NetBSD Problem Report #48051

From martin@duskware.de  Sat Jul 13 16:20:45 2013
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 7625671AD9
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 13 Jul 2013 16:20:45 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: rxvt crashes when setting environment variables
X-Send-Pr-Version: 3.95

>Number:         48051
>Category:       port-vax
>Synopsis:       rxvt crashes when setting environment variables
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-vax-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 13 16:25:00 +0000 2013
>Originator:     Martin Husemann
>Release:        NetBSD 6.99.23
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD dead-to-the-world.duskware.de 6.99.23 NetBSD 6.99.23 (DEAD) #28: Thu Jul 11 09:15:38 CEST 2013 martin@night-porter.duskware.de:/usr/src/sys/arch/vax/compile/DEAD vax
Architecture: vax
Machine: vax
>Description:

After upgrading my machine to -current rxvt stopped working (rxvt binary is
unchanged since 2009).

I looked at the code generated by gcc and it looked fine to me - I suspect
either some (old?) memory corruption now triggers this due to other changes
rearanging memmory, or ld.elf_so is somehow broken. Gdb seems a bit confused
about the rb_tree_* symbols, or there are multiple copies of them, which nm
does not show: the addresses in the backtrace mapped to the rb_tree_* 
functions do not match the addresses used by gdb when setting a breakpoint
there upfront. So effectively this could be anything and I a not sure we
can trust gdb.

Anyway, a bit of info from gdb on the crash:

Program received signal SIGSEGV, Segmentation fault.
0x7f648021 in rb_tree_insert_node (2137755944, 2135015680)
   from /usr/lib/libc.so.12
(gdb) bt
#0  0x7f648021 in rb_tree_insert_node (2137755944, 2135015680)
   from /usr/lib/libc.so.12
#1  0x7f647a31 in __allocenvvar (23) from /usr/lib/libc.so.12
#2  0x7f62219d in setenv (2135024000, 2135024010, 1) from /usr/lib/libc.so.12
#3  0x7f6161cf in putenv (2135023968) from /usr/lib/libc.so.12
#4  0x7f7d44f6 in _rtld_bind_start (2135023968) from /usr/libexec/ld.elf_so
#5  0x000188f1 in rxvt_set_colorfgbg (2134905280)
#6  0x00018f15 in rxvt_change_font (2134905280, 1, 0)
#7  0x00022ebe in rxvt_Create_Windows (2134905280, 3, 2147478680)
#8  0x00019090 in rxvt_init (3, 2147478680)
#9  0x00013c0a in main (3, 2147478680, 2147478696)
(gdb) x/16i 0x7f648021
=> 0x7f648021 <rb_tree_insert_node+17>: movl (r8),r9
   0x7f648024 <rb_tree_insert_node+20>: addl3 r11,0x8(r8),r10
   0x7f648029 <rb_tree_insert_node+25>: movl (r0),r6
   0x7f64802c <rb_tree_insert_node+28>: 
    bneq 0x7f648031 <rb_tree_insert_node+33>
   0x7f64802e <rb_tree_insert_node+30>: 
    brw 0x7f64816b <rb_tree_insert_node+347>
[..]
(gdb) info reg
r0             0x7f6b9128       2137755944
r1             0xc0     192
r2             0x7f41c040       2135015488
r3             0xfffffff0       -16
r4             0x0      0
r5             0x7f41c000       2135015424
r6             0x7f41c100       2135015680
r7             0x17     23
r8             0x0      0
r9             0x0      0
[..]


looking at the source this seems to be the copying of rbto_compare_nodes from
the env_tree_ops, and those are statically initialized and not NULL. I'm 
puzzled.


>How-To-Repeat:
just run rxvt on vax

>Fix:
n/a
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.