[Bug 207080] pfctl crash when load pf.conf, libc/resolv problem ?

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 10 15:54:20 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207080

            Bug ID: 207080
           Summary: pfctl crash when load pf.conf, libc/resolv problem ?
           Product: Base System
           Version: 9.3-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: fabrice.bruel at orange.com
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

Created attachment 166833
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=166833&action=edit
pf.conf file

Hello

I'using FreeBSD 9_STABLE to do firewall with pf.

# uname -a
FreeBSD FreeBSD 9.3 9.3-STABLE FreeBSD 9.3-STABLE #0 r294729: Tue Jan 26
22:00:32 CET 2016     root at 9_STABLE:/usr/obj/usr/src/sys/FBSD9PF  amd64

With a specific pf.conf file (join with this message), in some case pftcl -f
pf.conf crash with :
pfctl: failed to create table __automatic_4130873d_220 in : Cannot allocate
memory
Segmentation fault: 11 (core dumped)

Ok my pf.conf file is bad and not optimize, but syntax is ok.
To be sure to reproduce the bug, just do with attach pf.conf :
while true;do pftcl -f pf.conf;done 
and wait a few minutes.

I've tried to understand the core file, but I'm a newbie in gdb usage, so I
reproduce here what I've done :

# gdb
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".
(gdb) core pfctl.core
Core was generated by `pfctl'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000800cfe6e6 in ?? ()
(gdb) add-symbol-file /usr/lib/debug/lib/libc.so.7.debug 0x0000000800cfe6e6
add symbol table from file "/usr/lib/debug/lib/libc.so.7.debug" at
        .text_addr = 0x800cfe6e6
(y or n) y
Reading symbols from /usr/lib/debug/lib/libc.so.7.debug...done.
(gdb) bt
#0  0x0000000800cfe6e6 in .text ()
#1  0x0000000000000001 in ?? ()
#2  0x0000000000639668 in ?? ()
#3  0x00007fffffffd870 in ?? ()
#4  0x0000000801400000 in ?? ()
#5  0x0000000800000001 in ?? ()
#6  0x00000008018009d0 in ?? ()
#7  0x00000000ffffffff in ?? ()
#8  0x00000008014045d0 in ?? ()
#9  0x00000000ffffffff in ?? ()
#10 0x0000000801402ad0 in ?? ()
#11 0x00000008ffffffff in ?? ()
#12 0x00000008014024d0 in ?? ()
#13 0x00000008ffffffff in ?? ()
#14 0x00000008014021d0 in ?? ()
#15 0x00000000ffffffff in ?? ()
#16 0x0000000801401ed0 in ?? ()
#17 0x00007fffffffffff in ?? ()
#18 0x0000000801401a50 in ?? ()
#19 0x0000000800000001 in ?? ()
#20 0x0000000801401a50 in ?? ()
#21 0x0000000000000017 in ?? ()
#22 0x00007fffffffd5e0 in ?? ()
#23 0x0000000800d6dc29 in __printf_render_int (io=0x7, pi=0x6394b0, arg=<value
optimized out>) at /usr/src/lib/libc/stdio/xprintf_int.c:422
#24 0x0000000800faab40 in ?? ()
#25 0x00007fffffffd33b in ?? ()
#26 0x0000000800d06eca in files_rpcent (retval=0x800cfc36f, mdata=<value
optimized out>, ap=<value optimized out>) at
/usr/src/lib/libc/rpc/getrpcent.c:317
#27 0x65726168732f6c61 in ?? ()
#28 0x62696c2f736c6e2f in ?? ()
#29 0x0074616300432f63 in ?? ()
#30 0x00007fffffffd400 in ?? ()
#31 0x0000000800652c00 in ?? ()
#32 0x00007fffffffd410 in ?? ()
#33 0x00007fffffffd3b0 in ?? ()
#34 0x0000000000000000 in ?? ()
(gdb) add-symbol-file /usr/lib/debug/lib/libc.so.7.debug 0x00007fffffffd3b0
add symbol table from file "/usr/lib/debug/lib/libc.so.7.debug" at
        .text_addr = 0x7fffffffd3b0
(y or n) y
Reading symbols from /usr/lib/debug/lib/libc.so.7.debug...done.
(gdb) bt
#0  0x0000000800cfe6e6 in .text ()
#1  0x0000000000000001 in ?? ()
#2  0x0000000000639668 in ?? ()
#3  0x00007fffffffd870 in wcsxfrm_l (dest=0x7fffffffd0b0, src=0x7fffffffd0d0,
len=6526232, locale=<value optimized out>) at
/usr/src/lib/libc/string/wcsxfrm.c:126
#4  0x0000000000000002 in ?? ()
#5  0x0000000000000002 in ?? ()
#6  0x0000000800faab40 in ?? ()
#7  0x0000000800faab40 in ?? ()
#8  0x0000000800faab40 in ?? ()
#9  0x00007fffffffd33b in ?? ()
#10 0x0000000800d06eca in files_rpcent (retval=0x800d06eca, mdata=<value
optimized out>, ap=<value optimized out>) at
/usr/src/lib/libc/rpc/getrpcent.c:317
#11 0x0000000800d83e3e in __res_pquery (statp=0x7fffffffd320, msg=<value
optimized out>, len=<value optimized out>, file=0x800cfc11a) at
/usr/src/lib/libc/resolv/res_debug.c:305
#12 0x0000000000000000 in ?? ()
(gdb) 


If my use of gdb is correct, it seems to be a problem in
/usr/src/lib/libc/resolv/res_debug.c ?

I can send the core file but 14Mo ...

Thanks for your help
Fabrice

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list