Dear Maintainer,
today I received this stack smashing also in one of my VMs.
I could reproduce the isse when ever a bash is started
while 2.29-7 got started and left open.
Then in a different shell the packages get upgraded,
especially glibc packages to version 2.29-9.
Then get back to the opened shell before and I could good
reproduce it by "dpkg-deb -x g<TAB>".
As far as I could follow it, then libpthread-2.29.so gets loaded,
but the version 2.29-9 while libc-2.29.so is still 2.29-7.
Then the stack canary from __pthread_tunables_init gets overwritten here:
Old value = 898596864
New value = 0
__GI___tunable_get_val (id=<optimized out>, valp=<optimized out>,
callback=<optimized out>) at dl-tunables.c:393
393 dl-tunables.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f42d1904cc3 <__GI___tunable_get_val+99>: jmp 0x7f42d1904c8d
<__GI___tunable_get_val+45>
(gdb) bt
#0 __GI___tunable_get_val (id=<optimized out>, valp=<optimized out>,
callback=<optimized out>) at dl-tunables.c:393
#1 0x00007f42d137206a in __pthread_tunables_init () at
pthread_mutex_conf.c:43
#2 0x00007f42d1364bdd in __pthread_initialize_minimal_internal () at
nptl-init.c:437
#3 0x00007f42d1364009 in _init () at ../sysdeps/x86_64/crti.S:74
#4 0x0000000000000000 in ?? ()
https://sources.debian.org/src/glibc/2.29-9/nptl/pthread_mutex_conf.c/#L43
(gdb) print (int)glibc_pthread_mutex_spin_count
$6 = 23
(gdb) print tunable_list[23]
$7 = {name = 0x7f42d190ecc3 "glibc.malloc.tcache_max", type = {type_code =
TUNABLE_TYPE_SIZE_T, min = 0, max = -1}, val = {numval = 0, strval = 0x0},
initialized = false, security_level = TUNABLE_SECLEVEL_SXID_ERASE, env_alias =
0x0}
(gdb) print tunable_list[22]
$8 = {name = 0x7f42d19112b0 "glibc.pthread.mutex_spin_count", type =
{type_code = TUNABLE_TYPE_INT_32, min = 0, max = 32767}, val = {numval = 100,
strval = 0x64 <error: Cannot access memory at address 0x64>}, initialized =
false, security_level = TUNABLE_SECLEVEL_SXID_ERASE, env_alias = 0x0}
It looks like between 2.29-7 and 2.29-9 the position in
the tunable_list array shifted and now libpthread accesses
element 23 while there is a different, bigger sized value
which leads to overwriting the stack canary.
I guess the question now is if this is a supported szenario?
If yes this bug needs to be handled by glibc maintainers?
A workaround in bash could be to make sure to have
libpthread loaded at startup, that way also holding
the same (outdated) version in memory.
Kind regards,
Bernhard
# Bullseye/testing amd64 qemu VM 2020-01-29
apt update
apt dist-upgrade
apt install systemd-coredump mc fakeroot
apt build-dep grub-efi-ia32
# not yet rebooted
benutzer@debian:~/deb$ dpkg-dev -x gr*** stack smashing detected ***: <unknown>
terminated
Connection to 127.0.254.63 closed.
root@debian:~# journalctl --no-pager
-- Logs begin at Wed 2020-01-29 15:24:56 CET, end at Wed 2020-01-29 15:29:14
CET. --
Jan 29 15:24:56 debian kernel: Linux version 5.3.0-3-amd64
([email protected]) (gcc version 9.2.1 20191130 (Debian 9.2.1-21))
#1 SMP Debian 5.3.15-1 (2019-12-07)
...
Jan 29 15:29:14 debian systemd-coredump[23763]: Process 1008 (bash) of user
1000 dumped core.
Stack trace of thread 1008:
#0 0x00007f7060d8b081 n/a
(/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted) + 0x3a081)
#1 0x00007f7060e5b81d n/a
(/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted) + 0x10a81d)
Jan 29 15:29:14 debian systemd[1]: [email protected]:
Succeeded.
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Wed 2020-01-29 15:29:14 CET 1008 1000 1000 6 present /usr/bin/bash
root@debian:~# coredumpctl gdb 1008
PID: 1008 (bash)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 6 (ABRT)
Timestamp: Wed 2020-01-29 15:29:14 CET (4min 0s ago)
Command Line: -bash
Executable: /usr/bin/bash
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: 40d7405f80194b29af2d13741d10b59a
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.bash.1000.40d7405f80194b29af2d13741d10b59a.1008.1580308154000000000000.lz4
Message: Process 1008 (bash) of user 1000 dumped core.
Stack trace of thread 1008:
#0 0x00007f7060d8b081 n/a
(/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted) + 0x3a081)
#1 0x00007f7060e5b81d n/a
(/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted) + 0x10a81d)
GNU gdb (Debian 8.3.1-1) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/bash...
(No debugging symbols found in /usr/bin/bash)
[New LWP 1008]
warning: .dynamic section for "/lib64/ld-linux-x86-64.so.2" is not at the
expected address (wrong library or version mismatch?)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `-bash'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht
gefunden.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f7060d76612 in __GI_abort () at abort.c:100
#2 0x00007f7060dccdc8 in __libc_message (action=<optimized out>,
fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007f7060e5b81d in __GI___fortify_fail_abort (need_backtrace=false,
msg=0x7f7060ed7880 "inated\n") at fortify_fail.c:33
#4 0x00007f7060e5b7d2 in __GI___fortify_fail_abort (need_backtrace=2,
msg=0x7ffc33f209b0 "") at fortify_fail.c:28
#5 0x00007f7060f73968 in _rtld_global () from /lib64/ld-linux-x86-64.so.2
#6 0x00007f70609e0084 in __pthread_tunables_init () at pthread_mutex_conf.c:43
#7 0x00007f70609d2bdd in __pthread_initialize_minimal_internal () at
nptl-init.c:437
#8 0x00007f70609d2009 in _init () at ../sysdeps/x86_64/crti.S:74
#9 0x0000000000000000 in ?? ()
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 18446744073709551615 <repeats 12 times>,
94292768433888, 140721179986416, 140120634442104}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007f7060d76612 in __GI_abort () at abort.c:100
act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0},
sa_mask = {__val = {18446744073709551615 <repeats 16 times>}}, sa_flags = 0,
sa_restorer = 0x0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f7060dccdc8 in __libc_message (action=<optimized out>,
fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:181
ap = {{gp_offset = 32, fp_offset = 0, overflow_arg_area =
0x7ffc33f20da0, reg_save_area = 0x7ffc33f20d30}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
written = <optimized out>
#3 0x00007f7060e5b81d in __GI___fortify_fail_abort (need_backtrace=false,
msg=0x7f7060ed7880 "inated\n") at fortify_fail.c:33
No locals.
#4 0x00007f7060e5b7d2 in __GI___fortify_fail_abort (need_backtrace=2,
msg=0x7ffc33f209b0 "") at fortify_fail.c:28
No locals.
#5 0x00007f7060f73968 in _rtld_global () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#6 0x00007f70609e0084 in __pthread_tunables_init () at pthread_mutex_conf.c:43
No locals.
#7 0x00007f70609d2bdd in __pthread_initialize_minimal_internal () at
nptl-init.c:437
pd = <optimized out>
sa = {__sigaction_handler = {sa_handler = 0x7f70609d2750
<sighandler_setxid>, sa_sigaction = 0x7f70609d2750 <sighandler_setxid>},
sa_mask = {__val = {6442450944, 0 <repeats 15 times>}},
sa_flags = 268435460, sa_restorer = 0x7f70609f8bf6}
static_tls_align = 64
limit = {rlim_cur = 8388608, rlim_max = 18446744073709551615}
pagesz = <optimized out>
minstack = <optimized out>
rtld_lock_count = 4294967295
#8 0x00007f70609d2009 in _init () at ../sysdeps/x86_64/crti.S:74
No locals.
#9 0x0000000000000000 in ?? ()
No symbol table info available.
root@debian:~# dpkg -l | grep -i libc6
ii libc6:amd64 2.29-9
amd64 GNU C Library: Shared libraries
ii libc6-dbg:amd64 2.29-9
amd64 GNU C Library: detached debugging symbols
ii libc6-dev:amd64 2.29-9
amd64 GNU C Library: Development Libraries and Header Files
ii libc6-dev-i386 2.29-9
amd64 GNU C Library: 32-bit development libraries for AMD64
ii libc6-dev-x32 2.29-9
amd64 GNU C Library: X32 ABI Development Libraries for AMD64
ii libc6-i386 2.29-9
amd64 GNU C Library: 32-bit shared libraries for AMD64
ii libc6-x32 2.29-9
amd64 GNU C Library: X32 ABI Shared libraries for AMD64
############
############
############
############
# Bullseye/testing amd64 qemu VM 2020-01-29
# last update before: 2020-01-08 11:51:46
apt install rr gdb
root@debian:~# uname -a
Linux debian 5.3.0-3-amd64 #1 SMP Debian 5.3.15-1 (2019-12-07) x86_64 GNU/Linux
root@debian:~# dpkg -l | grep -i 2.29
ii libc-bin 2.29-7 amd64
GNU C Library: Binaries
ii libc-l10n 2.29-7 all
GNU C Library: localization files
ii libc6:amd64 2.29-7 amd64
GNU C Library: Shared libraries
ii libc6-i386 2.29-7 amd64
GNU C Library: 32-bit shared libraries for AMD64
ii locales 2.29-7 all
GNU C Library: National Language (locale) data [support]
root@debian:~# dpkg -l | grep rr
ii rr 5.3.0-1 amd64
application execution recorder, player and debugger
root@debian:~# dpkg -l | grep bash
ii bash 5.0-5 amd64
GNU Bourne Again SHell
ii bash-completion 1:2.8-6 all
programmable completion for the bash shell
echo 1 > /proc/sys/kernel/perf_event_paranoid
benutzer@debian:~$ rr bash
rr: Saving execution to trace directory
`/home/benutzer/.local/share/rr/bash-0'.
benutzer@debian:~$
apt update
apt dist-upgrade
apt install systemd-coredump mc fakeroot
apt build-dep grub-efi-ia32
root@debian:~# dpkg -l | grep -i 2.29
ii libc-bin 2.29-9
amd64 GNU C Library: Binaries
ii libc-dev-bin 2.29-9
amd64 GNU C Library: Development binaries
ii libc-l10n 2.29-9 all
GNU C Library: localization files
ii libc6:amd64 2.29-9
amd64 GNU C Library: Shared libraries
ii libc6-dev:amd64 2.29-9
amd64 GNU C Library: Development Libraries and Header Files
ii libc6-dev-i386 2.29-9
amd64 GNU C Library: 32-bit development libraries for AMD64
ii libc6-dev-x32 2.29-9
amd64 GNU C Library: X32 ABI Development Libraries for AMD64
ii libc6-i386 2.29-9
amd64 GNU C Library: 32-bit shared libraries for AMD64
ii libc6-x32 2.29-9
amd64 GNU C Library: X32 ABI Shared libraries for AMD64
ii locales 2.29-9 all
GNU C Library: National Language (locale) data [support]
mkdir /home/benutzer/deb
cd /home/benutzer/deb
apt download grub-efi-ia32
benutzer@debian:~$ mkdir /home/benutzer/deb
benutzer@debian:~$ cd /home/benutzer/deb
benutzer@debian:~/deb$ apt download grub-efi-ia32
Holen:1 http://192.168.178.25:9999/debian-11-bullseye-deb.debian.org
bullseye/main amd64 grub-efi-ia32 amd64 2.04-5 [39,8 kB]
Es wurden 39,8 kB in 0 s geholt (642 kB/s).
benutzer@debian:~/deb$ dpkg-deb -x grub-efi-ia32_2.04-5_amd64.deb
grub-efi-ia32_2.04-5_amd64.deb grub-efi-ia32_2.04-5_amd64.deb
grub-efi-ia32_2.04-5_amd64.deb grub-efi-ia32_2.04-5_amd64.deb
grub-efi-ia32_2.04-5_amd64.deb ^C
benutzer@debian:~/deb$ cd .
./ ../
benutzer@debian:~/deb$ cd .
./ ../
benutzer@debian:~/deb$ cd .
./ ../
benutzer@debian:~/deb$ ls grub-efi-ia32_2.04-5_amd64.deb
grub-efi-ia32_2.04-5_amd64.deb ^C
benutzer@debian:~/deb$ cd ../
deb/ .local/
benutzer@debian:~/deb$ cd ../
deb/ .local/
benutzer@debian:~/deb$ cd ../
deb/ .local/
benutzer@debian:~/deb$ cd /
bin/ dev/ home/ lib32/ libx32/ media/
opt/ root/ sbin/ sys/ usr/
boot/ etc/ lib/ lib64/ lost+found/ mnt/
proc/ run/ srv/ tmp/ var/
benutzer@debian:~/deb$
benutzer@debian:~/deb$ cd $
$_ $BASH_REMATCH $COMP_WORDS
$HISTFILE $MACHTYPE $PS4
$SSS_NSS_USE_MEMCACHE
$_backup_glob $BASH_SOURCE $cur
$HISTFILESIZE $MAILCHECK $PWD
$TERM
$BASH $BASH_SUBSHELL $cword
$HISTSIZE $MOZ_GDB_SLEEP $RANDOM
$UID
$BASH_ALIASES $BASH_VERSINFO $DIRSTACK
$HOME $OLDPWD $redir
$USER
$BASH_ARGC $BASH_VERSION $EPOCHREALTIME
$HOSTNAME $OPTERR
$_RR_USE_SYSCALLBUF $words
$BASH_ARGV $COLUMNS $EPOCHSECONDS
$HOSTTYPE $OPTIND
$RUNNING_UNDER_RR $XDG_RUNTIME_DIR
$BASH_ARGV0 $COMP_CWORD $EUID
$IFS $OSTYPE $SECONDS
$XDG_SESSION_CLASS
$BASH_CMDS $COMP_KEY $exclude
$LANG $PATH $SHELL
$XDG_SESSION_ID
$BASH_COMMAND $COMP_LINE $flag
$LIBGL_ALWAYS_SOFTWARE $PIPESTATUS $SHELLOPTS
$XDG_SESSION_TYPE
$BASH_COMPLETION_VERSINFO $COMP_POINT $FUNCNAME
$LINENO $PPID $SHLVL
$_xspecs
$BASH_LINENO $COMPREPLY $GROUPS
$LINES $prev $SSH_CLIENT
$BASHOPTS $COMP_TYPE $HISTCMD
$LOGNAME $PS1 $SSH_CONNECTION
$BASHPID $COMP_WORDBREAKS $HISTCONTROL
$LS_COLORS $PS2 $SSH_TTY
benutzer@debian:~/deb$ cd $H
$HISTCMD $HISTCONTROL $HISTFILE $HISTFILESIZE $HISTSIZE
$HOME $HOSTNAME $HOSTTYPE
benutzer@debian:~/deb$ cd $HO
$HOME $HOSTNAME $HOSTTYPE
benutzer@debian:~/deb$ cd $HO^C
benutzer@debian:~/deb$ cd /
bin/ dev/ home/ lib32/ libx32/ media/
opt/ root/ sbin/ sys/ usr/
boot/ etc/ lib/ lib64/ lost+found/ mnt/
proc/ run/ srv/ tmp/ var/
benutzer@debian:~/deb$ dpkg-deb -x g*** stack smashing detected ***:
<unknown> terminated
Abgebrochen
.
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc-bin_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc-dev-bin_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191230T211841Z/pool/main/g/glibc/libc-l10n_2.29-7_all.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-dbg_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-dev_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-dev-i386_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-dev-x32_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-i386_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-x32_2.29-7_amd64.deb
wget
https://snapshot.debian.org/archive/debian/20191230T211841Z/pool/main/g/glibc/locales_2.29-7_all.deb
dpkg -i *.deb
root@debian:~# dpkg -l | grep -i 2.29
ii libc-bin 2.29-7
amd64 GNU C Library: Binaries
ii libc-dev-bin 2.29-9
amd64 GNU C Library: Development binaries
ii libc-l10n 2.29-7 all
GNU C Library: localization files
ii libc6:amd64 2.29-9
amd64 GNU C Library: Shared libraries
https://snapshot.debian.org/archive/debian/20191231T034458Z/pool/main/g/glibc/libc6-dbg_2.29-7_amd64.deb
ii libc6-dev:amd64 2.29-9
amd64 GNU C Library: Development Libraries and Header Files
ii libc6-dev-i386 2.29-9
amd64 GNU C Library: 32-bit development libraries for AMD64
ii libc6-dev-x32 2.29-9
amd64 GNU C Library: X32 ABI Development Libraries for AMD64
ii libc6-i386 2.29-9
amd64 GNU C Library: 32-bit shared libraries for AMD64
ii libc6-x32 2.29-9
amd64 GNU C Library: X32 ABI Shared libraries for AMD64
ii locales 2.29-7 all
GNU C Library: National Language (locale) data [support]
# Save rr directory and copy to save location
tar -zcf home-benutzer-.local-share-rr.tar.gz /home/benutzer/.local/share/rr
# Revert VM back to state of 2020-01-08
# Restor rr directory
mkdir /home/benutzer/.local/share/rr -p
cd /
tar -zxf /home/benutzer/home-benutzer-.local-share-rr.tar.gz
cd
apt install rr gdb
echo 1 > /proc/sys/kernel/perf_event_paranoid
benutzer@debian:~$ rr replay /home/benutzer/.local/share/rr/bash-0
GNU gdb (Debian 8.3.1-1) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/bash...
(No debugging symbols found in /usr/bin/bash)
Really redefine built-in command "restart"? (y or n) [answered Y; input not
from terminal]
Remote debugging using 127.0.0.1:1024
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from
/usr/lib/debug/.build-id/63/4d7e79f67a625214f5f5e1d1ffd260b6481c2f.debug...
0x00007f3f80f1e090 in _start () from /lib64/ld-linux-x86-64.so.2
(rr) cont
Continuing.
benutzer@debian:~$ mkdir /home/benutzer/deb
[ERROR /build/rr-XWGEix/rr-5.3.0/src/TraceStream.cc:1073:read_mapped_region()]
Metadata of /usr/lib/x86_64-linux-gnu/ld-2.29.so changed: replay divergence
likely, but continuing anyway. inode: 525510/525714; mode: 33261/33261; uid:
0/0; gid: 0/0; size: 165632/169728; mtime: 1577729562/1578694885
[ERROR /build/rr-XWGEix/rr-5.3.0/src/TraceStream.cc:1073:read_mapped_region()]
Metadata of /usr/lib/x86_64-linux-gnu/ld-2.29.so changed: replay divergence
likely, but continuing anyway. inode: 525510/525714; mode: 33261/33261; uid:
0/0; gid: 0/0; size: 165632/169728; mtime: 1577729562/1578694885
[ERROR /build/rr-XWGEix/rr-5.3.0/src/TraceStream.cc:1073:read_mapped_region()]
Metadata of /usr/lib/x86_64-linux-gnu/ld-2.29.so changed: replay divergence
likely, but continuing anyway. inode: 525510/525714; mode: 33261/33261; uid:
0/0; gid: 0/0; size: 165632/169728; mtime: 1577729562/1578694885
[ERROR /build/rr-XWGEix/rr-5.3.0/src/TraceStream.cc:1073:read_mapped_region()]
Metadata of /usr/lib/x86_64-linux-gnu/ld-2.29.so changed: replay divergence
likely, but continuing anyway. inode: 525510/525714; mode: 33261/33261; uid:
0/0; gid: 0/0; size: 165632/169728; mtime: 1577729562/1578694885
[FATAL
/build/rr-XWGEix/rr-5.3.0/src/ReplaySession.cc:1032:check_ticks_consistency()]
(task 805 (rec:23860) at time 1293)
-> Assertion `ticks_now == trace_ticks' failed to hold. ticks mismatch for
'INSTRUCTION_TRAP'; expected 992, got 756
Tail of trace dump:
-> Did not work out as expected ...
############
# Bullseye/testing amd64 qemu VM 2020-01-29
# last update before: 2020-01-08 11:51:46
apt install psmisc rr gdb strace
root@debian:~# uname -a
Linux debian 5.3.0-3-amd64 #1 SMP Debian 5.3.15-1 (2019-12-07) x86_64 GNU/Linux
root@debian:~# dpkg -l | grep -i 2.29
ii libc-bin 2.29-7 amd64
GNU C Library: Binaries
ii libc-l10n 2.29-7 all
GNU C Library: localization files
ii libc6:amd64 2.29-7 amd64
GNU C Library: Shared libraries
ii libc6-i386 2.29-7 amd64
GNU C Library: 32-bit shared libraries for AMD64
ii locales 2.29-7 all
GNU C Library: National Language (locale) data [support]
root@debian:~# dpkg -l | grep rr
ii rr 5.3.0-1 amd64
application execution recorder, player and debugger
root@debian:~# dpkg -l | grep bash
ii bash 5.0-5 amd64
GNU Bourne Again SHell
ii bash-completion 1:2.8-6 all
programmable completion for the bash shell
benutzer@debian:~$ gdb -q --args bash
Reading symbols from bash...
(No debugging symbols found in bash)
(gdb) b _rtld_global
Function "_rtld_global" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (_rtld_global) pending.
(gdb) run
Starting program: /usr/bin/bash
[Detaching after fork from child process 771]
benutzer@debian:~$
apt update
apt dist-upgrade
benutzer@debian:~$ mkdir x
[Detaching after fork from child process 13777]
benutzer@debian:~$ cd x[Detaching after fork from child process
13778]
[Detaching after fork from child process 13779]
/[Detaching after fork from child process 13780]
[Detaching after fork from child process 13781]
[Detaching after fork from child process 13782]
[Detaching after fork from child process 13783]
benutzer@debian:~/x$ apt download grub-efi-ia32
[Detaching after fork from child process 13784]
Holen:1
http://192.168.178.25:9999/debian-11-bullseye-deb.debian.org bullseye/main
amd64 grub-efi-ia32 amd64 2.04-5 [39,8 kB]
Es wurden 39,8 kB in 0 s geholt (1.038 kB/s).
benutzer@debian:~/x$ dpkg -x g[Detaching after fork from child
process 13789]
[Detaching after fork from child process 13790]
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
*** stack smashing detected ***: <unknown> terminated
BFD: reopening
/usr/lib/debug/.build-id/d7/e384cc72cf93e57077a3fdfafd9fa13e3bb7d7.debug: Datei
oder Verzeichnis nicht gefunden
BFD: reopening
/usr/lib/debug/.build-id/d7/e384cc72cf93e57077a3fdfafd9fa13e3bb7d7.debug: Datei
oder Verzeichnis nicht gefunden
BFD: reopening
/usr/lib/debug/.build-id/d7/e384cc72cf93e57077a3fdfafd9fa13e3bb7d7.debug: Datei
oder Verzeichnis nicht gefunden
warning: Can't read data for section '.debug_loc' in file
'/usr/lib/debug/.build-id/d7/e384cc72cf93e57077a3fdfafd9fa13e3bb7d7.debug'
Program received signal SIGABRT, Aborted.
__GI_raise (sig=<optimized out>) at
../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis
nicht gefunden.
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y <PENDING> _rtld_global
(gdb) bt
#0 __GI_raise (sig=<optimized out>) at
../sysdeps/unix/sysv/linux/raise.c:50
#1 0x0000000000000000 in ?? ()
############
apt build-dep libc6
mkdir /home/benutzer/source/libc6/orig -p
cd /home/benutzer/source/libc6/orig
apt source libc6
cd
root@debian:~# dpkg -l | grep 2.29
ii libc-bin 2.29-7 amd64
GNU C Library: Binaries
ii libc-dev-bin 2.29-7 amd64
GNU C Library: Development binaries
ii libc-l10n 2.29-7 all
GNU C Library: localization files
ii libc6:amd64 2.29-7 amd64
GNU C Library: Shared libraries
ii libc6-dbg:amd64 2.29-7 amd64
GNU C Library: detached debugging symbols
ii libc6-dev:amd64 2.29-7 amd64
GNU C Library: Development Libraries and Header Files
ii libc6-dev-i386 2.29-7 amd64
GNU C Library: 32-bit development libraries for AMD64
ii libc6-dev-x32 2.29-7 amd64
GNU C Library: X32 ABI Development Libraries for AMD64
ii libc6-i386 2.29-7 amd64
GNU C Library: 32-bit shared libraries for AMD64
ii libc6-x32 2.29-7 amd64
GNU C Library: X32 ABI Shared libraries for AMD64
ii locales 2.29-7 all
GNU C Library: National Language (locale) data [support]
benutzer@debian:~$ bash
benutzer@debian:~$
gdb -q --pid 7091
set width 0
set pagination off
display/i $pc
set break pending on
b __pthread_tunables_init
run
apt install libc-bin libc-l10n libc6 libc6-dbg libc6-i386 locales
root@debian:~# dpkg -l | grep 2.29
ii libc-bin 2.29-9 amd64
GNU C Library: Binaries
ii libc-dev-bin 2.29-9 amd64
GNU C Library: Development binaries
ii libc-l10n 2.29-9 all
GNU C Library: localization files
ii libc6:amd64 2.29-9 amd64
GNU C Library: Shared libraries
ii libc6-dbg:amd64 2.29-9 amd64
GNU C Library: detached debugging symbols
ii libc6-dev:amd64 2.29-9 amd64
GNU C Library: Development Libraries and Header Files
ii libc6-dev-i386 2.29-9 amd64
GNU C Library: 32-bit development libraries for AMD64
ii libc6-dev-x32 2.29-9 amd64
GNU C Library: X32 ABI Development Libraries for AMD64
ii libc6-i386 2.29-9 amd64
GNU C Library: 32-bit shared libraries for AMD64
ii libc6-x32 2.29-9 amd64
GNU C Library: X32 ABI Shared libraries for AMD64
ii locales 2.29-9 all
GNU C Library: National Language (locale) data [support]
benutzer@debian:~$ cd deb
benutzer@debian:~/deb$ dpkg-deb -x g<TAB>
(gdb) cont
Continuing.
[Detaching after fork from child process 7984]
[Detaching after fork from child process 7985]
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, __pthread_tunables_init () at
pthread_mutex_conf.c:42
42 pthread_mutex_conf.c: Datei oder Verzeichnis
nicht gefunden.
(gdb) disassemble __pthread_tunables_init
Dump of assembler code for function
__pthread_tunables_init:
=> 0x00007f42d1372040 <+0>: sub $0x18,%rsp
0x00007f42d1372044 <+4>: lea
-0x1b(%rip),%rdx # 0x7f42d1372030 <_dl_tunable_set_mutex_spin_count>
0x00007f42d137204b <+11>: mov $0x17,%edi
0x00007f42d1372050 <+16>: mov %fs:0x28,%rax
0x00007f42d1372059 <+25>: mov %rax,0x8(%rsp)
0x00007f42d137205e <+30>: xor %eax,%eax
0x00007f42d1372060 <+32>: lea 0x4(%rsp),%rsi
0x00007f42d1372065 <+37>: callq 0x7f42d13644d0
<__tunable_get_val@plt>
0x00007f42d137206a <+42>: mov 0x8(%rsp),%rax
0x00007f42d137206f <+47>: xor %fs:0x28,%rax
0x00007f42d1372078 <+56>: jne 0x7f42d137207f
<__pthread_tunables_init+63>
0x00007f42d137207a <+58>: add $0x18,%rsp
0x00007f42d137207e <+62>: retq
0x00007f42d137207f <+63>: callq 0x7f42d1364160
<__stack_chk_fail@plt>
End of assembler dump.
(gdb) display/i $pc
1: x/i $pc
=> 0x7f42d1372040 <__pthread_tunables_init>: sub
$0x18,%rsp
(gdb) stepi
0x00007f42d1372044 42 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d1372044 <__pthread_tunables_init+4>: lea
-0x1b(%rip),%rdx # 0x7f42d1372030 <_dl_tunable_set_mutex_spin_count>
(gdb)
0x00007f42d137204b 42 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d137204b <__pthread_tunables_init+11>: mov
$0x17,%edi
(gdb)
0x00007f42d1372050 42 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d1372050 <__pthread_tunables_init+16>: mov
%fs:0x28,%rax
(gdb)
0x00007f42d1372059 42 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d1372059 <__pthread_tunables_init+25>: mov
%rax,0x8(%rsp)
(gdb) x/1xg $rsp + 0x8
0x7ffc21a3e588: 0x00007f42d17f9679
(gdb) stepi
0x00007f42d137205e 42 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d137205e <__pthread_tunables_init+30>: xor
%eax,%eax
(gdb) x/1xg 0x7ffc21a3e588
0x7ffc21a3e588: 0x74f20775358f8000
(gdb) watch *0x7ffc21a3e588
Hardware watchpoint 2: *0x7ffc21a3e588
(gdb) cont
Continuing.
BFD: reopening
/usr/lib/debug/.build-id/63/4d7e79f67a625214f5f5e1d1ffd260b6481c2f.debug: Datei
oder Verzeichnis nicht gefunden
BFD: reopening
/usr/lib/debug/.build-id/63/4d7e79f67a625214f5f5e1d1ffd260b6481c2f.debug: Datei
oder Verzeichnis nicht gefunden
BFD: reopening
/usr/lib/debug/.build-id/63/4d7e79f67a625214f5f5e1d1ffd260b6481c2f.debug: Datei
oder Verzeichnis nicht gefunden
warning: Can't read data for section '.debug_loc' in
file '/usr/lib/debug/.build-id/63/4d7e79f67a625214f5f5e1d1ffd260b6481c2f.debug'
Hardware watchpoint 2: *0x7ffc21a3e588
Old value = 898596864
New value = 0
__GI___tunable_get_val (id=<optimized out>,
valp=<optimized out>, callback=<optimized out>) at dl-tunables.c:393
393 dl-tunables.c: Datei oder Verzeichnis nicht
gefunden.
1: x/i $pc
=> 0x7f42d1904cc3 <__GI___tunable_get_val+99>: jmp
0x7f42d1904c8d <__GI___tunable_get_val+45>
(gdb) bt
#0 __GI___tunable_get_val (id=<optimized out>,
valp=<optimized out>, callback=<optimized out>) at dl-tunables.c:393
#1 0x00007f42d137206a in __pthread_tunables_init () at
pthread_mutex_conf.c:43
#2 0x00007f42d1364bdd in
__pthread_initialize_minimal_internal () at nptl-init.c:437
#3 0x00007f42d1364009 in _init () at
../sysdeps/x86_64/crti.S:74
#4 0x0000000000000000 in ?? ()
(gdb) bt full
#0 __GI___tunable_get_val (id=<optimized out>,
valp=<optimized out>, callback=<optimized out>) at dl-tunables.c:393
cur = <optimized out>
#1 0x00007f42d137206a in __pthread_tunables_init () at
pthread_mutex_conf.c:43
ret = 0
#2 0x00007f42d1364bdd in
__pthread_initialize_minimal_internal () at nptl-init.c:437
pd = <optimized out>
sa = {__sigaction_handler = {sa_handler =
0x7f42d1364750 <sighandler_setxid>, sa_sigaction = 0x7f42d1364750
<sighandler_setxid>}, sa_mask = {__val = {6442450944, 0 <repeats 15 times>}},
sa_flags = 268435460, sa_restorer =
0x7f42d138abf6}
static_tls_align = 64
limit = {rlim_cur = 8388608, rlim_max =
18446744073709551615}
pagesz = <optimized out>
minstack = <optimized out>
rtld_lock_count = 4294967295
#3 0x00007f42d1364009 in _init () at
../sysdeps/x86_64/crti.S:74
No locals.
#4 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) disassemble $pc-20,$pc+20
Dump of assembler code from 0x7f42d1904caf to
0x7f42d1904cd7:
0x00007f42d1904caf <__GI___tunable_get_val+79>:
xor %esp,(%rax)
0x00007f42d1904cb1 <__GI___tunable_get_val+81>:
jmpq *%rdx
0x00007f42d1904cb3 <__GI___tunable_get_val+83>:
nopl 0x0(%rax,%rax,1)
0x00007f42d1904cb8 <__GI___tunable_get_val+88>:
retq
0x00007f42d1904cb9 <__GI___tunable_get_val+89>:
nopl 0x0(%rax)
0x00007f42d1904cc0 <__GI___tunable_get_val+96>:
mov %rax,(%rsi)
=> 0x00007f42d1904cc3 <__GI___tunable_get_val+99>:
jmp 0x7f42d1904c8d <__GI___tunable_get_val+45>
0x00007f42d1904cc5: nopw %cs:0x0(%rax,%rax,1)
0x00007f42d1904ccf: nop
0x00007f42d1904cd0 <_dl_make_tlsdesc_dynamic+0>:
push %r15
0x00007f42d1904cd2 <_dl_make_tlsdesc_dynamic+2>:
push %r14
0x00007f42d1904cd4 <_dl_make_tlsdesc_dynamic+4>:
push %r13
0x00007f42d1904cd6 <_dl_make_tlsdesc_dynamic+6>:
push %r12
End of assembler dump.
(gdb) print/x $rsi
$1 = 0x7ffc21a3e584
(gdb) print mutex_spin_count
No symbol "mutex_spin_count" in current context.
(gdb) print __mutex_aconf
$2 = {spin_count = 100}
(gdb) print &__mutex_aconf
$3 = (struct mutex_config *) 0x7f42d1379318
<__mutex_aconf>
benutzer@debian:~$ cat /proc/7091/maps
559fd931e000-559fd934b000 r--p 00000000 08:01 524668
/usr/bin/bash
559fd934b000-559fd93f9000 r-xp 0002d000 08:01 524668
/usr/bin/bash
559fd93f9000-559fd9430000 r--p 000db000 08:01 524668
/usr/bin/bash
559fd9430000-559fd9433000 r--p 00111000 08:01 524668
/usr/bin/bash
559fd9433000-559fd943c000 rw-p 00114000 08:01 524668
/usr/bin/bash
559fd943c000-559fd9446000 rw-p 00000000 00:00 0
559fd9ffa000-559fda123000 rw-p 00000000 00:00 0 [heap]
7f42d135d000-7f42d1364000 r--p 00000000 08:01 530163
/usr/lib/x86_64-linux-gnu/libpthread-2.29.so
7f42d1364000-7f42d1373000 r-xp 00007000 08:01 530163
/usr/lib/x86_64-linux-gnu/libpthread-2.29.so
7f42d1373000-7f42d1378000 r--p 00016000 08:01 530163
/usr/lib/x86_64-linux-gnu/libpthread-2.29.so
7f42d1378000-7f42d1379000 r--p 0001a000 08:01 530163
/usr/lib/x86_64-linux-gnu/libpthread-2.29.so
7f42d1379000-7f42d137a000 rw-p 0001b000 08:01 530163
/usr/lib/x86_64-linux-gnu/libpthread-2.29.so
7f42d137a000-7f42d137e000 rw-p 00000000 00:00 0
7f42d137e000-7f42d1381000 r--p 00000000 08:01 530167
/usr/lib/x86_64-linux-gnu/librt-2.29.so
7f42d1381000-7f42d1385000 r-xp 00003000 08:01 530167
/usr/lib/x86_64-linux-gnu/librt-2.29.so
7f42d1385000-7f42d1387000 r--p 00007000 08:01 530167
/usr/lib/x86_64-linux-gnu/librt-2.29.so
7f42d1387000-7f42d1388000 r--p 00008000 08:01 530167
/usr/lib/x86_64-linux-gnu/librt-2.29.so
7f42d1388000-7f42d1389000 rw-p 00009000 08:01 530167
/usr/lib/x86_64-linux-gnu/librt-2.29.so
7f42d1389000-7f42d138f000 r--p 00000000 08:01 525906
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
7f42d138f000-7f42d13c1000 r-xp 00006000 08:01 525906
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
7f42d13c1000-7f42d13d2000 r--p 00038000 08:01 525906
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
7f42d13d2000-7f42d13d5000 r--p 00048000 08:01 525906
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
7f42d13d5000-7f42d13d6000 rw-p 0004b000 08:01 525906
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
7f42d13d6000-7f42d13d7000 rw-p 00000000 00:00 0
7f42d13d7000-7f42d13ef000 r--p 00000000 08:01 526628
/usr/share/locale/de/LC_MESSAGES/bash.mo
7f42d13ef000-7f42d13f2000 r--p 00000000 08:01 530140
/usr/lib/x86_64-linux-gnu/libnss_files-2.29.so (deleted)
7f42d13f2000-7f42d13f9000 r-xp 00003000 08:01 530140
/usr/lib/x86_64-linux-gnu/libnss_files-2.29.so (deleted)
7f42d13f9000-7f42d13fb000 r--p 0000a000 08:01 530140
/usr/lib/x86_64-linux-gnu/libnss_files-2.29.so (deleted)
7f42d13fb000-7f42d13fc000 r--p 0000b000 08:01 530140
/usr/lib/x86_64-linux-gnu/libnss_files-2.29.so (deleted)
7f42d13fc000-7f42d13fd000 rw-p 0000c000 08:01 530140
/usr/lib/x86_64-linux-gnu/libnss_files-2.29.so (deleted)
7f42d13fd000-7f42d1403000 rw-p 00000000 00:00 0
7f42d1403000-7f42d140a000 r--s 00000000 08:01 537669
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache (deleted)
7f42d140a000-7f42d16ef000 r--p 00000000 08:01 529324
/usr/lib/locale/locale-archive (deleted)
7f42d16ef000-7f42d16f2000 rw-p 00000000 00:00 0
7f42d16f2000-7f42d1717000 r--p 00000000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d1717000-7f42d185e000 r-xp 00025000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d185e000-7f42d18a7000 r--p 0016c000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d18a7000-7f42d18a8000 ---p 001b5000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d18a8000-7f42d18ab000 r--p 001b5000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d18ab000-7f42d18ae000 rw-p 001b8000 08:01 530132
/usr/lib/x86_64-linux-gnu/libc-2.29.so (deleted)
7f42d18ae000-7f42d18b2000 rw-p 00000000 00:00 0
7f42d18b2000-7f42d18b3000 r--p 00000000 08:01 530133
/usr/lib/x86_64-linux-gnu/libdl-2.29.so (deleted)
7f42d18b3000-7f42d18b4000 r-xp 00001000 08:01 530133
/usr/lib/x86_64-linux-gnu/libdl-2.29.so (deleted)
7f42d18b4000-7f42d18b5000 r--p 00002000 08:01 530133
/usr/lib/x86_64-linux-gnu/libdl-2.29.so (deleted)
7f42d18b5000-7f42d18b6000 r--p 00002000 08:01 530133
/usr/lib/x86_64-linux-gnu/libdl-2.29.so (deleted)
7f42d18b6000-7f42d18b7000 rw-p 00003000 08:01 530133
/usr/lib/x86_64-linux-gnu/libdl-2.29.so (deleted)
7f42d18b7000-7f42d18c5000 r--p 00000000 08:01 524629
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
7f42d18c5000-7f42d18d3000 r-xp 0000e000 08:01 524629
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
7f42d18d3000-7f42d18e1000 r--p 0001c000 08:01 524629
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
7f42d18e1000-7f42d18e5000 r--p 00029000 08:01 524629
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
7f42d18e5000-7f42d18e6000 rw-p 0002d000 08:01 524629
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.1
7f42d18e6000-7f42d18e8000 rw-p 00000000 00:00 0
7f42d18e8000-7f42d18ee000 r--p 00000000 08:01 131383
/etc/ld.so.cache (deleted)
7f42d18ee000-7f42d18ef000 r--p 00000000 08:01 530128
/usr/lib/x86_64-linux-gnu/ld-2.29.so (deleted)
7f42d18ef000-7f42d190d000 r-xp 00001000 08:01 530128
/usr/lib/x86_64-linux-gnu/ld-2.29.so (deleted)
7f42d190d000-7f42d1915000 r--p 0001f000 08:01 530128
/usr/lib/x86_64-linux-gnu/ld-2.29.so (deleted)
7f42d1915000-7f42d1916000 r--p 00026000 08:01 530128
/usr/lib/x86_64-linux-gnu/ld-2.29.so (deleted)
7f42d1916000-7f42d1917000 rw-p 00027000 08:01 530128
/usr/lib/x86_64-linux-gnu/ld-2.29.so (deleted)
7f42d1917000-7f42d1918000 rw-p 00000000 00:00 0
7ffc21a23000-7ffc21a44000 rw-p 00000000 00:00 0 [stack]
7ffc21b1b000-7ffc21b1e000 r--p 00000000 00:00 0 [vvar]
7ffc21b1e000-7ffc21b1f000 r-xp 00000000 00:00 0 [vdso]
(gdb) finish
Run till exit from #0 __GI___tunable_get_val
(id=<optimized out>, valp=<optimized out>, callback=<optimized out>) at
dl-tunables.c:393
__pthread_tunables_init () at pthread_mutex_conf.c:43
43 pthread_mutex_conf.c: Datei oder Verzeichnis
nicht gefunden.
1: x/i $pc
=> 0x7f42d137206a <__pthread_tunables_init+42>: mov
0x8(%rsp),%rax
(gdb) stepi
0x00007f42d137206f 43 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d137206f <__pthread_tunables_init+47>: xor
%fs:0x28,%rax
(gdb) print/x $rax
$4 = 0x74f2077500000000
(gdb) x/1xg $rsp + 0x8
0x7ffc21a3e588: 0x74f2077500000000
(gdb) stepi
0x00007f42d1372078 43 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d1372078 <__pthread_tunables_init+56>: jne
0x7f42d137207f <__pthread_tunables_init+63>
(gdb)
0x00007f42d137207f 43 in pthread_mutex_conf.c
1: x/i $pc
=> 0x7f42d137207f <__pthread_tunables_init+63>: callq
0x7f42d1364160 <__stack_chk_fail@plt>
(gdb)
0x00007f42d1364160 in __stack_chk_fail@plt () from
/lib/x86_64-linux-gnu/libpthread.so.0
1: x/i $pc
=> 0x7f42d1364160 <__stack_chk_fail@plt>: jmpq
*0x14f52(%rip) # 0x7f42d13790b8 <[email protected]>
(gdb)
__stack_chk_fail () at stack_chk_fail.c:29
29 stack_chk_fail.c: Datei oder Verzeichnis nicht
gefunden.
1: x/i $pc
=> 0x7f42d17fc7c0 <__stack_chk_fail>: sub $0x8,%rsp
(gdb) bt
#0 __stack_chk_fail () at stack_chk_fail.c:29
#1 0x00007f42d1372084 in __pthread_tunables_init () at
pthread_mutex_conf.c:43
#2 0x00007f42d1364bdd in
__pthread_initialize_minimal_internal () at nptl-init.c:437
#3 0x00007f42d1364009 in _init () at
../sysdeps/x86_64/crti.S:74
#4 0x0000000000000000 in ?? ()
(gdb) cont
Continuing.
benutzer@debian:~/deb$ dpkg-deb -x g*** stack smashing detected
***: <unknown> terminated
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder
Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f42d172c081 <__GI_raise+321>: mov
0x108(%rsp),%rax
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f42d1717535 in __GI_abort () at abort.c:79
#2 0x00007f42d176ddc8 in __libc_message
(action=<optimized out>, fmt=fmt@entry=0x7f42d18788a2 "*** %s ***: %s
terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007f42d17fc81d in __GI___fortify_fail_abort
(need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x7f42d1878880 "stack
smashing detected") at fortify_fail.c:28
#4 0x00007f42d17fc7d2 in __stack_chk_fail () at
stack_chk_fail.c:29
#5 0x00007f42d1372084 in __pthread_tunables_init () at
pthread_mutex_conf.c:43
#6 0x00007f42d1364bdd in
__pthread_initialize_minimal_internal () at nptl-init.c:437
#7 0x00007f42d1364009 in _init () at
../sysdeps/x86_64/crti.S:74
#8 0x0000000000000000 in ?? ()
(gdb) print glibc_pthread_mutex_spin_count
$5 = glibc_pthread_mutex_spin_count
(gdb) print (int)glibc_pthread_mutex_spin_count
$6 = 23
(gdb) print tunable_list[23]
$7 = {name = 0x7f42d190ecc3 "glibc.malloc.tcache_max",
type = {type_code = TUNABLE_TYPE_SIZE_T, min = 0, max = -1}, val = {numval = 0,
strval = 0x0}, initialized = false, security_level =
TUNABLE_SECLEVEL_SXID_ERASE, env_alias = 0x0}
(gdb) print tunable_list[22]
$8 = {name = 0x7f42d19112b0
"glibc.pthread.mutex_spin_count", type = {type_code = TUNABLE_TYPE_INT_32, min
= 0, max = 32767}, val = {numval = 100, strval = 0x64 <error: Cannot access
memory at address 0x64>}, initialized = false, security_level =
TUNABLE_SECLEVEL_SXID_ERASE, env_alias = 0x0}
https://sources.debian.org/src/glibc/2.29-9/elf/dl-tunables.c/#L393
https://sources.debian.org/src/glibc/2.29-9/nptl/pthread_mutex_conf.c/#L43
