Package: dhcpcd-base
Severity: important
Dear Maintainer,
when running dhcpcd with a custom allocator, such as hardened_malloc
or valogrind, it crashes with SIGSYS.
Backtrace on usage with hardened_malloc:
#######
Program terminated with signal SIGSYS, Bad system call.
Download failed: Invalid argument. Continuing without source file
./misc/../sysdeps/unix/syscall-template.S.
#0 0x00007f0c67f17627 in __GI_mprotect () at
../sysdeps/unix/syscall-template.S:117
warning: 117 ../sysdeps/unix/syscall-template.S: No such file or
directory
(gdb) bt full
#0 0x00007f0c67f17627 in __GI_mprotect () at
../sysdeps/unix/syscall-template.S:117
No locals.
#1 0x00007f0c6874d251 in memory_protect_prot (ptr=0x7f0c67d03000,
size=81920, prot=3, pkey=-1) at
/root/workspace/hardened_malloc/memory.c:76
ret = <optimized out>
ret = <optimized out>
#2 memory_protect_rw (ptr=0x7f0c67d03000, size=81920) at
/root/workspace/hardened_malloc/memory.c:89
No locals.
#3 allocate_pages (usable_size=usable_size@entry=81920,
guard_size=guard_size@entry=12288, unprotect=unprotect@entry=true,
name=name@entry=0x7f0c68751150 "malloc large")
at /root/workspace/hardened_malloc/pages.c:24
real_size = <optimized out>
real = 0x7f0c67d00000
usable = 0x7f0c67d03000
#4 0x00007f0c6874dd13 in allocate_large (size=81920) at
/root/workspace/hardened_malloc/h_malloc.c:1377
ra = 0x7ef831acdf00
guard_size = 12288
p = <optimized out>
#5 0x0000561226ef7370 in default_config (ctx=<optimized out>) at
./src/if-options.c:2452
ifo = <optimized out>
ifo = <optimized out>
__func__ = "default_config"
#6 read_config (ctx=0x7ffd2fb59390,
ifname=ifname@entry=0x7d6cb15f1118 "enp1s0",
ssid=ssid@entry=0x7ffd2fb59290 "", profile=profile@entry=0x0) at
./src/if-options.c:2499
ifo = <optimized out>
buf =
"\000\000\000\000\000\000\000\000\206\230\264/\375\177\000\000\000\000\000\000\000\000\000\000\345\227\356&\022V\000\000\206\230\264/\375\177\000\000\000\000\000\000\000\000\000\000\220\223\2
65/\375\177", '\000' <repeats 11 times>,
"\240^h\f\177\000\000\352w\357&\022V\000\000\000\000\000\000\000\000\000\000ؒ\264/\375\177\000\000\000\000\000\000\000\000\000\000\214\230\264/\375\177\000\000\000\0
00\000\000\001", '\000' <repeats 75 times>, "# A sampl"...
bp = 0x561226ef6dea <parse_config_line+74>
"\205\300uRD\211\362H\211\320H\301\340\005A\203|\005\b\001u\005H\205\355teH\301\342\005L\211|$`H\213<$I\211\350A\213L\025\030L\213L$\030H\213T$\020H\213t$
\bH\203\304([]A\\A]A^A_\351T\272\377\377\017\037@"
line = 0x7ffd2fb59390 "/run/dhcpcd/enp1s0.pid"
option = <optimized out>
p = <optimized out>
buflen = 0
vlen = <optimized out>
skip = <optimized out>
have_profile = <optimized out>
new_block = <optimized out>
had_block = <optimized out>
ldop = 0x7f0c685ea000
edop = 0xd259931365c0e300
__func__ = "read_config"
#7 0x0000561226eebfbb in dhcpcd_selectprofile (ifp=0x7d6cb15f1100,
profile=profile@entry=0x0) at ./src/dhcpcd.c:625
ifo = <optimized out>
pssid =
"\000\222\265/\375\177\000\000\000\343\300e\023\223Y\322\000\000\000\000x86_",
'\000' <repeats 16 times>,
"\200\215\347\342\260|\000\000@\271\206R\276|\000\000\245\026\357&\022V\000"
--Type <RET> for more, q to quit, c to continue without paging--c
__func__ = "dhcpcd_selectprofile"
#8 0x0000561226eec1e7 in configure_interface (ifp=0x7d6cb15f1100,
argc=2, argv=0x7ffd2fb59958, options=0) at ./src/dhcpcd.c:653
old = 0
old = <optimized out>
#9 dhcpcd_initstate1 (ifp=0x7d6cb15f1100, argc=2,
argv=0x7ffd2fb59958, options=0) at ./src/dhcpcd.c:677
ifo = <optimized out>
__func__ = "dhcpcd_initstate1"
#10 0x0000561226ee8e59 in main (argc=2, argv=0x7ffd2fb59958,
envp=<optimized out>) at ./src/dhcpcd.c:2592
ctx = {pidfile = "/run/dhcpcd/enp1s0.pid", '\000' <repeats 16
times>, vendor =
"dhcpcd-10.1.0:Linux-6.12.20-amd64:x86_64:GenuineIntel", '\000'
<repeats 202 times>, fork_fd = 6,
cffile = 0x561226f2542e "/etc/dhcpcd.conf", options =
310326640814873609, logfile = 0x0, argc = 2, argv = 0x7ffd2fb59958,
ifac = 0, ifav = 0x0, ifdc = 0, ifdv = 0x0, ifc = 1,
ifv = 0x7ffd2fb59960, ifcc = 0, ifcv = 0x0, duid_type = 0
'\000', duid = 0x7cbe5286b920 "", duid_len = 14, ifaces =
0x7cbe5286b940, ctl_buf = 0x0, ctl_buflen = 0, ctl_bufpos = 0,
ctl_extra = 0,
routes = {rbt_root = 0x0, rbt_ops = 0x561226f395e0
<rt_compare_os_ops>, rbt_minmax = {0x0, 0x0}}, froutes = {rbt_root =
0x0, rbt_ops = 0x561226f39580 <rt_compare_free_ops>, rbt_minmax =
{0x0,
0x0}}, rt_order = 0, pf_inet_fd = 15, priv =
0x7cbe5286b540, link_fd = 9, link_rcvbuf = 0, seq = 4, sseq = 0,
sigset = {__val = {0 <repeats 16 times>}}, eloop = 0x7d2edff5e460,
script = 0x561226f281a8 "/usr/lib/dhcpcd/dhcpcd-run-hooks",
script_fp = 0x0, script_buf = 0x0, script_buflen = 0, script_env =
0x0, script_envlen = 0, control_fd = -1, control_unpriv_fd = -1,
control_fds = {tqh_first = 0x7ceb6a739870, tqh_last =
0x7ceb6a739870}, control_sock = "/run/dhcpcd/enp1s0.sock", '\000'
<repeats 17 times>,
control_sock_unpriv = "/run/dhcpcd/enp1s0.unpriv.sock",
'\000' <repeats 17 times>, control_group = 0, vivso = 0x0, vivso_len =
0, randomstate = 0x0, ps_user = 0x7f0c67fff3e0 <resbuf>,
ps_processes = {tqh_first = 0x7d9c3a72ea00, tqh_last =
0x7d9c3a72da00}, ps_root = 0x7d9c3a72ea00, ps_inet = 0x7d9c3a72ac00,
ps_ctl = 0x7d9c3a72da00, ps_data_fd = 8, ps_log_fd = -1,
ps_log_root_fd = -1, ps_eloop = 0x7d2edff62960, ps_control =
0x7ceb6a739870, ps_control_client = 0x0, dhcp_opts = 0x7ebe6ca60000,
dhcp_opts_len = 157, udp_rfd = -1, udp_wfd = -1,
opt_buffer = 0x0, opt_buffer_len = 0, secret = 0x0,
secret_len = 0, nd_fd = -1, ra_routers = 0x0, nd_opts =
0x7d9c3a72e600, nd_opts_len = 7, dhcp6_rfd = -1, dhcp6_wfd = -1,
dhcp6_opts = 0x7e7b7fee9000, dhcp6_opts_len = 84, dev_load =
0x0, dev_fd = -1, dev = 0x0, dev_handle = 0x0}
ifaddrs = 0x7db1095d6300
ifo = 0x7f0c685ea000
ifp = 0x7d6cb15f1100
family = <optimized out>
opt = <optimized out>
oi = 0
i = 1
logopts = <optimized out>
t = <optimized out>
len = <optimized out>
pid = 0
fork_fd = {5, 6}
sig = <optimized out>
siga = <optimized out>
si = 1
__func__ = "main"
#######
Valgrind log:
#######
==3701== Memcheck, a memory error detector
==3701== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==3701== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
==3701== Command: /usr/sbin/dhcpcd enp1s0
==3701== Parent PID: 3700
==3701==
==3==3695==
==3695== FILE DESCRIPTORS: 3 open (3 std) at exit.
==3695==
==3695== HEAP SUMMARY:
==3695== in use at exit: 1,509 bytes in 27 blocks
==3695== total heap usage: 134 allocs, 107 frees, 88,901 bytes allocated
==3695==
==3695== LEAK SUMMARY:
==3695== definitely lost: 0 bytes in 0 blocks
==3695== indirectly lost: 0 bytes in 0 blocks
==3695== possibly lost: 0 bytes in 0 blocks
==3695== still reachable: 1,509 bytes in 27 blocks
==3695== suppressed: 0 bytes in 0 blocks
==3695== Rerun with --leak-check=full to see details of leaked memory
==3695==
==3695== For lists of detected and suppressed errors, rerun with: -s
==3695== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
(suppressed: 0 from 0)
_startprocess (privsep.c:428)
==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705== Originally opened
==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3705== by 0x1127F8: main (dhcpcd.c:2403)
==3706== File descriptor 6: AF_UNIX socket 6: <unknown> is already closed
==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3706== by 0x4F09779: close (close.c:27)
==3706== by 0x14768C: ps_startprocess (privsep.c:440)
==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
==3706== by 0x146F4F: ps_start (privsep.c:572)
==3706== by 0x113007: main (dhcpcd.c:2493)
==3706== Previously closed
==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3706== by 0x4F09779: close (close.c:27)
==3706== by 0x1192E3: eloop_clear (eloop.c:930)
==3706== by 0x14751C: ps_startprocess (privsep.c:428)
==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
==3706== by 0x146F4F: ps_start (privsep.c:572)
==3706== by 0x113007: main (dhcpcd.c:2493)
==3706== Originally opened
==3706== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3706== by 0x1127F8: main (dhcpcd.c:2403)
==3708== File descriptor 6: AF_UNIX socket 6: <unknown> is already closed
==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3708== by 0x4F09779: close (close.c:27)
==3708== by 0x14768C: ps_startprocess (privsep.c:440)
==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
==3708== by 0x146F67: ps_start (privsep.c:583)
==3708== by 0x113007: main (dhcpcd.c:2493)
==3708== Previously closed
==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3708== by 0x4F09779: close (close.c:27)
==3708== by 0x1192E3: eloop_clear (eloop.c:930)
==3708== by 0x14751C: ps_startprocess (privsep.c:428)
==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
==3708== by 0x146F67: ps_start (privsep.c:583)
==3708== by 0x113007: main (dhcpcd.c:2493)
==3708== Originally opened
==3708== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3708== by 0x1127F8: main (dhcpcd.c:2403)
==3706== File descriptor 8: AF_UNIX socket 8: <unknown> is already closed
==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3706== by 0x4F09779: close (close.c:27)
==3706== by 0x14ACF7: ps_inet_startcb (privsep-inet.c:135)
==3706== by 0x147615: ps_startprocess (privsep.c:477)
==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
==3706== by 0x146F4F: ps_start (privsep.c:572)
==3706== by 0x113007: main (dhcpcd.c:2493)
==3706== Previously closed
==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3706== by 0x4F09779: close (close.c:27)
==3706== by 0x1192E3: eloop_clear (eloop.c:930)
==3706== by 0x14751C: ps_startprocess (privsep.c:428)
==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
==3706== by 0x146F4F: ps_start (privsep.c:572)
==3706== by 0x113007: main (dhcpcd.c:2493)
==3706== Originally opened
==3706== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3706== by 0x1499B8: ps_root_start (privsep-root.c:891)
==3706== by 0x146EF9: ps_start (privsep.c:557)
==3706== by 0x113007: main (dhcpcd.c:2493)
==3708== File descriptor 4: AF_UNIX socket 4: <unknown> is already closed
==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3708== by 0x4F09779: close (close.c:27)
==3708== by 0x147323: ps_freeprocess (privsep.c:779)
==3708== by 0x1475AF: ps_freeprocesses (privsep.c:1234)
==3708== by 0x1475AF: ps_startprocess (privsep.c:452)
==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
==3708== by 0x146F67: ps_start (privsep.c:583)
==3708== by 0x113007: main (dhcpcd.c:2493)
==3708== Previously closed
==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3708== by 0x4F09779: close (close.c:27)
==3708== by 0x1192E3: eloop_clear (eloop.c:930)
==3708== by 0x14751C: ps_startprocess (privsep.c:428)
==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
==3708== by 0x146F67: ps_start (privsep.c:583)
==3708== by 0x113007: main (dhcpcd.c:2493)
==3708== Originally opened
==3708== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3708== by 0x147411: ps_startprocess (privsep.c:352)
==3708== by 0x14B573: ps_inet_start (privsep-inet.c:370)
==3708== by 0x146F4F: ps_start (privsep.c:572)
==3708== by 0x113007: main (dhcpcd.c:2493)
==3702==
==3702== FILE DESCRIPTORS: 4 open (3 std) at exit.
==3702== Open file descriptor 3: /run/dhcpcd/enp1s0.pid
==3702== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
==3702== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
==3702== by 0x4F0D7BC: open (open64.c:41)
==3702== by 0x14CDA3: UnknownInlinedFun (fcntl2.h:55)
==3702== by 0x14CDA3: pidfile_lock (pidfile.c:209)
==3702== by 0x112C8C: main (dhcpcd.c:2382)
==3702==
==3702==
==3702== HEAP SUMMARY:
==3702== in use at exit: 194,219 bytes in 2,078 blocks
==3702== total heap usage: 3,728 allocs, 1,650 frees, 435,938 bytes allocated
==3702==
==3702== LEAK SUMMARY:
==3702== definitely lost: 0 bytes in 0 blocks
==3702== indirectly lost: 0 bytes in 0 blocks
==3702== possibly lost: 0 bytes in 0 blocks
==3702== still reachable: 194,219 bytes in 2,078 blocks
==3702== suppressed: 0 bytes in 0 blocks
==3702== Rerun with --leak-check=full to see details of leaked memory
==3702==
==3702== For lists of detected and suppressed errors, rerun with: -s
==3702== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==3705==
==3705== FILE DESCRIPTORS: 8 open (3 std) at exit.
==3705== Open AF_INET6 socket 14: [::]:17 <-> <unbound>
==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
==3705== by 0x14537B: dhcp6_openraw (dhcp6.c:3819)
==3705== by 0x1489F1: ps_root_startcb (privsep-root.c:726)
==3705== by 0x147615: ps_startprocess (privsep.c:477)
==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705==
==3705== Open AF_INET6 socket 13: [::]:58 <-> <unbound>
==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
==3705== by 0x13C1AF: ipv6nd_open (ipv6nd.c:223)
==3705== by 0x14899E: ps_root_startcb (privsep-root.c:714)
==3705== by 0x147615: ps_startprocess (privsep.c:477)
==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705==
==3705== Open AF_INET socket 12: 0.0.0.0:17 <-> <unbound>
==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
==3705== by 0x148A53: ps_root_startcb (privsep-root.c:701)
==3705== by 0x147615: ps_startprocess (privsep.c:477)
==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705==
==3705== Open AF_UNIX socket 9: <unknown>
==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3705== by 0x1499B8: ps_root_start (privsep-root.c:891)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705==
==3705== Open AF_UNIX socket 5: <unknown>
==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
==3705== by 0x149996: ps_root_start (privsep-root.c:884)
==3705== by 0x146EF9: ps_start (privsep.c:557)
==3705== by 0x113007: main (dhcpcd.c:2493)
==3705==
==3705==
==3705== HEAP SUMMARY:
==3705== in use at exit: 194,219 bytes in 2,078 blocks
==3705== total heap usage: 3,734 allocs, 1,656 frees, 436,678 bytes allocated
==3705==
==3705== LEAK SUMMARY:
==3705== definitely lost: 0 bytes in 0 blocks
==3705== indirectly lost: 0 bytes in 0 blocks
==3705== possibly lost: 0 bytes in 0 blocks
==3705== still reachable: 194,219 bytes in 2,078 blocks
==3705== suppressed: 0 bytes in 0 blocks
==3705== Rerun with --leak-check=full to see details of leaked memory
==3705==
==3705== For lists of detected and suppressed errors, rerun with: -s
==3705== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
#######
relevant dmesg:
#######
audit: type=1326 audit(1743188284.892:125): auid=0 uid=100 gid=65534
ses=1 subj=unconfined pid=3701 comm="memcheck-amd64-"
exe="/usr/libexec/valgrind/memcheck-amd64-linux"
sig=31 arch=c000003e syscall=186 compat=0 ip=0x58058669 code=0x0
#######
It might be caused by a too strict seccomp filter not permitting gettid(2).
