On Mon, Jun 12, 2023 at 04:47:41PM +0200, Sebastien Marie wrote: > > (gdb) > > > > with some instruction I might be able to extract more information. > > > > failing in _start is odd. it look like the binary wasn't build with > cf-protection=branch, and the compiler has it since few weeks now (since > 2023-04-26 exactly). > > Could you check the signature date of your package ? > > $ grep @digital-signature /var/db/pkg/xfce4-session-*/+CONTENTS > @digital-signature signify2:2023-06-10T10:18:49Z:external
[Mon Jun 12 16:49:33] peter@zaida:~$ grep @digital-signature /var/db/pkg/xfce4-session-*/+CONTENTS @digital-signature signify2:2023-04-16T09:46:52Z:external > > it could be a good indication for the build date. > > > In gdb, could you get the 'disassemble' output (beware, it could be long) ? I > am > interested to the current instructions (to ensure that it is failing in a > jmp). > It could permit to check that the backtrace is right. Note: breakpoints 1, 2 and 3 also set at pc 0xf09381e8660. Tracepoint 4 at 0xf09381e8660 (gdb) disassemble Dump of assembler code for function _start: => 0x00000f09381e8660 <+0>: mov %rdx,%rcx 0x00000f09381e8663 <+3>: mov (%rsp),%rdi 0x00000f09381e8667 <+7>: lea 0x10(%rsp,%rdi,8),%rdx 0x00000f09381e866c <+12>: lea 0x8(%rsp),%rsi 0x00000f09381e8671 <+17>: sub $0x8,%rsp 0x00000f09381e8675 <+21>: and $0xfffffffffffffff0,%rsp 0x00000f09381e8679 <+25>: add $0x8,%rsp 0x00000f09381e867d <+29>: jmp 0xf09381e8680 <_start+32> 0x00000f09381e867f <+31>: int3 0x00000f09381e8680 <+32>: push %rbp 0x00000f09381e8681 <+33>: mov %rsp,%rbp 0x00000f09381e8684 <+36>: push %r15 0x00000f09381e8686 <+38>: push %r14 0x00000f09381e8688 <+40>: push %r13 0x00000f09381e868a <+42>: push %r12 0x00000f09381e868c <+44>: push %rbx 0x00000f09381e868d <+45>: push %rax 0x00000f09381e868e <+46>: mov %rcx,%r13 0x00000f09381e8691 <+49>: mov %rdx,%r12 0x00000f09381e8694 <+52>: mov %rsi,%r14 0x00000f09381e8697 <+55>: mov %edi,%r15d 0x00000f09381e869a <+58>: mov %rsi,%rdi 0x00000f09381e869d <+61>: mov %rdx,%rsi 0x00000f09381e86a0 <+64>: mov %rcx,%rdx 0x00000f09381e86a3 <+67>: callq 0xf09382067d0 0x00000f09381e86a8 <+72>: mov %rax,%rbx 0x00000f09381e86ab <+75>: test %r13,%r13 0x00000f09381e86ae <+78>: jne 0xf09381e878f <_start+303> 0x00000f09381e86b4 <+84>: mov %rbx,-0x30(%rbp) 0x00000f09381e86b8 <+88>: lea -0x5f(%rip),%rbx # 0xf09381e8660 <_start> 0x00000f09381e86bf <+95>: lea -0x66(%rip),%rcx # 0xf09381e8660 <_start> 0x00000f09381e86c6 <+102>: sub %rbx,%rcx 0x00000f09381e86c9 <+105>: lea 0x7(%rcx),%rax 0x00000f09381e86cd <+109>: test %rcx,%rcx 0x00000f09381e86d0 <+112>: mov %rcx,%rdx 0x00000f09381e86d3 <+115>: cmovs %rax,%rdx 0x00000f09381e86d7 <+119>: sar $0x3,%rdx 0x00000f09381e86db <+123>: je 0xf09381e8723 <_start+195> 0x00000f09381e86dd <+125>: test %rcx,%rcx 0x00000f09381e86e0 <+128>: cmovns %rcx,%rax 0x00000f09381e86e4 <+132>: sar $0x3,%rax 0x00000f09381e86e8 <+136>: cmp $0x2,%rax 0x00000f09381e86ec <+140>: mov $0x1,%r13d 0x00000f09381e86f2 <+146>: cmovae %rax,%r13 0x00000f09381e86f6 <+150>: jmp 0xf09381e8700 <_start+160> 0x00000f09381e86f8 <+152>: int3 0x00000f09381e86f9 <+153>: int3 0x00000f09381e86fa <+154>: int3 0x00000f09381e86fb <+155>: int3 0x00000f09381e86fc <+156>: int3 0x00000f09381e86fd <+157>: int3 0x00000f09381e86fe <+158>: int3 0x00000f09381e86ff <+159>: int3 0x00000f09381e8700 <+160>: mov (%rbx),%r11 0x00000f09381e8703 <+163>: mov %r15d,%edi 0x00000f09381e8706 <+166>: mov %r14,%rsi 0x00000f09381e8709 <+169>: mov %r12,%rdx 0x00000f09381e870c <+172>: xor %ecx,%ecx 0x00000f09381e870e <+174>: callq 0xf09381e87b0 <__llvm_retpoline_r11> 0x00000f09381e8713 <+179>: xchg %rbx,%rax 0x00000f09381e8716 <+182>: add $0x8,%rax 0x00000f09381e871a <+186>: xchg %rbx,%rax 0x00000f09381e871d <+189>: add $0xffffffffffffffff,%r13 0x00000f09381e8721 <+193>: jne 0xf09381e8700 <_start+160> 0x00000f09381e8723 <+195>: lea -0xca(%rip),%r13 # 0xf09381e8660 <_start> 0x00000f09381e872a <+202>: lea -0xd1(%rip),%rcx # 0xf09381e8660 <_start> 0x00000f09381e8731 <+209>: sub %r13,%rcx 0x00000f09381e8734 <+212>: lea 0x7(%rcx),%rax 0x00000f09381e8738 <+216>: test %rcx,%rcx 0x00000f09381e873b <+219>: mov %rcx,%rdx 0x00000f09381e873e <+222>: cmovs %rax,%rdx --Type <RET> for more, q to quit, c to continue without paging-- 0x00000f09381e8742 <+226>: sar $0x3,%rdx 0x00000f09381e8746 <+230>: je 0xf09381e8784 <_start+292> 0x00000f09381e8748 <+232>: test %rcx,%rcx 0x00000f09381e874b <+235>: cmovns %rcx,%rax 0x00000f09381e874f <+239>: sar $0x3,%rax 0x00000f09381e8753 <+243>: cmp $0x2,%rax 0x00000f09381e8757 <+247>: mov $0x1,%ebx 0x00000f09381e875c <+252>: cmovae %rax,%rbx 0x00000f09381e8760 <+256>: mov 0x0(%r13),%r11 0x00000f09381e8764 <+260>: mov %r15d,%edi 0x00000f09381e8767 <+263>: mov %r14,%rsi 0x00000f09381e876a <+266>: mov %r12,%rdx 0x00000f09381e876d <+269>: xor %ecx,%ecx 0x00000f09381e876f <+271>: callq 0xf09381e87b0 <__llvm_retpoline_r11> 0x00000f09381e8774 <+276>: add $0x8,%r13 0x00000f09381e8778 <+280>: xchg %rbx,%rax 0x00000f09381e877b <+283>: add $0xffffffffffffffff,%rax 0x00000f09381e877f <+287>: xchg %rbx,%rax 0x00000f09381e8782 <+290>: jne 0xf09381e8760 <_start+256> 0x00000f09381e8784 <+292>: movb $0x1,0x2852d(%rip) # 0xf0938210cb8 <__csu_do_fini_array> 0x00000f09381e878b <+299>: mov -0x30(%rbp),%rbx 0x00000f09381e878f <+303>: callq 0xf0938206780 <__init> 0x00000f09381e8794 <+308>: mov (%rbx),%rdx 0x00000f09381e8797 <+311>: mov %r15d,%edi 0x00000f09381e879a <+314>: mov %r14,%rsi 0x00000f09381e879d <+317>: callq 0xf09381f1300 <main> 0x00000f09381e87a2 <+322>: mov %eax,%edi 0x00000f09381e87a4 <+324>: callq 0xf09382067f0 0x00000f09381e87a9 <+329>: int3 0x00000f09381e87aa <+330>: int3 0x00000f09381e87ab <+331>: int3 0x00000f09381e87ac <+332>: int3 0x00000f09381e87ad <+333>: int3 0x00000f09381e87ae <+334>: int3 0x00000f09381e87af <+335>: int3 End of assembler dump. (gdb) Hopefully this yields useful information. for a bit of background, this is a laptop I bought about two years ago, and during that time I've generally jumped from one snapshot to the next about three times a week (give or take, depending on just what other things needed dealing with) All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
