On Sat, 24 Feb 2024 23:55:18 +0000 =?utf-8?q?Lucas_L=C3=B3pez?=
<lucaslopez5...@gmail.com> wrote:
I copied the example server file /usr/share/doc/vtun/examples/vtund-server.conf
into
/etc/vtund.conf and enabled server mode in /etc/default/vtun. When I start the
service
with systemctl I get the following error on the dmesg log:
[343358.769324] vtund[3002]: segfault at 0 ip 00005572cac05e34 sp
00007ffc9a47f610 error 4 in vtund[5572cabff000+b000] likely on CPU 0 (core 0,
socket 0)
[343358.769342] Code: 24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24 10 48
89 44 24 08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39 7d 00
0f 85 d1 00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff
I checked the config and the manual but I haven't been able to use the package
due to the segfault.
BTW, the autogenerated systemd unit has the attributes RemainAfterExit=yes,
SuccessExitStatus=5 6,
so even on failure the unit appears as "active (exited)". Hence it needs a
"systemctl restart",
"systemctl start" won't do anything which is a bit counterintuitive.
Hello,
I am not the maintainer of vtun, just tried to find some more informations
about the crash.
I was not able to reproduce it inside a minimal VM, but I think
from the dmesg lines it happened in netlib.c line 156.
This looks like ifa->ifa_addr is no valid pointer but gets dereferenced.
I guess it might be related to the network configuration of this specific host,
maybe containing an interface without having an address assigned.
Kind regards,
Bernhard
148 int getifaddr(struct sockaddr_storage *addr, char * ifname, sa_family_t
af)
...
154
155 for (ifa = ifas; ifa; ifa = ifa->ifa_next) {
156 if( ifa->ifa_addr->sa_family != af ||
157 strcmp(ifname, ifa->ifa_name) )
https://sources.debian.org/src/vtun/3.0.4-2/netlib.c/#L156
https://man7.org/linux/man-pages/man3/getifaddrs.3.html
# 2024-04-22 Trixie/testing amd64 qemu VM
apt update
apt install systemd-coredump mc htop gdb
# with unstable
apt install vtun vtun-dbgsym devscripts
apt build-dep vtun
mkdir /home/benutzer/source/vtun/orig -p
cd /home/benutzer/source/vtun/orig
dget
https://snapshot.debian.org/archive/debian-debug/20191112T220504Z/pool/main/v/vtun/vtun_3.0.4-2.dsc
dpkg-source -x vtun_3.0.4-2.dsc
cp -a /usr/share/doc/vtun/examples/vtund-server.conf /etc/vtund.conf
cp -a /etc/default/vtun /etc/default/vtun.orig
sed -i 's/# RUN_SERVER=no/RUN_SERVER=yes/g' /etc/default/vtun
wget
https://snapshot.debian.org/archive/debian/20220514T093947Z/pool/main/v/vtun/vtun_3.0.4-2%2Bb1_amd64.deb
wget
https://snapshot.debian.org/archive/debian-debug/20220514T091215Z/pool/main/v/vtun/vtun-dbgsym_3.0.4-2%2Bb1_amd64.deb
dpkg -i *.deb
systemctl start vtun.service
-> Could not reproduce the crash
[343358.769324] vtund[3002]: segfault at 0 ip 00005572cac05e34 sp
00007ffc9a47f610 error 4 in vtund[5572cabff000+b000] likely on CPU 0 (core 0,
socket 0)
[343358.769342] Code: 24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24
10 48 89 44 24 08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39
7d 00 0f 85 d1 00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff
# https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
error 4
0b00000100
* bit 0 == 0: no page found
* bit 1 == 0: read access
* bit 2 == 1: user-mode access
echo -n "find /b ..., ..., 0x" && \
echo "24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24 10 48 89 44 24
08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39 7d 00 0f 85 d1
00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff" \
| sed 's/[<>]//g' | sed 's/ /, 0x/g'
gdb -q --pid $(pgrep vtund)
(gdb) pipe info target | grep -E ".text$"
0x000055c1fbd0f7f0 - 0x000055c1fbd19ba1 is .text
(gdb) find /b 0x000055c1fbd0f7f0, 0x000055c1fbd19ba1, 0x24, 0x10, 0xe8, 0x2f,
0x96, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x88, 0x0d, 0x01, 0x00, 0x00, 0x48, 0x8b,
0x44, 0x24, 0x10, 0x48, 0x89, 0x44, 0x24, 0x08, 0x48, 0x85, 0xc0, 0x0f, 0x84,
0xf0, 0x00, 0x00, 0x00, 0x48, 0x89, 0xc3, 0x90, 0x48, 0x8b, 0x6b, 0x18, 0x66,
0x44, 0x39, 0x7d, 0x00, 0x0f, 0x85, 0xd1, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x73,
0x08, 0x4c, 0x89, 0xef, 0xe8, 0x55, 0x97, 0xff
0x55c1fbd15e0a <getifaddr+42>
1 pattern found.
(gdb) b * (0x55c1fbd15e0a + 42)
Breakpoint 1 at 0x55c1fbd15e34: file ./netlib.c, line 156.
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y 0x000055c1fbd15e34 in getifaddr at
./netlib.c:156
(gdb) disassemble /r 0x55c1fbd15e0a, 0x55c1fbd15e0a + 62
Dump of assembler code from 0x55c1fbd15e0a to 0x55c1fbd15e48:
0x000055c1fbd15e0a <getifaddr+42>: 24 10 and $0x10,%al
0x000055c1fbd15e0c <getifaddr+44>: e8 2f 96 ff ff call
0x55c1fbd0f440 <getifaddrs@plt>
0x000055c1fbd15e11 <getifaddr+49>: 85 c0 test %eax,%eax
0x000055c1fbd15e13 <getifaddr+51>: 0f 88 0d 01 00 00 js
0x55c1fbd15f26 <getifaddr+326>
0x000055c1fbd15e19 <getifaddr+57>: 48 8b 44 24 10 mov
0x10(%rsp),%rax
0x000055c1fbd15e1e <getifaddr+62>: 48 89 44 24 08 mov
%rax,0x8(%rsp)
0x000055c1fbd15e23 <getifaddr+67>: 48 85 c0 test %rax,%rax
0x000055c1fbd15e26 <getifaddr+70>: 0f 84 f0 00 00 00 je
0x55c1fbd15f1c <getifaddr+316>
0x000055c1fbd15e2c <getifaddr+76>: 48 89 c3 mov %rax,%rbx
0x000055c1fbd15e2f <getifaddr+79>: 90 nop
0x000055c1fbd15e30 <getifaddr+80>: 48 8b 6b 18 mov
0x18(%rbx),%rbp
0x000055c1fbd15e34 <getifaddr+84>: 66 44 39 7d 00 cmp
%r15w,0x0(%rbp) <<<<<
0x000055c1fbd15e39 <getifaddr+89>: 0f 85 d1 00 00 00 jne
0x55c1fbd15f10 <getifaddr+304>
0x000055c1fbd15e3f <getifaddr+95>: 48 8b 73 08 mov
0x8(%rbx),%rsi
0x000055c1fbd15e43 <getifaddr+99>: 4c 89 ef mov %r13,%rdi
0x000055c1fbd15e46 <getifaddr+102>: e8 55 97 ff ff call
0x55c1fbd0f5a0 <strcmp@plt>
End of assembler dump.
(gdb) directory /home/benutzer/source/vtun/orig/vtun-3.0.4
Source directories searched:
/home/benutzer/source/vtun/orig/vtun-3.0.4:$cdir:$cwd
(gdb) list getifaddr
144 }
145 } /* set_port(struct sockaddr_storage *, in_port_t) */
146
147 /* Get interface address */
148 int getifaddr(struct sockaddr_storage *addr, char * ifname, sa_family_t
af)
149 {
150 struct ifaddrs *ifas, *ifa;
151
152 if( getifaddrs(&ifas) < 0 )
153 return -1;
154
155 for (ifa = ifas; ifa; ifa = ifa->ifa_next) {
156 if( ifa->ifa_addr->sa_family != af ||
157 strcmp(ifname, ifa->ifa_name) )
158 continue;
159
https://sources.debian.org/src/vtun/3.0.4-2/netlib.c/#L156
https://man7.org/linux/man-pages/man3/getifaddrs.3.html
