conf: hw.vmm.amdvi.enable=1 amdtemp_load="YES" /etc/sysctl.conf: security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 security.bsd.see_jail_proc=0 security.bsd.unprivileged_read_msgbuf=0 security.bsd.unprivileged_proc_debug=0 kern.randompid=1 vfs.zfs.min_auto_ashift=12 hw.snd.feeder_rate_quality=4 kern.coredump=0 hw.syscons.bell=0 kern.vt.enable_bell=0 net.inet6.ip6.use_tempaddr=1 net.inet6.ip6.prefer_tempaddr=1 vfs.aio.max_buf_aio=8192 vfs.aio.max_aio_queue_per_proc=65536 vfs.aio.max_aio_per_proc=8192 vfs.aio.max_aio_queue=65536 -- You are receiving this mail because: You are the assignee for the bug.
