pe 28.3.2025 klo 21.21 Christian Göttsche (cgzo...@googlemail.com) kirjoitti:
>
> Package: dhcpcd-base
> Severity: important
>
> Dear Maintainer,
>
> when running dhcpcd with a custom allocator, such as hardened_malloc
> or valogrind, it crashes with SIGSYS.
>
> Backtrace on usage with hardened_malloc:
>
> #######
>
> Program terminated with signal SIGSYS, Bad system call.
> Download failed: Invalid argument. Continuing without source file
> ./misc/../sysdeps/unix/syscall-template.S.
> #0 0x00007f0c67f17627 in __GI_mprotect () at
> ../sysdeps/unix/syscall-template.S:117
>
> warning: 117 ../sysdeps/unix/syscall-template.S: No such file or
> directory
> (gdb) bt full
> #0 0x00007f0c67f17627 in __GI_mprotect () at
> ../sysdeps/unix/syscall-template.S:117
> No locals.
> #1 0x00007f0c6874d251 in memory_protect_prot (ptr=0x7f0c67d03000,
> size=81920, prot=3, pkey=-1) at
> /root/workspace/hardened_malloc/memory.c:76
> ret = <optimized out>
> ret = <optimized out>
> #2 memory_protect_rw (ptr=0x7f0c67d03000, size=81920) at
> /root/workspace/hardened_malloc/memory.c:89
> No locals.
> #3 allocate_pages (usable_size=usable_size@entry=81920,
> guard_size=guard_size@entry=12288, unprotect=unprotect@entry=true,
> name=name@entry=0x7f0c68751150 "malloc large")
> at /root/workspace/hardened_malloc/pages.c:24
> real_size = <optimized out>
> real = 0x7f0c67d00000
> usable = 0x7f0c67d03000
> #4 0x00007f0c6874dd13 in allocate_large (size=81920) at
> /root/workspace/hardened_malloc/h_malloc.c:1377
> ra = 0x7ef831acdf00
> guard_size = 12288
> p = <optimized out>
> #5 0x0000561226ef7370 in default_config (ctx=<optimized out>) at
> ./src/if-options.c:2452
> ifo = <optimized out>
> ifo = <optimized out>
> __func__ = "default_config"
> #6 read_config (ctx=0x7ffd2fb59390,
> ifname=ifname@entry=0x7d6cb15f1118 "enp1s0",
> ssid=ssid@entry=0x7ffd2fb59290 "", profile=profile@entry=0x0) at
> ./src/if-options.c:2499
> ifo = <optimized out>
> buf =
> "\000\000\000\000\000\000\000\000\206\230\264/\375\177\000\000\000\000\000\000\000\000\000\000\345\227\356&\022V\000\000\206\230\264/\375\177\000\000\000\000\000\000\000\000\000\000\220\223\2
> 65/\375\177", '\000' <repeats 11 times>,
> "\240^h\f\177\000\000\352w\357&\022V\000\000\000\000\000\000\000\000\000\000ؒ\264/\375\177\000\000\000\000\000\000\000\000\000\000\214\230\264/\375\177\000\000\000\0
> 00\000\000\001", '\000' <repeats 75 times>, "# A sampl"...
> bp = 0x561226ef6dea <parse_config_line+74>
> "\205\300uRD\211\362H\211\320H\301\340\005A\203|\005\b\001u\005H\205\355teH\301\342\005L\211|$`H\213<$I\211\350A\213L\025\030L\213L$\030H\213T$\020H\213t$
> \bH\203\304([]A\\A]A^A_\351T\272\377\377\017\037@"
> line = 0x7ffd2fb59390 "/run/dhcpcd/enp1s0.pid"
> option = <optimized out>
> p = <optimized out>
> buflen = 0
> vlen = <optimized out>
> skip = <optimized out>
> have_profile = <optimized out>
> new_block = <optimized out>
> had_block = <optimized out>
> ldop = 0x7f0c685ea000
> edop = 0xd259931365c0e300
> __func__ = "read_config"
> #7 0x0000561226eebfbb in dhcpcd_selectprofile (ifp=0x7d6cb15f1100,
> profile=profile@entry=0x0) at ./src/dhcpcd.c:625
> ifo = <optimized out>
> pssid =
> "\000\222\265/\375\177\000\000\000\343\300e\023\223Y\322\000\000\000\000x86_",
> '\000' <repeats 16 times>,
> "\200\215\347\342\260|\000\000@\271\206R\276|\000\000\245\026\357&\022V\000"
> --Type <RET> for more, q to quit, c to continue without paging--c
> __func__ = "dhcpcd_selectprofile"
> #8 0x0000561226eec1e7 in configure_interface (ifp=0x7d6cb15f1100,
> argc=2, argv=0x7ffd2fb59958, options=0) at ./src/dhcpcd.c:653
> old = 0
> old = <optimized out>
> #9 dhcpcd_initstate1 (ifp=0x7d6cb15f1100, argc=2,
> argv=0x7ffd2fb59958, options=0) at ./src/dhcpcd.c:677
> ifo = <optimized out>
> __func__ = "dhcpcd_initstate1"
> #10 0x0000561226ee8e59 in main (argc=2, argv=0x7ffd2fb59958,
> envp=<optimized out>) at ./src/dhcpcd.c:2592
> ctx = {pidfile = "/run/dhcpcd/enp1s0.pid", '\000' <repeats 16
> times>, vendor =
> "dhcpcd-10.1.0:Linux-6.12.20-amd64:x86_64:GenuineIntel", '\000'
> <repeats 202 times>, fork_fd = 6,
> cffile = 0x561226f2542e "/etc/dhcpcd.conf", options =
> 310326640814873609, logfile = 0x0, argc = 2, argv = 0x7ffd2fb59958,
> ifac = 0, ifav = 0x0, ifdc = 0, ifdv = 0x0, ifc = 1,
> ifv = 0x7ffd2fb59960, ifcc = 0, ifcv = 0x0, duid_type = 0
> '\000', duid = 0x7cbe5286b920 "", duid_len = 14, ifaces =
> 0x7cbe5286b940, ctl_buf = 0x0, ctl_buflen = 0, ctl_bufpos = 0,
> ctl_extra = 0,
> routes = {rbt_root = 0x0, rbt_ops = 0x561226f395e0
> <rt_compare_os_ops>, rbt_minmax = {0x0, 0x0}}, froutes = {rbt_root =
> 0x0, rbt_ops = 0x561226f39580 <rt_compare_free_ops>, rbt_minmax =
> {0x0,
> 0x0}}, rt_order = 0, pf_inet_fd = 15, priv =
> 0x7cbe5286b540, link_fd = 9, link_rcvbuf = 0, seq = 4, sseq = 0,
> sigset = {__val = {0 <repeats 16 times>}}, eloop = 0x7d2edff5e460,
> script = 0x561226f281a8 "/usr/lib/dhcpcd/dhcpcd-run-hooks",
> script_fp = 0x0, script_buf = 0x0, script_buflen = 0, script_env =
> 0x0, script_envlen = 0, control_fd = -1, control_unpriv_fd = -1,
> control_fds = {tqh_first = 0x7ceb6a739870, tqh_last =
> 0x7ceb6a739870}, control_sock = "/run/dhcpcd/enp1s0.sock", '\000'
> <repeats 17 times>,
> control_sock_unpriv = "/run/dhcpcd/enp1s0.unpriv.sock",
> '\000' <repeats 17 times>, control_group = 0, vivso = 0x0, vivso_len =
> 0, randomstate = 0x0, ps_user = 0x7f0c67fff3e0 <resbuf>,
> ps_processes = {tqh_first = 0x7d9c3a72ea00, tqh_last =
> 0x7d9c3a72da00}, ps_root = 0x7d9c3a72ea00, ps_inet = 0x7d9c3a72ac00,
> ps_ctl = 0x7d9c3a72da00, ps_data_fd = 8, ps_log_fd = -1,
> ps_log_root_fd = -1, ps_eloop = 0x7d2edff62960, ps_control =
> 0x7ceb6a739870, ps_control_client = 0x0, dhcp_opts = 0x7ebe6ca60000,
> dhcp_opts_len = 157, udp_rfd = -1, udp_wfd = -1,
> opt_buffer = 0x0, opt_buffer_len = 0, secret = 0x0,
> secret_len = 0, nd_fd = -1, ra_routers = 0x0, nd_opts =
> 0x7d9c3a72e600, nd_opts_len = 7, dhcp6_rfd = -1, dhcp6_wfd = -1,
> dhcp6_opts = 0x7e7b7fee9000, dhcp6_opts_len = 84, dev_load =
> 0x0, dev_fd = -1, dev = 0x0, dev_handle = 0x0}
> ifaddrs = 0x7db1095d6300
> ifo = 0x7f0c685ea000
> ifp = 0x7d6cb15f1100
> family = <optimized out>
> opt = <optimized out>
> oi = 0
> i = 1
> logopts = <optimized out>
> t = <optimized out>
> len = <optimized out>
> pid = 0
> fork_fd = {5, 6}
> sig = <optimized out>
> siga = <optimized out>
> si = 1
> __func__ = "main"
> #######
>
> Valgrind log:
>
> #######
> ==3701== Memcheck, a memory error detector
> ==3701== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
> ==3701== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info
> ==3701== Command: /usr/sbin/dhcpcd enp1s0
> ==3701== Parent PID: 3700
> ==3701==
> ==3==3695==
> ==3695== FILE DESCRIPTORS: 3 open (3 std) at exit.
> ==3695==
> ==3695== HEAP SUMMARY:
> ==3695== in use at exit: 1,509 bytes in 27 blocks
> ==3695== total heap usage: 134 allocs, 107 frees, 88,901 bytes allocated
> ==3695==
> ==3695== LEAK SUMMARY:
> ==3695== definitely lost: 0 bytes in 0 blocks
> ==3695== indirectly lost: 0 bytes in 0 blocks
> ==3695== possibly lost: 0 bytes in 0 blocks
> ==3695== still reachable: 1,509 bytes in 27 blocks
> ==3695== suppressed: 0 bytes in 0 blocks
> ==3695== Rerun with --leak-check=full to see details of leaked memory
> ==3695==
> ==3695== For lists of detected and suppressed errors, rerun with: -s
> ==3695== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
> (suppressed: 0 from 0)
> _startprocess (privsep.c:428)
> ==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705== Originally opened
> ==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3705== by 0x1127F8: main (dhcpcd.c:2403)
> ==3706== File descriptor 6: AF_UNIX socket 6: <unknown> is already closed
> ==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3706== by 0x4F09779: close (close.c:27)
> ==3706== by 0x14768C: ps_startprocess (privsep.c:440)
> ==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
> ==3706== by 0x146F4F: ps_start (privsep.c:572)
> ==3706== by 0x113007: main (dhcpcd.c:2493)
> ==3706== Previously closed
> ==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3706== by 0x4F09779: close (close.c:27)
> ==3706== by 0x1192E3: eloop_clear (eloop.c:930)
> ==3706== by 0x14751C: ps_startprocess (privsep.c:428)
> ==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
> ==3706== by 0x146F4F: ps_start (privsep.c:572)
> ==3706== by 0x113007: main (dhcpcd.c:2493)
> ==3706== Originally opened
> ==3706== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3706== by 0x1127F8: main (dhcpcd.c:2403)
> ==3708== File descriptor 6: AF_UNIX socket 6: <unknown> is already closed
> ==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3708== by 0x4F09779: close (close.c:27)
> ==3708== by 0x14768C: ps_startprocess (privsep.c:440)
> ==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
> ==3708== by 0x146F67: ps_start (privsep.c:583)
> ==3708== by 0x113007: main (dhcpcd.c:2493)
> ==3708== Previously closed
> ==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3708== by 0x4F09779: close (close.c:27)
> ==3708== by 0x1192E3: eloop_clear (eloop.c:930)
> ==3708== by 0x14751C: ps_startprocess (privsep.c:428)
> ==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
> ==3708== by 0x146F67: ps_start (privsep.c:583)
> ==3708== by 0x113007: main (dhcpcd.c:2493)
> ==3708== Originally opened
> ==3708== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3708== by 0x1127F8: main (dhcpcd.c:2403)
> ==3706== File descriptor 8: AF_UNIX socket 8: <unknown> is already closed
> ==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3706== by 0x4F09779: close (close.c:27)
> ==3706== by 0x14ACF7: ps_inet_startcb (privsep-inet.c:135)
> ==3706== by 0x147615: ps_startprocess (privsep.c:477)
> ==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
> ==3706== by 0x146F4F: ps_start (privsep.c:572)
> ==3706== by 0x113007: main (dhcpcd.c:2493)
> ==3706== Previously closed
> ==3706== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3706== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3706== by 0x4F09779: close (close.c:27)
> ==3706== by 0x1192E3: eloop_clear (eloop.c:930)
> ==3706== by 0x14751C: ps_startprocess (privsep.c:428)
> ==3706== by 0x14B573: ps_inet_start (privsep-inet.c:370)
> ==3706== by 0x146F4F: ps_start (privsep.c:572)
> ==3706== by 0x113007: main (dhcpcd.c:2493)
> ==3706== Originally opened
> ==3706== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3706== by 0x1499B8: ps_root_start (privsep-root.c:891)
> ==3706== by 0x146EF9: ps_start (privsep.c:557)
> ==3706== by 0x113007: main (dhcpcd.c:2493)
> ==3708== File descriptor 4: AF_UNIX socket 4: <unknown> is already closed
> ==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3708== by 0x4F09779: close (close.c:27)
> ==3708== by 0x147323: ps_freeprocess (privsep.c:779)
> ==3708== by 0x1475AF: ps_freeprocesses (privsep.c:1234)
> ==3708== by 0x1475AF: ps_startprocess (privsep.c:452)
> ==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
> ==3708== by 0x146F67: ps_start (privsep.c:583)
> ==3708== by 0x113007: main (dhcpcd.c:2493)
> ==3708== Previously closed
> ==3708== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3708== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3708== by 0x4F09779: close (close.c:27)
> ==3708== by 0x1192E3: eloop_clear (eloop.c:930)
> ==3708== by 0x14751C: ps_startprocess (privsep.c:428)
> ==3708== by 0x14AAB7: ps_ctl_start (privsep-control.c:238)
> ==3708== by 0x146F67: ps_start (privsep.c:583)
> ==3708== by 0x113007: main (dhcpcd.c:2493)
> ==3708== Originally opened
> ==3708== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3708== by 0x147411: ps_startprocess (privsep.c:352)
> ==3708== by 0x14B573: ps_inet_start (privsep-inet.c:370)
> ==3708== by 0x146F4F: ps_start (privsep.c:572)
> ==3708== by 0x113007: main (dhcpcd.c:2493)
> ==3702==
> ==3702== FILE DESCRIPTORS: 4 open (3 std) at exit.
> ==3702== Open file descriptor 3: /run/dhcpcd/enp1s0.pid
> ==3702== at 0x4E99687: __internal_syscall_cancel (cancellation.c:64)
> ==3702== by 0x4E996AC: __syscall_cancel (cancellation.c:75)
> ==3702== by 0x4F0D7BC: open (open64.c:41)
> ==3702== by 0x14CDA3: UnknownInlinedFun (fcntl2.h:55)
> ==3702== by 0x14CDA3: pidfile_lock (pidfile.c:209)
> ==3702== by 0x112C8C: main (dhcpcd.c:2382)
> ==3702==
> ==3702==
> ==3702== HEAP SUMMARY:
> ==3702== in use at exit: 194,219 bytes in 2,078 blocks
> ==3702== total heap usage: 3,728 allocs, 1,650 frees, 435,938 bytes
> allocated
> ==3702==
> ==3702== LEAK SUMMARY:
> ==3702== definitely lost: 0 bytes in 0 blocks
> ==3702== indirectly lost: 0 bytes in 0 blocks
> ==3702== possibly lost: 0 bytes in 0 blocks
> ==3702== still reachable: 194,219 bytes in 2,078 blocks
> ==3702== suppressed: 0 bytes in 0 blocks
> ==3702== Rerun with --leak-check=full to see details of leaked memory
> ==3702==
> ==3702== For lists of detected and suppressed errors, rerun with: -s
> ==3702== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
> ==3705==
> ==3705== FILE DESCRIPTORS: 8 open (3 std) at exit.
> ==3705== Open AF_INET6 socket 14: [::]:17 <-> <unbound>
> ==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
> ==3705== by 0x14537B: dhcp6_openraw (dhcp6.c:3819)
> ==3705== by 0x1489F1: ps_root_startcb (privsep-root.c:726)
> ==3705== by 0x147615: ps_startprocess (privsep.c:477)
> ==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705==
> ==3705== Open AF_INET6 socket 13: [::]:58 <-> <unbound>
> ==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
> ==3705== by 0x13C1AF: ipv6nd_open (ipv6nd.c:223)
> ==3705== by 0x14899E: ps_root_startcb (privsep-root.c:714)
> ==3705== by 0x147615: ps_startprocess (privsep.c:477)
> ==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705==
> ==3705== Open AF_INET socket 12: 0.0.0.0:17 <-> <unbound>
> ==3705== at 0x4F1C3F7: socket (syscall-template.S:120)
> ==3705== by 0x148A53: ps_root_startcb (privsep-root.c:701)
> ==3705== by 0x147615: ps_startprocess (privsep.c:477)
> ==3705== by 0x149A23: ps_root_start (privsep-root.c:902)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705==
> ==3705== Open AF_UNIX socket 9: <unknown>
> ==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3705== by 0x1499B8: ps_root_start (privsep-root.c:891)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705==
> ==3705== Open AF_UNIX socket 5: <unknown>
> ==3705== at 0x4F1C42A: socketpair (syscall-template.S:120)
> ==3705== by 0x149996: ps_root_start (privsep-root.c:884)
> ==3705== by 0x146EF9: ps_start (privsep.c:557)
> ==3705== by 0x113007: main (dhcpcd.c:2493)
> ==3705==
> ==3705==
> ==3705== HEAP SUMMARY:
> ==3705== in use at exit: 194,219 bytes in 2,078 blocks
> ==3705== total heap usage: 3,734 allocs, 1,656 frees, 436,678 bytes
> allocated
> ==3705==
> ==3705== LEAK SUMMARY:
> ==3705== definitely lost: 0 bytes in 0 blocks
> ==3705== indirectly lost: 0 bytes in 0 blocks
> ==3705== possibly lost: 0 bytes in 0 blocks
> ==3705== still reachable: 194,219 bytes in 2,078 blocks
> ==3705== suppressed: 0 bytes in 0 blocks
> ==3705== Rerun with --leak-check=full to see details of leaked memory
> ==3705==
> ==3705== For lists of detected and suppressed errors, rerun with: -s
> ==3705== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
> #######
>
> relevant dmesg:
>
> #######
> audit: type=1326 audit(1743188284.892:125): auid=0 uid=100 gid=65534
> ses=1 subj=unconfined pid=3701 comm="memcheck-amd64-"
> exe="/usr/libexec/valgrind/memcheck-amd64-linux"
> sig=31 arch=c000003e syscall=186 compat=0 ip=0x58058669 code=0x0
> #######
>
> It might be caused by a too strict seccomp filter not permitting gettid(2).
Thanks.
Please file the bug upstream:
https://github.com/NetworkConfiguration/dhcpcd/issues
Martin-Éric
