On Sat, 24 Feb 2024 23:55:18 + =?utf-8?q?Lucas_L=C3=B3pez?=
wrote:
I copied the example server file /usr/share/doc/vtun/examples/vtund-server.conf
into
/etc/vtund.conf and enabled server mode in /etc/default/vtun. When I start the
service
with systemctl I get the following error on the dmesg log:
[343358.769324] vtund[3002]: segfault at 0 ip 5572cac05e34 sp
7ffc9a47f610 error 4 in vtund[5572cabff000+b000] likely on CPU 0 (core 0,
socket 0)
[343358.769342] Code: 24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24 10 48
89 44 24 08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39 7d 00
0f 85 d1 00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff
I checked the config and the manual but I haven't been able to use the package
due to the segfault.
BTW, the autogenerated systemd unit has the attributes RemainAfterExit=yes,
SuccessExitStatus=5 6,
so even on failure the unit appears as "active (exited)". Hence it needs a
"systemctl restart",
"systemctl start" won't do anything which is a bit counterintuitive.
Hello,
I am not the maintainer of vtun, just tried to find some more informations
about the crash.
I was not able to reproduce it inside a minimal VM, but I think
from the dmesg lines it happened in netlib.c line 156.
This looks like ifa->ifa_addr is no valid pointer but gets dereferenced.
I guess it might be related to the network configuration of this specific host,
maybe containing an interface without having an address assigned.
Kind regards,
Bernhard
148 int getifaddr(struct sockaddr_storage *addr, char * ifname, sa_family_t
af)
...
154
155 for (ifa = ifas; ifa; ifa = ifa->ifa_next) {
156 if( ifa->ifa_addr->sa_family != af ||
157strcmp(ifname, ifa->ifa_name) )
https://sources.debian.org/src/vtun/3.0.4-2/netlib.c/#L156
https://man7.org/linux/man-pages/man3/getifaddrs.3.html
# 2024-04-22 Trixie/testing amd64 qemu VM
apt update
apt install systemd-coredump mc htop gdb
# with unstable
apt install vtun vtun-dbgsym devscripts
apt build-dep vtun
mkdir /home/benutzer/source/vtun/orig -p
cd/home/benutzer/source/vtun/orig
dget
https://snapshot.debian.org/archive/debian-debug/20191112T220504Z/pool/main/v/vtun/vtun_3.0.4-2.dsc
dpkg-source -x vtun_3.0.4-2.dsc
cp -a /usr/share/doc/vtun/examples/vtund-server.conf /etc/vtund.conf
cp -a /etc/default/vtun /etc/default/vtun.orig
sed -i 's/# RUN_SERVER=no/RUN_SERVER=yes/g' /etc/default/vtun
wget
https://snapshot.debian.org/archive/debian/20220514T093947Z/pool/main/v/vtun/vtun_3.0.4-2%2Bb1_amd64.deb
wget
https://snapshot.debian.org/archive/debian-debug/20220514T091215Z/pool/main/v/vtun/vtun-dbgsym_3.0.4-2%2Bb1_amd64.deb
dpkg -i *.deb
systemctl start vtun.service
-> Could not reproduce the crash
[343358.769324] vtund[3002]: segfault at 0 ip 5572cac05e34 sp
7ffc9a47f610 error 4 in vtund[5572cabff000+b000] likely on CPU 0 (core 0,
socket 0)
[343358.769342] Code: 24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24
10 48 89 44 24 08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39
7d 00 0f 85 d1 00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff
# https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
error 4
0b0100
* bit 0 ==0: no page found
* bit 1 ==0: read access
* bit 2 ==1: user-mode access
echo -n "find /b ..., ..., 0x" && \
echo "24 10 e8 2f 96 ff ff 85 c0 0f 88 0d 01 00 00 48 8b 44 24 10 48 89 44 24
08 48 85 c0 0f 84 f0 00 00 00 48 89 c3 90 48 8b 6b 18 <66> 44 39 7d 00 0f 85 d1
00 00 00 48 8b 73 08 4c 89 ef e8 55 97 ff" \
| sed 's/[<>]//g' | sed 's/ /, 0x/g'
gdb -q --pid $(pgrep vtund)
(gdb) pipe info target | grep -E ".text$"
0x55c1fbd0f7f0 - 0x55c1fbd19ba1 is .text
(gdb) find /b 0x55c1fbd0f7f0, 0x55c1fbd19ba1, 0x24, 0x10, 0xe8, 0x2f,
0x96, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x88, 0x0d, 0x01, 0x00, 0x00, 0x48, 0x8b,
0x44, 0x24, 0x10, 0x48, 0x89, 0x44, 0x24, 0x08, 0x48, 0x85, 0xc0, 0x0f, 0x84,
0xf0, 0x00, 0x00, 0x00, 0x48, 0x89, 0xc3, 0x90, 0x48, 0x8b, 0x6b, 0x18, 0x66,
0x44, 0x39, 0x7d, 0x00, 0x0f, 0x85, 0xd1, 0x00, 0x00, 0x00, 0x48, 0x8b, 0x73,
0x08, 0x4c, 0x89, 0xef, 0xe8, 0x55, 0x97, 0xff
0x55c1fbd15e0a
1 pattern found.
(gdb) b * (0x55c1fbd15e0a + 42)
Breakpoint 1 at 0x55c1fbd15e34: file ./netlib.c, line 156.
(gdb) info b
Num Type Disp Enb AddressWhat
1 breakpoint keep y 0x55c1fbd15e34 in getifaddr at
./netlib.c:156
(gdb) disassemble /r 0x55c1fbd15e0a, 0x55c1fbd15e0a + 62
Dump of assembler code from 0x55c1fbd15e0a to 0x55c1fbd15e48:
0x55c1fbd15e0a : 24 10 and$0x10,%al
0x55c1fbd15e0c : e8 2f 96 ff ff call
0x55c1fbd0f440
0x55c1fbd15e11 : 85 c0 test %eax,%eax
0x55c1fbd15e13 : 0f 88 0d 01 00 00 js
0x55c1fbd15f26
0x55c1fbd15e19 : 48 8b 44 24 10 mov
0x10(%rsp),%rax
0x55c1fbd15e1e : 48 89 44 24 08