Crashed in OS X 10.13

[zonyitoo]

Proxychains crashes with some of the programs, such as

• cargo (Rust build tool)
• git

Run with gdb, it shows that program crashes with signal SIGTRAP:

(gdb) r cargo update
Starting program: /usr/local/bin/proxychains4 cargo update
[New Thread 0x1303 of process 27750]
warning: unhandled dyld version (15)
[proxychains] config file found: /Users/zonyitoo/.proxychains/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.dylib
[New Thread 0x1403 of process 27750]

Thread 3 received signal SIGTRAP, Trace/breakpoint trap.
[Switching to Thread 0x1403 of process 27750]
0x00000001005be19c in ?? ()
(gdb) bt
#0  0x00000001005be19c in ?? ()
#1  0x0000000100000000 in ?? ()
#2  0x0000000000000002 in ?? ()
#3  0x00007ffeefbffa60 in ?? ()
#4  0x00007ffeefbffa66 in ?? ()
#5  0x0000000000000000 in ?? ()

Build with -DDEBUG and run it again, it shows:

[proxychains] config file found: /Users/zonyitoo/.proxychains/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.dylib
DEBUG:init_lib_wrapper called from gcc_init
DEBUG:pid[60875]:at_init
DEBUG:pid[60875]:wait_data
DEBUG:added localnet: netaddr=127.0.0.0, netmask=255.0.0.0
DEBUG:[play] socks5 127.0.0.1:1080
DEBUG:loaded symbol 'connect' real addr 0x7fff5bd0850c  wrapped addr 0x100cbacc0
DEBUG:loaded symbol 'sendto' real addr 0x7fff5bd09228  wrapped addr 0x100cbb9e0
DEBUG:loaded symbol 'gethostbyname' real addr 0x7fff5bcc9e80  wrapped addr 0x100cbb3a0
DEBUG:loaded symbol 'getaddrinfo' real addr 0x7fff5bcab9b0  wrapped addr 0x100cbb420
DEBUG:loaded symbol 'freeaddrinfo' real addr 0x7fff5bcb3680  wrapped addr 0x100cbb520
DEBUG:loaded symbol 'gethostbyaddr' real addr 0x7fff5bcca360  wrapped addr 0x100cbb8b0
DEBUG:loaded symbol 'getnameinfo' real addr 0x7fff5bcb5660  wrapped addr 0x100cb75d0
DEBUG:loaded symbol 'close' real addr 0x7fff5bd09940  wrapped addr 0x100cbabd0
DEBUG:init_lib_wrapper called from gcc_init
DEBUG:pid[60875]:at_init
DEBUG:pid[60875]:wait_data
DEBUG:added localnet: netaddr=127.0.0.0, netmask=255.0.0.0
DEBUG:[play] socks5 127.0.0.1:1080
DEBUG:loaded symbol 'connect' real addr 0x7fff5bd0850c  wrapped addr 0x108e48cc0
DEBUG:loaded symbol 'sendto' real addr 0x7fff5bd09228  wrapped addr 0x108e499e0
DEBUG:loaded symbol 'gethostbyname' real addr 0x7fff5bcc9e80  wrapped addr 0x108e493a0
DEBUG:loaded symbol 'getaddrinfo' real addr 0x7fff5bcab9b0  wrapped addr 0x108e49420
DEBUG:loaded symbol 'freeaddrinfo' real addr 0x7fff5bcb3680  wrapped addr 0x108e49520
DEBUG:loaded symbol 'gethostbyaddr' real addr 0x7fff5bcca360  wrapped addr 0x108e498b0
DEBUG:loaded symbol 'getnameinfo' real addr 0x7fff5bcb5660  wrapped addr 0x108e455d0
DEBUG:loaded symbol 'close' real addr 0x7fff5bd09940  wrapped addr 0x108e48bd0
    Updating registry `https://github.com/rust-lang/crates.io-index`
DEBUG:getaddrinfo: api.github.com 443
DEBUG:pid[60875]:wait_data
DEBUG:realloc
DEBUG:creating new entry 0 for ip of api.github.com
DEBUG:pid[60875]:wait_data
DEBUG:freeaddrinfo 0x7fa685506d90
DEBUG:pid[60875]:connect
DEBUG:target: 224.0.0.1
DEBUG:port: 443
DEBUG:pid[60875]:wait_data
DEBUG:pid[60875]:string_from_internal_ip
DEBUG:pid[60875]:index_from_internal_ip
DEBUG:pid[60875]:wait_data
DEBUG:pid[60875]:wait_data
DEBUG:pid[60875]:string_from_internal_ip
DEBUG:pid[60875]:index_from_internal_ip
DEBUG:pid[60875]:wait_data
[1]    60875 segmentation fault  proxychains4 cargo update

[rofl0r]

thanks for the debug output. as we can see there, gcc_init and all the other init code is called twice (even with same PID!). this shouldn't happen, and might be the cause of the crash. it looks to me as if Mac OS X' implementation of pthread_once() is buggy.

here is a simplified test case

#include <stdio.h>
#include <pthread.h>

pthread_once_t init_once = PTHREAD_ONCE_INIT;

static void do_init(void) {
	dprintf(2, "this message should be printed only once\n");
}

__attribute__((constructor))
static void gcc_init(void) {
        pthread_once(&init_once, do_init);
}

usage on linux:

gcc ponce.c -fPIC -shared -pthread -o ponce.so
LD_PRELOAD=./ponce.so git status

usage is slightly different on mac os, for example the extension is .dylib and LD_PRELOAD is named DYLD_INSERT_LIBRARIES. maybe different build options are needed too, compare with the build output when building libproxychains.dylib. (check also main.c for environment variable usage). once you can get that test program to print "this message should be printed only once" twice, which it shouldnt, you can use that to file a bug report with APPLE.

[zonyitoo]

Yes, I can confirm that this message should be printed only once has been shown twice.

Build with:

gcc ponce.c -fPIC -shared -pthread -pipe -g -std=c99 -D_GNU_SOURCE -o ponce.dylib

Load it with

DYLD_INSERT_LIBRARIES=./ponce.dylib cargo update

[rofl0r]

perfect! so it's finally confirmed that Apple's libc is broken. now the question is, who files the bug with them ?

[zonyitoo]

I have already opened an issue in Apple's Bug Reporter. I think you should open one, too.

[rofl0r]

i don't think that will happen, since i don't even own a mac...

[byronyi]

Since pthread_once fires function call twice. it is reasonable for us to file the issue twice.

(Credit: https://www.zhihu.com/people/zhu-xiao-e/)

[rofl0r]

does that mean you will file the issue too, @byronyi ? that would be great. and if possible, paste a link here to the bugreport.

[zonyitoo]

After discussing with Apple's engineer, it seems that cargo, git or perl called exec() on itself, which causes that message to be printed more than once.

So pthread_once works fine and it is not the cause of this bug. @rofl0r

[rofl0r]

well, then i guess its time for someone who cares to launch gdb and debug the issue. dont wait for me, the support for mac os x is only a bonus and i couldnt care less.

[rofl0r]

After discussing with Apple's engineer, it seems that cargo, git or perl called exec() on itself, which causes that message to be printed more than once. So pthread_once works fine and it is not the cause of this bug

thinking about it again, it appears the Apple engineer is wrong. pthread_once should always ever be called once, even after fork + exec. you can try the same tests on linux, there the message will only be printed once.

[zonyitoo]

Apple Developer Relations October 24 2017, 11:58 PM Engineering has provided the following information regarding this issue:

Each process will run the inserted library's constructor function once, as the library is loaded.

By re-execing, or fork/execing, or posix_spawning, a new process is created. (If exec() is used, the new process has the same PID as the old one.) The new process inherits the parent's DYLD_INSERT_LIBRARIES environment variable, so it will also load the inserted library, and run its constructor function, and pthread_once will fire one time. pthread_once will fire once per process (technically once per pthread_once_t). Since there are multiple processes running in these tests (e.g. one for /usr/bin/perl, then one for /usr/bin/perl5.18), the code under pthread_once will run multiple times, once per process.

The same will happen on Linux if you run a program that forks and/or execs with the LD_PRELOAD env var. /usr/bin/perl and /usr/bin/git on macOS do so; the same-named programs Linux may not do so.

[rofl0r]

i pushed some changes which might fix this issue (at least the originally reported), please test current git if possible.

[zonyitoo]

Cannot be compiled in OS X:

printf '#define VERSION "%s"\n' "$(sh tools/version.sh)" > src/version.h
cc -DSUPER_SECURE -Ds6_addr16=__u6_addr.__u6_addr16 -Ds6_addr32=__u6_addr.__u6_addr32 -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe  -DIS_MAC=1 -DLIB_DIR=\"/usr/local/lib\" -DSYSCONFDIR=\"/usr/local/etc\" -DDLL_NAME=\"libproxychains4.dylib\"  -fPIC -c -o src/version.o src/version.c
cc -DSUPER_SECURE -Ds6_addr16=__u6_addr.__u6_addr16 -Ds6_addr32=__u6_addr.__u6_addr32 -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe  -DIS_MAC=1 -DLIB_DIR=\"/usr/local/lib\" -DSYSCONFDIR=\"/usr/local/etc\" -DDLL_NAME=\"libproxychains4.dylib\"  -fPIC -c -o src/core.o src/core.c
cc -DSUPER_SECURE -Ds6_addr16=__u6_addr.__u6_addr16 -Ds6_addr32=__u6_addr.__u6_addr32 -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe  -DIS_MAC=1 -DLIB_DIR=\"/usr/local/lib\" -DSYSCONFDIR=\"/usr/local/etc\" -DDLL_NAME=\"libproxychains4.dylib\"  -fPIC -c -o src/allocator_thread.o src/allocator_thread.c
src/allocator_thread.c:324:9: warning: 'PTHREAD_STACK_MIN' macro redefined [-Wmacro-redefined]
#define PTHREAD_STACK_MIN 64*1024
        ^
/usr/include/limits.h:117:9: note: previous definition is here
#define PTHREAD_STACK_MIN               8192
        ^
src/allocator_thread.c:331:50: error: use of undeclared identifier 'MAP_ANON'
        void *shm = mmap(0, 4096, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
                                                        ^
1 warning and 1 error generated.
make: *** [src/allocator_thread.o] Error 1

After deleting these two lines: https://github.com/rofl0r/proxychains-ng/blob/master/src/allocator_thread.c#L3-L4 , it compiles well.

[zonyitoo]

And it doesn't work:

DEBUG:init_lib_wrapper called from gcc_init
DEBUG:added localnet: netaddr=127.0.0.0, netmask=255.0.0.0
DEBUG:[play] socks5 127.0.0.1:1080
DEBUG:loaded symbol 'connect' real addr 0x7fff665b537c  wrapped addr 0x10a3c8cf0
DEBUG:loaded symbol 'sendto' real addr 0x7fff665b60b0  wrapped addr 0x10a3c9a10
DEBUG:loaded symbol 'gethostbyname' real addr 0x7fff66576e40  wrapped addr 0x10a3c93d0
DEBUG:loaded symbol 'getaddrinfo' real addr 0x7fff66558970  wrapped addr 0x10a3c9450
DEBUG:loaded symbol 'freeaddrinfo' real addr 0x7fff66560640  wrapped addr 0x10a3c9550
DEBUG:loaded symbol 'gethostbyaddr' real addr 0x7fff66577320  wrapped addr 0x10a3c98e0
DEBUG:loaded symbol 'getnameinfo' real addr 0x7fff66562620  wrapped addr 0x10a3c5610
DEBUG:loaded symbol 'close' real addr 0x7fff665b67c8  wrapped addr 0x10a3c8c00
DEBUG:init_lib_wrapper called from gcc_init
DEBUG:added localnet: netaddr=127.0.0.0, netmask=255.0.0.0
DEBUG:[play] socks5 127.0.0.1:1080
DEBUG:loaded symbol 'connect' real addr 0x7fff665b537c  wrapped addr 0x10d271cf0
DEBUG:loaded symbol 'sendto' real addr 0x7fff665b60b0  wrapped addr 0x10d272a10
DEBUG:loaded symbol 'gethostbyname' real addr 0x7fff66576e40  wrapped addr 0x10d2723d0
DEBUG:loaded symbol 'getaddrinfo' real addr 0x7fff66558970  wrapped addr 0x10d272450
DEBUG:loaded symbol 'freeaddrinfo' real addr 0x7fff66560640  wrapped addr 0x10d272550
DEBUG:loaded symbol 'gethostbyaddr' real addr 0x7fff66577320  wrapped addr 0x10d2728e0
DEBUG:loaded symbol 'getnameinfo' real addr 0x7fff66562620  wrapped addr 0x10d26e610
DEBUG:loaded symbol 'close' real addr 0x7fff665b67c8  wrapped addr 0x10d271c00
    Updating registry `https://github.com/rust-lang/crates.io-index`
DEBUG:getaddrinfo: 127.0.0.1 8118
DEBUG:freeaddrinfo 0x7ff487714340
DEBUG:pid[31277]:connect
DEBUG:target: 127.0.0.1
DEBUG:port: 8118
DEBUG:accessing localnet using true_connect
[1]    31277 segmentation fault  proxychains4 -q cargo update

[rofl0r]

haha, you cannot simply delete the line and expect it to make the code magically work :)

i think i fixed the isse with d28f4df , thanks for your patience.

[rofl0r]

oh sorry, i misread which lines you deleted. the ones you deleted are actually safe to delete.

[rpranshu]

So as of now proxychains4 is not working in OSX 10.13 right? we have to wait for an update?

[rofl0r]

wrong. as the README states, proxychains is a hack and may or may not work depending on the proxified application. so as it looks right now, it doesnt work with the apps mentioned here, until someone owning a mac uses his debugger and brain to find the issue.