Dear Maintainer, I just tried to get some more information. Following backtrace, little after the stack smashing happend, I could reproduce with a amd64 qemu VM crossgraded from Buster amd64 to x32. :-)
That "struct rusage" has some elements of type "long" [1]. In gdb sizeof shows 4 bytes for such an element. (gdb) print sizeof(ru1.ru_maxrss) $6 = 4 Now I wonder if a x32 binary doing a syscall getrusage to a 64bit kernel is supposed to supply memory like "long" would be 8 bytes? Kind regards, Bernhard [1] http://man7.org/linux/man-pages/man2/getrusage.2.html Watchpoint 2: *0xffb35cac Old value = -658158982 New value = 0 0x004253e0 in __unified_syscall () 1: x/i $pc => 0x4253e0 <__unified_syscall+15>: cmp $0xffffffffffffff7c,%rax (gdb) bt #0 0x004253e0 in __unified_syscall () #1 0x004138aa in j_sigchld (sig=<optimized out>) at ../../jobs.c:1369 #2 0x00411883 in trapsig (i=<optimized out>) at ../../histrap.c:1239 #3 <signal handler called> #4 0x00000033 in ?? () 0x004253db <__unified_syscall+10>: mov %rcx,%r10 0x004253de <__unified_syscall+13>: syscall => 0x004253e0 <__unified_syscall+15>: cmp $0xffffffffffffff7c,%rax 0x004138a5 <j_sigchld+151>: callq 0x42546a <getrusage> => 0x004138aa <j_sigchld+156>: mov 0x1ab50(%rip),%ebx # 0x42e400 <job_list> (gdb) list jobs.c:1314,1370 ... 1320 static void 1321 j_sigchld(int sig MKSH_A_UNUSED) 1322 { ... 1328 struct rusage ru0, ru1; ... 1369 getrusage(RUSAGE_CHILDREN, &ru1); (gdb) print sizeof(ru1.ru_maxrss) $6 = 4
# Install amd64 Buster nano /etc/inputrc apt install debian-ports-archive-keyring nano /etc/apt/sources.list.d/buster-approx.list deb [ arch=amd64 ] http://192.168.178.25:9999/debian-10-buster-deb.debian.org/ unstable main deb-src http://192.168.178.25:9999/debian-10-buster-deb.debian.org/ unstable main deb [ arch=x32 ] http://192.168.178.25:9999/debian-10-buster-otherarch-ftp.ports.debian.org/ unstable main rm /var/lib/apt/lists/192* apt update apt dist-upgrade # https://wiki.debian.org/CrossGrading # https://wiki.debian.org/X32Port nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="syscall.x32=y quiet" GRUB_CMDLINE_LINUX="syscall.x32=y" update-grub2 dpkg --add-architecture x32 apt update apt-get --download-only install dpkg:x32 tar:x32 apt:x32 libseccomp2:x32 cd /var/cache/apt/archives wget https://snapshot.debian.org/archive/debian/20161117T153728Z/pool/main/libs/libseccomp/libseccomp2_2.3.1-2.1_amd64.deb dpkg -i libseccomp2_2.3.1-2.1_amd64.deb dpkg -i gcc-8-base_8.3.0-3_x32.deb zlib1g_1%3a1.2.11.dfsg-1_x32.deb lib*_x32.deb dpkg --install /var/cache/apt/archives/*_x32.deb dpkg --get-selections | grep :amd64 | sed -e s/:amd64/:x32/ | dpkg --set-selections apt-get -f install apt autoremove --purge dpkg -l | grep -i :amd64 | awk '{ print $2 }' | grep -v -E "linux-image" | sed 's/:amd64/:x32/g' | xargs echo apt install apt install apparmor:x32 aspell:x32 base-files:x32 base-passwd:x32 bash:x32 bind9-host:x32 bsdmainutils:x32 bsdutils:x32 busybox:x32 bzip2:x32 coreutils:x32 cpio:x32 cron:x32 dash:x32 dbus:x32 debianutils:x32 diffutils:x32 discover:x32 dmeventd:x32 dmidecode:x32 dmsetup:x32 e2fsprogs:x32 eject:x32 fdisk:x32 file:x32 findutils:x32 gcc-8-base:x32 gettext-base:x32 gpgv:x32 grep:x32 groff-base:x32 grub-common:x32 grub-pc:x32 grub-pc-bin:x32 grub2-common:x32 gzip:x32 hdparm:x32 hostname:x32 ifupdown:x32 init:x32 iproute2:x32 iptables:x32 iputils-ping:x32 irqbalance:x32 isc-dhcp-client:x32 isc-dhcp-common:x32 ispell:x32 klibc-utils:x32 kmod:x32 less:x32 libacl1:x32 libaio1:x32 libapparmor1:x32 libapt-inst2.0:x32 libapt-pkg5.0:x32 libargon2-1:x32 libaspell15:x32 libattr1:x32 libaudit1:x32 libbind9-161:x32 libblkid1:x32 libbsd0:x32 libbz2-1.0:x32 libc6:x32 libcap-ng0:x32 libcap2:x32 libcap2-bin:x32 libcom-err2:x32 libcryptsetup12:x32 libdb5.3:x32 libdbus-1-3:x32 libdebconfclient0:x32 libdevmapper-event1.02.1:x32 libdevmapper1.02.1:x32 libdiscover2:x32 libdns-export1104:x32 libdns1104:x32 libedit2:x32 libefiboot1:x32 libefivar1:x32 libelf1:x32 libestr0:x32 libexpat1:x32 libext2fs2:x32 libfastjson4:x32 libfdisk1:x32 libffi6:x32 libfreetype6:x32 libfstrm0:x32 libfuse2:x32 libgcc1:x32 libgcrypt20:x32 libgdbm6:x32 libgeoip1:x32 libglib2.0-0:x32 libgmp10:x32 libgnutls30:x32 libgpg-error0:x32 libgssapi-krb5-2:x32 libhogweed4:x32 libicu63:x32 libidn11:x32 libidn2-0:x32 libip4tc0:x32 libip6tc0:x32 libiptc0:x32 libisc-export1100:x32 libisc1100:x32 libisccc161:x32 libisccfg163:x32 libjson-c3:x32 libk5crypto3:x32 libkeyutils1:x32 libklibc:x32 libkmod2:x32 libkrb5-3:x32 libkrb5support0:x32 liblmdb0:x32 liblockfile-bin:x32 liblognorm5:x32 liblvm2cmd2.03:x32 liblwres161:x32 liblz4-1:x32 liblzma5:x32 libmagic-mgc:x32 libmagic1:x32 libmnl0:x32 libmount1:x32 libncurses6:x32 libncursesw6:x32 libnetfilter-conntrack3:x32 libnettle6:x32 libnewt0.52:x32 libnfnetlink0:x32 libnftnl11:x32 libnss-systemd:x32 libnuma1:x32 libp11-kit0:x32 libpam-modules:x32 libpam-modules-bin:x32 libpam-systemd:x32 libpam0g:x32 libpci3:x32 libpcre2-8-0:x32 libpcre3:x32 libpipeline1:x32 libpng16-16:x32 libpopt0:x32 libprocps7:x32 libprotobuf-c1:x32 libpsl5:x32 libpython-stdlib:x32 libpython2-stdlib:x32 libpython2.7-minimal:x32 libpython2.7-stdlib:x32 libreadline5:x32 libreadline7:x32 libseccomp2:x32 libselinux1:x32 libsemanage1:x32 libsepol1:x32 libslang2:x32 libsmartcols1:x32 libsqlite3-0:x32 libss2:x32 libssl1.1:x32 libstdc++6:x32 libsystemd0:x32 libtasn1-6:x32 libtinfo6:x32 libuchardet0:x32 libudev1:x32 libunistring2:x32 libusb-1.0-0:x32 libuuid1:x32 libwrap0:x32 libx11-6:x32 libxau6:x32 libxcb1:x32 libxdmcp6:x32 libxext6:x32 libxml2:x32 libxmuu1:x32 libxtables12:x32 libzstd1:x32 login:x32 logrotate:x32 lsof:x32 man-db:x32 mawk:x32 mount:x32 nano:x32 ncurses-bin:x32 netcat-traditional:x32 openssh-client:x32 openssh-server:x32 openssh-sftp-server:x32 openssl:x32 os-prober:x32 passwd:x32 pciutils:x32 perl:x32 procps:x32 python:x32 python-minimal:x32 python2:x32 python2-minimal:x32 python2.7:x32 python2.7-minimal:x32 rsyslog:x32 sed:x32 shared-mime-info:x32 systemd:x32 systemd-sysv:x32 sysvinit-utils:x32 telnet:x32 thin-provisioning-tools:x32 traceroute:x32 udev:x32 usbutils:x32 util-linux:x32 vim-tiny:x32 wget:x32 whiptail:x32 xauth:x32 xdg-user-dirs:x32 xxd:x32 xz-utils:x32 zlib1g:x32 Ja, tue was ich sage! apt install -f nano /etc/apt/sources.list.d/buster-approx.list # disable deb amd64 apt update apt-show-versions | grep No | awk '{print $1}' | grep -v -E "linux-image" | xargs dpkg --purge nano /etc/apt/sources.list.d/buster-approx.list # enable deb amd64 ############# apt install dpkg-dev devscripts # from https://buildd.debian.org/status/fetch.php?pkg=mksh&arch=x32&ver=57-1&stamp=1551461619&raw=0 apt install autoconf automake autopoint autotools-dev bsdmainutils debhelper dh-autoreconf dh-strip-nondeterminism dietlibc-dev dwz ed file gettext gettext-base groff-base intltool-debian libarchive-zip-perl libbsd0 libc-l10n libcroco3 libelf1 libfile-stripnondeterminism-perl libglib2.0-0 libicu63 libklibc libklibc-dev libmagic-mgc libmagic1 libncurses6 libpipeline1 libsigsegv2 libtool libuchardet0 libxml2 locales m4 man-db po-debconf sensible-utils mkdir /tmp/source/dietlibc/orig -p cd /tmp/source/dietlibc/orig apt source dietlibc cd mkdir /tmp/source/mksh/orig -p cd /tmp/source/mksh/orig apt source mksh cd cd /tmp/source/mksh cp orig try1 -a cd try1/mksh-57 dpkg-buildpackage -b dpkg -i /tmp/source/mksh/try1/*.deb benutzer@debian:/tmp/source/mksh/try1$ LANG=C /usr/lib/diet/bin/mksh $ ls notexisting ls: cannot access 'notexisting': No such file or directory smashed stack detected, program terminated. apt install systemd-coredump gdb ################## benutzer@debian:/tmp/source/mksh/try1$ LANG=C /usr/lib/diet/bin/mksh $ benutzer@debian:~$ gdb -q --pid $(pidof mksh) Attaching to process 26325 Reading symbols from /usr/lib/diet/bin/mksh...Reading symbols from /usr/lib/debug/.build-id/fc/c29d2d80c071be01063254db1a2ee14ae20fa4.debug...done. done. 0x004253e0 in __unified_syscall () (gdb) b exit Breakpoint 1 at 0x4253cf (gdb) cont Continuing. [Detaching after fork from child process 26332] Breakpoint 1, 0x004253cf in exit () (gdb) bt #0 0x004253cf in exit () #1 0x00425e98 in __stack_chk_fail () #2 0x004138fc in j_sigchld (sig=<optimized out>) at ../../jobs.c:1422 #3 0x00411883 in trapsig (i=<optimized out>) at ../../histrap.c:1239 #4 <signal handler called> #5 0x00000033 in ?? () Backtrace stopped: Cannot access memory at address 0x206 ################### benutzer@debian:/tmp/source/mksh/try1$ LANG=C /usr/lib/diet/bin/mksh $ benutzer@debian:~$ gdb -q --pid $(pidof mksh) Attaching to process 26344 Reading symbols from /usr/lib/diet/bin/mksh...Reading symbols from /usr/lib/debug/.build-id/fc/c29d2d80c071be01063254db1a2ee14ae20fa4.debug...done. done. 0x004253e0 in __unified_syscall () (gdb) b j_sigchld Breakpoint 1 at 0x41380e: file ../../jobs.c, line 1322. (gdb) display/i $pc 1: x/i $pc => 0x4253e0 <__unified_syscall+15>: cmp $0xffffffffffffff7c,%rax (gdb) cont Continuing. [Detaching after fork from child process 26351] Breakpoint 1, j_sigchld (sig=17) at ../../jobs.c:1322 1322 ../../jobs.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x41380e <j_sigchld>: push %r15 (gdb) nexti 0x00413810 1322 in ../../jobs.c 1: x/i $pc => 0x413810 <j_sigchld+2>: push %r14 (gdb) 0x00413812 1322 in ../../jobs.c 1: x/i $pc => 0x413812 <j_sigchld+4>: push %r13 (gdb) 0x00413814 1322 in ../../jobs.c 1: x/i $pc => 0x413814 <j_sigchld+6>: push %r12 (gdb) 0x00413816 1322 in ../../jobs.c 1: x/i $pc => 0x413816 <j_sigchld+8>: push %rbp (gdb) 0x00413817 1322 in ../../jobs.c 1: x/i $pc => 0x413817 <j_sigchld+9>: push %rbx (gdb) 0x00413818 1322 in ../../jobs.c 1: x/i $pc => 0x413818 <j_sigchld+10>: sub $0xd8,%esp (gdb) 0x0041381e 1322 in ../../jobs.c 1: x/i $pc => 0x41381e <j_sigchld+16>: mov 0x1ba40(%rip),%edx # 0x42f264 <procpid> (gdb) 0x00413824 1322 in ../../jobs.c 1: x/i $pc => 0x413824 <j_sigchld+22>: mov %fs:0x18,%eax (gdb) 0x0041382c 1322 in ../../jobs.c 1: x/i $pc => 0x41382c <j_sigchld+30>: mov %eax,0xcc(%rsp) (gdb) 0x00413833 1322 in ../../jobs.c 1: x/i $pc => 0x413833 <j_sigchld+37>: xor %eax,%eax (gdb) print/x $eax $1 = 0xd8c54a7a (gdb) print/x $rsp $2 = 0xffb35be0 (gdb) print/x $rsp + 0xcc $3 = 0xffb35cac (gdb) x/1xd 0xffb35cac 0xffb35cac: -658158982 (gdb) x/1xx 0xffb35cac 0xffb35cac: 0xd8c54a7a (gdb) set can-use-hw-watchpoints false No symbol "false" in current context. (gdb) set can-use-hw-watchpoints 0 (gdb) watch *0xffb35cac Watchpoint 2: *0xffb35cac (gdb) cont Continuing. Watchpoint 2: *0xffb35cac Old value = -658158982 New value = 0 0x004253e0 in __unified_syscall () 1: x/i $pc => 0x4253e0 <__unified_syscall+15>: cmp $0xffffffffffffff7c,%rax (gdb) bt #0 0x004253e0 in __unified_syscall () #1 0x004138aa in j_sigchld (sig=<optimized out>) at ../../jobs.c:1369 #2 0x00411883 in trapsig (i=<optimized out>) at ../../histrap.c:1239 #3 <signal handler called> #4 0x00000033 in ?? () Backtrace stopped: Cannot access memory at address 0x206 (gdb) disassemble $pc-0x20,$pc+x020 No symbol "x020" in current context. (gdb) disassemble $pc-0x20,$pc+0x20 Dump of assembler code from 0x4253c0 to 0x425400: 0x004253c0 <c_typeset+1518>: add %al,0x5d5b38c4(%rbx) 0x004253c6 <c_typeset+1524>: pop %r12 0x004253c8 <c_typeset+1526>: pop %r13 0x004253ca <c_typeset+1528>: pop %r14 0x004253cc <c_typeset+1530>: pop %r15 0x004253ce <c_typeset+1532>: retq 0x004253cf <exit+0>: mov $0x3c,%al 0x004253d1 <__unified_syscall+0>: mov $0x0,%ah 0x004253d3 <__unified_syscall+2>: movzwl %ax,%eax 0x004253d6 <__unified_syscall+5>: or $0x40000000,%eax 0x004253db <__unified_syscall+10>: mov %rcx,%r10 0x004253de <__unified_syscall+13>: syscall => 0x004253e0 <__unified_syscall+15>: cmp $0xffffffffffffff7c,%rax 0x004253e6 <__unified_syscall+21>: jbe 0x4253f7 <__unified_syscall+38> 0x004253e8 <__unified_syscall+23>: neg %eax 0x004253ea <__unified_syscall+25>: push %rax 0x004253eb <__unified_syscall+26>: callq 0x425834 <__errno_location> 0x004253f0 <__unified_syscall+31>: pop %rcx 0x004253f1 <__unified_syscall+32>: mov %ecx,(%rax) 0x004253f3 <__unified_syscall+34>: or $0xffffffffffffffff,%rax 0x004253f7 <__unified_syscall+38>: retq 0x004253f8 <access+0>: mov $0x15,%al 0x004253fa <access+2>: jmpq 0x4253d1 <__unified_syscall> 0x004253ff <alarm+0>: mov $0x25,%al End of assembler dump. (gdb) directory /tmp/source/mksh/try1/mksh-57/debian/upstream Source directories searched: /tmp/source/mksh/try1/mksh-57/debian/upstream:$cdir:$cwd (gdb) up #1 0x004138aa in j_sigchld (sig=<optimized out>) at ../../jobs.c:1369 1369 getrusage(RUSAGE_CHILDREN, &ru1); (gdb) list jobs.c:1314,1370 1314 /* 1315 * SIGCHLD handler to reap children and update job states 1316 * 1317 * If jobs are compiled in then this routine expects sigchld to be blocked. 1318 */ 1319 /* ARGSUSED */ 1320 static void 1321 j_sigchld(int sig MKSH_A_UNUSED) 1322 { 1323 int saved_errno = errno; 1324 Job *j; 1325 Proc *p = NULL; 1326 pid_t pid; 1327 int status; 1328 struct rusage ru0, ru1; 1329 #ifdef MKSH_NO_SIGSUSPEND 1330 sigset_t omask; 1331 1332 /* this handler can run while SIGCHLD is not blocked, so block it now */ 1333 sigprocmask(SIG_BLOCK, &sm_sigchld, &omask); 1334 #endif 1335 1336 #ifndef MKSH_NOPROSPECTOFWORK 1337 /* 1338 * Don't wait for any processes if a job is partially started. 1339 * This is so we don't do away with the process group leader 1340 * before all the processes in a pipe line are started (so the 1341 * setpgid() won't fail) 1342 */ 1343 for (j = job_list; j; j = j->next) 1344 if (j->ppid == procpid && !(j->flags & JF_STARTED)) { 1345 held_sigchld = 1; 1346 goto j_sigchld_out; 1347 } 1348 #endif 1349 1350 getrusage(RUSAGE_CHILDREN, &ru0); 1351 do { 1352 #ifndef MKSH_NOPROSPECTOFWORK 1353 pid = waitpid(-1, &status, (WNOHANG | 1354 #if defined(WCONTINUED) && defined(WIFCONTINUED) 1355 WCONTINUED | 1356 #endif 1357 WUNTRACED)); 1358 #else 1359 pid = wait(&status); 1360 #endif 1361 1362 /* 1363 * return if this would block (0) or no children 1364 * or interrupted (-1) 1365 */ 1366 if (pid <= 0) 1367 goto j_sigchld_out; 1368 1369 getrusage(RUSAGE_CHILDREN, &ru1); 1370 (gdb) disassemble $pc-0x20,$pc+0x20 Dump of assembler code from 0x41388a to 0x4138ca: 0x0041388a <j_sigchld+124>: mov %esi,%esi 0x0041388c <j_sigchld+126>: or $0xffffffff,%edi 0x0041388f <j_sigchld+129>: callq 0x425542 <waitpid> 0x00413894 <j_sigchld+134>: mov %eax,%r13d 0x00413897 <j_sigchld+137>: test %eax,%eax 0x00413899 <j_sigchld+139>: jle 0x4138cd <j_sigchld+191> 0x0041389b <j_sigchld+141>: lea 0x70(%rsp),%esi 0x0041389f <j_sigchld+145>: or $0xffffffff,%edi 0x004138a2 <j_sigchld+148>: mov %rsi,%rbp 0x004138a5 <j_sigchld+151>: callq 0x42546a <getrusage> => 0x004138aa <j_sigchld+156>: mov 0x1ab50(%rip),%ebx # 0x42e400 <job_list> 0x004138b0 <j_sigchld+162>: test %ebx,%ebx 0x004138b2 <j_sigchld+164>: je 0x4138fc <j_sigchld+238> 0x004138b4 <j_sigchld+166>: mov 0x4(%ebx),%eax 0x004138b8 <j_sigchld+170>: test %eax,%eax 0x004138ba <j_sigchld+172>: je 0x4138c8 <j_sigchld+186> 0x004138bc <j_sigchld+174>: cmp %r13d,0x4(%eax) 0x004138c1 <j_sigchld+179>: je 0x41390e <j_sigchld+256> 0x004138c3 <j_sigchld+181>: mov (%eax),%eax 0x004138c6 <j_sigchld+184>: jmp 0x4138b8 <j_sigchld+170> 0x004138c8 <j_sigchld+186>: mov (%ebx),%ebx End of assembler dump. (gdb) print sizeof(ru0) $4 = 88 (gdb) print sizeof(ru1) $5 = 88 (gdb) print sizeof(ru1.ru_maxrss) $6 = 4 (gdb) disassemble getrusage Dump of assembler code for function getrusage: 0x0042546a <+0>: mov $0x62,%al 0x0042546c <+2>: jmpq 0x4253d1 <__unified_syscall> End of assembler dump. http://www.fefe.de/dietlibc/ http://man7.org/linux/man-pages/man2/getrusage.2.html