Strange behaviour in gdb with gdbserver

Question

I'm doing the Protostar exploit-exercices challenge and thought about using gdbserver to remote debug the code. However I keep having a segfault when connecting to gdbserver. To be honest, I'm just trying to understand what's going on and why that wouldn't work.

Here is the result from my machine (Debian 12 running gdb version : 13.1-3) :

tesing@ThinkPad-Debian:~/protostar/bin$ gdb ./stack0
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./stack0...
>>> target remote 192.168.0.33:4444
Remote debugging using 192.168.0.33:4444
Reading /lib/ld-linux.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead.
Reading /lib/ld-linux.so.2 from remote target...
Reading symbols from target:/lib/ld-linux.so.2...
Reading /usr/lib/debug/.build-id/67/bb012671226504deafb026203c92ebafc231dc.debug from remote target...
Reading /lib/ld-2.11.2.so from remote target...
Reading /lib/.debug/ld-2.11.2.so from remote target...
Reading /usr/lib/debug//lib/ld-2.11.2.so from remote target...
Reading /usr/lib/debug//lib/ld-2.11.2.so from remote target...
Error while reading shared library symbols for target:/lib/ld-linux.so.2:
Remote communication error.  Target disconnected.: Connection reset by peer.


Fatal signal: Segmentation fault
----- Backtrace -----
0x557a013e440e ???
0x557a014ed601 ???
0x557a014ed776 ???
0x7f0b6b85afcf ???
    ./signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c:0
0x557a016a5ba4 ???
0x557a016ae344 ???
0x557a016a8b30 ???
0x557a015570a7 ???
0x557a01575aa7 ???
0x557a01685340 ???
0x557a016857a8 ???
0x557a01685a4b ???
0x557a01717420 ???
0x557a01416c94 ???
0x557a01724287 ???
0x557a014ede1c ???
0x557a014ef3cf ???
0x557a014ee6d1 ???
0x7f0b6c9dc46c ???
0x557a014ee7fd ???
0x557a014ee98f ???
0x557a014edd0c ???
0x557a018d51d5 ???
0x557a018d5cb2 ???
0x557a015b72f9 ???
0x557a015b8f74 ???
0x557a01347ca9 ???
0x7f0b6b8461c9 __libc_start_call_main
    ../sysdeps/nptl/libc_start_call_main.h:58
0x7f0b6b846284 __libc_start_main_impl
    ../csu/libc-start.c:360
0x557a0134ee30 ???
0xffffffffffffffff ???
---------------------
A fatal error internal to GDB has been detected, further
debugging is not possible.  GDB will now terminate.

This is a bug, please report it.  For instructions, see:
<https://www.gnu.org/software/gdb/bugs/>.

Segmentation fault

And here is the result on the virtual machine Protostar(Gdb version 7.0.1) :

user@protostar:/opt/protostar/bin$ gdbserver multi:4444 ./stack0
Process ./stack0 created; pid = 2287
Listening on port 4444
Remote debugging from host 192.168.0.15
*** glibc detected *** gdbserver: double free or corruption (!prev): 0x0806e370 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6b0ca)[0xb7efa0ca]
/lib/libc.so.6(+0x6c918)[0xb7efb918]
/lib/libc.so.6(cfree+0x6d)[0xb7efea5d]
gdbserver[0x804e953]
gdbserver(handle_serial_event+0xc5)[0x80531b5]
gdbserver[0x8056058]
gdbserver(start_event_loop+0x3c)[0x8055e4c]
gdbserver(main+0x4cd)[0x8050aed]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7ea5c76]
gdbserver[0x804c711]
======= Memory map: ========
08048000-08062000 r-xp 00000000 00:10 5310       /usr/bin/gdbserver
08062000-08063000 rw-p 00019000 00:10 5310       /usr/bin/gdbserver
08063000-08087000 rw-p 00000000 00:00 0          [heap]
b7d00000-b7d21000 rw-p 00000000 00:00 0 
b7d21000-b7e00000 ---p 00000000 00:00 0 
b7e6f000-b7e8c000 r-xp 00000000 00:10 3290       /lib/libgcc_s.so.1
b7e8c000-b7e8d000 rw-p 0001c000 00:10 3290       /lib/libgcc_s.so.1
b7e8d000-b7e8f000 rw-p 00000000 00:00 0 
b7e8f000-b7fcd000 r-xp 00000000 00:10 759        /lib/libc-2.11.2.so
b7fcd000-b7fce000 ---p 0013e000 00:10 759        /lib/libc-2.11.2.so
b7fce000-b7fd0000 r--p 0013e000 00:10 759        /lib/libc-2.11.2.so
b7fd0000-b7fd1000 rw-p 00140000 00:10 759        /lib/libc-2.11.2.so
b7fd1000-b7fd4000 rw-p 00000000 00:00 0 
b7fd4000-b7fda000 r-xp 00000000 00:10 6624       /lib/libthread_db-1.0.so
b7fda000-b7fdb000 r--p 00005000 00:10 6624       /lib/libthread_db-1.0.so
b7fdb000-b7fdc000 rw-p 00006000 00:10 6624       /lib/libthread_db-1.0.so
b7fe0000-b7fe2000 rw-p 00000000 00:00 0 
b7fe2000-b7fe3000 r-xp 00000000 00:00 0          [vdso]
b7fe3000-b7ffe000 r-xp 00000000 00:10 741        /lib/ld-2.11.2.so
b7ffe000-b7fff000 r--p 0001a000 00:10 741        /lib/ld-2.11.2.so
b7fff000-b8000000 rw-p 0001b000 00:10 741        /lib/ld-2.11.2.so
bffeb000-c0000000 rw-p 00000000 00:00 0          [stack]
Segmentation fault
Try again?
user@protostar:/opt/protostar/bin$ gdb --version
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.

I don't really understand what's going, the interesting lines are those ones :

On my machine :

Error while reading shared library symbols for target:/lib/ld-linux.so.2:

And on the VM (gdbserver) :

*** glibc detected *** gdbserver: double free or corruption (!prev): 0x0806e370 ***

Could someone enlighten me of the possible issue here ? Many thanks

Answer 1

You've done nothing wrong, instead you've managed to trigger a bug within gdbserver itself. If you wanted to help get this issue resolved then you might consider creating a bug report in GDB's bug tracker.

To help with reporting the bug, on the GDB side, if you do set debug remote on before target remote ..., then GDB will emit lots of debug output, which should be included in the bug report.

On the gdbserver side, if you add the extra command line flags --debug --remote-debug when starting gdbserver you will, again, see lots of debug output that can be included with the bug report.